Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Ravens PHP Scripts And Web Hosting Forum Index -> Raven's RavenNuke(tm) v2.00.00 - v2.02.00 Distro
Author Message
twister
New Member
New Member


Joined: Apr 10, 2006
Posts: 4

PostPosted: Tue Apr 11, 2006 2:08 am Reply with quote

Need some advice please, hope this is the right forum to use.

Currently using phpnuke 7.8 patched 3.2

After being hacked 5 times in the last week and last night within an hour of installing 7.8 patched 3.2, i am at my wits end what to do. After reading loads of forums and websites about the many vulnerabilities in phpnuke 7.7+ i have decided that my best option is to go back to 7.6 and hope that solves my problem.

I am torn between using ravens 7.6v2 distro or using this version
Only registered users can see links on this board! Get registered or login!

How easy is it to downgrade from 7.8 to 7.6 and what are the pitfalls, i only have about 400 users but i would hate to have to get every one to re register and re-install all our modules and blocks.

With the intrusions that have happened so far only to my mainfile.php and index.php filehave been affected will the intruders have got any admin passwords from my sql files do i need to delete my admin users only 2 and re-create them.

Sorry for the long winded post but i just dont know whick way to turn.

Thanks

Twister
 
View user's profile Send private message
daemon
Worker
Worker


Joined: Jan 07, 2005
Posts: 163

PostPosted: Tue Apr 11, 2006 2:59 am Reply with quote

there is no question you should be using rn76 Smile

check this out
Only registered users can see links on this board! Get registered or login!
 
View user's profile Send private message Visit poster's website AIM Address
twister
PostPosted: Wed Apr 12, 2006 2:44 pm Reply with quote

Guys i have found out how i was hacked, i can only assume using the bugs in 7.8 the managed to upload a trojan onto our site, which gave them virtual shell access to our server.

Keep an eye open for two files

VB_hack.php
log.php

both files are approx 159k in size the are a shell program called c99shell, do a google search and you will find out all about them.

Can i advise others to look out for these files if they are getting hacked continusly.

Twister
 
evaders99
Former Moderator in Good Standing


Joined: Apr 30, 2004
Posts: 3221

PostPosted: Thu Apr 13, 2006 1:34 am Reply with quote

Well figuring out what they uploaded is a good step, but figuring out how they got in is more critical. Use access logs to determine what files they accessed and what vulnerabilities they've used

Was your site Patched? And using Sentinel?

_________________
- Only registered users can see links on this board! Get registered or login! -

Need help? Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Visit poster's website
twister
PostPosted: Thu Apr 13, 2006 8:10 am Reply with quote

I had patched it and added sentinel, but the trojan was still in place after i had patched it, so they were still able to get in. I am downgrading to 7.6 today and have removed all of the files that the hackers loaded, i will open my site back up tonight and hopefully that will be the end of it.

Twister
 
daemon
PostPosted: Thu Apr 13, 2006 1:31 pm Reply with quote

rn76?
 
twister
PostPosted: Thu Apr 13, 2006 2:55 pm Reply with quote

No it was a heavily modded version of 7.8

I did how ever make sure i updated all of the modules that had security problems, so my initial problem could have been a rouge module not just phpnuke 7.8

So today i have downgraded my site to rn76 with sentinel working and updated all my modules, re inserted all my edits to language files etc.

I am at last happy that my site is more secure.

The update was easy to do, took some time but went along without any hitches.

Thanks raven for the hard work you have done with this package and i will be making my contribution for rn7.6 well worth it.

Twister
 
Guardian2003
Site Admin


Joined: Aug 28, 2003
Posts: 6793
Location: Ha Noi, Viet Nam

PostPosted: Thu Apr 13, 2006 3:51 pm Reply with quote

twister - was this a virgin 7.8 install you were using or had you installed any additional modules such as file upload mods, chat mods, gallery mods etc?
 
View user's profile Send private message Send e-mail
Display posts from previous:       
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Ravens PHP Scripts And Web Hosting Forum Index -> Raven's RavenNuke(tm) v2.00.00 - v2.02.00 Distro

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©