Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke
Author Message
MAD
New Member
New Member


Joined: Aug 17, 2004
Posts: 11
Location: Florida

PostPosted: Tue Aug 17, 2004 2:00 am Reply with quote

I had a malicious script kiddie group attack my site...I guess that was a good thing since it made me research and find out about Nuke Own and preventive measures.

So I installed:

  • Sentinel 2.0
  • Protector 1.13
  • Upgraded from 7.2 to 7.3 (Nuke)
  • Security Fix 7.3
  • Fortress Beta 1.20


Question Would you say that my site is now "safe" ?

The group has tried 5 more attempts since then at gaining admin on the site and Sentinel has caught them all first, and I add them into Protector soon as it catches the ip in Sentinel. Smile

But this is the BIG mystery...they somehow deleted ALL the download files off my server once. I have my admins download folders HTTP Access Restricted with all seperate FTP logins and Subdirectories in a Directory in the root. My site has a Directory UNDER the root. (Perhaps I should change that Question ) I have MY download files I submit in a HTTP Access Restricted directory inside my site structure (thinking that all they would get is the site come up trying to access it due to the index kicking in soon as they try the directory) and my own FTP access. They managed to delete not only my admin's directories and the directory that contained them, but MY directory too. Question Any idea of how they accomplished this?

Luckily I back up my site daily, so I restored the file structure and restored the database to a minute before i did the restore so I didn't lose any new members or anything, just time and stress.

Now there is another hacker whom I know well trying to rip my site down due to his hatred for one of the sites listed in my link exchange. He will hit any day now and I am hoping this is all secure to stop him.

Exclamation I would LOVE to know how they made those downloads disappear off the server.

Thanks in advance for your response and input.

MAD

_________________
Developers for the public are like plants...we sprout with branches and leaves of projects for the public. When they don't give any water (donations), sunlight (praise/thanks), or air (advertise), we wither away, leaving them to write the stuff themselves 
View user's profile Send private message Visit poster's website Yahoo Messenger MSN Messenger
MAD
PostPosted: Tue Aug 17, 2004 2:01 am Reply with quote

RavensScripts
 
sharlein
Member Emeritus


Joined: Nov 19, 2002
Posts: 322
Location: On the Road

PostPosted: Tue Aug 17, 2004 6:37 am Reply with quote

I tried to get on your site, but received this error
Code:
Proxy Error

The proxy server received an invalid response from an upstream server.
The proxy server could not handle the request GET /.

Reason: Error reading from remote server


_________________
Give Me Ambiguity Or Give Me Something Else! 
View user's profile Send private message
MAD
PostPosted: Tue Aug 17, 2004 7:28 am Reply with quote

Were you behind a proxy ? Judging by the error message you were. Try again and let me know if you get the same results. Bang Head Check under Tools>>Internet Options>>>Connections>>>Settings and see if your set behind a proxy. My site allows proxies, but the proxy service you may be using may not be set up to handle my site properly.

I am particularly interested in your reply so that if we have found a bug I can fix it.

Thanks


RavensScripts
 
GanjaUK
Life Cycles Becoming CPU Cycles


Joined: Feb 14, 2004
Posts: 633
Location: England

PostPosted: Tue Aug 17, 2004 7:40 am Reply with quote

You should consider installing the PC Killer templates for Sentinel, next time they try to exploit your website, the site will fight back. Twisted Evil

You can download the templates Only registered users can see links on this board! Get registered or login!.

_________________
Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Visit poster's website
sharlein
PostPosted: Tue Aug 17, 2004 7:56 am Reply with quote

This time I had no problem connecting to your site. Loaded very quickly. In answer to your question, no, I am not using a proxy.

I agree with GanjaUK, fight back. Download the PC Killer templates. I did, and I think they are very effective. Very Happy
 
sixonetonoffun
Spouse Contemplates Divorce


Joined: Jan 02, 2003
Posts: 2496

PostPosted: Tue Aug 17, 2004 8:06 am Reply with quote

Have to admit I'm using GanjaUK's templates on most of the blockers except the Harvestor and Request Method.

