You are missing our premiere tool bar navigation system! Register and use it for FREE!

NukeCops  
•  Home •  Downloads •  Gallery •  Your Account •  Forums • 
Readme First
- Readme First! -

Read and follow the rules, otherwise your posts will be closed
Modules
· Home
· FAQ
· Buy a Theme
· Advertising
· AvantGo
· Bookmarks
· Columbia
· Community
· Donations
· Downloads
· Feedback
· Forums
· PHP-Nuke HOWTO
· Private Messages
· Search
· Statistics
· Stories Archive
· Submit News
· Surveys
· Theme Gallery
· Top
· Topics
· Your Account
Who's Online
There are currently, 373 guest(s) and 16 member(s) that are online.

You are Anonymous user. You can register for free by clicking here
Nuke Cops :: View topic - Somebody hacked my php nuke 7.5 [ ]
 Forum FAQ  •  Search  •   •  Memberlist  •  Usergroups   •  Register  •  Profile •    •  Log in to check your private messages  •  Log in

 
This forum is locked: you cannot post, reply to, or edit topics.  This topic is locked: you cannot edit posts or make replies.printer-friendly view
View previous topic Log in to check your private messages View next topic
Author Message
matizzz
Nuke Cadet
Nuke Cadet


Joined: Apr 27, 2005
Posts: 1


PostPosted: Wed Apr 27, 2005 10:51 am Reply with quoteBack to top

Ok i came back home, vent to internet and see. Some Bosnian hackers hacked my php nuke. I cant belive it. Ok they removed all my adminiastrators, deleted all news and deactivated all modules. Also they removed my messages on index.

So what can i do? I have some security copyes and i will insert news, but how to prevent another hacking atack? I never update my nuke. I thought that is unnecessery but now i see. I need some Security fixes.

Please help me! Crying or Very sad
Find all posts by matizzzView user's profileSend private message
Evaders99
Site Admin
Site Admin


Joined: Aug 17, 2003
Posts: 12482


PostPosted: Wed Apr 27, 2005 3:39 pm Reply with quoteBack to top

phpNuke (like any other popular use software) requires a vigilant admin, it will need updating.

Please read and secure your site: http://www.nukecops.com/postt32206.html

_________________
Helping those that help themselves
Read FIRST or DIE!

"Fighting is terrible, but not as terrible as losing the will to fight."
Star Wars Rebellion Network - Need Help? Evaders Squadron Coding
Find all posts by Evaders99View user's profileSend private messageVisit poster's websiteAIM Address
jay03
Nuke Cadet
Nuke Cadet


Joined: May 02, 2005
Posts: 9


PostPosted: Sun May 08, 2005 10:46 am Reply with quoteBack to top

just wondering, if someone 'hacks' your web site, what are they really doing?

from what i read, this is what a 'hacker' is limited to:
- deactive/delete blocks (but the blocks are still in the FTP right?)
- change the index.php around so it points to forums instead of news?
- edit the preference section

so really, if someone keeps a good backup, a hacker really can't do much except superficailly right?

every week I do a full backup of my html folder .. is that good enough? and what do i do if I have a backup of my db for my site and forums? how do i upload them once i get my site back up? thanks.
Find all posts by jay03View user's profileSend private message
Evaders99
Site Admin
Site Admin


Joined: Aug 17, 2003
Posts: 12482


PostPosted: Mon May 09, 2005 7:02 pm Reply with quoteBack to top

Mostly SQL based attacks are designed to take control of the Nuke admin. Then they write whatever messages they want on your site, or redirect to another site, that sort of thing. These are mostly kiddy script hackers, doing it for attention and noise.

The serious hackers can do numerous things on your server. They can gain server admin access, run all kinds of server scripts, even install their own scripts. They can basically take your server as their own, use it as a robot to take down other sites.

I'm not saying phpNuke itself is generally vulnerable, any web script is a target to be hacked. For the most part, you probably won't see serious hackers against your site.. mostly they target commercial, well known sites for attention and profit.

Just keep vigilant.

