| Author |
Message |
cornishpixie
Regular
Joined: Dec 15, 2008
Posts: 79
|
 Posted:
Tue Feb 17, 2009 6:51 pm |
 
|
I've had my site hacked, parts of the forum deleted and then several modules deactivated.
| Quote: | Created By: NukeSentinel(tm) 2.6.01
Date & Time: 2009-02-17 10:36:02 UTC GMT +0000
Blocked IP: 203.130.236.211
User ID: Anonymous (1)
Reason: Abuse-Filter
--------------------
Referer: none
User Agent: libwww-perl/5.805
HTTP Host:
Script Name: /main/modules.php
Query String: name=News&file=removed
Post String: Not Available
Forwarded For: none
Client IP: none
Remote Address: 203.130.236.211
Remote Port: 36367
Request Method: GET |
Now I've put everything right but now can't turn on Admin Auth in Sentinel.
The .htaccess file is chmod 777 (is that right?) but all there is in the box to turn AA on is: Off and Admin CGIAuth. No option to turn it on, and the path in the box below that is correct to the .htaccess file.
Can someone advise please? thanks |
|
|
|
|
evaders99
Former Moderator in Good Standing
Joined: Apr 30, 2004
Posts: 3221
|
| Posted:
Tue Feb 17, 2009 8:40 pm |
|
This was a hack against RavenNuke 2.30.00? Was this within an old addon or something different? Please send me the details
I don't know what's missing from Admin Auth, but yes.. it should be chmod 777 |
|
|
|
|
Raven
Site Admin/Owner
Joined: Aug 27, 2002
Posts: 16976
Location: Kansas
|
| Posted:
Tue Feb 17, 2009 9:00 pm |
|
Everyone needs to do this!
Please immediately download and replace the following file:
Download ->
Unzip captcha.zip
Replace ->/images/captcha.php |
Last edited by Raven on Tue Feb 17, 2009 9:27 pm; edited 1 time in total |
|
 
|
|
evaders99
Former Moderator in Good Standing
Joined: Apr 30, 2004
Posts: 3221
|
| Posted:
Tue Feb 17, 2009 9:11 pm |
|
Raven, your link is processing it as a .php file 
May need to zip it up or rename |
|
|
|
|
|
Palbin
Site Admin
Joined: Mar 30, 2006
Posts: 2408
Location: Pennsylvania
|
| Posted:
Tue Feb 17, 2009 9:18 pm |
|
|
|
|
|
spasticdonkey
RavenNuke(tm) Development Team
Joined: Dec 02, 2006
Posts: 1254
Location: Texas, USA
|
| Posted:
Tue Feb 17, 2009 9:20 pm |
|
just displays an error message in the downloaded php file |
|
|
|
|
|
Palbin
Site Admin
Joined: Mar 30, 2006
Posts: 2408
Location: Pennsylvania
|
| Posted:
Tue Feb 17, 2009 9:22 pm |
|
You are correct  I see what Evadors99 is talking about now. |
|
|
|
|
|
Raven
Site Admin/Owner
Joined: Aug 27, 2002
Posts: 16976
Location: Kansas
|
| Posted:
Tue Feb 17, 2009 9:28 pm |
|
I have corrected the file name/link. |
|
|
|
|
|
dad7732
RavenNuke(tm) Development Team
Joined: Mar 18, 2007
Posts: 1174
|
| Posted:
Tue Feb 17, 2009 10:14 pm |
|
Thanks for the fix, all my production domains contain the new file now.
Cheers |
|
|
|
|
|
dad7732
RavenNuke(tm) Development Team
Joined: Mar 18, 2007
Posts: 1174
|
| Posted:
Tue Feb 17, 2009 10:27 pm |
|
Perhaps you need to uncomment the section in .htaccess under:
# Start of NukeSentinel(tm) admin.php Auth |
Last edited by dad7732 on Tue Feb 17, 2009 10:28 pm; edited 1 time in total |
|
|
|
|
cornishpixie
Regular
Joined: Dec 15, 2008
Posts: 79
|
| Posted:
Tue Feb 17, 2009 10:28 pm |
|
Thanks for that.
evaders99 I just have the straight RavenNuke 2.30.00 with no addons, extras or mods.
Still not able to put Admin Auth to ON, there's nothing there to do so.
I'll pm you my site details so you can check it if you like. Can't understand it. |
|
|
|
|
|
dad7732
RavenNuke(tm) Development Team
Joined: Mar 18, 2007
Posts: 1174
|
| Posted:
Tue Feb 17, 2009 10:30 pm |
|
Re: turning adminAuth on / off
You running PHP 4? If so, check out the setting for "register_globals" ... off or on? |
|
|
|
|
|
cornishpixie
Regular
Joined: Dec 15, 2008
Posts: 79
|
| Posted:
Tue Feb 17, 2009 10:34 pm |
|
Sorry where would I find that?
Heads spinning a bit at the moment after sorting the site out. Sorry.
PHP 5.2.5 |
|
|
|
|
|
Raven
Site Admin/Owner
Joined: Aug 27, 2002
Posts: 16976
Location: Kansas
|
| Posted:
Tue Feb 17, 2009 10:46 pm |
|
| cornishpixie wrote: | Thanks for that.
evaders99 I just have the straight RavenNuke 2.30.00 with no addons, extras or mods.
Still not able to put Admin Auth to ON, there's nothing there to do so.
