Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Hack Attempt Script
Author Message
HauntedWebby
Involved
Involved


Joined: May 19, 2004
Posts: 363
Location: Ogden, UT

PostPosted: Tue Jun 01, 2004 6:01 pm Reply with quote

Quote:
r00t_System owns you - Năo somos responsáveis apenas pelo que fazemos, mas também pelo que deixamos de fazer. Greetz: Pra td a galera do IRC - r00t_System - AFROM4N - Spofs - kieger - MC_KiNNeY - SmartBoy_ - Walucyg Contact - Only registered users can see links on this board! Get registered or login!


And I have all three parts Sentenal, chat's updates & the hack attemp warning.

Oh well back to the drawing board.
 
View user's profile Send private message Send e-mail
sixonetonoffun
Spouse Contemplates Divorce


Joined: Jan 02, 2003
Posts: 2496

PostPosted: Tue Jun 01, 2004 6:10 pm Reply with quote

Try the http authentification addon Raven posted. It might be just the thing. But also be sure to save access logs also check the error logs for any clues. There are many things not fully covered by Sentinel like gallery addons ect...
 
View user's profile Send private message
HauntedWebby
PostPosted: Tue Jun 01, 2004 6:13 pm Reply with quote

I missed reading about that one ... and here I thought I was complete ... lol. All they did was replace my index.php with the above quoted phrases and added a p.php that said r00t_System owns you. I can't see anything else that was changed.

Are there any other one I may have missed?
 
sixonetonoffun
PostPosted: Tue Jun 01, 2004 6:26 pm Reply with quote

Well from what you describe they got file upload permissions. Unless they are really freakin slick there should be some clue in the logs.
 
chatserv
Member Emeritus


Joined: May 02, 2003
Posts: 1389
Location: Puerto Rico

PostPosted: Tue Jun 01, 2004 6:40 pm Reply with quote

Check your modules folder for vulnerable ones like webmail or MyeGallery or any upload script.
 
View user's profile Send private message Visit poster's website
HauntedWebby
PostPosted: Wed Jun 02, 2004 7:09 pm Reply with quote

I deleted the webmail module .. read somewhere that it wasn't suppose to be ported and some one got in a tizzy over it.

I don't have MyeGallery, but I do have CPG ... but I have all the setting to have to have authorization to upload. But after typing that I just had a blonde moment ... even if the upload of photos has to by authorized it whatever is still uploaded to the server waiting to be authorized. D!oh. I'll have to do some work on that one (even though I'm clueless as to what to look for) Smile

I've disabled the uploading of avatars, but allowed remote avatars in the forum .. is that ok?

Nothing else has any uploading that I can think of.

Another stupid thing ... I can't find the "http authentification addon Raven posted" I've been all through the download section. Is it called something else? or is it in the forum?

Thanks for all your help!!!! Mucho Kisses (for the guys)!!!
 
chatserv
PostPosted: Wed Jun 02, 2004 7:23 pm Reply with quote

Make sure you are using the latest version of CPG, one or more of the previous versions had vulnerabilities which i believe have been corrected.
 
stephen2417
Worker
Worker


Joined: Jan 18, 2004
Posts: 244
Location: Bristolville, OH

PostPosted: Wed Jun 02, 2004 8:15 pm Reply with quote

Yep the same guy got me 2 times on my site till someone told me HELLO its CPG. LOL Laughing
 
View user's profile Send private message Visit poster's website
HauntedWebby
PostPosted: Thu Jun 03, 2004 10:33 am Reply with quote

I figured they are getting in through CPG ... it's my only add on module Smile

But I love the photo Gallery!!! If there was a safer one I'd use it, but I don't know of one. I do have the latest CPG, so I guess I go bug them and let them know people are still getting in. Wink
 
stephen2417
PostPosted: Fri Jun 04, 2004 4:34 am Reply with quote

Woo woo wait a min here.. you have the latest version 1.3 and they still got in!!! Question Question Question
 
HauntedWebby
PostPosted: Fri Jun 04, 2004 11:44 am Reply with quote

Ya 1.3.0(beta4) .. is there a newer one then this?!?
 
xfsunolesphp
Regular
Regular


Joined: Aug 23, 2003
Posts: 77

PostPosted: Fri Jun 04, 2004 1:11 pm Reply with quote

i feel that need to patch up, to avoid getting hack.
 
View user's profile Send private message
HauntedWebby
PostPosted: Fri Jun 04, 2004 3:29 pm Reply with quote

The hacks don't bother me anymore ... they bother my users. For me it's just a few clicks to fix .. but for my users it the wait until I fix them Rolling Eyes

I try to keep up on the patches as much as I can. CPG has a little dot that lets you know if you are out of date, if everyone did that then it would be easy to tell Smile
 
Captain_Computer
Hangin' Around


Joined: May 30, 2004
Posts: 46

PostPosted: Fri Jun 04, 2004 7:41 pm Reply with quote

Here is a photo gallery I've been using for a number of years.

Only registered users can see links on this board! Get registered or login!

Check it out Only registered users can see links on this board! Get registered or login!

_________________
Captain Computer Said It !!!! 
View user's profile Send private message Visit poster's website
oprime2001
Worker
Worker


Joined: Jun 04, 2004
Posts: 119
Location: Chicago IL USA

PostPosted: Fri Jun 04, 2004 8:14 pm Reply with quote

Captain_Computer wrote:
Here is a photo gallery I've been using for a number of years.

Only registered users can see links on this board! Get registered or login!

Check it out Only registered users can see links on this board! Get registered or login!


Someone using 4nAlbum (version unknown) recently got hacked. Only registered users can see links on this board! Get registered or login!.
 
View user's profile Send private message
sixonetonoffun
PostPosted: Fri Jun 04, 2004 8:26 pm Reply with quote

If it was me I'd use Menalto Gallery. They have a first class team there to maintain and address security issues. Coppermine was based on a weak base code to begin with though its been enriched immensely its still built on a very simple code base.

Thats my opinion and I'm stickin to it.
 
HauntedWebby
PostPosted: Sun Jun 20, 2004 12:58 pm Reply with quote

I think I'll try Menalto. Yesterday with all the newest everything on CPG (the only add on to phpnuke I have, other then chatserv & raven scripts; I removed everything else) a hacker was able to get to the server level. My hoster was not happy!!
 
akamu
New Member
New Member


Joined: Jun 22, 2004
Posts: 6

PostPosted: Tue Jun 22, 2004 8:28 pm Reply with quote

You are using the standalone version in phpnuke? coppermine for CMS does not have a version 1.3.0(beta4) Only registered users can see links on this board! Get registered or login! Only registered users can see links on this board! Get registered or login!
 
View user's profile Send private message Visit poster's website
HauntedWebby
PostPosted: Wed Jun 23, 2004 10:19 am Reply with quote

It was on a different site, I miss typed for this post .... that site with the stand alone has never been hacked.

On the site that has been hacked several times is plain ol' 1.3. What we finally determined that with my configuration it allowed the hack through the CPG. That 1.3 in the right environment is ok. But with all the scripts I had they did not work well with each other. My hoster emailed CPG with all the details.
 
akamu
PostPosted: Wed Jun 23, 2004 1:42 pm Reply with quote

I have not received anything Sad
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Hack Attempt Script

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©