_________________
[b][size=5]openSUSE 11.4-x86 | Linux 2.6.37.1-1.2desktop i686 | KDE: 4.6.41>=4.7 | XFCE 4.8 | AMD Athlon(tm) XP 3000+ | MSI K7N2 Delta-L | 3GB Black Diamond DDR
| GeForce 6200@433Mhz 512MB | Xorg 1.9.3 | NVIDIA 270.30[/size:2b8 
View user's profile Send private message
MAD
PostPosted: Tue Aug 17, 2004 8:45 am Reply with quote

Thank you all very much for the advice. Any opinion about my original question on wheither u think it's secure now? I'm gonna take ur advice and put the PC Killer on Author and Union attacks.

One other question. Sometimes Sentinel gets people just for viewing a download profile or actually downloading the file? Any idea why? I don't have POST or GET being blocked, so I don't see why it would trigger Sentinel unless maybe they have more than one browser window open at a time or more than one download at a time and Sentinel actually detects that....maybe I'm going too far out on a limb here. LOL It' gets them for Harvesting.
 
sixonetonoffun
PostPosted: Tue Aug 17, 2004 8:57 am Reply with quote

Usually its the old () in filenames doing it.

I think its overkill to run all those but if your sites running at an exceptable speed go for it!
 
Muffin
Client


Joined: Apr 10, 2004
Posts: 649
Location: UK

PostPosted: Tue Aug 17, 2004 4:50 pm Reply with quote

do we just upload the templates directly into the folder

html/abuse

_________________
Classic Mini rules the bends & bends the rules!
[img] 
View user's profile Send private message
MAD
PostPosted: Tue Aug 17, 2004 5:34 pm Reply with quote

Muffin wrote:
do we just upload the templates directly into the folder

html/abuse



That is exactly what you do.........put PC Killer directory html/abuse into your ROOT/abuse directory. Them make sure Sentinel is set to go to the provided pages (Defaults like Abuse-Author, etc...)


Excellent work Raven for Sentinel...

Excellent work to GanjaUK for PC Killer...

And thanks to all for the recommendations and input.

Idea Now to figure out how I'm gonna test this PC Killer out........hmmm........why isn't my mother-in-law online? Darn....... Twisted Evil
 
southern
Client


Joined: Jan 29, 2004
Posts: 591
Location: Texas

PostPosted: Tue Aug 17, 2004 10:52 pm Reply with quote

Well... my take is that all that security would be worth it if you were guarding the Crown Jewels but...

Quote:

The content on this site is PRIVATE and MEMBERS ONLY. You do not have permission to view this site, its material, or download anything from it if you are NOT a member, by clicking "ENTER" you are violating these terms...


You certainly aren't very friendly to casual visitors. So I assume you're doing something illegal there, and using Sentinel™ and the others to protect your illegal activities. Ironically, your 'Leave' link goes to the FBI's site, and the last I checked the feebs take a dim view of illegal online doings. I'm inclined to think that the 'hackers' you're guarding against are the good guys. Smile
 
View user's profile Send private message Visit poster's website MSN Messenger ICQ Number
MAD
PostPosted: Wed Aug 18, 2004 7:11 pm Reply with quote

southern wrote:
Well... my take is that all that security would be worth it if you were guarding the Crown Jewels but...


You obviously went past that disclaimer so it serves it's purpose. It is only to protect the members and site material, everyone goes past it. Perhaps you should have read the site before making assumptions. The site is a Programmers Resource site for ALL types of programming. It has Source Code, tutorials, programs, all kinds of stuff. It plainly says on the site that we do NOT encourage hacking or illegal activity of any type.

southern wrote:
So I assume you're doing something illegal there, and using Sentinel™ and the others to protect your illegal activities. Ironically, your 'Leave' link goes to the FBI's site, and the last I checked the feebs take a dim view of illegal online doings. I'm inclined to think that the 'hackers' you're guarding against are the good guys. Smile


You really make some pitiful assumptions. You should know what you are talking about before making conclusions. We offer lots of tutorials, even some that say "hacking this, hacking that" blah blah, but we do not encourage hacking and it is there for programmers to learn.

