Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Ravens PHP Scripts And Web Hosting Forum Index -> phpnuke 7.8
Author Message
shotokan
Worker
Worker



Joined: Aug 27, 2006
Posts: 172

PostPosted: Sat May 12, 2007 7:40 pm Reply with quote

I just had my site hacked by someone that added a HTML ref into the forums configuration field where my site description goes.

He removed the description content and added the html ref there forwarind to his hack website.

I use nuke 7.8 patched 3.3

How did he can actually alter a content inside the database? What is the best way to prevent this? Installing Sentinel?

_________________
Shotokan 
View user's profile Send private message
floppydrivez
Involved
Involved



Joined: Feb 26, 2006
Posts: 340
Location: Jackson, Mississippi

PostPosted: Sat May 12, 2007 8:22 pm Reply with quote

Sorry to hear that shotokan. Yes sentinel should be your last line of defense and the first step in restoring your site to a secure operating standpoint. No site should be without sentinel in my opinion.

_________________
Phpnuke Downloads, Clan Themes, Mack Hankins 
View user's profile Send private message Send e-mail Visit poster's website AIM Address Yahoo Messenger MSN Messenger
fkelly
Former Moderator in Good Standing



Joined: Aug 30, 2005
Posts: 3312
Location: near Albany NY

PostPosted: Sat May 12, 2007 8:27 pm Reply with quote

1st I'd look at basic host security issues, like could anyone have compromised your host account, passwords, ftp accounts and the like. That varies by host and by your security procedures, whether you use the same passwords in a bunch of places etc.

Second, Nuke 7.8 has a lot of known security vulnerabilities. Sentinel protects against a lot of them but it can't fix up all the holes. This is especially true if you have 3rd party modules that have vulnerabilities built in.

You need to look at your logs and change passwords and make sure the hackers don't retain access to your tables. Otherwise anything else you would do could very well be spitting into the wind.

Then you might look at RN 2.10.01 which comes with Sentinel built in. But if the hacker has access to your host or your author's table or anything else on your system you really need to determine and eliminate this first.
 
View user's profile Send private message Visit poster's website
floppydrivez







PostPosted: Sat May 12, 2007 8:31 pm Reply with quote

fkelly, that seems a little rehearsed, maybe as if you have said that before.

On a serious note, (I honestly haven't looked to see if it exist already), but that would make a decent sticky for others.
 
Display posts from previous:       
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Ravens PHP Scripts And Web Hosting Forum Index -> phpnuke 7.8

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©