_________________
Helping those that help themselves
Read FIRST or DIE!

"Fighting is terrible, but not as terrible as losing the will to fight."
Star Wars Rebellion Network - Need Help? Evaders Squadron Coding
Find all posts by Evaders99View user's profileSend private messageVisit poster's websiteAIM Address
jay03
Nuke Cadet
Nuke Cadet


Joined: May 02, 2005
Posts: 9


PostPosted: Tue May 10, 2005 4:38 am Reply with quoteBack to top

Evaders99 wrote:
Mostly SQL based attacks are designed to take control of the Nuke admin. Then they write whatever messages they want on your site, or redirect to another site, that sort of thing. These are mostly kiddy script hackers, doing it for attention and noise.

The serious hackers can do numerous things on your server. They can gain server admin access, run all kinds of server scripts, even install their own scripts. They can basically take your server as their own, use it as a robot to take down other sites.

I'm not saying phpNuke itself is generally vulnerable, any web script is a target to be hacked. For the most part, you probably won't see serious hackers against your site.. mostly they target commercial, well known sites for attention and profit.

Just keep vigilant.


You're right. Who would spend the time and effort to hack a personal page? I'm still a newb when it comes to PHPNuke, but all my News, Comments, and Forum Posts are all stored in MySQL server and thats untouchable to the hacker even if he knows my PHPNuke pw right? There's no function in PHPNuke called format database, only backup db right?
Find all posts by jay03View user's profileSend private message
gettopreacherman
Lieutenant
Lieutenant


Joined: Jan 13, 2005
Posts: 262


PostPosted: Tue May 10, 2005 5:21 am Reply with quoteBack to top

If you know the db structure of nuke, then it's pretty easy...you just have to get:

DELETE FROM *table* and your table is gone...
Find all posts by gettopreachermanView user's profileSend private message
Evaders99
Site Admin
Site Admin


Joined: Aug 17, 2003
Posts: 12482


PostPosted: Tue May 10, 2005 9:13 pm Reply with quoteBack to top

From the Nuke interface, no - there's no direct way to delete entire tables. But if they're clever with their SQL hacks, then can push through SQL statements that will be run to do it (such commands as above)

_________________
Helping those that help themselves
Read FIRST or DIE!

"Fighting is terrible, but not as terrible as losing the will to fight."
Star Wars Rebellion Network - Need Help? Evaders Squadron Coding
Find all posts by Evaders99View user's profileSend private messageVisit poster's websiteAIM Address
jay03
Nuke Cadet
Nuke Cadet


Joined: May 02, 2005
Posts: 9


PostPosted: Wed May 11, 2005 4:57 am Reply with quoteBack to top

Evaders99 wrote:
From the Nuke interface, no - there's no direct way to delete entire tables. But if they're clever with their SQL hacks, then can push through SQL statements that will be run to do it (such commands as above)


Thanks for the clear up, I was wondering what the heck he was talking about Smile
Find all posts by jay03View user's profileSend private message
Display posts from previous:      
This forum is locked: you cannot post, reply to, or edit topics.  This topic is locked: you cannot edit posts or make replies.printer-friendly view
View previous topic Log in to check your private messages View next topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



Powered by phpBB © 2001, 2005 phpBB Group

Ported by Nuke Cops © 2003 www.nukecops.com
:: FI Theme :: PHP-Nuke theme by coldblooded (www.nukemods.com) ::
Powered by TOGETHER TEAM srl ITALY http://www.togetherteam.it - DONDELEO E-COMMERCE http://www.DonDeLeo.com - TUTTISU E-COMMERCE http://www.tuttisu.it
Web site engine's code is Copyright © 2002 by PHP-Nuke. All Rights Reserved. PHP-Nuke is Free Software released under the GNU/GPL license.
Page Generation: 0.086 Seconds - 296 pages served in past 5 minutes. Nuke Cops Founded by Paul Laudanski (Zhen-Xjell)
:: FI Theme :: PHP-Nuke theme by coldblooded (www.nukemods.com) ::