You know why we got that stuff on there (and by the way, it's not illegal to share knowledge, only to use it maliciously)......we have the stuff on there because if you know HOW people are hacking your sites, your pc's, your email accounts, etc....then you will know how to PREVENT IT!!!!!

Anyway, nice smear campaign hater.

By saying that the security is pointless since i am not protecting the crown jewels, AS YOU SAID, you are calling EVERYONE In this thread that uses Sentinel and PC Killer idiots and saying that they are wrong since they are not "protecting the crown jewels".

Maybe we, as webmasters/site owners, want to protect all our hard work, our sites are our "babies", and protect our member's information from hackers. Idea Maybe that's even why i give out hackers secrets on my site Idea If you know HOW something is done, then you can better know how to STOP IT!!!! And here's a thought......if my intentions were anything malicious, why would i be stupid enough to forward to fbi.gov and have my site a constant referrer on their list if i was worried about being caught for doing something wrong?
 
southern
PostPosted: Wed Aug 18, 2004 9:23 pm Reply with quote

Ah.. so defensive! You doubtless deem your activities innocuous but I'm sure your ISP and webhost would differ, and that is probably what happened to your downloads. Strange that someone who admittedly gives out- or sells- "hacker's secrets" fears hackers so much and uses the equivalent of triple dead bolts to keep out the varmints. Moi, a hater? Perhaps to you but others on this forum know me better than you ever will and they know I don't namecall. I'm sure you think yourself knowledgeable about hacking and script kiddie-ing but most of the webmasters on the 'net, including myself, know more and tell less than you. Smile
 
MAD
PostPosted: Wed Aug 18, 2004 10:04 pm Reply with quote

Funny, my Web Host is part of my Programming team and an Admin on my site because he knows we are all about making people's sites, accounts, emails, and pc's more secure.

If your goal was the same you would spend less time insulting and more time helping us all towards the same goal...a more secure internet.

southern wrote:

I'm sure you think yourself knowledgeable about hacking and script kiddie-ing but most of the webmasters on the 'net, including myself, know more and tell less than you.

I know what I know, just as any other human being. Unlike you though, I don't portray myself as an Omniscient arrogant Cynical "web god".

As far as "hacking and scriptkiddie-ing" as you put it, I do web design. I don't know why you are still making unfounded assumptions, but I never claimed to be an expert of anything. I have always made HTML and ASP templates and such for friends and people who requested it. I have wrote a few programs here and there, and I am learning more programming now. I just started using PHP about a month ago and I have already wrote two themes and I am learning more every day. I consider that pretty good. I guess to a "web god" like yourself that is pretty lame, but I am not here to impress you. But I never claimed to know all about anything. So much for you not being a name caller. I CAME TO THIS SITE TO ASK RAVEN"S OPINION because I respect him and his work. Not to be harrassed by you. I appreciate all the input the others have given me, and I am trying not to let your bad attitude and hatefulness ruin my enjoyment of Raven's site for me.

But I see you most certainly have a strong need to call yourself an expert on things, put down others, and make yourself look good. So if your self esteem is that low that you feel you need to bash me to make yourself feel better, then you have nothing to say that I wish to read anymore.


But just so you know........my goal is this........hackers exploit other people's information, accounts, etc.. OUR SITE TAKES THE HACKER'S INFORMATION and puts it out to the PUBLIC (the very opposite). We try to help make it so that their knowledge becomes common knowledge so others aren't vulnerable to them anymore. And we don't SELL any of it. It is there for free to learn from. All the other stuff on the site is from member voting and requests.

But think what you want.

If your not going to be helpful or moving toward progress, then please do not post in this topic anymore. Go start a Flaming thread somewhere else.

