You are missing our premiere tool bar navigation system! Register and use it for FREE!

NukeCops  
•  Home •  Downloads •  Gallery •  Your Account •  Forums • 
Readme First
- Readme First! -

Read and follow the rules, otherwise your posts will be closed
Modules
· Home
· FAQ
· Buy a Theme
· Advertising
· AvantGo
· Bookmarks
· Columbia
· Community
· Donations
· Downloads
· Feedback
· Forums
· PHP-Nuke HOWTO
· Private Messages
· Search
· Statistics
· Stories Archive
· Submit News
· Surveys
· Theme Gallery
· Top
· Topics
· Your Account
Who's Online
There are currently, 182 guest(s) and 0 member(s) that are online.

You are Anonymous user. You can register for free by clicking here
Nuke Cops :: View topic - PHP-Nuke Security [ ]
 Forum FAQ  •  Search  •   •  Memberlist  •  Usergroups   •  Register  •  Profile •    •  Log in to check your private messages  •  Log in

 
Post new topic  Reply to topicprinter-friendly view
View previous topic Log in to check your private messages View next topic
Author Message
ariani
Corporal
Corporal


Joined: Apr 14, 2003
Posts: 64


PostPosted: Wed May 12, 2004 1:53 am Reply with quoteBack to top

Hi,

I'm using v 6.5 to run my website.

I did some updates in the begining for some blocks & modules that didn't work properly, and since then (August 2003) I haven't any updates or upgrades.

Last night, my web-site has been attacked. I dont know what those people have used to gain access to Admin Pannel of PHP-Nuke, however I could see in table 'nuke_authors' they have added loads of other God Admins and my God Admin password has been changed!

Once they did that, then was easy to do the rest, they edited my articles, they screw up my blocks, modules, footer messages etc.

The people how did this, after destrying articles, blocks & modules, tried to be "nice" and post the code which should be added to admin.php, in order to prevent this kind of attacks.

But how can I trust them now ?

Here is the code
Code:
if(stristr($_SERVER["QUERY_STRING"].'AddAuthor') || stristr($_SERVER["QUERY_SSTRING"],'UpdateAuthor')) die("Access Denied");


I know that I should have upgraded to newer version or apply some patches, but I was too busy working & studing, so I think I've paid the price!

Now, I would like to ask what would you suggest to do at this stage? (I run v 6.5). I would appriciate any, any help at all !!!

Best regards,
A.
Find all posts by arianiView user's profileSend private message
dannic
Nuke Soldier
Nuke Soldier


Joined: Sep 29, 2003
Posts: 18


PostPosted: Wed May 12, 2004 2:44 am Reply with quoteBack to top

You can try a module called protector or the fortress code developed here. The fortress code you can download at the moment is located in this article.

http://www.nukecops.com/article-2008--0-0.html

Unfortunately they haven't uploaded the latest code.

Either the protector module or the fortress code could be a solution you need.
Find all posts by dannicView user's profileSend private message
tix
Lieutenant
Lieutenant


Joined: Feb 05, 2004
Posts: 170


PostPosted: Wed May 12, 2004 3:17 am Reply with quoteBack to top

This is typical sql injection hack.
You should empty the nuke_authors table and recreate a god admin (if you have a recent backup of your bd it would be easier to just restore it).
From there on you should visit nukeresources and get patched with the later patces.Also visit raven scripts to get its hack alert and mmisterworks site to get protector (alternate you couls install fortress ot utc i havent tried them yet cant say anything about it).
Hope i helped.
Find all posts by tixView user's profileSend private messageVisit poster's website
Darby_2k4
Nuke Soldier
Nuke Soldier


Joined: Apr 15, 2004
Posts: 32


PostPosted: Wed May 12, 2004 3:56 am Reply with quoteBack to top

Also : Don't use the prefix "nuke" on all your tables. Use some random chars instead.

DO NOT DO THIS IF YOU ARE NOT COMFORTABLE WITH PHP CODE
And if you have the coding wherewithal, change the op/mod name of AddAuthor & UpdateAuthor to something else and change all references to AddAuthor/UpdateAuthor in your admin page.

