Hacked - now what?

23.6. Hacked - now what?

Here is an incomplete list of what you can do when you realize that your PHP-Nuke site has been hacked:

  • Check the files on your server against your latest backup to check for any modifications.Tripwire can help you with this task.

  • Reset all admin passwords.

  • Search the logs for the message posting URL, e.g. *admin.php?op=messages , find the perpetrator's IP and notify the person responsible for the network.

  • If using Apache, create "admin" user group, add a new user to this group and create the appropriate .htaccess file (Section 25.4).

  • Limit access to admin.php to a "tight" IP range/subnet.

  • Install the Protector module (Section 8.3.7), which gives you "high level" logs of session activity on your PHP-Nuke site.

  • Re-evaluate the security of installed 3rd party modules/blocks.

See also

Help us make a better PHP-Nuke HOWTO!

Want to contribute to this HOWTO? Have a suggestion or a solution to a problem that was not treated here? Post your comments on my PHP-Nuke Forum!

Chris Karakas, Maintainer PHP-Nuke HOWTO


Site Info v2.2.2

Last SeenLast Seen
  • elnegro
  • FireATST
Server TrafficServer Traffic
  • Total: 376,953,336
  • Today: 15,103
Server InfoServer Info
  • Feb 18, 2019
  • 05:38 am CET