Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> RN v2.20.00 - All Issues
Author Message
mrix
Client



Joined: Dec 04, 2004
Posts: 757

PostPosted: Thu Aug 28, 2008 4:19 pm Reply with quote

Hi all, I checked my site out this evening to find all my right blocks had fanished? I havnt updated or changed anything but they just dissapeared ?
Any idea`s all would be much apreciated as I am at a total loss.

I just noticed that my footer was missing also so I checked my footer.php and it basically had thousands of urls in it from sex sites to god knows what else Confused How on earth could this be possible as the file had permissions 644 ????

thanks
mrix
 
View user's profile Send private message Visit poster's website
dad7732
RavenNuke(tm) Development Team



Joined: Mar 18, 2007
Posts: 1242

PostPosted: Thu Aug 28, 2008 7:30 pm Reply with quote

What version of Nuke? Are you running Raven Nuke and what version of Nuke Sentinel?
 
View user's profile Send private message
Gremmie
Former Moderator in Good Standing



Joined: Apr 06, 2006
Posts: 2415
Location: Iowa, USA

PostPosted: Thu Aug 28, 2008 8:14 pm Reply with quote

Check your server logs for any funny business.

_________________
GCalendar - An Event Calendar for PHP-Nuke
Member_Map - A Google Maps Nuke Module 
View user's profile Send private message
mrix







PostPosted: Fri Aug 29, 2008 12:41 am Reply with quote

Hi I am running the latest ravennuke and the very latest sentinal.
I`ll also check my server logs
cheers
mrix
 
jakec
Site Admin



Joined: Feb 06, 2006
Posts: 3048
Location: United Kingdom

PostPosted: Fri Aug 29, 2008 2:03 am Reply with quote

What additional modules are you running?

Is this site hosted with Raven? If it is you might want to let him know so he can look at tracking down the culprit as well.
 
View user's profile Send private message
mrix







PostPosted: Fri Aug 29, 2008 2:52 am Reply with quote

No this site is hosted on a dedicated server ...
my site is here... [ Only registered users can see links on this board! Get registered or login! ]

If a file is 644 can it be changed ? is it possible for some who is not server side to change files like this ?

mrix
 
kguske
Site Admin



Joined: Jun 04, 2004
Posts: 6432

PostPosted: Fri Aug 29, 2008 4:34 am Reply with quote

It shouldn't be possible unless there is an addon with a hole. Which files have 644 permissions?

It's important to check the server log to see how it happened. Are you using admin authentication?

Regarding addons, the teamspeak and NukeTube addons are one possible sources for attacks. Uploaded images can also be used for attacks.

Were any files changed / uploaded?

_________________
I search, therefore I exist...
nukeSEO - nukeFEED - nukePIE - nukeSPAM - nukeWYSIWYG
 
View user's profile Send private message
mrix







PostPosted: Fri Aug 29, 2008 6:16 am Reply with quote

Hi I am using admin authentication in sentinal.
When you explain about site log files is this something I would find in cpanel for the site or on the dedicated server its self?
cheers
mrix
 
Dawg
RavenNuke(tm) Development Team



Joined: Nov 07, 2003
Posts: 928

PostPosted: Fri Aug 29, 2008 6:46 am Reply with quote

IF you are running Teamspeak....I would bet a dime to a dollar that is how they got in. There are well known "Issues" with TS.

Log Files....IF you look in your control panel....There should be a link to your Log Files. Every panel I have ever used has some sort of method of accessing them.

Dawg


Last edited by Dawg on Fri Aug 29, 2008 6:47 am; edited 1 time in total 
View user's profile Send private message
mrix







PostPosted: Fri Aug 29, 2008 6:47 am Reply with quote

I have run this add on for around 3 years on the site with no problems at all Confused
cheers
mrix
 
Dawg







PostPosted: Fri Aug 29, 2008 6:58 am Reply with quote

I ran it for less than 6 mos and got attacked through it. I no longer use TS.

Dawg
 
kguske







PostPosted: Fri Aug 29, 2008 7:26 am Reply with quote

Yes, check your cpanel access log to see if there are attacks on the teamspeak addon (or other types of attacks).
 
Gremmie







PostPosted: Fri Aug 29, 2008 8:09 am Reply with quote

Dawg, are you talking about the actual TS server or some TS nuke block/module?
 
Dawg







PostPosted: Fri Aug 29, 2008 11:56 am Reply with quote

When it happened to me they came in through the TS server. It was a remote injection through the admin panel if I recall correctly. Once in the dbase...they had their way....

Was it TS's fault or the Nuke Modules fault? Heck if I know. I have not reinstalled it to find out.

This was several years ago.

