You are missing our premiere tool bar navigation system! Register and use it for FREE!

NukeCops  
•  Home •  Downloads •  Gallery •  Your Account •  Forums • 
Readme First
- Readme First! -

Read and follow the rules, otherwise your posts will be closed
Modules
· Home
· FAQ
· Buy a Theme
· Advertising
· AvantGo
· Bookmarks
· Columbia
· Community
· Donations
· Downloads
· Feedback
· Forums
· PHP-Nuke HOWTO
· Private Messages
· Search
· Statistics
· Stories Archive
· Submit News
· Surveys
· Theme Gallery
· Top
· Topics
· Your Account
Who's Online
There are currently, 179 guest(s) and 0 member(s) that are online.

You are Anonymous user. You can register for free by clicking here
Nuke Cops :: View topic - Hacked [ ]
 Forum FAQ  •  Search  •   •  Memberlist  •  Usergroups   •  Register  •  Profile •    •  Log in to check your private messages  •  Log in

 
Post new topic  Reply to topicprinter-friendly view
View previous topic Log in to check your private messages View next topic
Author Message
ProverbDoll
Corporal
Corporal


Joined: Jul 22, 2005
Posts: 55

Location: Wyoming, USA

PostPosted: Wed Aug 23, 2006 1:32 pm Reply with quoteBack to top

Okay I was hacked. The people I bought it from are on it but it's been like a week now and I want my site back up. I know my old files are there cause they load and then the other page comes up instead. I looked it over and can't find it. Here is the site http://www.rsjrocks.net. Any help would be awesome. Thanks.
Find all posts by ProverbDollView user's profileSend private message
HalJordan
Support Staff
Support Staff


Joined: Aug 07, 2004
Posts: 1117

Location: Somewhere around Hunan, China

PostPosted: Wed Aug 23, 2006 5:38 pm Reply with quoteBack to top

Do you have access to your database and to a good backup of that db? If so, we can get your site looking normal in no time. If not, then you got some work to do.

I looked at your page source, and see that you have TinyMCE, the WYSIWYG editor, available. So that tells me you are running either nuke 7.8 or 7.9. I have some bad news if you are. The TinyMCE editor is a potential security hazard, so you should really run a more secure nuke like 7.6 or 7.8 patched and consider installing NukeSentinel too.

What these bozos probably did is run a SQL injection script, either using TInyMCE or another security hole in your site. They did not change the files, only the db entries.

Where in Wyoming are you? I spent two years in Casper myself.

_________________
Obedezco, pero no cumplo.

Proprietor, www.computernewbie.info
Support staff, www.nukecops.com
Find all posts by HalJordanView user's profileSend private messageSend e-mailVisit poster's websiteAIM Address
Slackervaara
Captain
Captain


Joined: Sep 13, 2003
Posts: 355


PostPosted: Wed Aug 23, 2006 8:26 pm Reply with quoteBack to top

Ftp to your site and look if index.php or config.php have been altered, because it can cause similar results. Check also if an index.htm or index.html file have been put in your site. Similar hacks happen often for my site and they seem to use my coppermine gallery to upload those files.
Find all posts by SlackervaaraView user's profileSend private message
HalJordan
Support Staff
Support Staff


Joined: Aug 07, 2004
Posts: 1117

Location: Somewhere around Hunan, China

PostPosted: Wed Aug 23, 2006 8:58 pm Reply with quoteBack to top

Ah, yes, Coppermine has a few holes in it too. You need to make sure you have the latest version.

