| Author |
Message |
glidergirl
Hangin' Around
Joined: Feb 28, 2004
Posts: 35
Location: Kentucky
|
 Posted:
Thu May 20, 2004 10:53 pm |
 
|
All they did was replace my opening message to this:
<h1> hahuahuahuha Admin Lammer !!!!!!!
hahuahuahuha Admin Lammer !!!!!!!hahuahuahuha Admin Lammer !!!!!!!hahuahuahuha Admin Lammer !!!!!!!hahuahuahuha Admin Lammer !!!!!!!hahuahuahuha Admin Lammer !!!!!!!hahuahuahuha Admin Lammer !!!!!!!hahuahuahuha Admin Lammer !!!!!!!hahuahuahuha Admin Lammer !!!!!!!hahuahuahuha Admin Lammer !!!!!!!hahuahuahuha Admin Lammer !!!!!!!hahuahuahuha Admin Lammer !!!!!!!hahuahuahuha Admin Lammer !!!!!!!hahuahuahuha Admin Lammer !!!!!!!hahuahuahuha Admin Lammer !!!!!!!hahuahuahuha Admin Lammer !!!!!!!hahuahuahuha Admin Lammer !!!!!!!hahuahuahuha Admin Lammer !!!!!!!hahuahuahuha Admin Lammer !!!!!!!hahuahuahuha Admin Lammer !!!!!!!hahuahuahuha Admin Lammer !!!!!!!hahuahuahuha Admin Lammer !!!!!!!hahuahuahuha Admin Lammer !!!!!!!hahuahuahuha Admin Lammer !!!!!!!hahuahuahuha Admin Lammer !!!!!!!hahuahuahuha Admin Lammer !!!!!!!hahuahuahuha Admin Lammer !!!!!!!hahuahuahuha Admin Lammer !!!!!!!hahuahuahuha Admin Lammer !!!!!!!hahuahuahuha Admin Lammer !!!!!!!hahuahuahuha Admin Lammer !!!!!!!hahuahuahuha Admin Lammer !!!!!!!hahuahuahuha Admin Lammer !!!!!!!hahuahuahuha Admin Lammer !!!!!!!hahuahuahuha Admin Lammer !!!!!!!hahuahuahuha Admin Lammer !!!!!!!hahuahuahuha Admin Lammer !!!!!!!hahuahuahuha Admin Lammer !!!!!!!hahuahuahuha Admin Lammer !!!!!!!hahuahuahuha Admin Lammer !!!!!!!hahuahuahuha Admin Lammer !!!!!!!hahuahuahuha Admin Lammer !!!!!!!hahuahuahuha Admin Lammer !!!!!!!hahuahuahuha Admin Lammer !!!!!!!hahuahuahuha Admin Lammer !!!!!!!hahuahuahuha Admin Lammer !!!!!!!hahuahuahuha Admin Lammer !!!!!!!hahuahuahuha Admin Lammer !!!!!!!hahuahuahuha Admin Lammer !!!!!!!
contact
Wow -- is it really easy to hack this program, or is there something I can do to prevent this happening again?
Raven, I have the hack script, right? I'm just a little perplexed, and want to keep the college students out on summer break from causing havoc to my site! What do I need to do?
Slightly panicked, |
|
|
   
  |
|
glidergirl
Hangin' Around
Joined: Feb 28, 2004
Posts: 35
Location: Kentucky
|
| Posted:
Thu May 20, 2004 11:57 pm |
|
I've been reading here since my initial panic earlier, and it seems like others here have run into this hacker. I just realized he (guess that was sexist -- he or she) has made him/herself a GodAdmin along with me.
How do I ban this set of IPs? (I don't mind banning all 200.xxx.xx for now). How can I do it while the person is a God Admin?
How do I remove this person from BEING a God Admin?
How can I best protect myself from future intrusions, which could be more malicious?
It took a whopping 10 minutes for 5 files to be altered...that I know of.
Any help would be greatly appreciated! |
Last edited by glidergirl on Fri May 21, 2004 12:21 am; edited 1 time in total |
|
|
|
|
chatserv
The Mouse Is Extension Of Arm
Joined: May 02, 2003
Posts: 1396
Location: Puerto Rico
|
| Posted:
Thu May 20, 2004 11:58 pm |
|
Aside from the hack alert script what other security pack do you have? what add-ons do you use at your site? contact your webhost provider and have them send you the site's access.log |
|
|
|
|
|
glidergirl
Hangin' Around
Joined: Feb 28, 2004
Posts: 35
Location: Kentucky
|
| Posted:
Fri May 21, 2004 12:20 am |
|
Raven installed my phpNuke, along with his add-ons. I don't have anything other than that -- coppermine is there, but I've never activated it. The rest is the standard phpNuke. It's a fairly recent release -- 7.3, I think.
My technical know-how is limited (obviously!).
Do I have hacker alert? I'm not really sure. What will the access log tell me that I can't find out from the IP tracking? What am I looking for with the access log? |
|
|
|
|
|
Raven
Site Admin/Owner
Joined: Aug 27, 2002
Posts: 16987
Location: Kansas
|
| Posted:
Fri May 21, 2004 5:36 am |
|
GG,
I replied to your email. email me your login stuff for your site, ftp, and phpmyadmin. Then, rename admin.php to somehting that only you know until I can get to this later this morning. Use phpmyadmin and edit the nuke_authors table to delete any names you do not recognize. |
|
|
|
|
|
Raven
Site Admin/Owner
Joined: Aug 27, 2002
Posts: 16987
Location: Kansas
|
| Posted:
Fri May 21, 2004 8:10 am |
|
I have added the admin.php fix and the mainfile.php fix, and my hackalert script. Those were not installed when you set up your site, otherwise you would never have been hacked. Later today I will add the http auth. addon for an extra level of admin security  |
|
|
|
|
|
glidergirl
Hangin' Around
Joined: Feb 28, 2004
Posts: 35
Location: Kentucky
|
| Posted:
Sat May 22, 2004 9:24 pm |
|
A huge thanks to you, Raven and chatserv, for all the work you do making things secure for us! Thank you! |
|
|
|
|
|
Raven
Site Admin/Owner
Joined: Aug 27, 2002
Posts: 16987
Location: Kansas
|
| Posted:
Sat May 22, 2004 10:03 pm |
|
|
|
|
|
|
|
|
|
![[Valid RSS]](http://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
:: 
::
