You are missing our premiere tool bar navigation system! Register and use it for FREE!

NukeCops  
•  Home •  Downloads •  Gallery •  Your Account •  Forums • 
Readme First
- Readme First! -

Read and follow the rules, otherwise your posts will be closed
Modules
· Home
· FAQ
· Buy a Theme
· Advertising
· AvantGo
· Bookmarks
· Columbia
· Community
· Donations
· Downloads
· Feedback
· Forums
· PHP-Nuke HOWTO
· Private Messages
· Search
· Statistics
· Stories Archive
· Submit News
· Surveys
· Theme Gallery
· Top
· Topics
· Your Account
Who's Online
There are currently, 264 guest(s) and 0 member(s) that are online.

You are Anonymous user. You can register for free by clicking here
Nuke Cops :: View topic - Hack Attempted. [ ]
 Forum FAQ  •  Search  •   •  Memberlist  •  Usergroups   •  Register  •  Profile •    •  Log in to check your private messages  •  Log in

 
Post new topic  Reply to topicprinter-friendly view
View previous topic Log in to check your private messages View next topic
Author Message
Raptor1
Sergeant
Sergeant


Joined: Oct 06, 2003
Posts: 85

Location: Conway SC

PostPosted: Mon May 31, 2004 11:31 am Reply with quoteBack to top

I just had a guy try to acess my admin.php
I never recieved a email from any protection system.
I just happened to goto my site and was looking around and saw this guy on my admin page.
Checked Emails - Nothing, so I manually banned him.
I have been receiving emails but didn't receive this one.

Name pako
UNITED STATES
Last here 2004.05.31 15:04:26
Ip 68.69.139.45 Control Panel
Isp/Host co-colspgs-u4-c5b-b-45.clspco.adelphia.net
Proxy No Proxy
Last Referer Direct Hit
Total Hit 3
Was last on /admin.php
Agent info Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; ESB{C571ABCF-F427-4907-B4F7-BC58B26FF490})

I double checked PS Setting everyting is on. I am now making sure my install of Admin Tab and Fortress are correct.
If possible could some let me now if my main.php file is correct, and also I used notepad to make the htm and cvs for fortress and chmod both to 666.

<?php
$checkurl = preg_replace("#(/\*.*\*/)#", "", $_SERVER["QUERY_STRING"]); //Courtesy of http://www.esnider.net
// Raven http://ravenphpscripts.com
if (stristr($checkurl,'%20union%20')) {
$loc = $_SERVER['QUERY_STRING'];
header("Location: hackattempt.php?$loc");
die();
}
/************************************************************************/
/* PHP-NUKE: Advanced Content Management System */
/* ============================================ */
/* */
/* Copyright (c) 2002 by Francisco Burzi */
/* http://phpnuke.org */
/* */
/* This program is free software. You can redistribute it and/or modify */
/* it under the terms of the GNU General Public License as published by */
/* the Free Software Foundation; either version 2 of the License. */
/************************************************************************/
define('ZERO', true); // Add this line
include('fortress.php'); // Add this line
Bards($addr); // Add this line

foreach ($HTTP_GET_VARS as $secvalue) { // Current code
if ((eregi("<[^>]*script*\"?[^>]*>", $secvalue)) || // Current code
(eregi("<[^>]*iframe*\"?[^>]*>", $secvalue)) || // Current code
(eregi("<[^>]*object*\"?[^>]*>", $secvalue)) || // Current code
(eregi("<[^>]*applet*\"?[^>]*>", $secvalue)) || // Current code
(eregi("<[^>]*meta*\"?[^>]*>", $secvalue)) || // Current code
(eregi("<[^>]*style*\"?[^>]*>", $secvalue)) || // Current code
(eregi("<[^>]*form*\"?[^>]*>", $secvalue)) || // Current code
(eregi("<[^>]*img*\"?[^>]*>", $secvalue)) || // Current code
(eregi("\"", $secvalue))) { // Current code
# die ("The html tags you attempted to use are not allowed"); // Current code but either delete or comment out
$method = "BAD-TAGS"; // Add this line
$matches[1] = "BAD-TAGS"; // Add this line
AlertMail($method); // Add this line
AlertLog($method); // Add this line
} // Current code
} // Current code

ccheck(); // Add this line
ucheck(); // Add this line
ReleaseVars(); // Add this line
$phpver = phpversion();
if ($phpver >= '4.0.4pl1' && strstr($HTTP_USER_AGENT,'compatible')) {
if (extension_loaded('zlib')) {
ob_end_clean();
ob_start('ob_gzhandler');
}
} else if ($phpver > '4.0') {
if (strstr($HTTP_SERVER_VARS['HTTP_ACCEPT_ENCODING'], 'gzip')) {
if (extension_loaded('zlib')) {
$do_gzip_compress = TRUE;
ob_start();
ob_implicit_flush(0);
//header('Content-Encoding: gzip');
}
}
}

