Login or Register  • Home • Downloads • Your Account • Forums •

Forum FAQ  •  Search  •  Memberlist  •  Usergroups  •  Profile  •  Log in to check your private messages  •  Log in HACKED - TWO OF MY SITES WERE TODAY Goto page 1, 2  Next View next topic View previous topic   Web RavenPHPScripts (This Site)      Ravens PHP Scripts And Web Hosting Forum Index » phpnuke 7.6 Author Message mrix Client Joined: Dec 04, 2004 Posts: 757 Posted: Tue Apr 04, 2006 10:57 am Hello all, two of my sites were hacked today and left this message Defaced By D.O.M domteam.info HEy Just Remember Jesus Love You! I have everything up to date as far as I know and havnt been hacked in over a year now any idea`s Cheers mrix hitwalker Sells PC To Pay For Divorce Joined: Posts: 5661 Posted: Tue Apr 04, 2006 12:19 pm yeah well known..has a lot of victims... no sentinel? Raven Site Admin/Owner Joined: Aug 27, 2002 Posts: 16987 Location: Kansas Posted: Tue Apr 04, 2006 12:29 pm NukeSentinel(tm) installed and configured? Any photo galleries which all have known exploits? Forums up to date (v2.0.19) with all patches? Nuke up to date with all patches? panda Hangin' Around Joined: May 09, 2004 Posts: 32 Posted: Tue Apr 04, 2006 12:38 pm Hi mine got done as well, I am upto date on my Forums & Sentinel Gallery i am using is coppermine the newest one. Is there anyway to sort this out ? Thanks Panda Raven Site Admin/Owner Joined: Aug 27, 2002 Posts: 16987 Location: Kansas Posted: Tue Apr 04, 2006 12:54 pm Review your access logs to see how they got in. I would suspect Coppermine right off the bat. panda Hangin' Around Joined: May 09, 2004 Posts: 32 Posted: Tue Apr 04, 2006 1:12 pm Access logs are huge !! what should i be looking for ? !! nothing is standing out !! panda Hangin' Around Joined: May 09, 2004 Posts: 32 Posted: Tue Apr 04, 2006 1:51 pm Does this look line anything dodgy ?!! EDIT !! Last edited by panda on Tue Apr 04, 2006 3:08 pm; edited 1 time in total kenwood Worker Joined: May 18, 2005 Posts: 119 Location: SVCDPlaza Posted: Tue Apr 04, 2006 2:21 pm Thats a nice script but je better strip the link out . And yes there is your bug in your site panda Hangin' Around Joined: May 09, 2004 Posts: 32 Posted: Tue Apr 04, 2006 3:08 pm I know there is a bug in my site !! mrix Client Joined: Dec 04, 2004 Posts: 757 Posted: Tue Apr 04, 2006 3:24 pm Both my sites have the latest sentinal and updates patches and the latest forum patches I did find that I was using the vwar clan install on one of my sites and that has just had issues I have updated that and hope that fixed it???? Raven is it possible you could look at my logs as I am lost with them Thanks mrix Michael Rixon Only registered users can see links on this board! Get registered or login to the forums! the site that has vwar running is this one Only registered users can see links on this board! Get registered or login to the forums! kenwood Worker Joined: May 18, 2005 Posts: 119 Location: SVCDPlaza Posted: Tue Apr 04, 2006 3:29 pm panda wrote: I know there is a bug in my site !! Vwar is the bug panda its not secure . mrix Client Joined: Dec 04, 2004 Posts: 757 Posted: Tue Apr 04, 2006 3:36 pm I have gone to the vwar site and have updated it with the new functions_install.php they suggest would you say this is secure? thanks mrix panda Hangin' Around Joined: May 09, 2004 Posts: 32 Posted: Tue Apr 04, 2006 3:40 pm Mrix, how did you sort your site out ? Thanks Andy Raven Site Admin/Owner Joined: Aug 27, 2002 Posts: 16987 Location: Kansas Posted: Tue Apr 04, 2006 3:45 pm Check Only registered users can see links on this board! Get registered or login to the forums! for 2 days of huge announced exploits with vwar. If you use sQuery, search your logs for sQuery. That's how many sites are being cracked right now. The kiddies are doing searches on Google for things like squery+4.5 to locate vulnerable sites. kenwood Worker Joined: May 18, 2005 Posts: 119 Location: SVCDPlaza Posted: Tue Apr 04, 2006 3:47 pm This site Only registered users can see links