Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke
Author Message
Dawg
RavenNuke(tm) Development Team


Joined: Nov 07, 2003
Posts: 910

PostPosted: Sat Jan 28, 2006 4:17 pm Reply with quote

Greetings All,
They got me.....several times now. I have not figured out how they got in this last time.....but I am working on it. Anyone that enjoys this sort of thing is welcome to come play!

History....
A couple months ago my index file kept getting over wrote. Nothing bad....just changing the capatol letters in the varibles.

Example....index hacked....
Code:
require_once("mainfile.php");

$_server['php_self'] = "modules.php";
$row = $db->sql_fetchrow($db->sql_query("select main_module from ".$prefix."_main"));
$name = $row['main_module'];
$home = 1;

if ($httpref==1) {
    $referer = $_server["http_referer"];
    $referer = check_html($referer, nohtml);
    if ($referer=="" or eregi("^unknown", $referer) or substr("$referer",0,strlen($nukeurl))==$nukeurl or eregi("^bookmark",$referer)) {
    } else {
   $result = $db->sql_query("insert into ".$prefix."_referer values (null, '$referer')");
    }
    $numrows = $db->sql_numrows($db->sql_query("select * from ".$prefix."_referer"));
    if($numrows>=$httprefmax) {
   $result2 = $db->sql_query("delete from ".$prefix."_referer");
    }


Index Normal.....
Code:
require_once("mainfile.php");

$_SERVER['PHP_SELF'] = "modules.php";
$row = $db->sql_fetchrow($db->sql_query("SELECT main_module from ".$prefix."_main"));
$name = $row['main_module'];
$home = 1;

if ($httpref==1) {
    $referer = $_SERVER["HTTP_REFERER"];
    $referer = check_html($referer, nohtml);
    if ($referer=="" OR eregi("^unknown", $referer) OR substr("$referer",0,strlen($nukeurl))==$nukeurl OR eregi("^bookmark",$referer)) {
    } else {
   $result = $db->sql_query("INSERT INTO ".$prefix."_referer VALUES (NULL, '$referer')");
    }
    $numrows = $db->sql_numrows($db->sql_query("SELECT * FROM ".$prefix."_referer"));
    if($numrows>=$httprefmax) {
   $result2 = $db->sql_query("DELETE FROM ".$prefix."_referer");
    }
}


I did not know is this was my ISP....or what the crap was goning on. I fixed it by chmod the file to 444. Done. Problem went away.

Come forward to a couple days ago. It started back up. I chmoded it again wit no effect. Then after a couple times they redirected the site to some remote server and loaded a couple of my members with a trogan.

VerifyByte.trogen to be exact.

I think they did it through a Remote avatar in phpBB. So I got rid of the remote avatars.

Over the last day or so the index has been overwritten at times as fast as I can fix it with a Backup.

I can back this afternoon and they had put a new index in place....some commerce site this time. Now I have had enough. I will get to the bottom of it.

The site has way to many MODs to it. Bringing it up todate is goin gto be one major PAIN in the @kaching!.

Like I said....If anyone that enjoys this kind of crap wants to come play....just let me know.....

Dawg
 
View user's profile Send private message
Guardian2003
Site Admin


Joined: Aug 28, 2003
Posts: 6793
Location: Ha Noi, Viet Nam

PostPosted: Sat Jan 28, 2006 4:55 pm Reply with quote

You got some serious updating to do ther man.
Was this attack on a shared server or your local box?
 
View user's profile Send private message Send e-mail
Dawg
PostPosted: Sat Jan 28, 2006 5:50 pm Reply with quote

Hosted Box

I am working on the BB for the moment. I hated to do it.....I run an Offshore fishing site and of coarse there WERE a TON of Pics in my forums. That is why I was so far behind....

I am up to 18 now....We are working on it....

Anyone know of a resonable way to allow uploading of Pics and Admin uploading of files to the forums?

I was using Attachment Mod....of coarse the upgrading has killed it....

Dawg
 
Dawg
PostPosted: Sat Jan 28, 2006 9:05 pm Reply with quote

Well, I came through it....We are up to 19 now. Geez that was too fun.



Dawg
 
technocrat
Life Cycles Becoming CPU Cycles


Joined: Jul 07, 2005
Posts: 511

PostPosted: Sun Jan 29, 2006 10:36 am Reply with quote

Updating is always a pain, but in the end its worth it.

_________________
Only registered users can see links on this board! Get registered or login!
Only registered users can see links on this board! Get registered or login! / Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message
Dawg
PostPosted: Mon Jan 30, 2006 8:16 am Reply with quote

Well, It was every bit as much of a PAIN in the......as I thought it would be but we seem to have come through it with only a couple of small issues.

phpBB is now current......I am on patched 3.1. Now on to NS.

JOY JOY...FUN FUN!!

Dawg
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©