Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> General/Other Stuff
Author Message
dholt
Regular
Regular


Joined: Nov 21, 2005
Posts: 67

PostPosted: Tue Apr 11, 2006 10:04 pm Reply with quote

I can get into admin but not my home page. Only registered users can see links on this board! Get registered or login!

I really need some help on fixing this
Thanks in advance

Ok I was Hacked

In the browser window it is saying I was hacked by PILOT

How did he get into my index.php file
<HTML><HEAD><TITLE>::[Hacked by PilOT[B]inGoEnG]::</TITLE>
 
View user's profile Send private message
kguske
Site Admin


Joined: Jun 04, 2004
Posts: 6383

PostPosted: Wed Apr 12, 2006 4:34 am Reply with quote

Are you running NukeSentinel? If so, do you have Admin Auth turned on?

There are several "what do I" guides about recovered from an attack. Have you seen any of them?

Are you running any scripts that allow files to be uploaded? Some of these do not protect you fully and some do not use standard Nuke techniques for accessing the data, thus NukeSentinel can not protect them.

Finally, check to see if any files have been modified. That specific change could be in the theme, a header.php, the index.php, etc.

_________________
I google, therefore I exist...
Only registered users can see links on this board! Get registered or login!
 
View user's profile Send private message
dholt
PostPosted: Wed Apr 12, 2006 7:53 am Reply with quote

I copied another index.php file from ravens nuke 7.6 to the root of my site and deleted the changed index.php file that was hacked in the root of my site. this fixed the problem everything else is working good. yeas sentinal is turned on and activated. as is says in the readme


I need to remove my index php file out of my root of my site. the site is in a subdomain. but what is to provent them from changing somethig else I changed all ftp password cpanal log in,s I need advise here on what to do.
 
technocrat
Life Cycles Becoming CPU Cycles


Joined: Jul 07, 2005
Posts: 511

PostPosted: Wed Apr 12, 2006 9:21 am Reply with quote

If files are changed then they had gained access to your server either through the server its self or an exploit that allowed them to run a command. Either way they may have damaged more than just the index.php

Were you running SPChat, vWar, or the coppermine module?

_________________
Only registered users can see links on this board! Get registered or login!
Only registered users can see links on this board! Get registered or login! / Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message
dholt
PostPosted: Wed Apr 12, 2006 11:07 am Reply with quote

None
Squery and I edit the php.ini file as was told to do as I got a e-mail from them saying that there is a hole.

I wish this month’s news letter was a bit more upbeat, but since the latest php update there has been a breach in the SQuery Module allowing hackers to gain entrance into a website's admin area.
Not to worry, we are working on a solution at this time.

One thing that has stopped this has been to set the Register_Globals to OFF in your PHP.ini file in the ROOT of your website

I have done this but it still does not explain how that got in my root.

I have changed all passwords to cpanel and FTP programs and so on.


Not sure what else I can do.
 
Raven
Site Admin/Owner


Joined: Aug 27, 2002
Posts: 17086

PostPosted: Fri Apr 14, 2006 11:04 am Reply with quote

SQuery is the problem - not PHP.
 
View user's profile Send private message
montego
Site Admin


Joined: Aug 29, 2004
Posts: 9456
Location: Arizona

PostPosted: Fri Apr 14, 2006 12:31 pm Reply with quote

Ah, ok, I wasn't sure what "SQuery" was and was thinking it might have been tied into PHP somehow. Thanks!

_________________
Only registered users can see links on this board! Get registered or login!
Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Visit poster's website
diveanx
New Member
New Member


Joined: Sep 09, 2003
Posts: 9

PostPosted: Fri May 12, 2006 3:54 pm Reply with quote

Okay I notice that youa re running Vwar. There is an exploit out agasint Vwar as well.

I have fixed several clan sites that were running Vwar and had not upgraded.

The upgrade is pretty straight forward and easy if you ahve not done it but you have to do it like any other upgrade and that is go from one version to the next in progression
 
View user's profile Send private message
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> General/Other Stuff

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©