on this board! Get registered or login to the forums! is not secure mrix panda Hangin' Around Joined: May 09, 2004 Posts: 32 Posted: Tue Apr 04, 2006 3:57 pm I have loads of lines like this one edit from ip address 84.51.41.166 are these lot from Turkey ? Also how do i correct it ? Many Thanks Andy Last edited by panda on Tue Apr 04, 2006 4:00 pm; edited 1 time in total kenwood Worker Joined: May 18, 2005 Posts: 119 Location: SVCDPlaza Posted: Tue Apr 04, 2006 4:00 pm a solution i dont now panda but please edit the link and read Only registered users can see links on this board! Get registered or login to the forums! Raven Site Admin/Owner Joined: Aug 27, 2002 Posts: 16987 Location: Kansas Posted: Tue Apr 04, 2006 4:14 pm Ban Turkey completely from your site. See Only registered users can see links on this board! Get registered or login to the forums! Only registered users can see links on this board! Get registered or login to the forums! VinDSL Life Cycles Becoming CPU Cycles Joined: Jul 11, 2004 Posts: 617 Location: Arizona (USA) Admin: NukeCops.com Admin: Disipal Designs Admin: Lenon.com Posted: Tue Apr 04, 2006 4:25 pm panda wrote: Access logs are huge !! what should i be looking for ? !! nothing is standing out !! Probably a sql injection... Do a search for 'nuke_config' too. Last edited by VinDSL on Tue Apr 04, 2006 4:28 pm; edited 1 time in total panda Hangin' Around Joined: May 09, 2004 Posts: 32 Posted: Tue Apr 04, 2006 4:26 pm Cheers i'll being doing that one. Just need to try and correct my Site now !! hitwalker Sells PC To Pay For Divorce Joined: Posts: 5661 Posted: Tue Apr 04, 2006 4:28 pm as i was trying to help panda and the used code couldnt be used in public i send you a pm,would help if you read it and replied. mrix Client Joined: Dec 04, 2004 Posts: 757 Posted: Tue Apr 04, 2006 4:35 pm Quote: Mrix, how did you sort your site out ? Thanks Andy I just uploaded a backup through cpanel and updated the vware thanks mrix evaders99 Former Moderator in Good Standing Joined: Apr 30, 2004 Posts: 3221 Posted: Tue Apr 04, 2006 4:37 pm Good to report whoever's hosting the hacker's website too Only registered users can see links on this board! Get registered or login to the forums! panda Hangin' Around Joined: May 09, 2004 Posts: 32 Posted: Tue Apr 04, 2006 4:38 pm Bugger last backup i did was Jan 06 Crap !! I presume ya mean DB Backup !! Walker you have PM Cheers Andy mrix Client Joined: Dec 04, 2004 Posts: 757 Posted: Tue Apr 04, 2006 4:42 pm I have just noticed at the bottom of my htaccess file these added???? deny from 86.16.61.105 deny from 202.149.36.158 deny from 80.74.199.146 deny from 87.82.20.199 anyone have any idea who they are??? cheers mrix Display posts from previous:   All Posts1 Day7 Days2 Weeks1 Month3 Months6 Months1 Year  Oldest FirstNewest First        Ravens PHP Scripts And Web Hosting Forum Index » phpnuke 7.6 Goto page 1, 2  Next  Jump to:  Select a forum Read Me First!!!----------------Board Rules and Regulations Web Hosting Services----------------RWH GeneralRWH Pre Sale QuestionsRWH Client Center Application OnlyRWH OtherFAQ - PHP5 w/phpSuExec Conversion From PHP4PHP5 Conversion Issues From PHP4 RavenNuke(tm) Programming Standards/Approaches/Philosophy----------------RavenNuke / Raven CMS CMS WikiSecurity IssuesConverting/Creating BlocksConverting/Creating ModulesConverting/Creating ThemesConverting/Creating OtherConverting/Creating General DiscussionCertification - Submit Scripts For RavenNuke(tm) CertificationCertification - Modules, Blocks, Other Scripts/Applications Converted For RavenNuke(tm)Certification - All Discussion RavenNuke(tm) v2.5x----------------RavenNuke(tm) v2.5x RavenNuke(tm) v2.4x----------------v2.4 RN Announcementsv2.4 RN Documentationv2.4 RN Issues RavenNuke(tm) v2.3x----------------v2.3 RN Announcementsv2.3 RN Quick Fixesv2.3 RN Issuesv2.3 RN Documentationv2.3 RN Feedback/Suggestionsv2.30.01 RN Security Issuesv2.30.01 RN New Installation Issuesv2.30.01 RN Upgrade Issuesv2.30.01 RN All Other Issues