Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Installation Help
Author Message
Psycho
Worker
Worker


Joined: May 27, 2006
Posts: 157

PostPosted: Tue Aug 22, 2006 12:32 pm Reply with quote

About 2 days ago i had a hack attempt of my site which sentinel picked up on and all seemed ok. Then today i went on to the forum admin. the preview forum link comes up with page cannot be displayed. Then when i try to go to forum management or permissions it comes up with "Hacking attempt!". Why is it doing that?
Rolling Eyes


Last edited by Psycho on Wed Aug 23, 2006 10:45 am; edited 2 times in total 
View user's profile Send private message Send e-mail
hitwalker
Sells PC To Pay For Divorce


Joined:
Posts: 5661

PostPosted: Tue Aug 22, 2006 1:37 pm Reply with quote

Is ?? a description ?

and see if this helps.. Only registered users can see links on this board! Get registered or login!
 
View user's profile Send private message
Psycho
PostPosted: Tue Aug 22, 2006 5:30 pm Reply with quote

that is about removing a title bar, i have a problem with the admin for the forum.
 
montego
Site Admin


Joined: Aug 29, 2004
Posts: 9453
Location: Arizona

PostPosted: Wed Aug 23, 2006 9:24 pm Reply with quote

Nice description... Wink Thx.

Now, please logout out of admin and normal user (if logged in), delete cookies and cache, close the browser and come back in to admin.php. First, before doing anything, make sure you can still get to Forums admin.... one step at a time.

Please post what the ban from Sentinel was (remove anything that could be specific to your paths, etc., if there in the text).

Also, check your web server logs from the time NS tripped the ban and see if anything looks suspicious. And, you may want to check your files to make sure nothing has been overwritten / deleted.

This may all be for nothing, but this is "Triage", just to make sure there isn't really a hack that occurred. If you find nothing, then we can work more methodically on trying to figure out what is wrong.

_________________
Only registered users can see links on this board! Get registered or login!
Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Visit poster's website
Psycho
PostPosted: Wed Aug 23, 2006 9:46 pm Reply with quote

ok well i removed cookies and cache and restarted web browser and no change.. The ban from sentinel was someone else and i dont think it was connected. although heres what the report said:

Code:
Date & Time: 2006-08-21 21:57:28 BST GMT +0100

Blocked IP: 71.201.247.*
User ID: Guest (1)
Reason: Abuse-Union
--------------------
User Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Query String: Only registered users can see links on this board! Get registered or login!
Get String: Only registered users can see links on this board! Get registered or login!
Post String: Only registered users can see links on this board! Get registered or login!
Forwarded For: none
Client IP: none
Remote Address: 71.201.247.1
Remote Port: 2354
Request Method: GET
--------------------
Who-Is for IP
OrgName:    Comcast Cable Communications, Inc.
OrgID:      CMCS
Address:    1800 Bishops Gate Blvd
City:       Mt Laurel
StateProv:  NJ
PostalCode: 08054
Country:    US

NetRange:   71.192.0.0 - 71.207.255.255
CIDR:       71.192.0.0/12
NetName:    ATT-COMCAST
NetHandle:  NET-71-192-0-0-1
Parent:     NET-71-0-0-0-0
NetType:    Direct Allocation
NameServer: DNS.INFLOW.PA.BO.COMCAST.NET
NameServer: DNS.CMC.CO.DENVER.COMCAST.NET
Comment:   
RegDate:    2005-07-27
Updated:    2006-07-11

OrgAbuseHandle: NAPO-ARIN
OrgAbuseName:   Network Abuse and Policy Observance
OrgAbusePhone:  +1-856-317-7272
OrgAbuseEmail:  Only registered users can see links on this board! Get registered or login!

OrgTechHandle: IC161-ARIN
OrgTechName:   Comcast Cable Communications Inc
OrgTechPhone:  +1-856-317-7200
OrgTechEmail:  Only registered users can see links on this board! Get registered or login!

Which i believe is an attack to get to the admin section?

Anyway, i can see anything overwritten in my files and i dont know how to check my web server logs.

Im pretty sure that was a hack attempt as sentinel block says "We have caught 1 shameful hacker(s)"

Thanks montego.
 
Psycho
PostPosted: Wed Aug 23, 2006 9:54 pm Reply with quote

rofl i clicked that link in the email and it said that ive been blocked and now i can't see my site! bit lost how to recover it:D
 
montego
PostPosted: Wed Aug 23, 2006 11:25 pm Reply with quote

You have to edit your .htaccess file to remove your IP address as use phpMyAdmin to remove your IP from the blockedips table. Laughing
 
Psycho
PostPosted: Thu Aug 24, 2006 1:33 am Reply with quote

right, i logged in as one of my other admins on a different computer and sorted it out;) anyway, still got the problem!
 
montego
PostPosted: Fri Aug 25, 2006 5:59 am Reply with quote

Psycho, yes, the original NS block was a hack attempt, there was never a question about that in my mind as it was a clear UNION attempt.

