Hacked - now what?

23.6. Hacked - now what?

Here is an incomplete list of what you can do when you realize that your PHP-Nuke site has been hacked:

  • Check the files on your server against your latest backup to check for any modifications.Tripwire can help you with this task.

  • Reset all admin passwords.

  • Search the logs for the message posting URL, e.g. *admin.php?op=messages , find the perpetrator's IP and notify the person responsible for the network.

  • If using Apache, create "admin" user group, add a new user to this group and create the appropriate .htaccess file (Section 25.4).

  • Limit access to admin.php to a "tight" IP range/subnet.

  • Install the Protector module (Section 8.3.7), which gives you "high level" logs of session activity on your PHP-Nuke site.

  • Re-evaluate the security of installed 3rd party modules/blocks.

See also


Help us make a better PHP-Nuke HOWTO!

Want to contribute to this HOWTO? Have a suggestion or a solution to a problem that was not treated here? Post your comments on my PHP-Nuke Forum!

Chris Karakas, Maintainer PHP-Nuke HOWTO

 

Site Info v2.2.2

Last SeenLast Seen
Server TrafficServer Traffic
  • Total: 343,994,107
  • Today: 51,612
Server InfoServer Info
  • Dec 13, 2017
  • 08:31 pm PST
 
 

Daily Inspiration