RavensScripts
 
southern
PostPosted: Thu Aug 19, 2004 12:12 pm Reply with quote

MAD, MAD, you're the new guy here, not me! You started this thread, not me, and any member of this site can post comments. I think my assumption that you deal in hacking is perfectly valid, and any casual visitor to your site would also assume that it is a hacker's site and not simply a hacker defense site. How else could your front page be interpreted? Why the concern for your ranking in the so-called Hacker's Association? Why the mention of Yahoo cracking tools, etc.? And MSN hacking methods, etc.? Any casual visitor to your site would draw the same conclusions as I have, that it is a sleazy hacker hangout, and one of the sources on the 'net of all the worms, viruses and trojans that plague the Internet. If you call this assumption of mine slander, so be it. I do not think I am some sort of omniscient "web god" and I'm not flaming or harassing you or bolstering my self-esteem (!). I was merely wondering at the start why a site that traffics in 'hacker information' and has admins named Evil, etc. is so fearful of hackers, but never mind...
 
sixonetonoffun
PostPosted: Thu Aug 19, 2004 2:31 pm Reply with quote

I've gone to reply to this 4 or 5 times now and each time I do I get on a stump. So let me just say this much. Let's play nice fellas there's enough drama out there we don't need to add to it here.
 
MAD
PostPosted: Thu Aug 19, 2004 2:32 pm Reply with quote

No worms, viruses, or trojans....sorry. Don't deal with that stuff. I give out knowledge, not crap like that.

Evil is my wife. She is pregnant, very ladylike, and I have no idea why she chose that nickname, but their is not an ounce of "hacker ability" in her body. lol. She handles the accounting for the site.

So I guess you're also the type to talk trash about pregnant ladies while they know nothing about it and aren't around to defend themselves. When she gets back from visiting with her dad I'll tell her how you think she is a "dark, sleazy hacker". Rolling Eyes Though being pregnant she is real sensitive right now, so you'll probably hurt her feelings, even though you don't affect mine.
 
MAD
PostPosted: Thu Aug 19, 2004 2:58 pm Reply with quote

I have given your negative posts far more response than they merit. I will not reply to any more of your negativity. So if you have something positive or constructive to say, like maybe reccommend ways to accomplish what I have told you I am trying to do or make site changes to not give someone like you the "assumption" you have made about my site, then I am all ears. I am always open to CONSTRUCTIVE critism. But I do not appreciate flaming or insults. I would be glad to take advice, though.

At the site admin's request, our converstation is DONE unless it's "playing nice".
sixonetonoffun wrote:
I've gone to reply to this 4 or 5 times now and each time I do I get on a stump. So let me just say this much. Let's play nice fellas there's enough drama out there we don't need to add to it here.
 
southern
PostPosted: Sun Aug 22, 2004 9:16 pm Reply with quote

That's fine. I appreciate the elucidation. I was merely expressing what a casual visitor to your site might assume. I had no idea that your admin by the name of Evil is a pregnant lady and I won't be facetious about that. As for what I might recommend to allay the negative assumptions of visitors, well, that would range from altering your meta tags to remove mention of hacking and cracking:
Quote:

<title>...::::Neutral||[Mad-Creations]|||:::::...</title>
<meta name="description" content="Tools, Programs, Scripts, Addons. etc...We have various things for Yahoo, MSN, mIRC, PHP, Web Design, and others. Forum, Member Privileges, etc.">
<meta name="keywords" content="Booter, Cracks, Hacks, IP Tools, Kings of Chaos KOC, Proxies, Web Design, Yahoo">

to removing the disclaimer that you and your site aren't responsible for viruses, worms or trojans a visitor might encounter. Etc.

I have known many good people on the 'net, some of them friends, who have had their sites afflicted by hackers, so I am sure you will pardon my assumption that your site is a hacker hangout rather than, as you say, a site concerned with 'hacker knowledge'.


sixone, I AM playing nice! Smile
 
MAD
PostPosted: Sun Aug 22, 2004 11:22 pm Reply with quote

Much better...now we are on the right track. Okay, I am going to edit the disclaimer right now. Much to my dislike, members are requesting yahoo booters and such to be our mosted added downloads on the poll,but I prefer Programming, PHP development, and Web Design.