_________________
Obedezco, pero no cumplo.

Proprietor, www.computernewbie.info
Support staff, www.nukecops.com
Find all posts by HalJordanView user's profileSend private messageSend e-mailVisit poster's websiteAIM Address
Slackervaara
Captain
Captain


Joined: Sep 13, 2003
Posts: 355


PostPosted: Wed Aug 23, 2006 9:46 pm Reply with quoteBack to top

I have recently tried to decrease the hacking from coppermine by making it accessible for members only. Earlier guests could also access this module. I don't know if it will work though.
Find all posts by SlackervaaraView user's profileSend private message
RuTHlezz1
Nuke Soldier
Nuke Soldier


Joined: Oct 03, 2005
Posts: 34


PostPosted: Thu Aug 24, 2006 12:20 pm Reply with quoteBack to top

That is caused by sql injection into your configuration table. Go into your phpmyadmin page and take out the offending code in the _config table and you will be good to go. you will need to go through each table since I forget the exact one

If you need help email me at nickhuffman74@yahoo.com and I will be more than happty to help you. I will be tied up tonight but I can get you fixed asap in the morning
Find all posts by RuTHlezz1View user's profileSend private messageVisit poster's website
ProverbDoll
Corporal
Corporal


Joined: Jul 22, 2005
Posts: 55

Location: Wyoming, USA

PostPosted: Wed Sep 06, 2006 6:25 am Reply with quoteBack to top

HalJordan wrote:
Do you have access to your database and to a good backup of that db? If so, we can get your site looking normal in no time. If not, then you got some work to do.

I looked at your page source, and see that you have TinyMCE, the WYSIWYG editor, available. So that tells me you are running either nuke 7.8 or 7.9. I have some bad news if you are. The TinyMCE editor is a potential security hazard, so you should really run a more secure nuke like 7.6 or 7.8 patched and consider installing NukeSentinel too.

What these bozos probably did is run a SQL injection script, either using TInyMCE or another security hole in your site. They did not change the files, only the db entries.

Where in Wyoming are you? I spent two years in Casper myself.


Thank you all for the help. The first thing I did was check my index.php files and look for an index.htm file and that was not changed or added. I try to keep my php nuke updated but I am not sure which one I am running right now. I thought I just updated it.

So I have access to my database as far as I know. I own my own site. Do I get to it through phpmyadmin? As for a backup I am not sure about that. It's been a little while since I actually backed up my files.

I live in Gillette. 2 hours from Casper.
Find all posts by ProverbDollView user's profileSend private message
HalJordan
Support Staff
Support Staff


Joined: Aug 07, 2004
Posts: 1117

Location: Somewhere around Hunan, China

PostPosted: Wed Sep 06, 2006 7:45 pm Reply with quoteBack to top

Yikes! Backup those files now! There are two backups you need: your entire nuke directory and your database. For the first, you can just ftp the whole works to your home computer, or gzip the directory to a file to store in a safe place. For the db, you can use nuke's own backup option in the admin cpanel or use phpmyadmin to export the db to a SQL file or gzipped archive.

Been to Gillette. Wasn't much there back in 1980 when I last visited. Is it any different now?

_________________
Obedezco, pero no cumplo.

Proprietor, www.computernewbie.info
Support staff, www.nukecops.com
Find all posts by HalJordanView user's profileSend private messageSend e-mailVisit poster's websiteAIM Address
tommas
Nuke Soldier
Nuke Soldier


Joined: Apr 28, 2006
Posts: 16


PostPosted: Sun Sep 24, 2006 2:18 am Reply with quoteBack to top

Evil or Very Mad We got hacked by the same person, but it hopefully is as easy as this, in your phpmyadmin, open up nuke_config and browse, then change what they put in there back to the original text.

Been hacked again since then even with added security, makes you wonder if its all worth the bother. Sad
Find all posts by tommasView user's profileSend private message
ProverbDoll
Corporal
Corporal


Joined: Jul 22, 2005
Posts: 55

Location: Wyoming, USA

PostPosted: Mon Sep 25, 2006 12:37 pm Reply with quoteBack to top

tommas wrote:
Evil or Very Mad We got hacked by the same person, but it hopefully is as easy as this, in your phpmyadmin, open up nuke_config and browse, then change what they put in there back to the original text.

