You are missing our premiere tool bar navigation system! Register and use it for FREE!

Author: spottedhogPostPosted: Mon May 22, 2006 2:53 am    Post subject:

Something simple you could do is to change the name of the admin.php file....

Author: whitemaxPostPosted: Sun May 28, 2006 2:21 pm    Post subject:

This is not simple. I try change name, change admin name in config and repleace name in admin file security code.
In admin menu any option is "Acces denied".
Any idea??

Nuke Cops -> Nuke Security

All times are GMT - 8 Hours

Page 1 of 1

Powered by phpBB © 2001,2002 phpBB Group
•  Home •  Downloads •  Gallery •  Your Account •  Forums • 

Author: perfect-gamesPostPosted: Sat Apr 29, 2006 7:51 am    Post subject:

what version of phpnuke are you running, seems you are not using current patches and sentinal either not done right or using an old version.



Author: PropagandaPostPosted: Sat Apr 29, 2006 7:57 am    Post subject:

I am running 7.8 with the latest patches and as far as I know sentinel is set up properly. I got this from sentinel:

Date & Time: 2006-04-29 12:36:27 EDT GMT -0400
Blocked IP:
User ID: Anonymous (1)
Reason: Abuse-Author

Author: perfect-gamesPostPosted: Sat Apr 29, 2006 9:57 am    Post subject:

well thats normal someone attempted a hack and they were banned and its in your sentinal log and probley emailed to you as well.

you have nothing to worry about this is normal



Author: PropagandaPostPosted: Sat Apr 29, 2006 5:09 pm    Post subject:

It still created the user, and IP block doesn't mean much if someone is using a proxy. I set sentinel to http auth, maybe that will help.

Author: sahoLocation: TurkeyPostPosted: Sun May 21, 2006 10:30 pm    Post subject:

admin.php open
later add

Readme First
- Readme First! -

Read and follow the rules, otherwise your posts will be closed
· Home
· Buy a Theme
· Advertising
· AvantGo
· Bookmarks
· Columbia
· Community
· Donations
· Downloads
· Feedback
· Forums
· Private Messages
· Search
· Statistics
· Stories Archive
· Submit News
· Surveys
· Theme Gallery
· Top
· Topics
· Your Account
Who's Online
There are currently, 178 guest(s) and 0 member(s) that are online.

You are Anonymous user. You can register for free by clicking here
Nuke Cops :: View topic - Hack added admin Hack added admin

Nuke Cops -> Nuke Security

Author: Propaganda PostPosted: Sat Apr 29, 2006 7:46 am    Post subject: Hack added admin

I had an alert from nuke sentinel, someone ran the admin.php to add a superuser. edited to prevent more abuse)

And it worked and added a superuser. Anyone know how to prevent this?
$checkurl = $_SERVER['REQUEST_URI'];
if((stripos_clone($_SERVER["QUERY_STRING"],'AddAuthor')) || (stripos_clone($_SERVER["QUERY_STRING"],'VXBkYXRlQXV0aG9y')) || (stripos_clone($_SERVER["QUERY_STRING"],'QWRkQXV0aG9y')) || (stripos_clone($_SERVER["QUERY_STRING"],'UpdateAuthor')) || (preg_match("/\?admin/", "$checkurl")) || (preg_match("/\&admin/", "$checkurl"))) {
   die("Illegal Operation");
Web site engine's code is Copyright © 2002 by PHP-Nuke. All Rights Reserved. PHP-Nuke is Free Software released under the GNU/GPL license.
Page Generation: 0.246 Seconds - 251 pages served in past 5 minutes. Nuke Cops Founded by Paul Laudanski (Zhen-Xjell)
added by Evaders - DO NOT REMOVE
:: FI Theme :: PHP-Nuke theme by coldblooded ( ::