Hmmm..to go with my wants or theirs...lol


oh, two suggetions followed..

Code:
<title>...:::::|||[Mad-Creations]|||:::::...</title>

    <meta name="description" content="Tools, Programs, Scripts, Addons. etc...We have various things for Yahoo, MSN, mIRC, PHP, Web Design, and others. Forum, Member Privileges, etc.">
    <meta name="keywords" content="Booter, IP Tools, Kings of Chaos KOC, Proxies, Security, Tutorials, Web Design, Yahoo">



and the disclaimer is edited.

The reason for saying we are not responsible for pc damage or viruses is with all the submissions and downloads added by public we cannot possibly go download them all before approving the links so it is possible they could get a bad file, though we CAN vouch for the ones we personally add. That's just like the PC KIller Templates contain 4 trojaned files. Trojan.Biz I believe it was, but they did not harm my pc, they were for the protection of the site. Just an example.

Thanks for the input. Better now? Or should I further correct it?
 
MAD
PostPosted: Sun Aug 22, 2004 11:26 pm Reply with quote

Oh, and I know this is off topic, but I was wondering if I might could get an answer on this question...

Alot of times I get that message about the html tags u tried to use are not allowed when trying to post in my forum...what could be causing this? I turned off alot of Sentinel to see if that was it but it wasn't that I can tell since it would still not post it. So I have no idea what is causing it. I can't do the code post for one.
 
Raven
Site Admin/Owner


Joined: Aug 27, 2002
Posts: 17077

PostPosted: Mon Aug 23, 2004 12:06 am Reply with quote

That is in the mainfile.php in the code at the top with the POST and GET, eregi stuff. Mod it at your own risk Wink One thing that I do is just wrap that code in

if (!is_admin($admin)) {

That way admins can enter whatever they want.
 
View user's profile Send private message
Raven
PostPosted: Mon Aug 23, 2004 12:11 am Reply with quote

sixonetonoffun wrote:
I've gone to reply to this 4 or 5 times now and each time I do I get on a stump. So let me just say this much. Let's play nice fellas there's enough drama out there we don't need to add to it here.


I'll reiterate that Wink. I'm pretty supportive of opinions as long as it doesn't get personal. Debate and get passionate over ISSUES but not at the posters. Welcome to the site MAD! What part of Florida?
 
southern
PostPosted: Tue Aug 24, 2004 2:49 pm Reply with quote

MAD wrote:
Much better...now we are on the right track. Okay, I am going to edit the disclaimer right now. Much to my dislike, members are requesting yahoo booters and such to be our mosted added downloads on the poll,but I prefer Programming, PHP development, and Web Design.

Hmmm..to go with my wants or theirs...lol


oh, two suggetions followed..

Code:
<title>...:::::|||[Mad-Creations]|||:::::...</title>

    <meta name="description" content="Tools, Programs, Scripts, Addons. etc...We have various things for Yahoo, MSN, mIRC, PHP, Web Design, and others. Forum, Member Privileges, etc.">
    <meta name="keywords" content="Booter, IP Tools, Kings of Chaos KOC, Proxies, Security, Tutorials, Web Design, Yahoo">



and the disclaimer is edited.

The reason for saying we are not responsible for pc damage or viruses is with all the submissions and downloads added by public we cannot possibly go download them all before approving the links so it is possible they could get a bad file, though we CAN vouch for the ones we personally add. That's just like the PC KIller Templates contain 4 trojaned files. Trojan.Biz I believe it was, but they did not harm my pc, they were for the protection of the site. Just an example.

Thanks for the input. Better now? Or should I further correct it?


That is up to you. Smile I know that nuke meta tags out-of-the-box have hacker Hacker, etc. in them so your own meta tags are not that far from standard nuke tags. As for the disclaimers those are perfectly OK though on the front page it might give some visitors pause. Perhaps a disclaimer in Downloads?

Welcome back, Raven. Smile
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©