RavenNuke(tm) v2.2x----------------RN v2.20.00 - AnnouncementsRN v2.20.00 - All IssuesRN v2.20.00 - Feedback RavenNuke(tm) Addons----------------FCKeditor/WYSIWYG IssuesnukeFeed/FeedCreatorForum Attachment ModnukeSEOShortLinks/TegoNukeNukePie/SimplePieeCommerce Site Specific Stuff----------------READ ME FIRSTAnnouncementsRaven's v7.0 Customized DistroHack Attempt ScriptRaven's Customized Distribution PacksBUGS/FIXES - Raven's v7.3 Customized DistroCache Lite Admin ModuleNuke Tool Box (TM)Captcha SecurityRaven's RavenNuke(tm) v1.x DistroRaven's RavenNuke(tm) v2.00.00 - v2.02.00 DistroWYSIWYG - Raven's RavenNuke(tm) v2.x DistroRaven's Collapsing Forums BlockGT - Raven's RavenNuke(tm) v2.x DistroRaven's RavenNuke(tm) v2.02.02 DistroPost Fixes - Raven's RavenNuke(tm) v2.02.02 DistroPublic Testing of RavenNuke(tm) v2.10.00HtAccesserIssues/Problems With This Site Security----------------NukeSentinel(tm) Country and IP2Country UpdatesSecurity - PHP NukeSecurity - OtherNukeSentinel(tm) v2.6.xNukeSentinel(tm) v2.5.xNukeSentinel(tm) v2.4.xNukeSentinel(tm)NukeSentinel(tm) Bug ReportsNukeSentinel(tm) Enhancement RequestsNukeSentinel(tm) AnnouncementsPHP-Nuke Patched Series By Chatserv Information About Forums----------------PHPBBBB2NukePunBB PHP-Portal Project (Not General phpnuke!)----------------AnnouncementsDesign Discussions Scripts - General----------------Bug FixesGeneral/Other StuffHow To'sInstallation HelpPost Installation HelpGT - Next Gen and StandardSeeking applications ...ThemesBlocksModulesMaking Nuke Efficientphpnuke 8.1phpnuke 8.0phpnuke 7.9phpnuke 7.8phpnuke 7.7phpnuke 7.6phpnuke 7.6 Bugs/Fixesphpnuke 7.5phpnuke 7.4phpnuke 7.3phpnuke 7.2phpnuke 7.1phpnuke 7.0phpnuke 6.9phpnuke 6.8Bug Fixes for phpnuke 6.5phpnuke 6.5Gallery/Gallery2CNB Your AccountBrowser Specific IssuesUpgrading NukeNuke Treasury NSN Scripts----------------NSN NewsNSN GroupsNSN OtherNSN Gr Downloads - a.k.a NukeDepositoryNSN NukeProject Other CMS/Portal Applications----------------Post NukeNuke PlatinumNuke Evolution PHPBB----------------Stand Alonew/Nuke 6.5w/Nuke 6.9BBtoNuke ModsBBtoNuke General Programming - Server Help----------------PHPMySQLFor HireApacheHTMLCSSJavaScriptServer Help Guestbook Application (KISGB)----------------KISGB General Support Stock Quote Application (KISSQ)----------------KISSQ General Support RavenNuke(tm) v2.10.01----------------RN v2.10.01 - All IssuesRN v2.10.01 - Feedback RavenNuke(tm) v2.10.00----------------RN AnnouncementsRN FAQRN Bug FixesRN Not BugsRN Documentation Issues/SuggestionsRN Enhancement Requests and SuggestionsRN NSN Groups IssuesRN Themes IssuesRN NukeSentinel(tm) issuesRN Installer/Setup IssuesRN Bug Reports - Other IssuesRN Conversion Issues From v2.02RN Conversion Issues From Standard phpNukeRN The Good, The Bad, The Ugly 6.5 Hacks----------------Old Articles Hack Nuke News Module Hack To Allow Ordering of Articles----------------News Module Hack - AnnouncementsNews Module Hack - BugsNews Module Hack - Enhancement RequestsNews Module Hack - Discussion Other Stuff----------------Other - DiscussionOther - Sites To VisitOther - Chit ChatOther - PoliticsOther - Movie ReviewsOther - Humor Religion----------------Religion - GeneralPrayer/Praise Requests Potpourri----------------Rants & Raves Private----------------Reading - AnnouncementsReading - Digital BooksReading - Hard/Soft cover BooksReading - Digital MagazinesReading - Printed Magazines  View next topic View previous topic You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum Forums ©

All logos and trademarks in this site are property of their respective owner.
The comments are property of their posters, all the rest © 2002-2011 by Raven

You can syndicate our news using the file



Website engines core code is © copyright by PHP-Nuke but has been heavily patched and modified by myself and others.
PHP-Nuke is a free software released under the GNU/GPL.


:: fisubice phpbb2 style by Daz :: PHP-Nuke theme by www.nukemods.com :::: fisubice Theme Modified by the RavenNuke™ Team ::
:: :: ::

zerosum