Any links to them outside of your admin pages(if there are any), leave alone and know that they won't work. Do all your Add/Update Authoring from within the Admin page only.

Why only the admin pages? Well if you change the name on both functions, for example, to the word doAddAuthor and doUpdateAuthor and only update the admin pages - then only people that can login and see your admin pages know the new names you are using. If you put the new name on publically, or even registered user, visible pages everyone is going to know the new name and just change their hacks.

NOTE : do NOT use doAddAuthor and doUpdateAuthor since I just used them. And I would suggest changing the name to two different names don't use the same prefix for both(like 'do' in my examples).
Find all posts by Darby_2k4View user's profileSend private message
Evaders99
Site Admin
Site Admin


Joined: Aug 17, 2003
Posts: 12482


PostPosted: Wed May 12, 2004 8:03 am Reply with quoteBack to top

Upgrade to 6.9, apply the latest BBToNuke, apply the 6.9 Patched fixes (NukeFixes), add Protector, Admin Secure...

Follow the tips others have given you too. Every bit helps.

_________________
Helping those that help themselves
Read FIRST or DIE!

"Fighting is terrible, but not as terrible as losing the will to fight."
Star Wars Rebellion Network - Need Help? Evaders Squadron Coding
Find all posts by Evaders99View user's profileSend private messageVisit poster's websiteAIM Address
ariani
Corporal
Corporal


Joined: Apr 14, 2003
Posts: 64


PostPosted: Wed May 12, 2004 4:04 pm Reply with quoteBack to top

Guys, thank you very much!

I would appriciate if somebody can guide how to upload to 6.9.
Or at least where can I download 6.9 ?!

Thank you.
Find all posts by arianiView user's profileSend private message
virtuaopolis
Corporal
Corporal


Joined: Oct 07, 2003
Posts: 64


PostPosted: Wed May 12, 2004 5:16 pm Reply with quoteBack to top

http://phpNuke.org

~Percy
Find all posts by virtuaopolisView user's profileSend private message
ariani
Corporal
Corporal


Joined: Apr 14, 2003
Posts: 64


PostPosted: Wed May 12, 2004 5:31 pm Reply with quoteBack to top

Thanks virtuaopolis,

Is there any quick way that I can patch nuke 6.5?
Simply not to create anymore admins !!!
Find all posts by arianiView user's profileSend private message
virtuaopolis
Corporal
Corporal


Joined: Oct 07, 2003
Posts: 64


PostPosted: Wed May 12, 2004 6:11 pm Reply with quoteBack to top

I am only a novice when it comes to phpNuke, but I think that if you revoke INSERT privleges on the nuke_authous table; leaving only SELECT and UPDATE privledges on the nuke_authors table; will result in a Read/update only nuke_authors table. You can do so by using phpMyAdmin. I dont know if this will effect any other portions of phpNuke its self, as I havent tested it.

Any feed back on this idea from any other users would be greatly appreciated.

~Percy
Find all posts by virtuaopolisView user's profileSend private message
Evaders99
Site Admin
Site Admin


Joined: Aug 17, 2003
Posts: 12482


PostPosted: Wed May 12, 2004 7:37 pm Reply with quoteBack to top

To fix the admin problem, a good system to use is Admin Secure.

But seriously, your system needs to be patched completely to ward off other attacks through other areas of Nuke. 6.9 Patched http://www.nukefixes.com

_________________
Helping those that help themselves
Read FIRST or DIE!

"Fighting is terrible, but not as terrible as losing the will to fight."
Star Wars Rebellion Network - Need Help? Evaders Squadron Coding
Find all posts by Evaders99View user's profileSend private messageVisit poster's websiteAIM Address
dotcomUNDERGROUND
Lieutenant
Lieutenant


Joined: Jul 18, 2003
Posts: 180


PostPosted: Wed May 12, 2004 11:03 pm Reply with quoteBack to top

any download URL for Admin Secure and Protector?

