Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke
Author Message
suzy
New Member
New Member


Joined: Apr 10, 2005
Posts: 16

PostPosted: Sun Apr 10, 2005 8:37 pm Reply with quote

A site I am an admin/mod at was hacked terrible today. Basically what happened is someone got in through a backdoor exploit.

/admin disabled - admin pw's changed (they aren't changing pw's to hack the site - they are using our own pw's moments after they are changed). downloads; reviews; links directories and all other 'portal' directories are disabled, and they are still walking in the back door.

As we were trying to ban IP's etc. The person was still posting under our names, changing titles, getting into the private forums etc.
Is there anything we can do to stop him?
Even after everything was shut down he was still in.
 
View user's profile Send private message Visit poster's website
Raven
Site Admin/Owner


Joined: Aug 27, 2002
Posts: 17086

PostPosted: Sun Apr 10, 2005 9:02 pm Reply with quote

PM me your
Site url, godadminid/pass
FTP url, id/pass
cPanel url, id/pass
phpMyAdmin url, id/pass

or email to raven (*at*) ravenphpscripts (*dot*) com
 
View user's profile Send private message
suzy
PostPosted: Sun Apr 10, 2005 9:35 pm Reply with quote

will do. Thank you very much for answering.
 
Raven
PostPosted: Sun Apr 10, 2005 10:03 pm Reply with quote

To verify that they are hacking in through nuke or some other way, add this to your nuke root .htaccess file
Code:
<Files .staccess>

  deny from all
</Files>

<Files admin.php>
   <Limit GET POST PUT>
      require valid-user
   </Limit>
   AuthName "Restricted by NukeSentinel(tm)"
   AuthType Basic
   AuthUserFile /home/your_account_name/public_html/.staccess
</Files>

Then create an empty .staccess file and load it into the same folder as your .htaccess. Then see if they still get in. You will not be able to get to your admin panel until we set the .staccess file up, but that will tell us what we need to know. Also, make sure that you delete any admin records out of the authors table using phpmyadmin which don't belong there.
 
suzy
PostPosted: Sun Apr 10, 2005 10:41 pm Reply with quote

Thank you.
 
Raven
PostPosted: Sun Apr 10, 2005 10:56 pm Reply with quote

See also this new article Only registered users can see links on this board! Get registered or login!
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©