| Author |
Message |
Coffeymate
Nuke Soldier
Joined: Jan 15, 2004
Posts: 11
Location: Atlanta
|
 Posted:
Thu Feb 26, 2004 10:14 pm |
  |
Not much was accomplished by last weekend's hack attempt at one of our sites except changing the admin password. (maybe mommy walked in just as jr accessed the site.  ) Thanks to these forums I was able to figure out how to regain admin control.
However, ever since that time the site is showing this at the bottom:
Warning: mysql_fetch_row(): supplied argument is not a valid MySQL result resource in /home/hhnet/public_html/cafe/includes/sql_layer.php on line 288
Unknown column 'uid' in 'field list'
Have been wading through the tables via phpmyadmin and can't figure out what is missing or added or where. (Plus been going through here trying to find putty to ad to the codes on various files to plug up all the security leaks in hope to prevent further hacks. )
Am running 7.0 recently upgraded from 6.8
Please, could someone post a simple instruction on how to remedy this error? I am not a mysql professional or even a novice - that's not my realm. |
|
|
   |
|
Calim
Private
Joined: Feb 25, 2004
Posts: 47
Location: In space with my tortilla Chips
|
| Posted:
Fri Feb 27, 2004 12:38 am |
|
try this...
[CODE]
} else {
print (mysql_error());
}
[CODE]
Put this in the part of the mysql_feth_row(): at line 288 before the break.
It doesn't fix it but it gives a more detailed reason on why its messing up. |
|
|
|
|
Coffeymate
Nuke Soldier
Joined: Jan 15, 2004
Posts: 11
Location: Atlanta
|
| Posted:
Fri Feb 27, 2004 11:37 am |
|
| Calim wrote: |
try this...
[CODE]
} else {
print (mysql_error());
}
[CODE]
Put this in the part of the mysql_feth_row(): at line 288 before the break.
It doesn't fix it but it gives a more detailed reason on why its messing up. |
Result: Page shows nothing but the css style color and toolbar and no content with this error along the top:
Parse error: parse error in /home/hhnet/public_html/cafe/includes/sql_layer.php on line 288
Fatal error: Call to undefined function: sql_fetch_row() in /home/hhnet/public_html/cafe/themes/Histable/theme.php on line 101
This is line 285 on of the code having added your code above:
case "MySQL":
$row = mysql_fetch_row($res);
return $row;
} else {
print (mysql_error());
}
break;;
Am removing that pretty quickly as that broke the site entirely. eeep.
Any more suggestions? Did this help? |
|
|
|
|
Calim
Private
Joined: Feb 25, 2004
Posts: 47
Location: In space with my tortilla Chips
|
| Posted:
Fri Feb 27, 2004 8:53 pm |
|
ahhh hmmm....worked for me on 286 O_o and you said 288 not 285 before *checks first post* |
|
|
|
|
Coffeymate
Nuke Soldier
Joined: Jan 15, 2004
Posts: 11
Location: Atlanta
|
| Posted:
Sun Feb 29, 2004 11:37 am |
|
| Calim wrote: |
| ahhh hmmm....worked for me on 286 O_o and you said 288 not 285 before *checks first post* |
ok. we had some confusion here because I already had included code for another debugger when I first listed the error. Then tried adding your code to that it it choked. so took out the previous debugger code and only added your code. still choked. so, now what? |
|
|
|
|
Coffeymate
Nuke Soldier
Joined: Jan 15, 2004
Posts: 11
Location: Atlanta
|
| Posted:
Sun Feb 29, 2004 11:57 am |
|
Yesterday, Saturday here in the states, I caught a hacker redhanded trying to get into one of our clients' new nuke sites.
I was monitoring using a live help program which rang a bell when someone entered one of these nuke sites. It also tells me if they were referred by anyone and what pages they are viewing i sequence.
The referree was an email through hotmail. The first page they went to was the search module on the nuke site. WOOOooo! Red flag mode. So I initiated a message asking what they were searching for and could I assist them. By now they'd proceeded to Downloads. Now these sites do not have downloads nor search activated; however, they still seem to be accessible. The fellow disappeared from radar shortly after my message. I rushed over to the site, pulled up IP tracker, then looked at the referral log. Ip tracker showed he left and now was back (somehow not now setting off my live help alarm) but was in downloads (which was supposed to be deactivated). The site would nearly choke anytime I tried to do a refresh of a page. Anyhow, I went into ftp for that site and tweaked something; then I went into the control panel for the site and banned the IP address. one or both of those knocked the intruder's sorry ashes off.
Here is the IP address for everyone to view along with info from the Arin output telling us the intruder is from the Netherlands:
Search results for: 213.55.64.78
OrgName: RIPE Network Coordination Centre
OrgID: RIPE
Address: Singel 258
Address: 1016 AB
City: Amsterdam
StateProv:
PostalCode:
Country: NL
NetRange: 213.0.0.0 - 213.255.255.255
CIDR: 213.0.0.0/8
NetName: RIPE-213
NetHandle: NET-213-0-0-0-1
Parent:
NetType: Allocated to RIPE NCC
NameServer: NS.RIPE.NET
NameServer: NS3.NIC.FR
NameServer: SUNIC.SUNET.SE
NameServer: AUTH00.NS.UU.NET
NameServer: SEC1.APNIC.NET
NameServer: SEC3.APNIC.NET
NameServer: TINNIE.ARIN.NET
Apnic seems to be a name popping up again and again relative to guilty IP addresses here at this forum when I do a search on those IP's.
*****
Bottom line - is someone running a bot to detect nuke sites and report via email with the links? Seems this is the case. This individual went nowhere except directly to search and download modules.
If anyone wants to collect IP's on intruders and begin taking action, I'll do whatever I can to help.
Meantime I'm rather irritated at all the extra time required to go in and secure client sites when I could be doing something more productive. I've got a mess of new nuke sites everyone wants. It's a great program with a lot of modules they really need that are just the kind of user friendly interface the normal Joe can figure out how to manage once we install it for them. Mambo doesn't have the modules PHPNuke has so it remains more of a newsletter only type of program as good as it is at that. So Please, gang, get this wonderful program patched and put out a truly fixed version even if it means replacing some of your original modules like downloads and search with something else, not to mention the admin login flaw.
One more suggestion - make bug reports private - sort of like Cpanel has a report a bug link that goes directly to the programmers - that way kiddies can't come here and find out how to screw with our lives. |
|
|
|
|
Coffeymate
Nuke Soldier
Joined: Jan 15, 2004
Posts: 11
Location: Atlanta
|
| Posted:
Sun Feb 29, 2004 4:29 pm |
|
Now I'm seeing a couple of people (via my IP tracker) come in, make an account then delete the account somehow. Today one who did this tried to accomplish admin.php a several times.
They seem to be working the user account function strangely. Other than the attempts to access admin, the forum and user account areas are the only ones they're messing with.
I'm still having the error at the bottom of the page. The regular module that tells everyone the ip address and location of every current visitor is no longer functioning since last weekend and it always shows I am in admin regardless of what I am actually doing there.
Should I just delete the entire user database and rebuild it from a backup every member by hand with their email addys? Would that help? |
_________________
"Woe unto them that hack themselves." |
|
|
|
|
|
