You are missing our premiere tool bar navigation system! Register and use it for FREE!

NukeCops  
•  Home •  Downloads •  Gallery •  Your Account •  Forums • 

Author: corto11PostPosted: Sun Jun 25, 2006 7:14 am    Post subject: How I got defaced

88.224.202.147 - - [25/Jun/2006:11:01:43 -0500] "GET /index.php HTTP/1.1" 200 8663 "http://www.zone-h.org/component/option,com_attacks/Itemid,45/filter_defacer,SanalYargic/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"


Does anyone have any information about how to stop this (IP banned now of course)?

Author: jakec06Location: Surrey, UKPostPosted: Sun Jun 25, 2006 10:24 am    Post subject:

Have a look at this thread on RavenPHPScripts:

http://ravenphpscripts.com/posts8988-highlight-.html

The last post by kguske gives some details to add to your .htaccess file, which redirects them back to themself.

Author: jakec06Location: Surrey, UKPostPosted: Sun Jun 25, 2006 10:53 am    Post subject:

I should of said it's not actually an attack, someone will have reported your site being attacked, probably the hacker, and their bot has gone to investigate.

Author: Black_SpiderLocation: NW USAPostPosted: Sun Jun 25, 2006 10:58 am    Post subject:

The "hackers" are coming from, or representing a site at http://cyber-raiders.com

And they are just injecting some text, img links and an easy META refresh tag into the News mod.

Author: corto11PostPosted: Sun Jun 25, 2006 12:53 pm    Post subject: Thank You

Thanks for the tip on the .htaccess file for zone-h.org. I've made that change. And you're right this was not the source of the attack, just a mirroring of it.

Can I make a change to the news module that will prevent the defacement?

Author: jakec06Location: Surrey, UKPostPosted: Sun Jun 25, 2006 1:02 pm    Post subject:

What version are you using?
Have you got NukeSentinel and using the latest patches?

Author: corto11PostPosted: Sun Jun 25, 2006 1:24 pm    Post subject:

nuke_config says a start date of 10/17/2004 and a version of 7.4. Does that version jibe with that date?

I surprised myself when I checked the version. I thought I was in the 6.5-6.7 range but I may not be as bad off as I thought I was.

I am not using NukeSentinel and am behind in patching as well.

Author: yamethPostPosted: Tue Jun 27, 2006 12:04 pm    Post subject:

Well... this is very funny.. Laughing
A totally indifferent discussion is carried below my post, that has nothing to do with it! I suppose a split would be appropriate.

Getting back to it, any ideas on my issue? Thanks.

Author: jakec06Location: Surrey, UKPostPosted: Tue Jun 27, 2006 12:23 pm    Post subject:

Sorry about that, saw the 2nd post and thought it was about the same thing.

I don't think the message module is the problem, they probably just use it once they have got in.
They are probably getting in from somewhere else, do you have any logs, or does anything show up in NukeSentinel?

I've never use 6.5, so I could be wrong. What other modules/MODS etc are you using?

Author: yamethPostPosted: Wed Jul 12, 2006 4:38 am    Post subject:

Enhanced search 2.0, which recently I've found it has security issues, Sommaire, Nuke C 2.1, Jinzora.

Author: perfect-gamesPostPosted: Wed Jul 12, 2006 4:47 am    Post subject:

many modules do have security issues with there addons, with the 6.5 i would upgrade to latest patch files.

even if your unable overwrite your current files update maunally by checking nukefixes.com.

and 3rd party addons there not much support as many projects have stopped support by there developer like nukestyles search module and downloads module.

if any of these sites still are active you should contact the developer they may be able to help you.

we at nukecops will soon start upgrading some popular scripts where development has stopped.

like nukestyles and bring them upto date with phpnuke 7 & 8 releases.

along with our own addons where full support will be provided by our team.

thanks

Steve



Nuke Cops -> Nuke Security

All times are GMT - 8 Hours

Page 1 of 1

Powered by phpBB © 2001,2002 phpBB Group
Readme First
- Readme First! -

Read and follow the rules, otherwise your posts will be closed
Modules
· Home
· FAQ
· Buy a Theme
· Advertising
· AvantGo
· Bookmarks
· Columbia
· Community
· Donations
· Downloads
· Feedback
· Forums
· PHP-Nuke HOWTO
· Private Messages
· Search
· Statistics
· Stories Archive
· Submit News
· Surveys
· Theme Gallery
· Top
· Topics
· Your Account
Who's Online
There are currently, 154 guest(s) and 0 member(s) that are online.

You are Anonymous user. You can register for free by clicking here
Nuke Cops :: View topic - Admin messages module vulnerability Admin messages module vulnerability

Nuke Cops -> Nuke Security

Author: yameth PostPosted: Sun Jun 25, 2006 1:11 am    Post subject: Admin messages module vulnerability

My site based on Nuke 6.5 with updated patches and Nukesentinel, has been running since 2003 and has been hacked several times, mostly by turkish hackers.

9 out of 10 times they posted on the admin messages module.

Is there a vulnerability on the module that has been addressed to so I can just upgrade that module or there is nothing I can do about it?

Is it more vulnerable when a message is activated?

And what is the story behind these turks... do they mean harm or they just want to put their political message across?
Powered by TOGETHER TEAM srl ITALY http://www.togetherteam.it - DONDELEO E-COMMERCE http://www.DonDeLeo.com - TUTTISU E-COMMERCE http://www.tuttisu.it
Web site engine's code is Copyright © 2002 by PHP-Nuke. All Rights Reserved. PHP-Nuke is Free Software released under the GNU/GPL license.
Page Generation: 0.133 Seconds - 440 pages served in past 5 minutes. Nuke Cops Founded by Paul Laudanski (Zhen-Xjell)
added by Evaders - DO NOT REMOVE
:: FI Theme :: PHP-Nuke theme by coldblooded (www.nukemods.com) ::