Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   This topic is locked: you cannot edit posts or make replies.    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke
Author Message
Donovan
Client


Joined: Oct 07, 2003
Posts: 735
Location: Ohio

PostPosted: Tue Jun 13, 2006 2:32 pm Reply with quote

Script kiddies are out again. They got my site eto-league.com.
Only registered users can see links on this board! Get registered or login!

Changes the message and the site name in preferences.

I am running NukeSentinal 2.4.2pl8

I am not running latest 3.2

This is getting insane.
 
View user's profile Send private message Visit poster's website ICQ Number
hitwalker
Sells PC To Pay For Divorce


Joined:
Posts: 5661

PostPosted: Tue Jun 13, 2006 2:39 pm Reply with quote

any tracks of what they did?
 
View user's profile Send private message
Donovan
PostPosted: Tue Jun 13, 2006 3:11 pm Reply with quote

Where would be the best place to look for tracks?
 
hitwalker
PostPosted: Tue Jun 13, 2006 3:13 pm Reply with quote

depends if they were actualy on your site..
you could start in cpanel....stats last visitors..
any uploading facilities on that site?
 
Donovan
PostPosted: Tue Jun 13, 2006 3:16 pm Reply with quote

I want to ban all these turkish bums who get off on hacking.

85.97.133.164
85.104.237.212
85.103.58.85

How do I add a range?

d*** I need to RTFM.....Smile
 
Guardian2003
Site Admin


Joined: Aug 28, 2003
Posts: 6792
Location: Ha Noi, Viet Nam

PostPosted: Tue Jun 13, 2006 3:37 pm Reply with quote

If they spoofed their IP which is likely, your banning blindly.
Check your sever logs, Sentinels tracked IP's, Tracked Users etc.
 
View user's profile Send private message Send e-mail
montego
Site Admin


Joined: Aug 29, 2004
Posts: 9449
Location: Arizona

PostPosted: Tue Jun 13, 2006 9:52 pm Reply with quote

If its one of the recent modules/Forums/admin/* type hack, it may have still bypassed NS... not sure if all the injections have been covered? (Are we ever sure? Sad ) Unfortunately, you may only spot via the server logs...

Had you, by chance, implemented either HTTPAuth or CGIAuth protection on this directory per Raven't post here:
Only registered users can see links on this board! Get registered or login!

You can PM me the answer if you would rather. The attacks are continueing, so the more info we can pass along to Bob and team the better. Thanks.

_________________
Only registered users can see links on this board! Get registered or login!
Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Visit poster's website
Susann
Moderator


Joined: Dec 19, 2004
Posts: 3191
Location: Germany:Moderator German NukeSentinel Support

PostPosted: Thu Jun 29, 2006 5:07 pm Reply with quote

They hacked another site and the admin found different files e.g. for an IRC botnet(http://www.egghelp.org/whatis.htm) in modules/4nAlbum and /temp. It seems they search for this module and the forums too. The "Turk Fascist" Hacker group can be found here:


Team Leader: d3ngsz
Msn: Only registered users can see links on this board! Get registered or login!
Site URL: Only registered users can see links on this board! Get registered or login!
Only registered users can see links on this board! Get registered or login!

Btw: I would not visit that site.
 
View user's profile Send private message
azakow
New Member
New Member


Joined: Jun 11, 2006
Posts: 18
Location: Germany

PostPosted: Fri Jun 30, 2006 2:30 am Reply with quote

They (hackers) even answer on victim post in german CMS forums. Mad

I have been hacked by them. I was using 7.7 PL 3.2 no Sentinel.

Now I use Ravens Dist, Sentinel 2.4.2pl9.
Since then they have visited my site from different locations, i.e. Turkey, Portugal, ... .

Up to now everything seems OK.

Thanks to effort of you guys Exclamation
 
View user's profile Send private message
Susann
PostPosted: Fri Jun 30, 2006 2:55 am Reply with quote

I know that he replied. They can cause a very large damage. If you don´t have turkish users ban Turkey with cidr via htaccess completely.
Only registered users can see links on this board! Get registered or login!
 
Display posts from previous:       
Post new topic   This topic is locked: you cannot edit posts or make replies.    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©