Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> RN v2.20.00 - All Issues
Author Message
triple7
Hangin' Around


Joined: Jul 28, 2008
Posts: 25

PostPosted: Sat Sep 27, 2008 8:17 am Reply with quote

Hi all,

I run a small gaming site, and recently, it was compromised and used to send spam.

I noticed the hack in relatively short order, and deleted all the scripts the hacker uploaded, which stopped the spam.

In that time though the host locked our account due to spam. They have since unlocked it becuase the issue was stopped, however, they sent me some suggestions on what to do to shore up the points of entry.
I am a server admin, but have very little experience in php nuke.

So I have to ask you for your help, and any ideas would be greatly appreciated. Here is the text of the mail that the host sent us:

> please tell your server guy to close the intrusion points, too.
> He did a good job so far. The intrusion points were:
>
> Domain /Script $Variable(s)
> /ultrastats/include/functions_common.php $gl_root_path
>
> and ./admin.php
>
> We changed the mode both to 200 to prevent further hack attempts.
> Please update both scripts. You will be unlocked after this email.
>
> Best regards,
>
> Abuse Team
> --
> Abuse Department

OK, so I dumped the ultrastats module since we're not using it anyway, that one is taken care of.


1) I can't quite figure out what "Domain /Script $Variable(s)" is or what I should be doing to fix it?

2) I know there are steps to be taken to protect admin.php, but I am also a little lost on what to do there.

I didn't install this site, just transferred it over to the current host and kept the original file structure and .htaccess settings.

any advice you can gve would be greatly appreciated.

Thanks
Triple7
 
View user's profile Send private message
Raven
Site Admin/Owner


Joined: Aug 27, 2002
Posts: 17077

PostPosted: Sat Sep 27, 2008 11:01 am Reply with quote

On #1 you need to get clarification from your host.

On #2, if you are using NukeSentinel(tm) correctly, then your admin.php is already protected via .htaccess.
 
View user's profile Send private message
triple7
PostPosted: Sat Sep 27, 2008 12:12 pm Reply with quote

Raven wrote:
On #1 you need to get clarification from your host.

On #2, if you are using NukeSentinel(tm) correctly, then your admin.php is already protected via .htaccess.


Great, thank you very much.

Just to be certain because i didn't check before the host changed it to 200, the file attributes for admin.php should be 755?

Thanks again.
 
Susann
Moderator


Joined: Dec 19, 2004
Posts: 3191
Location: Germany:Moderator German NukeSentinel Support

PostPosted: Sat Sep 27, 2008 12:45 pm Reply with quote

644 is admin.php and folders have normally 755
 
View user's profile Send private message
triple7
PostPosted: Sat Sep 27, 2008 9:30 pm Reply with quote

Raven wrote:
On #1 you need to get clarification from your host.

On #2, if you are using NukeSentinel(tm) correctly, then your admin.php is already protected via .htaccess.



I am sorry, I am using NukeSentinel, but I guess the question remains if I am using it correctly.

I cannot say that I am, as I have little exposure to it, and didn't set the site up.

Do you have a link for a walk through or setup guideline?

Thanks again
 
Raven
PostPosted: Sat Sep 27, 2008 11:24 pm Reply with quote

Do you still have your HowToInstall folder? If so, then just point it to Only registered users can see links on this board! Get registered or login! and read the setup instructions.
 
triple7
PostPosted: Sun Sep 28, 2008 7:37 pm Reply with quote

Raven wrote:
Do you still have your HowToInstall folder? If so, then just point it to Only registered users can see links on this board! Get registered or login! and read the setup instructions.


I didn't have the directory but I dowloaded it and put it back up into the site.

I followed all the instructions, and it doesn't seem to be working, let me qualify this:

My server is using the CGI Auth.

So, I followed all the steps in the setup file, and now, when I try to hit admin.php, I am prompted for a PW, but I put in my username and PW, and it doesn't authenticate.

I went into edit under the user admin in NS and I see my username, but the password has changed from what it previously once was? I also tried to put in the PW that was listed in NS, and no go.

Any help you can provide would be greatly appreciated.
 
montego
Site Admin


Joined: Aug 29, 2004
Posts: 9449
Location: Arizona

PostPosted: Tue Sep 30, 2008 6:00 am Reply with quote

triple7, now that you have a specific issue/questions around NukeSentinel setup, I would search the forums or look in the NukeSentinel forums for your answers and if you cannot find them there (doubtful), you could open up a new thread under the appropriate forum.

But, do let us know what the answer was to 1) as I too have no idea what they are referring to.

_________________
Only registered users can see links on this board! Get registered or login!
Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Visit poster's website
triple7
PostPosted: Fri Oct 03, 2008 3:42 pm Reply with quote

montego wrote:
triple7, now that you have a specific issue/questions around NukeSentinel setup, I would search the forums or look in the NukeSentinel forums for your answers and if you cannot find them there (doubtful), you could open up a new thread under the appropriate forum.

But, do let us know what the answer was to 1) as I too have no idea what they are referring to.


It's supposed to be like a header for the list of compromised files.

Domain is your damin script/or variable is what was compromised.

i guess they could have been a bt clearer.

Still don;t have my Admin Auth working yet..
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> RN v2.20.00 - All Issues

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©