You are missing our premiere tool bar navigation system! Register and use it for FREE!

NukeCops  
•  Home •  Downloads •  Gallery •  Your Account •  Forums • 

Author: Stephen2417Location: Bristolville, OH (US)PostPosted: Mon May 31, 2004 11:33 am    Post subject:

What protection systems do you have installed?

Author: Raptor1Location: Conway SCPostPosted: Mon May 31, 2004 11:35 am    Post subject: Re: Hack Attempted.

Hack Alert, PS, Fortress and Admin Tap.

BTW I am Prophet / Prophet-ni

I have 2 guys inserting IP's like crazy and a team that monitors our site.
I have been hacked 3x in a month and I really want to make sure I have this stuff installed correctly. TY.



Nuke Cops -> Nuke Security

All times are GMT - 8 Hours

Page 1 of 1

Powered by phpBB © 2001,2002 phpBB Group
Readme First
- Readme First! -

Read and follow the rules, otherwise your posts will be closed
Modules
· Home
· FAQ
· Buy a Theme
· Advertising
· AvantGo
· Bookmarks
· Columbia
· Community
· Donations
· Downloads
· Feedback
· Forums
· PHP-Nuke HOWTO
· Private Messages
· Search
· Statistics
· Stories Archive
· Submit News
· Surveys
· Theme Gallery
· Top
· Topics
· Your Account
Who's Online
There are currently, 263 guest(s) and 0 member(s) that are online.

You are Anonymous user. You can register for free by clicking here
Nuke Cops :: View topic - Hack Attempted. Hack Attempted.

Nuke Cops -> Nuke Security

Author: Raptor1Location: Conway SC PostPosted: Mon May 31, 2004 11:31 am    Post subject: Hack Attempted.

I just had a guy try to acess my admin.php
I never recieved a email from any protection system.
I just happened to goto my site and was looking around and saw this guy on my admin page.
Checked Emails - Nothing, so I manually banned him.
I have been receiving emails but didn't receive this one.

Name pako
UNITED STATES
Last here 2004.05.31 15:04:26
Ip 68.69.139.45 Control Panel
Isp/Host co-colspgs-u4-c5b-b-45.clspco.adelphia.net
Proxy No Proxy
Last Referer Direct Hit
Total Hit 3
Was last on /admin.php
Agent info Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; ESB{C571ABCF-F427-4907-B4F7-BC58B26FF490})

I double checked PS Setting everyting is on. I am now making sure my install of Admin Tab and Fortress are correct.
If possible could some let me now if my main.php file is correct, and also I used notepad to make the htm and cvs for fortress and chmod both to 666.

<?php
$checkurl = preg_replace("#(/\*.*\*/)#", "", $_SERVER["QUERY_STRING"]); //Courtesy of http://www.esnider.net
// Raven http://ravenphpscripts.com
if (stristr($checkurl,'%20union%20')) {
$loc = $_SERVER['QUERY_STRING'];
header("Location: hackattempt.php?$loc");
die();
}
/************************************************************************/
/* PHP-NUKE: Advanced Content Management System */
/* ============================================ */
/* */
/* Copyright (c) 2002 by Francisco Burzi */
/* http://phpnuke.org */
/* */
/* This program is free software. You can redistribute it and/or modify */
/* it under the terms of the GNU General Public License as published by */
/* the Free Software Foundation; either version 2 of the License. */
/************************************************************************/
define('ZERO', true); // Add this line
include('fortress.php'); // Add this line
Bards($addr); // Add this line

foreach ($HTTP_GET_VARS as $secvalue) { // Current code
if ((eregi("<[^>]*script*\"?[^>]*>", $secvalue)) || // Current code
(eregi("<[^>]*iframe*\"?[^>]*>", $secvalue)) || // Current code
(eregi("<[^>]*object*\"?[^>]*>", $secvalue)) || // Current code
(eregi("<[^>]*applet*\"?[^>]*>", $secvalue)) || // Current code
(eregi("<[^>]*meta*\"?[^>]*>", $secvalue)) || // Current code
(eregi("<[^>]*style*\"?[^>]*>", $secvalue)) || // Current code
(eregi("<[^>]*form*\"?[^>]*>", $secvalue)) || // Current code
(eregi("<[^>]*img*\"?[^>]*>", $secvalue)) || // Current code
(eregi("\"", $secvalue))) { // Current code
# die ("The html tags you attempted to use are not allowed"); // Current code but either delete or comment out
$method = "BAD-TAGS"; // Add this line
$matches[1] = "BAD-TAGS"; // Add this line
AlertMail($method); // Add this line
AlertLog($method); // Add this line
} // Current code
} // Current code

ccheck(); // Add this line
ucheck(); // Add this line
ReleaseVars(); // Add this line
$phpver = phpversion();
if ($phpver >= '4.0.4pl1' && strstr($HTTP_USER_AGENT,'compatible')) {
if (extension_loaded('zlib')) {
ob_end_clean();
ob_start('ob_gzhandler');
}
} else if ($phpver > '4.0') {
if (strstr($HTTP_SERVER_VARS['HTTP_ACCEPT_ENCODING'], 'gzip')) {
if (extension_loaded('zlib')) {
$do_gzip_compress = TRUE;
ob_start();
ob_implicit_flush(0);
//header('Content-Encoding: gzip');
}
}
}

$phpver = explode(".", $phpver);
$phpver = "$phpver[0]$phpver[1]";
if ($phpver >= 41) {
$PHP_SELF = $_SERVER['PHP_SELF'];
}

if (!ini_get("register_globals")) {
import_request_variables('GPC');
}

foreach ($_GET as $secvalue) {
if ((eregi("<[^>]*script*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*object*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*iframe*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*applet*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*meta*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*style*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*form*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*img*\"?[^>]*>", $secvalue)) ||
(eregi("\([^>]*\"?[^)]*\)", $secvalue)) ||
(eregi("\"", $secvalue))) {
die ("I don't like you...");
}
}

foreach ($_POST as $secvalue) {
if (eregi("<[^>]*script*\"?[^>]*>", $secvalue)) {
Header("Location: index.php");
die();
}
}

if (eregi("mainfile.php",$PHP_SELF)) {
Header("Location: index.php");
die();
}

if ($forum_admin == 1) {
require_once("../../../config.php");
require_once("../../../db/db.php");
} elseif (inside_mod == 1) {
require_once("../../config.php");
require_once("../../db/db.php");
} else {
require_once("config.php");
require_once("db/db.php");
/* FOLLOWING TWO LINES ARE DEPRECATED BUT ARE HERE FOR OLD MODULES COMPATIBILITY */
/* PLEASE START USING THE NEW SQL ABSTRACTION LAYER. SEE MODULES DOC FOR DETAILS */
require_once("includes/sql_layer.php");
$dbi = sql_connect($dbhost, $dbuname, $dbpass, $dbname);
}
Powered by TOGETHER TEAM srl ITALY http://www.togetherteam.it - DONDELEO E-COMMERCE http://www.DonDeLeo.com - TUTTISU E-COMMERCE http://www.tuttisu.it
Web site engine's code is Copyright © 2002 by PHP-Nuke. All Rights Reserved. PHP-Nuke is Free Software released under the GNU/GPL license.
Page Generation: 0.043 Seconds - 349 pages served in past 5 minutes. Nuke Cops Founded by Paul Laudanski (Zhen-Xjell)
added by Evaders - DO NOT REMOVE
:: FI Theme :: PHP-Nuke theme by coldblooded (www.nukemods.com) ::