You are missing our premiere tool bar navigation system! Register and use it for FREE!

NukeCops  
•  Home •  Downloads •  Gallery •  Your Account •  Forums • 
Readme First
- Readme First! -

Read and follow the rules, otherwise your posts will be closed
Modules
· Home
· FAQ
· Buy a Theme
· Advertising
· AvantGo
· Bookmarks
· Columbia
· Community
· Donations
· Downloads
· Feedback
· Forums
· PHP-Nuke HOWTO
· Private Messages
· Search
· Statistics
· Stories Archive
· Submit News
· Surveys
· Theme Gallery
· Top
· Topics
· Your Account
Who's Online
There are currently, 33 guest(s) and 0 member(s) that are online.

You are Anonymous user. You can register for free by clicking here
Nuke Cops :: View topic - BRAND NEW ANTi-HACKER (Script Kiddie) PROTECTION! [ ]
 Forum FAQ  •  Search  •   •  Memberlist  •  Usergroups   •  Register  •  Profile •    •  Log in to check your private messages  •  Log in

 
Post new topic  Reply to topicprinter-friendly view
View previous topic Log in to check your private messages View next topic
Author Message
Waldo
Nuke Soldier
Nuke Soldier


Joined: Mar 16, 2004
Posts: 24


PostPosted: Tue Mar 23, 2004 9:25 pm Reply with quoteBack to top

If all you want to do is have a way to quickly repair files that have been damaged by hackers, why not just use the Unix "rsync" command to create a mirror of your site on another computer. Then if a hacker changes anything (index files or any file really), just use rsync again to restore everything to a "clean" place.

NOTE-- The following assumes that rsync and ssh is available on your host computer. If it's not (ie, not running sshd, etc.), you will need to get it set up. Ask your hosting admin.

According to the manual page for rsync...

<i>The rsync remote-update protocol allows rsync to transfer just the differences between two sets of files across the network link, using a efficient checksum-search algorithm...</i>

So, assuming you can SSH into your site, you can securely use rsync to make as many local copies as you want.

For you mac users, rsync is already built into OS X. Linux users should also have it already. Windows users can use a port I just found called CWrysnc or install cygwin, a kind of "Linux for Windows" which will then let you install rsync.

For example, let's use the Macintosh. Let's say you have a site "mysite.com", and you regularly log onto it via SSH from Mac OS X to make changes or whatnot. First, create a directory on your Desktop called "mysitebackupdir". Then, from the Terminal, use this command (which should be typed on a single line):

Code:
rsync --archive -e ssh myaccount@mysite.com:/path/to/mysitesdirectory /Users/mymaclogin/Desktop/mysitebackupdir


Wait a while, and you'll have a local copy of your entire site on your machine. The next time you run the command above, it will download MUCH faster, since rsync only copies files that have changed (or been deleted) since the last time it was run.

You can do regular backups this way (and even create dated "point" backups off your local directory whenever you want). Then, if you ever get hacked, you can just copy the entire backup folder in its entirety to restore the site. (Alternatively, you could use rsync again to update only the files that differ from your backup archive)

If you really want to be extra cool, you can set up SSH to use public keys automatically rather than having to type a password every time, and you could even set up the rsync to be done regularly at some pre-determined interval. See the SSH man pages for how to set up SSH keys between your backup machine and the web site. (Hint: You'll probably want to add --quiet to the rsync command so it doesn't dump too much to the Console)

Just some thoughts,
W
Find all posts by WaldoView user's profileSend private message
EscortCossie
Lieutenant
Lieutenant


Joined: Feb 21, 2004
Posts: 235

Location: Stavanger, Norway

PostPosted: Thu Mar 25, 2004 2:43 pm Reply with quoteBack to top

Thanks Waldo.. But in fact I could simply backup all the index files to my harddrive, and upload them again if something gets altered?

_________________
Image
Visit the Ford Escort Portal >> EscortPower.net!
Find all posts by EscortCossieView user's profileSend private messageVisit poster's website
Waldo
Nuke Soldier
Nuke Soldier


Joined: Mar 16, 2004
Posts: 24


PostPosted: Thu Mar 25, 2004 9:57 pm Reply with quoteBack to top

EscortCossie wrote:
Thanks Waldo.. But in fact I could simply backup all the index files to my harddrive, and upload them again if something gets altered?


Yes-- you can back up your ENTIRE site to your hard drive and upload them again if something gets altered. But the advantage of rsync is that it automates that process. Over time, you'll find yourself patching the site or making changes or customizations, updating files, etc. Instead of copying over the entire site to your hard drive from the beginning each time you make a change, you can use rsync to download only the CHANGED files so that your backup can be updated in a small amount of time.

You can use rsync to maintain symmetry between directories on two computers-- you can make changes on your local copy, then rsync to your web site, or vice-versa. It's not unlike how you can sync addresses or your calendar between your computer and your cell phone or PDA.

Another cool thing about rsync is it supports encrypted file transfers, so unlike with FTP, you can be reasonably sure that your passwords and files aren't being sent in cleartext.

Again, just a thought. Your site is more than just the "index.php" files-- you want to have a backup of ALL the files.