If you want me to look at it closer, PM me an admin login and if you can, even an FTP login. Also let me know what version of nuke you are running.

BTW, I am extremely busy at work right now so if you need this looked at quickly, I will not be your man. But, I will help you sort it out if you want me to (at least I will try).
 
Psycho
PostPosted: Sat Aug 26, 2006 12:54 pm Reply with quote

Thanks Montego!
 
montego
PostPosted: Sun Aug 27, 2006 8:45 am Reply with quote

I have looked at it briefly. I changed the forum style back to Subsilver and at least the Forum Preview is working again. Must be a problem with the AcidTechGreen style that you had previously.

However, I am a bit "stumped" by the "Hacking Attempt!" issue. I can find no references to this literal anywhere within the RavenNuke 2.02.02 distribution.

What version of nuke and patchset is this? If you feel more comfortable PM'ing me the info, that is fine.
 
Psycho
PostPosted: Sun Aug 27, 2006 10:52 am Reply with quote

patchset? not sure, version is the ravenuke package from this site.
 
montego
PostPosted: Sun Aug 27, 2006 10:52 pm Reply with quote

Ah, I think I found it now, but not in 2.02.02 (that you are using). Had you tried to upgrade to the 2.0.21 BBtoNuke patchset? I see now that that literal was just added to includes/functions.php. Odd thing is, though, we have integrated 2.0.21(+) into 2.10.00 (due out soon), and I am not seeing this issue. However, your site is a bit different in that you are somehow redirecting folks from one URL to another... I wonder if that has anything to do with it.

Did you, by chance, miss the upgrade db patch for that upgrade?
 
Psycho
PostPosted: Mon Aug 28, 2006 7:20 am Reply with quote

lol barely understood what i was reading there! I think i may have missed a db patch for an upgrade? but i dont remember tryin to upgrade 2.0.21 BBto Nuke patchset.
 
Psycho
PostPosted: Mon Aug 28, 2006 8:25 am Reply with quote

just on another note, i do have a redirect on my site because the url was one for my hosing company and i wanted a .co.uk address.
 
Psycho
PostPosted: Mon Sep 25, 2006 1:35 pm Reply with quote

Any more ideas about this? Rolling Eyes
 
montego
PostPosted: Tue Sep 26, 2006 5:38 am Reply with quote

Unfortunately not. Have not had time to go back in and look either. Sorry. Sad

What I would suggest is upgrading to 2.10.00 release once it comes out. I just won't have time to debug this on your site. You may want to try the "For Hire" forum and get someone to help you.
 
Psycho
PostPosted: Tue Nov 14, 2006 11:35 am Reply with quote

lol i got the new version.. installed it and now my forum admin section and actual forum are blank?
 
montego
PostPosted: Wed Nov 15, 2006 10:51 am Reply with quote

Psycho, not sure what "new version" you are talking about. My last post was talking about the RavenNuke release 2.10.00 which is still not out. So, not sure what you installed...
 
Psycho
PostPosted: Wed Nov 15, 2006 2:08 pm Reply with quote

lol the new forum bbphp thing that the admin panel suggested..
 
evaders99
Former Moderator in Good Standing


Joined: Apr 30, 2004
Posts: 3221

PostPosted: Wed Nov 15, 2006 11:39 pm Reply with quote

You cannot install the original phpBB files on your phpNuke. You must use the BBToNuke files Only registered users can see links on this board! Get registered or login!

GIven that this is for RavenNuke, wait til 2.0.10 is out and it will come with the latest phpBB.

_________________
- Only registered users can see links on this board! Get registered or login! -

Need help? Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Visit poster's website
Psycho
PostPosted: Thu Nov 16, 2006 5:01 am Reply with quote

i got those files ur on about and did an upgrade apparently and it wiped the forums lol
 
Psycho
PostPosted: Thu Nov 16, 2006 1:34 pm Reply with quote

how do i get them back?Sad
 
jakec
Site Admin


Joined: Feb 06, 2006
Posts: 3048
Location: United Kingdom

PostPosted: Thu Nov 16, 2006 1:51 pm Reply with quote

Did you run a backup before upgrading?
 
View user's profile Send private message
evaders99
PostPosted: Thu Nov 16, 2006 7:06 pm Reply with quote

Restore the files from your RavenNuke package
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Installation Help

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©