Currently, it's suspended until I can coordinate with my webhost to be available to disable the site through Sentinel and find the problem.
This is a fully patched 7.6 version of nuke, with Raven Sentinel installed, and Forums are current up through .18
My webhost just emailed me to let me know that it had to be suspended because a script had been used to make phpnuke send out over 25,000 emails in the last 24 hours.
Do you know what could cause this ? What should I look for when my site is activated again ?
I would ask how to prevent this in the future, but not knowing exactly what was done, I guess I will have to wait.
-----
On a side not, maybe related, maybe not. My gt-nextgen suddenly stopped working about 2 weeks ago with no site changes. Also, I have a story database that allows users to upload text stories (Fictioneer module) which has not been acting properly either. Uses can submit the first chapter, but not subsequent chapters. As an admin, I can add any.
Also, there was a folder in the stories folder, which contains usernames folders with the chapters they uploaded, that I could not delete. The user folders were something like 1234567890 and ___________________
I don't know if thats even related to the latest issues, but thats all the info I have at this time.
******
EDIT: I just found out my site was upgraded from PHP 4.3.11 to 4.4.1, so that may possibly be the cause of the latter. If so, I am clueless whats changed and how to rework.
Currently, it's suspended until I can coordinate with my webhost to be available to disable the site through Sentinel and find the problem.
This is a fully patched 7.6 version of nuke, with Raven Sentinel installed, and Forums are current up through .18
My webhost just emailed me to let me know that it had to be suspended because a script had been used to make phpnuke send out over 25,000 emails in the last 24 hours.
Do you know what could cause this ? What should I look for when my site is activated again ?
I would ask how to prevent this in the future, but not knowing exactly what was done, I guess I will have to wait.
You might want to investigate this thread...
Only registered users can see links on this board! Get registered or login to the forums!
Do you have a working update ? I currently use Ravens php 7.6 package.
How would I find out whether the exploit was indeed done through the feedback, recommend us module ?
--------------
I just accessed my site and found one blocked IP for script abuse. They uploaded something supposedly as a story, but it had script. It had a lot of red and green commands. This site would not let me repost it or PM it.
Would anyone care to have at look at the abuse email I got ? Also, is it possible the script hack happened, blocked the IP, but the damage was done and allowed emails to go out ?
In my modules folder, I found the following and deleted them:
dark.php
drk.php
inc.php
mmm-dont.php (script title: Spammer r3l04d3d by cyb3rc0d3r )
All seemd to be bad files.
I run SPChat on the site, and also, the primary thing on my site is a fanfiction database which allows users to upload stories as text files with minimal html like <center>
Any ideas on what to do ? or how this happened ?
Also, I have a folder in my stories folder named: 12345678910111213
I cannot delete this folder for some reason. This stories folder contains site users folders who upload stories, and their text for each chapter.
Also, are any passwords compromised, and if so, what do I need to do to secure ?
SPChat has a hole in that allows remote files to be uploaded. Thats where you got attacked. I would suggest turning it off and change all your admin passwords, and your db password.
What it does is take general info like title, username, summary, and also saves a .txt file in that users folder. Could this be a possible way for this to happen ?
If so, my popular site is in major trouble, as the fanfiction database is the only reason anyone goes to it.
Referring to my database password, do you mean the one listed in my config.php ?
Joined: Aug 28, 2003 Posts: 6373 Location: Vsetin, Czech Republic
Posted:
Wed Jan 04, 2006 3:30 pm
giantmidget wrote:
What about Fictioneer ? Is that a possible hole ?
What it does is take general info like title, username, summary, and also saves a .txt file in that users folder. Could this be a possible way for this to happen ?
If so, my popular site is in major trouble, as the fanfiction database is the only reason anyone goes to it.
It is certainly possible as a quick check of the files reveals there is no real checking of what is submitted but I'm only aware there was a problem with V1.0 - I cannot remember what the exact issue was with it.
I recieved one abuse report, but I am not sure it was a script hack, but possibly someone trying to put up a flashy story title.
The script was:
Script created by Lefteris Haritou
(lef@the.forthnet.gr)
Permission granted to Dynamicdrive.com to feature the script
For more DHTML scripts, visit Dynamicdrive.com
and the messages put in the script were title, summary, etc.
ow, with the spchat exploit, would that get by Sentinel ?
View next topic View previous topic
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
![[Valid RSS]](http://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
:: 
::
