Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Hack Attempt Script
Author Message
ozbutcher
Worker
Worker


Joined: Jan 17, 2007
Posts: 170

PostPosted: Wed Feb 07, 2007 5:55 am Reply with quote

We got our first hack attempt this morning, good thing Sentinel stopped them! Smile

Code:
Blocked IP: 12.201.52.*

User ID: Anonymous (1)
Reason: Abuse-Union
--------------------
User Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.9) Gecko/20061206 Firefox/1.5.0.9
Query String: ................../modules.php?name=Search&type=comments&query=not123exists&instory=/**/UNION/**/SELECT/**/0,0,pwd,0,aid/**/FROM/**/nuke_authors
Get String: ......................./modules.php?name=Search&type=comments&query=not123exists&instory=/**/UNION/**/SELECT/**/0,0,pwd,0,aid/**/FROM/**/nuke_authors
Post String: ................../modules.php


Now that it happened I am more wary about site security.

Should the config.php be in a folder where it cannot be called upon? Standard nuke installation puts it in the site root directory but I remember somewhere that it can be moved into another directory and somehow linked. Is this a threat since it contains database passwords etc?
 
View user's profile Send private message
hitwalker
Sells PC To Pay For Divorce


Joined:
Posts: 5661

PostPosted: Wed Feb 07, 2007 6:13 am Reply with quote

well long ago we could actually place our config outside the root,but with all security and patched up nuke that isnt needed anymore.
but it cant harm if you do so.. Wink
 
View user's profile Send private message
gregexp
The Mouse Is Extension Of Arm


Joined: Feb 21, 2006
Posts: 1497
Location: In front of a screen....HELP! lol

PostPosted: Wed Feb 07, 2007 9:35 am Reply with quote

If your site is in the root Directory, you can put the nuke config.php above the root, Just move it, then create a config.php in the root and put this in for the contents:
<?php
if (stristr($_SERVER['SCRIPT_NAME'], "config.php")) {
Header("Location: index.php");
die();
}
if (defined('FORUM_ADMIN')) {
@require_once("../../../../config.php");
} elseif (defined('INSIDE_MOD')) {
@require_once("../../config.php");
} else {
@require_once("../config.php");
}
?>

That will allow the redirect to the NEW place possible, but you need to make sure that a config.php is placed in the root of the nuke site containing the above.

But as stated before, its not necessary for security, Although, it is a good idea if you have addons that cannot be secured by nuke, for example, other installations, A lot of Gallerys are not properly secured. Modules that are not secured.

The security patches for nuke, will stop almost all attacks on the nuke site, but other things can break that security for their environments. So then you must make sure its secure. Ultimatley, its your site that will face the damage, noone elses. Hop this helps you out.

_________________
For those who stand shall NEVER fall and those who fall shall RISE once more!! 
View user's profile Send private message Send e-mail Visit poster's website AIM Address Yahoo Messenger MSN Messenger ICQ Number
ozbutcher
PostPosted: Wed Feb 07, 2007 4:14 pm Reply with quote

thanks I'll give that a go.

Is there a document somewhere that explains what attacks known and how they affect the system. I would like to find out what the union attack is all about.

cheers.
 
montego
Site Admin


Joined: Aug 29, 2004
Posts: 9449
Location: Arizona

PostPosted: Wed Feb 07, 2007 6:03 pm Reply with quote

I'll say it again, though, if you are worried about a "hole" in another script that will allow an attacker to read a file from the file system, depending on what function is being used in that case, placing your config.php outside the web root isn't going to do you any good. Most of us are under the conclusion now that it is a complete waste of time, just as renaming your admin.php script is.

JMO.

Regarding the UNION attack and others, there are good books on PHP Security (this issue is NOT just limited to PHP - these principles are almost unniversal).

_________________
Only registered users can see links on this board! Get registered or login!
Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Visit poster's website
evaders99
Former Moderator in Good Standing


Joined: Apr 30, 2004
Posts: 3221

PostPosted: Thu Feb 08, 2007 2:18 am Reply with quote

This particular attack is designed to read out the data from your nuke_authors table
With it, they can craft a cookie to enter your admin page and wreck havoc.

_________________
- Only registered users can see links on this board! Get registered or login! -

Need help? Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Visit poster's website
Gremmie
Former Moderator in Good Standing


Joined: Apr 06, 2006
Posts: 2415
Location: Iowa, USA

PostPosted: Thu Feb 08, 2007 8:28 am Reply with quote

Google for SQL injection attacks. The UNION attack is a type of SQL injection where they try to append an additional SELECT onto a query to retrieve rows (often from a different table) that the original query wasn't designed to retrieve.

Also look up the MySQL SELECT syntax and you'll read about the optional UNION SELECT clause.

_________________
Only registered users can see links on this board! Get registered or login! - An Event Calendar for PHP-Nuke
Only registered users can see links on this board! Get registered or login! - A Google Maps Nuke Module 
View user's profile Send private message
montego
PostPosted: Thu Feb 08, 2007 6:51 pm Reply with quote

ozbutcher, this might help explain a little:
Only registered users can see links on this board! Get registered or login!
 
ozbutcher
PostPosted: Sat Feb 17, 2007 3:47 am Reply with quote

wow thats scary if they managed to pull it off!! I've had two of these attempts now! thanks for the info.
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Hack Attempt Script

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©