| Author |
Message |
morpheus_75
Involved
Joined: Oct 07, 2003
Posts: 302
|
 Posted:
Sun Dec 26, 2004 3:01 pm |
 
|
My site was hacked by a group of Brazilian lamers. They replaced index.php, admin.php and config.php with different files. They also put a index.htm file, so that my home page was changed, displaying their message.
I have phpbb forum 2.0.10 and coppermine. I also have Hackattempt script.
Anyone may suggest how to protect my site? |
|
|
|
|
Raven
Site Admin/Owner
Joined: Aug 27, 2002
Posts: 16987
Location: Kansas
|
| Posted:
Sun Dec 26, 2004 3:41 pm |
|
Get rid of Coppermine. Upgrade phpbb. Install NukeSentinel. |
|
|
  
|
|
Muffin
Client
Joined: Apr 10, 2004
Posts: 649
Location: UK
|
| Posted:
Sun Dec 26, 2004 3:48 pm |
|
Wonder if it's the same bunch of numbskulls that hacked a friends site, they were daft enough to leave a trace back to their own website and it was plastered with posts in their forums and their home page of their 'conquests'
My friend emailed their hosting company, as they were using a free host and they got their account shut down lol
Worth doing the same morpheus. It doesnt stop them but it does suspend their activities for a while. |
|
|
|
|
|
morpheus_75
Involved
Joined: Oct 07, 2003
Posts: 302
|
| Posted:
Sun Dec 26, 2004 4:04 pm |
|
| Raven wrote: | | Get rid of Coppermine. |
But I've just installed it! 
What would you reccommend?
| Raven wrote: | | Upgrade phpbb. |
I have a modded forum. What about changing files manually?
| Raven wrote: | | Install NukeSentinel. |
Is it hard to install?
P.S.: tnx for your adivce, Muffin!  |
|
|
|
|
|
Muffin
Client
Joined: Apr 10, 2004
Posts: 649
Location: UK
|
| Posted:
Sun Dec 26, 2004 4:08 pm |
|
It's dead easy to install morpheus, if I can do it anyone can lol |
|
|
|
|
|
morpheus_75
Involved
Joined: Oct 07, 2003
Posts: 302
|
| Posted:
Sun Dec 26, 2004 6:50 pm |
|
Ok, I'll try to install Sentinel!
I have a few questions I hope someone (Raven?) may answer:
1) If I install Sentinel, do I have to remove Hackattempt script? If it is so, how?
2) Why should I get rid of coppermine?
3) Is it possible to make manual changes to phpbb 2.0.10?
Thank u in advance |
|
|
|
|
|
Raven
Site Admin/Owner
Joined: Aug 27, 2002
Posts: 16987
Location: Kansas
|
| Posted:
Sun Dec 26, 2004 7:52 pm |
|
Coppermine (nuke) is one of the easiest ways to get hacked. This has been documented many times. The upload has major exploits.
Remove HackAttempt by removing the code in mainfile.php.
Check with ChatServ on the manual upgrade of phpbb. He may have more information. |
|
|
|
|
|
morpheus_75
Involved
Joined: Oct 07, 2003
Posts: 302
|
| Posted:
Mon Dec 27, 2004 6:36 am |
|
Thanks, Raven! What version of Sentinel would you reccommend? Is it diffocult to configure? |
|
|
|
|
|
Raven
Site Admin/Owner
Joined: Aug 27, 2002
Posts: 16987
Location: Kansas
|
| Posted:
Mon Dec 27, 2004 6:45 am |
|
v2.1.2b, the latest. I wouldn't say it was difficult, but it is powerful so it involves several steps. Refer to the Guide and the FAQ available on my home page. |
|
|
|
|
|
morpheus_75
Involved
Joined: Oct 07, 2003
Posts: 302
|
| Posted:
Mon Dec 27, 2004 7:00 am |
|
THANK YOU! |
|
|
|
|
|
morpheus_75
Involved
Joined: Oct 07, 2003
Posts: 302
|
| Posted:
Wed Dec 29, 2004 3:39 am |
|
AGAIN! My site was defaced with SENTINEL ON!!
I checked through my ftp and found an index.html file with the defacement message. This time though they didn't replace index.php, admin.php and config.php, but only added that file. Is it Sentinel that blocked the hackers? If this is the case, why Sentinel didn't track any hack attempt?
Thank u
EDIT: when I installed Sentinel I didn't modify my .htaccess file... maybe this the reason why Sentinel isn't working properly? or could there be configuration problems? |
|
|
|
|
|
morpheus_75
Involved
Joined: Oct 07, 2003
Posts: 302
|
| Posted:
Wed Dec 29, 2004 5:03 am |
|
The hacker wrote me an email!! :-O He explained how he hacked my site.
Basically he entered my server through Coppermine, theme.php.
He also told me the script he used to enter my server. I do not enclose it here, because I don't want to spread this information.
Is there any patch for this?
Why Sentinel didn't block this guy? |
|
|
|
|
|
Raven
Site Admin/Owner
Joined: Aug 27, 2002
Posts: 16987
Location: Kansas
|
| Posted:
Wed Dec 29, 2004 7:37 am |
|
NukeSentinel cannot block holes in 3rd party software. I told you back on 12/26 that Coppermine was your problem. |
|
|
|
|
|
morpheus_75
Involved
Joined: Oct 07, 2003
Posts: 302
|
| Posted:
Wed Dec 29, 2004 8:05 am |
|
| Raven wrote: | | NukeSentinel cannot block holes in 3rd party software. I told you back on 12/26 that Coppermine was your problem. |
Yes, Raven, you're right! The point is that I need a gallery. Which one would you recommend? Thanks |
|
|
|
|
|
Raven
Site Admin/Owner
Joined: Aug 27, 2002
Posts: 16987
Location: Kansas
|
| Posted:
Wed Dec 29, 2004 8:07 am |
|
I don't use any, but Menalto has been mentioned quite often. |
|
|
|
|
|
morpheus_75
Involved
Joined: Oct 07, 2003
Posts: 302
|
| Posted:
Wed Dec 29, 2004 8:47 am |
|
| Raven wrote: | | I don't use any, but Menalto has been mentioned quite often. |
Ok. I think I'll try with Menalto  |
|
|
|
|
|
morpheus_75
Involved
Joined: Oct 07, 2003
Posts: 302
|
| Posted:
Wed Dec 29, 2004 9:32 am |
|
I have another question, Raven.
When I installed Sentinel, I noticed a .htaccess file that I didn't upload to my server because there is already one in my site root. Shall I copy the lines included in that file to the existing one? |
|
|
|
|
|
Raven
Site Admin/Owner
Joined: Aug 27, 2002
Posts: 16987
Location: Kansas
|
| Posted:
Wed Dec 29, 2004 10:20 am |
|
Only if you need to use CGIAuth. If you're able to use NukeSentinel with HTTPAuth then you don't need it. |
|
|
|
|
|
|
|
|
|
![[Valid RSS]](http://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
:: 
::
