You are missing our premiere tool bar navigation system! Register and use it for FREE!

NukeCops  
•  Home •  Downloads •  Gallery •  Your Account •  Forums • 
Readme First
- Readme First! -

Read and follow the rules, otherwise your posts will be closed
Modules
· Home
· FAQ
· Buy a Theme
· Advertising
· AvantGo
· Bookmarks
· Columbia
· Community
· Donations
· Downloads
· Feedback
· Forums
· PHP-Nuke HOWTO
· Private Messages
· Search
· Statistics
· Stories Archive
· Submit News
· Surveys
· Theme Gallery
· Top
· Topics
· Your Account
Who's Online
There are currently, 59 guest(s) and 2 member(s) that are online.

You are Anonymous user. You can register for free by clicking here
Nuke Cops :: View topic - Hacked 6.5 after security patches added.... [ ]
 Forum FAQ  •  Search  •   •  Memberlist  •  Usergroups   •  Register  •  Profile •    •  Log in to check your private messages  •  Log in

Hacked 6.5 after security patches added....
 
This forum is locked: you cannot post, reply to, or edit topics.  This topic is locked: you cannot edit posts or make replies.printer-friendly view Nuke Cops Forum Index » Post-Install Help For Guests Only
View previous topic Log in to check your private messages View next topic
Author Message
loxly
Guest
PostPosted: Mon Mar 31, 2003 8:37 pm Reply with quoteBack to top
Hi!

I am posting in this forum instead of the logged in security issues forum because the New User Reg here wouldn't let me register (guys might want to check it out)

OK, I'm using Nuke 6.5, applied the 6.5 patch last night and today at http://coolpetsites.com my site was hacked by something that caused it to redirect to a different website that was a forum with anti-Bush banners at the top. I re-applied the patch, and it was still there. I have temporarily solved the problem by moving news out of the homepage and WebLinks is the home page. So obviously it is still something attached to the news, but I can't see what.

Any ideas? No articles had obvious changes.

Debbie
dc@loxly.com
Find all posts by Anonymous
sixonetonoffun
Major
Major


Joined: Jan 13, 2003
Posts: 892
PostPosted: Mon Mar 31, 2003 9:31 pm Reply with quoteBack to top
Not to be a nag here but can you give us the specific patches applied and from where.

You might want to checkout using temporarily at least the banners.php and mainfile.php patches (In same download) at http://www.phpsecure.info/
The mainfile.php will disrupt some functions but until we can figure out whats been done this all that can be offered tonight.

Please check your refers and logs if you can find poo.php haha.php
post it back here. It might look like this in the refers:
http://12.90.16.46/poo.php?target=http%3A%2F%2Fnukedwebtree.com%2Findex.php&sid=77&title=Hax

Or any other odd entries like this.

_________________
www.netflake.com
www.glowoptics.com
Find all posts by sixonetonoffunView user's profileSend private message
Guest
PostPosted: Mon Mar 31, 2003 11:14 pm Reply with quoteBack to top
I used the 65patch from Nuke Cops. It includes patches to mainfile, and three modules, including News. I also checked the files manually against the changes posted at phpnuke.org in the hacked thread.

I'll go look at the referrers now.
Find all posts by Anonymous
Guest
PostPosted: Mon Mar 31, 2003 11:22 pm Reply with quoteBack to top
The only poo in my referers are searches on poodles and poop Smile

To see the redirect, click on the news page in the Modules block. I have gone through the page source, and I might be blind, but I don't see anything there that should be causing the redirect. Pretty much the whole page loads, am I correct in assuming the redirect is near the bottom of the page?

Debbie
Find all posts by Anonymous
sixonetonoffun
Major
Major


Joined: Jan 13, 2003
Posts: 892
PostPosted: Tue Apr 01, 2003 5:33 am Reply with quoteBack to top
Code:
<meta http-equiv=REFRESH CONTENT=0;URL="http://www.zelaron.com/forums/index.php">


This what you have to look for nice twist they used instead of a java script very clever little prank.

_________________
www.netflake.com
www.glowoptics.com
Find all posts by sixonetonoffunView user's profileSend private message
Guest
PostPosted: Tue Apr 01, 2003 8:16 pm Reply with quoteBack to top
Thanks! I have been at work all day and just got to this now. Thank you I totally forgot about meta refresh. The question remains how they added the story with the patches added.

Debbie
Find all posts by Anonymous
sixonetonoffun
Major
Major


Joined: Jan 13, 2003
Posts: 892
PostPosted: Tue Apr 01, 2003 8:44 pm Reply with quoteBack to top
If your 100% sure it was done post patch. We'll find out when the next round of sites get hit if not before. Confused

_________________
www.netflake.com
www.glowoptics.com
Find all posts by sixonetonoffunView user's profileSend private message
Guest
PostPosted: Wed Apr 02, 2003 11:47 pm Reply with quoteBack to top
I am absolutely 100% sure the patch was applied to the files on that server.

I'm on my way to unzip the Final, final 6.5, add mods and load it up. We'll see what happens.

Debbie
Find all posts by Anonymous
Display posts from previous:      
This forum is locked: you cannot post, reply to, or edit topics.  This topic is locked: you cannot edit posts or make replies.printer-friendly view Nuke Cops Forum Index » Post-Install Help For Guests Only
View previous topic Log in to check your private messages View next topic
You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group

Ported by Nuke Cops © 2003 www.nukecops.com
:: FI Theme :: PHP-Nuke theme by coldblooded (www.nukemods.com) ::
Powered by · TOGETHER TEAM srl ITALY http://www.togetherteam.it · DONDELEO E-COMMERCE http://www.DonDeLeo.com
Web site engine's code is Copyright © 2002 by PHP-Nuke. All Rights Reserved. PHP-Nuke is Free Software released under the GNU/GPL license.
Page Generation: 0.255 Seconds - 274 pages served in past 5 minutes. Nuke Cops Founded by Paul Laudanski (Zhen-Xjell)
:: FI Theme :: PHP-Nuke theme by coldblooded (www.nukemods.com) ::