I'll pm you my site details so you can check it if you like. Can't understand it. |
Do you see HTTP Auth instead of CGI Auth? |
|
|
|
|
|
cornishpixie
Regular
Joined: Dec 15, 2008
Posts: 79
|
| Posted:
Tue Feb 17, 2009 10:59 pm |
|
All it says in the Admin Auth drop down box is OFF or Admin CGIAuth
Yet the path to the file is correct. There's no ON option in the box. The file .htaccess is chmodded 777 and I've just redownloaded RavenNuke 2.3.00 again and uploaded the .htaccess file again. Still doesnt show in the box.
Earlier I uncommented
# Start of NukeSentinel(tm) admin.php Auth as dad7732 suggested and got an internal server error, so hence downloading new file and reuploading it. |
|
|
|
|
|
Raven
Site Admin/Owner
Joined: Aug 27, 2002
Posts: 16976
Location: Kansas
|
| Posted:
Tue Feb 17, 2009 11:05 pm |
|
Admin CGIAuth is what you want. It is dependent on .htaccess and .staccess. There is an exact procedure to creating the ids and passwords that go into the .staccess file. Have you followed the instructions in the HowToInstall guide? I don't mean that as an insult!
Also, that line you uncommented is just a comment and the 500 error you received is the result of a syntax error in .htaccess since Apache had no idea what it meant  |
|
|
|
|
|
cornishpixie
Regular
Joined: Dec 15, 2008
Posts: 79
|
| Posted:
Tue Feb 17, 2009 11:09 pm |
|
I didnt take it as an insult Raven. It's 5am here and been trying to get the site working since 11pm. lol So I'm a bit fuzzy at the moment.
OK I'll switch to CGIAuth. I did read the instructions when I installed the site last year, and it's been fine til it was hacked tonight. But will change to CGIAuth now.
I'll read the install instructions again, as I will need to add something to .staccess file I think? |
|
|
|
|
|
Raven
Site Admin/Owner
Joined: Aug 27, 2002
Posts: 16976
Location: Kansas
|
| Posted:
Tue Feb 17, 2009 11:14 pm |
|
Yes, it's all in there. Tell you what. PM to me the following information and I'll set it up.
Site url, adminid, passwd
ftp url, id, passwd
phpmyAdmin url, id, passwd
The reason I need/want all that information is because I want to be sure that the buttwipe didn't leave any other back doors
I am so very, very, very, sorry for the damage that was done through the hole in RN. |
|
|
|
|
|
cornishpixie
Regular
Joined: Dec 15, 2008
Posts: 79
|
| Posted:
Tue Feb 17, 2009 11:30 pm |
|
Sorry Raven was doing the CGIAuth thingie.
Ok will pm you the info now, thank you so much, I'm really tired at the moment. |
|
|
|
|
|
cornishpixie
Regular
Joined: Dec 15, 2008
Posts: 79
|
| Posted:
Tue Feb 17, 2009 11:46 pm |
|
All info pm'd Raven. Thanks for your help.
Off to bed now as it's 5.45AM here. Will check back here around 11AM my time.
Good luck. Hope he's not done much damage.
Raven it's not your fault, its such a complex piece of software, and you all do such a great job that someone somewhere is bound to want to challenge your skills. The price of fame eh? lol
Nite my friend. |
|
|
|
|
|
evaders99
Former Moderator in Good Standing
Joined: Apr 30, 2004
Posts: 3221
|
| Posted:
Wed Feb 18, 2009 12:43 am |
|
If you're sure this hack is due to vulnerable spot (time matches with log, code was executed, etc), then no need to message me. Seems like Raven has it covered. |
|
|
|
|
|
Raven
Site Admin/Owner
Joined: Aug 27, 2002
Posts: 16976
Location: Kansas
|
| Posted:
Wed Feb 18, 2009 1:09 am |
|
All should be well now. I will PM you back your information. |
|
|
|
|
|
dad7732
RavenNuke(tm) Development Team
Joined: Mar 18, 2007
Posts: 1174
|
| Posted:
Wed Feb 18, 2009 6:24 am |
|
Just as a matter of record ...
| Quote: | Earlier I uncommented
# Start of NukeSentinel(tm) admin.php Auth |
What I said was to uncommment the lines AFTER that entry.
Cheers |
|
|
|
|
|
cornishpixie
Regular
Joined: Dec 15, 2008
Posts: 79
|
| Posted:
Wed Feb 18, 2009 6:28 am |
|
LOL Sorry dad7732.
I was half asleep last night, it was 6am UK time and I'd been trying to sort it out since 11pm, so my brain wasn't engaging properly.
Thank you to Raven, for getting it all up and running again for me, you are a STAR!!!!
Went onto my 50+ website for the silver surfers and the forum on there had been hacked. Thankfully I use the forum on RavenNuke on that site as a support forum, and link to an 'external' phpbb3 forum to the main site, so its on a seperate database, which is good cos they only managed to wipe half the forum on there and couldnt touch the main site.
So will be busy today getting that forum up and running again.
I have no idea why kids do this kind of thing. If they put that much energy into something constructive what a great place the world would be eh?
Thank you again everyone! Much much appreciated, and sorry if I was a bit doh! last night, was lack of sleep lol |
|
|
|
|
|
dad7732
RavenNuke(tm) Development Team
Joined: Mar 18, 2007
Posts: 1174
|
| Posted:
Wed Feb 18, 2009 6:40 am |
|
| Quote: | | I have no idea why kids do this kind of thing. |
Because they can ... Also, the challenge.
Cheers and good luck!!
 |
|
|
|
|
|
|
|
|
|
![[Valid RSS]](http://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
:: 
::