Been hacked again since then even with added security, makes you wonder if its all worth the bother. Sad


That is what they did! After I go to browse how do I change it back?
Find all posts by ProverbDollView user's profileSend private message
scott2500uk
Private
Private


Joined: Oct 08, 2005
Posts: 43

Location: York UK

PostPosted: Tue Sep 26, 2006 7:06 am Reply with quoteBack to top

by the sound of it they used a sql injection through a module, most common is the search module. gained admin access of nuke. Gone into your admin area. went into prefrences. Changed footer info with a load of code to cause the home page of you nuke site to appear hacked.

As you have found go into phpmyadmin edit the row nuke_config. Best thing to do is just empyt the colums foot1, foot2 and foot3. Usually these the fields filled with malicious code.

Once removed you caan get to your admin panel and then go to prefs to correct the rest of the info.

Then once you got control back get some security. If you need help or advice on this feel free to pm or email me
Find all posts by scott2500ukView user's profileSend private messageSend e-mailVisit poster's websiteYahoo MessengerMSN Messenger
tommas
Nuke Soldier
Nuke Soldier


Joined: Apr 28, 2006
Posts: 16


PostPosted: Tue Sep 26, 2006 10:12 am Reply with quoteBack to top

Exactly as Scott says, but the second attack on my site was more of a complete edit, most of the nuke tables were destroyed, so even with a backup I'm seriously considering using something else altogether.
Find all posts by tommasView user's profileSend private message
scott2500uk
Private
Private


Joined: Oct 08, 2005
Posts: 43

Location: York UK

PostPosted: Tue Sep 26, 2006 3:54 pm Reply with quoteBack to top

what ever cms you use that is public you will always have hackers finding ways in. If you really want to be able to protect yourself you need to think like a hacker. Find out what he/she knows and use that info to your benefit.

I always say with nuke once your happy with a version of nuke stick with it. Each time you upgrade you put yourself out to new security threats. Patch up your current version get it secure and once your happy with it there is no need to upgrade it. As time goes by new version come out and so the hackers move on.

The best way to protect yourself is build your own cms and addons. Don't give them to the public and then it makes it very very difficult for hackers to find a way in.
Find all posts by scott2500ukView user's profileSend private messageSend e-mailVisit poster's websiteYahoo MessengerMSN Messenger
ProverbDoll
Corporal
Corporal


Joined: Jul 22, 2005
Posts: 55

Location: Wyoming, USA

PostPosted: Thu Oct 05, 2006 12:20 pm Reply with quoteBack to top

Okay... so I have never done much with phpmyadmin. So sorry but I need basic step by step instructions. Also what kind of secreity do I need and where do I get it?
Find all posts by ProverbDollView user's profileSend private message
scott2500uk
Private
Private


Joined: Oct 08, 2005
Posts: 43

Location: York UK

PostPosted: Tue Oct 10, 2006 2:09 am Reply with quoteBack to top

if you need help installing and fixing the mess the hacker has done you can get me on msn scottcariss@msn.com or skype scott2500uk
Find all posts by scott2500ukView user's profileSend private messageSend e-mailVisit poster's websiteYahoo MessengerMSN Messenger
Display posts from previous:      
Post new topic  Reply to topicprinter-friendly view
View previous topic Log in to check your private messages View next topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



Powered by phpBB © 2001, 2005 phpBB Group

Ported by Nuke Cops © 2003 www.nukecops.com
:: FI Theme :: PHP-Nuke theme by coldblooded (www.nukemods.com) ::
Powered by TOGETHER TEAM srl ITALY http://www.togetherteam.it - DONDELEO E-COMMERCE http://www.DonDeLeo.com - TUTTISU E-COMMERCE http://www.tuttisu.it
Web site engine's code is Copyright © 2002 by PHP-Nuke. All Rights Reserved. PHP-Nuke is Free Software released under the GNU/GPL license.
Page Generation: 0.187 Seconds - 349 pages served in past 5 minutes. Nuke Cops Founded by Paul Laudanski (Zhen-Xjell)
:: FI Theme :: PHP-Nuke theme by coldblooded (www.nukemods.com) ::