Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> General/Other Stuff
Author Message
Guardian2003
Site Admin


Joined: Aug 28, 2003
Posts: 6793
Location: Ha Noi, Viet Nam

PostPosted: Fri Sep 30, 2005 2:22 am Reply with quote

A friend of mines Harry Potter site got hacked twice recently.
I have spent 2 days updating his site including patched and Sentinel - took so long because the site is very customised with 'group' based themes etc.
I think I have done everything I can except for one annoying side effect and that is, every news article that was posted has had the 'Posted By' name changed from the site admin to the hackers handle.
I am probably tired or having a brain fart (probably both) but I dont seem to be able to locate where this data is stored in the DB.
Anyone help me out with update 'x' where 'y'='z' sql query please to update all news article poster id's to that of the God admin id?
 
View user's profile Send private message Send e-mail
hitwalker
Sells PC To Pay For Divorce


Joined:
Posts: 5661

PostPosted: Fri Sep 30, 2005 4:32 am Reply with quote

well i have those samples on my other computer guardian..,but im on a laptop now...(picking up my computer in a few hours..lol..)

But normaly a fast fix would be like update table like..
Code:


UPDATE table
SET column = adminname
WHERE idiot hacker name;


Something like that...
but another easy fast fix would be to grab the news stuff and do mass replace,search ...idiot hacker name...replace with admin name.
and done..
 
View user's profile Send private message
Guardian2003
PostPosted: Fri Sep 30, 2005 5:03 am Reply with quote

Thanks Hit - I dont suppose you know which table I could find this data in?
Been at this nearly 48 hours straight now am I'm sure my eyes are out on stalks lol.
 
hitwalker
PostPosted: Fri Sep 30, 2005 5:49 am Reply with quote

well looking at a new sql file im pretty sure it has to be "informant".
You will see that a few times.
Like in nuke_autonews and in nuke_stories
backup before doing anything.
and check the contents inside if it is realy changed.

but i dont understand one thing...
nuke gets its info from settings and config entered into the system.
are you sure changes are in the database ?
If so you can easely proceed..
 
Guardian2003
PostPosted: Fri Sep 30, 2005 6:55 am Reply with quote

I am not sure to be honest, I'm finding it hard to concentrate with this banging headache.
I am guessing the username is stored in the DB as the hacker must have used some form of sql injection to change the username from that of the God admin to his own after he managed to create an admin account himself.
I tried editing the articles manually but was unable to update the 'Posted By' username.
Seems I got finished just in time as Sentinel just whooped his ass and quite nicely revealed the exploits he used as well as his IP and a couple more he tried to proxy in off.

My friend is a bit happier now he has some updated security for the site - though it looks like yet another nuke site I'll end up monitoring and updating with latest patches/Sentinel etc.

I'm going to grab a couple of hours sleep and then take another look at this.
 
hitwalker
PostPosted: Fri Sep 30, 2005 7:02 am Reply with quote

well to be honest its not that smart working on a site if you feel like you do ....lol
it isnt that easy.
sure there are commands to replace all in the database but i also did it in other ways.
simple mass replace,but only if in your case all names are actualy changed.
get some sleep and continue when you feel better.. Smile
 
Guardian2003
PostPosted: Fri Sep 30, 2005 7:45 am Reply with quote

Got it!!
Code:
UPDATE `nuke_stories` SET `aid` = 'goodusername' WHERE `aid` = 'hackersname';

Obviously 'goodusername' is the username of the God amin and 'badusername' is the one the hacker used.
Great, now I can go rest hehe.
 
hitwalker
PostPosted: Fri Sep 30, 2005 8:00 am Reply with quote

nice....
headache is gone....lol
well now you have another site to update every time......
dont forget to sleep......ha...ha
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> General/Other Stuff

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©