W
Find all posts by WaldoView user's profileSend private message
Jeruvy
Lieutenant
Lieutenant


Joined: Jul 09, 2003
Posts: 293


PostPosted: Fri Mar 26, 2004 4:44 am Reply with quoteBack to top

Quote:
Another cool thing about rsync is it supports encrypted file transfers, so unlike with FTP, you can be reasonably sure that your passwords and files aren't being sent in cleartext.


Can you elaborate on this? I use sftp and obviously don't worry about such things but I'm confused how rsync can encrypt your files without server side configuration?

Thanks,

_________________
J.
j e r u v y a t y a h o o d o t c o m
Find all posts by JeruvyView user's profileSend private messageICQ Number
Jeruvy
Lieutenant
Lieutenant


Joined: Jul 09, 2003
Posts: 293


PostPosted: Fri Mar 26, 2004 4:45 am Reply with quoteBack to top

Ah nevermind, I noticed it uses ssh.

Embarassed

_________________
J.
j e r u v y a t y a h o o d o t c o m
Find all posts by JeruvyView user's profileSend private messageICQ Number
Emb
Nuke Cadet
Nuke Cadet


Joined: Oct 25, 2005
Posts: 4


PostPosted: Sun Dec 04, 2005 12:40 am Reply with quoteBack to top

Supremo: i need this file, but i can't download of this forum. Can you send me of any way? Thanks...!!!!
All days, a guy hack my site, replacing/editing "index.php"

_________________
-----
EMB
Find all posts by EmbView user's profileSend private message
tkx
Sergeant
Sergeant


Joined: Oct 31, 2003
Posts: 85


PostPosted: Fri Jan 13, 2006 3:51 pm Reply with quoteBack to top

Any1 figure out where the security hole is? Rather than getting together some crazy disaster recovery plans, can we not get down to the core of the problem?.
Find all posts by tkxView user's profileSend private message
Evaders99
Site Admin
Site Admin


Joined: Aug 17, 2003
Posts: 12482


PostPosted: Fri Jan 13, 2006 8:45 pm Reply with quoteBack to top

Could be a phpBB security issue, a phpNuke security issue, anything that involves uploading, even a server security hole. Without access logs, we really cannot solve this one

_________________
Helping those that help themselves
Read FIRST or DIE!

"Fighting is terrible, but not as terrible as losing the will to fight."
Star Wars Rebellion Network - Need Help? Evaders Squadron Coding
Find all posts by Evaders99View user's profileSend private messageVisit poster's websiteAIM Address
tkx
Sergeant
Sergeant


Joined: Oct 31, 2003
Posts: 85


PostPosted: Fri Jan 13, 2006 11:29 pm Reply with quoteBack to top

ya I know... it's too bad though, because a lot of people are hacked like this, so it would be nice to see if someone caught how these buggers are doing it. I'm pretty sure it is somewhere in the apache/phpnuke, as no-one has had other problems on their server side.

Anyways, does any1 have this file available? I would like to check it out.
Find all posts by tkxView user's profileSend private message
deram
Nuke Soldier
Nuke Soldier


Joined: Jan 30, 2006
Posts: 17


PostPosted: Mon Jan 30, 2006 11:31 pm Reply with quoteBack to top

Am I right in assuming that since I have a webhotel. If someone gets in and changes the files on their server, I can just connect my Dreamweaver and reupload all the files (which takes about 15 minutes)?

Can I do a "get" of the database every night and thereby be safe? (because if I "get" it , I assume I have the newest version and can just re-upload it if something ever happens, right?
Find all posts by deramView user's profileSend private message
sting
Site Admin
Site Admin


Joined: Jul 24, 2003
Posts: 1986

Location: Apparently ALWAYS Online. . .

PostPosted: Tue Jan 31, 2006 5:50 am Reply with quoteBack to top

Quote:

ya I know... it's too bad though, because a lot of people are hacked like this, so it would be nice to see if someone caught how these buggers are doing it. I'm pretty sure it is somewhere in the apache/phpnuke, as no-one has had other problems on their server side.


One thing that would be helpful would be for any one of the 'lot of people' would post examples of their log files or at least some sample entries minus any info specific to giving away the identity of the hacked site so we could try to determine where the hack was taking place.

Just an observation.

-sting

_________________
Is it paranoia if they are really out to get you?

-------------------------------------------------------
sting usually hangs out at nukehaven.net
Find all posts by stingView user's profileSend private messageVisit poster's websiteAIM AddressYahoo MessengerMSN MessengerICQ Number
Display posts from previous:      
Post new topic  Reply to topicprinter-friendly view
View previous topic Log in to check your private messages View next topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



Powered by phpBB © 2001, 2005 phpBB Group

Ported by Nuke Cops © 2003 www.nukecops.com
:: FI Theme :: PHP-Nuke theme by coldblooded (www.nukemods.com) ::
Powered by TOGETHER TEAM srl ITALY http://www.togetherteam.it - DONDELEO E-COMMERCE http://www.DonDeLeo.com - TUTTISU E-COMMERCE http://www.tuttisu.it
Web site engine's code is Copyright © 2002 by PHP-Nuke. All Rights Reserved. PHP-Nuke is Free Software released under the GNU/GPL license.
Page Generation: 0.093 Seconds - 62 pages served in past 5 minutes. Nuke Cops Founded by Paul Laudanski (Zhen-Xjell)
:: FI Theme :: PHP-Nuke theme by coldblooded (www.nukemods.com) ::