$phpver = explode(".", $phpver);
$phpver = "$phpver[0]$phpver[1]";
if ($phpver >= 41) {
$PHP_SELF = $_SERVER['PHP_SELF'];
}

if (!ini_get("register_globals")) {
import_request_variables('GPC');
}

foreach ($_GET as $secvalue) {
if ((eregi("<[^>]*script*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*object*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*iframe*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*applet*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*meta*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*style*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*form*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*img*\"?[^>]*>", $secvalue)) ||
(eregi("\([^>]*\"?[^)]*\)", $secvalue)) ||
(eregi("\"", $secvalue))) {
die ("I don't like you...");
}
}

foreach ($_POST as $secvalue) {
if (eregi("<[^>]*script*\"?[^>]*>", $secvalue)) {
Header("Location: index.php");
die();
}
}

if (eregi("mainfile.php",$PHP_SELF)) {
Header("Location: index.php");
die();
}

if ($forum_admin == 1) {
require_once("../../../config.php");
require_once("../../../db/db.php");
} elseif (inside_mod == 1) {
require_once("../../config.php");
require_once("../../db/db.php");
} else {
require_once("config.php");
require_once("db/db.php");
/* FOLLOWING TWO LINES ARE DEPRECATED BUT ARE HERE FOR OLD MODULES COMPATIBILITY */
/* PLEASE START USING THE NEW SQL ABSTRACTION LAYER. SEE MODULES DOC FOR DETAILS */
require_once("includes/sql_layer.php");
$dbi = sql_connect($dbhost, $dbuname, $dbpass, $dbname);
}

_________________
Knowledge is not gained by just learning, but by teaching those that do not understand. Learning is something we all do without knowing, while gaining knowledge to understand. Wisdom is reserved for others, not you. Understand?
Find all posts by Raptor1View user's profileSend private messageSend e-mailVisit poster's websiteAIM AddressYahoo MessengerMSN MessengerICQ Number
Stephen2417
Major
Major


Joined: Dec 26, 2003
Posts: 1135

Location: Bristolville, OH (US)

PostPosted: Mon May 31, 2004 11:33 am Reply with quoteBack to top

What protection systems do you have installed?
Find all posts by Stephen2417View user's profileSend private messageSend e-mailVisit poster's websiteAIM Address
Raptor1
Sergeant
Sergeant


Joined: Oct 06, 2003
Posts: 85

Location: Conway SC

PostPosted: Mon May 31, 2004 11:35 am Reply with quoteBack to top

Hack Alert, PS, Fortress and Admin Tap.

BTW I am Prophet / Prophet-ni

I have 2 guys inserting IP's like crazy and a team that monitors our site.
I have been hacked 3x in a month and I really want to make sure I have this stuff installed correctly. TY.

_________________
Knowledge is not gained by just learning, but by teaching those that do not understand. Learning is something we all do without knowing, while gaining knowledge to understand. Wisdom is reserved for others, not you. Understand?
Find all posts by Raptor1View user's profileSend private messageSend e-mailVisit poster's websiteAIM AddressYahoo MessengerMSN MessengerICQ Number
Display posts from previous:      
Post new topic  Reply to topicprinter-friendly view
View previous topic Log in to check your private messages View next topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



Powered by phpBB © 2001, 2005 phpBB Group

Ported by Nuke Cops © 2003 www.nukecops.com
:: FI Theme :: PHP-Nuke theme by coldblooded (www.nukemods.com) ::
Powered by TOGETHER TEAM srl ITALY http://www.togetherteam.it - DONDELEO E-COMMERCE http://www.DonDeLeo.com - TUTTISU E-COMMERCE http://www.tuttisu.it
Web site engine's code is Copyright © 2002 by PHP-Nuke. All Rights Reserved. PHP-Nuke is Free Software released under the GNU/GPL license.
Page Generation: 0.046 Seconds - 386 pages served in past 5 minutes. Nuke Cops Founded by Paul Laudanski (Zhen-Xjell)
:: FI Theme :: PHP-Nuke theme by coldblooded (www.nukemods.com) ::