You are missing our premiere tool bar navigation system! Register and use it for FREE!

NukeCops  
•  Home •  Downloads •  Gallery •  Your Account •  Forums • 
Readme First
- Readme First! -

Read and follow the rules, otherwise your posts will be closed
Modules
· Home
· FAQ
· Buy a Theme
· Advertising
· AvantGo
· Bookmarks
· Columbia
· Community
· Donations
· Downloads
· Feedback
· Forums
· PHP-Nuke HOWTO
· Private Messages
· Search
· Statistics
· Stories Archive
· Submit News
· Surveys
· Theme Gallery
· Top
· Topics
· Your Account
Who's Online
There are currently, 238 guest(s) and 0 member(s) that are online.

You are Anonymous user. You can register for free by clicking here
PHP-Nuke: Alert! Warning to PHP-Nuke Community on Admin Password Cracking
SecurityNuke Cops was recently made aware of a potential threat to the PHP-Nuke community thanks to (with permission) WiredGuru from WiredIndia.com. A new program called PHPNuke Admin Crack available for purchase at http://68.80.20.35/cracka.htm. An analysis of this web page reveals the following information...

The Web page title is: "PhpNuke..."

The Program title is: "PhpNuke 6.0 - 6.5 Admin Cracker"

The page's body is: "A PhpNuke Website cracker in which cracks admin accounts within no more than 1 hour and no less than 30 minutes depending upon your Internet Connection Speed and Ram Capacity.... This has been tested by over 1300 Beta Testers each time proving to be Accurate... Already 10 steps ahead of the Creator of PHPNUKE, i have made it possible to bypass all network monitors and security the websites may have inbedded in their sources, such as tweaked versions of PHPNUKE.."

A ScreenShot here: http://68.80.20.35/cracka.jpg

Offering for sale: "Buy NOW - $4.95 US Dollars - URL to purchase is: http://12.226.117.206/hosting/c0lders/form1.php"

Upon inspection of the for sale form...

It was found to have another link: http://12.226.117.206/hosting/c0lders/visa1.htm

This new page has a page title of "c0lders.com - 3 Digit Card Verification Number".



The 68.80.20.35 site also uses whats called a 'HumanTag Monitor'. In other words as described by http://247livehelp.com:

"The code for HumanTag Monitor needs to be placed on your web page before in the HTML code of your page. The purpose of this code is to see what page the visitor is actually on. This is a very important tool, as you can see exactly what interests the visitor, even before you chat."

Since Nuke Cops doesn't have access to this program, we don't know how it works. But based on the time interval options in the program it is a guess that it attempts some kind of brute force password attack. If that is the case then you may want to install some of those Apache modules we discussed earlier here. A new module to consider installing that is very proactive in blocking IP addresses is called mod_require_host by snert.com. We highly recommend it.
Posted on Tuesday, February 11 @ 02:08:04 CET by Zhen-Xjell
 
Related Links
· Computer Cops
· More about Security
· News by Zhen-Xjell


Most read story about Security:
PHP-Nuke admin.php security hole - PATCHED

Article Rating
Average Score: 4
Votes: 19


Please take a second and vote for this article:

Excellent
Very Good
Good
Regular
Bad


Options

 Printer Friendly Page  Printer Friendly Page

 Send to a Friend  Send to a Friend

Threshold
The comments are owned by the poster. We aren't responsible for their content.

No Comments Allowed for Anonymous, please register

Re: Alert! Warning to PHP-Nuke Community on Admin Password Cracking (Score: 1)
by sixonetonoffun (sixonetonoffun@spammenot.com) on Tuesday, February 11 @ 09:01:04 CET
(User Info | Send a Message)
I saw this site a while back and figured it wa a scam? Anyone verify its anything more then rip off scheme? Brute force attack for an hour is giong to make a lot of noise in the logs. My opinion is a 7 random charector passwords reasonably safe against such an attack.


Powered by TOGETHER TEAM srl ITALY http://www.togetherteam.it - DONDELEO E-COMMERCE http://www.DonDeLeo.com - TUTTISU E-COMMERCE http://www.tuttisu.it
Web site engine's code is Copyright © 2002 by PHP-Nuke. All Rights Reserved. PHP-Nuke is Free Software released under the GNU/GPL license.
Page Generation: 3.213 Seconds - 359 pages served in past 5 minutes. Nuke Cops Founded by Paul Laudanski (Zhen-Xjell)
:: FI Theme :: PHP-Nuke theme by coldblooded (www.nukemods.com) ::