Dawg
 
Gremmie







PostPosted: Fri Aug 29, 2008 1:32 pm Reply with quote

Dawg, that is strange. I know earlier versions of TS had problems, but I think recent versions are much better. Did you have TS configured to share the same database as your Nuke site? By default TS uses SQLite, so even if they got in via the TS admin panel I'm not sure what they could do to my Nuke site.

mrix, it is also possible they mangled your files via a hole in your server, completely unrelated to your site. You'll have to talk to your host about it and look at your logs.

Did they actually modify footer.php or just the footer fields that are in the database?
 
montego
Site Admin



Joined: Aug 29, 2004
Posts: 9457
Location: Arizona

PostPosted: Sun Aug 31, 2008 7:31 am Reply with quote

Quote:

Did they actually modify footer.php or just the footer fields that are in the database?


mrix, very key question... what is the latest?

_________________
Where Do YOU Stand?
HTML Newsletter::ShortLinks::Mailer::Downloads and more... 
View user's profile Send private message Visit poster's website
mac2712
New Member
New Member



Joined: Jan 08, 2006
Posts: 7

PostPosted: Tue Sep 02, 2008 2:03 pm Reply with quote

Hi I have a simillar problem RN2.20 working well, havent changed anything in months. Now right blocks, news header all mising any help would be aprecheated dont know where to start looking?
 
View user's profile Send private message
Guardian2003
Site Admin



Joined: Aug 28, 2003
Posts: 6799
Location: Ha Noi, Viet Nam

PostPosted: Tue Sep 02, 2008 3:02 pm Reply with quote

mac2712 - is this an upgrade from a previous nule installation or a clean, new install.
What additional modules or other stuff have you added?
 
View user's profile Send private message Send e-mail
mac2712







PostPosted: Tue Sep 02, 2008 3:55 pm Reply with quote

Guardian this is an upgrade no additional modules

Just set display_errors = true and found the following
Parse error: syntax error, unexpected T_STRING in themes/fisubice/theme.php(171) : eval()'d code on line 1

Parse error: syntax error, unexpected T_LNUMBER in themes/fisubice/theme.php(307) : eval()'d code on line 1

Parse error: syntax error, unexpected T_LNUMBER in themes/fisubice/theme.php(307) : eval()'d code on line 1

Parse error: syntax error, unexpected T_LNUMBER in themes/fisubice/theme.php(307) : eval()'d code on line 1

Parse error: syntax error, unexpected T_STRING in themes/fisubice/theme.php(178) : eval()'d code on line 1

Has the host changed something ?
 
Guardian2003







PostPosted: Tue Sep 02, 2008 4:06 pm Reply with quote

I edited your post to remove the full server path for safety.
If you have not edited the theme, re upload all the files but make sure your ftp software is set to use BINARY transfer mode though I would normally expect to see those errors due to a typo on an edited file.
 
mac2712







PostPosted: Tue Sep 02, 2008 4:22 pm Reply with quote

Just renamed fisubice and uploaded from the distubution and its the same also uploaded SoftBlue and Sand_Journey. SoftBlue has the same errors Sand_Journey is ok.
 
Guardian2003







PostPosted: Tue Sep 02, 2008 5:48 pm Reply with quote

SoftBlue? I don't recall RavenNuke (tm) having a theme called SoftBlue.
Any way after re reading your post, it is clear that it was working at one time then stopped. Given the nature of the errors I suspect you might be right about the host changing something.
They are possibly preventing the use of PHP's built in eval() function.
You may have to raise this as a support issue with your host.

If they are not prepared to re-enable this built in PHP function then it is possible to recode the theme to do without it but I do not have time right now to do that.
Any of the themes that do not have seperate html files should work but sadly there are not many of them.
 
mac2712







PostPosted: Tue Sep 02, 2008 6:00 pm Reply with quote

I will raise a ticket with my host. As a quick fix I changed the colors in Sand_Journey to make it look like like fisubice.

Thanks for your help Guardian
 
mrix







PostPosted: Wed Sep 03, 2008 1:10 am Reply with quote

The footer.php had hundreds of spam like urls`s in it? I basically uploaded another default file and all was ok...
Unfortunately there is nothing to stop it happening again.
cheers
mrix
 
montego







PostPosted: Wed Sep 03, 2008 6:22 am Reply with quote

You are going to need host help to review the logs to see how they got in.

This can happen in a shared environment if the server is compromised, but if your file permissions are 644 and the file is owned by your user account, they would either have to be root or have compromised your account. I would change all your passwords.

It can also happen through a hole in code somewhere. But, we need to find out where!
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> RN v2.20.00 - All Issues

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©