_________________
[ Bangla Music | Web Hosting Bangladesh | Domain Registration Bangladesh ]
Find all posts by dotcomUNDERGROUNDView user's profileSend private messageVisit poster's website
ariani
Corporal
Corporal


Joined: Apr 14, 2003
Posts: 64


PostPosted: Thu May 13, 2004 8:59 am Reply with quoteBack to top

Guys,

Thank you very much that you have spared time to help me.
I have patched admin.php and also index.php for Sections module.

If somebody is still having problem than they can fix it very easy:
just edit admin.php and add this code under the credits:
Code:
if(stristr($_SERVER["QUERY_STRING"],'AddAuthor') || stristr($_SERVER["QUERY_STRING"],'UpdateAuthor')) {
die("Illegal Operation");
}



While if you wanna patch Sections module than edit modules/Sections/index.php and

PUT

Code:
$artid = (int)$artid;

BEFORE
Code:
switch($op) {

    case "viewarticle":
    viewarticle($artid, $page);
    break;

    case "listarticles":
    listarticles($secid);
    break;

    case "printpage":
    PrintSecPage($artid);
    break;

    default:
    listsections();
    break;

}

?>


If your admin.php is not patched, than everyone can create as many God Admins as he likes, using hyperlink which can be found in many Nuke forums. Same applies for Sections module where everybody can see God Admin password.

For security purpose I wont post commands through which everybody can very easily gain access in Nuke Admin Pannel.

That's why all forum moderators should be very carefull and delete all post/replies which consist this commands, in order to save other unprotected nukers!

Regards,
A.
Find all posts by arianiView user's profileSend private message
bingo72
Nuke Cadet
Nuke Cadet


Joined: May 12, 2004
Posts: 6


PostPosted: Sun May 16, 2004 3:18 am Reply with quoteBack to top

thx ariani

but what you mean of (add this code under the credits:
) where i sould out the code in admin.php>

thx
Find all posts by bingo72View user's profileSend private message
MGCJerry
Elite Nuker
Elite Nuker


Joined: Jun 16, 2003
Posts: 220


PostPosted: Sun May 16, 2004 8:49 am Reply with quoteBack to top

You can also change your database "prefix" to something other than "nuke" in conjunction with the above suggestions.

This way, it requires them to guess your site's prefix and till they get it right, it wont work. Also, the more they try guessing your prefix, the more "noise" they make so you can catch 'em.

_________________
Original creator of
* Fetch Mod
* RPG Races Module
* 2 The Xtreme Theme
Find all posts by MGCJerryView user's profileSend private message
Viper
Lieutenant
Lieutenant


Joined: May 04, 2003
Posts: 282

Location: Louisville, KY USA

PostPosted: Sun May 16, 2004 10:01 am Reply with quoteBack to top

dotcomUNDERGROUND wrote:
any download URL for Admin Secure and Protector?

Admin Secure - http://gp4tweaker.vadertrophy.com/

Protector - http://protector.warcenter.se/

Shameless plus, of course I have both available on my site for download as well.

_________________
Building A Better PHP-Nuke Community!
Image
Find all posts by ViperView user's profileSend private messageVisit poster's website
Display posts from previous:      
Post new topic  Reply to topicprinter-friendly view
View previous topic Log in to check your private messages View next topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



Powered by phpBB © 2001, 2005 phpBB Group

Ported by Nuke Cops © 2003 www.nukecops.com
:: FI Theme :: PHP-Nuke theme by coldblooded (www.nukemods.com) ::
Powered by TOGETHER TEAM srl ITALY http://www.togetherteam.it - DONDELEO E-COMMERCE http://www.DonDeLeo.com - TUTTISU E-COMMERCE http://www.tuttisu.it
Web site engine's code is Copyright © 2002 by PHP-Nuke. All Rights Reserved. PHP-Nuke is Free Software released under the GNU/GPL license.
Page Generation: 0.848 Seconds - 181 pages served in past 5 minutes. Nuke Cops Founded by Paul Laudanski (Zhen-Xjell)
:: FI Theme :: PHP-Nuke theme by coldblooded (www.nukemods.com) ::