| Author |
Message |
Campo
Nuke Cadet
Joined: May 22, 2005
Posts: 2
|
 Posted:
Wed Apr 05, 2006 4:21 am |
  |
My site was recently hacked ( http://dof.nrgservers.net ). I was using the newest version of phpnuke (no sentinel). I have deleted and replaced all my main php files, yet it still shows this error. I also deleted the index.html files that were placed on my website. I have phpmyadmin and I checked my database. It looked the same as far as I know. Maybe I am missing something? I searched google for d.o.m. and it seems many other sites are hacked by the same method. I have read the posts regarding hackers and I plan to update my site with sentinel as soon as it gets fixed. Does anybody have any suggestions how to fix this before I totally wipe my database and directory and start from scratch? Thanks a lot. |
|
|
   |
|
Evaders99
Site Admin
Joined: Aug 17, 2003
Posts: 12403
|
| Posted:
Wed Apr 05, 2006 8:16 am |
|
|
  |
|
Coryf88
Nuke Cadet
Joined: Jun 15, 2004
Posts: 2
|
| Posted:
Wed Apr 05, 2006 11:41 am |
|
Look in the nuke_config table. You will notice there is another row. Delete the one that has stuff about D.O.M. |
|
|
|
|
jt99
Nuke Cadet
Joined: Apr 07, 2006
Posts: 4
|
| Posted:
Fri Apr 07, 2006 4:27 am |
|
This just recently happened to me, and I got caught with my pants down w/o a good backup.
I took a copy of my database how it was originally laid out w/ the site, and the pages w/ all mods installed and uploaded it to the server. I then took the hacked database and copied my forum posts, news posts, and users over to the new database by the old copy/paste method in a mysql dump.
All this, only to get hacked again a day later...
Running patched 7.6 and NSN 2.4.2 |
|
|
|
|
Evaders99
Site Admin
Joined: Aug 17, 2003
Posts: 12403
|
| Posted:
Fri Apr 07, 2006 5:46 am |
|
|
|
|
ssace
Lieutenant
Joined: Dec 29, 2005
Posts: 175
|
| Posted:
Sun Apr 09, 2006 6:14 pm |
|
My father has a nuke 7.8 but no patches or sentinel. He just got hacked. When you go to the site it just exposes all his files. Somebody calling themselves: Wildboy / Turkish Hacker
The emptyadmins.php script did not work. It just gave me the same hacked page.
Any ideas what to do now? |
|
|
|
|
Evaders99
Site Admin
Joined: Aug 17, 2003
Posts: 12403
|
| Posted:
Mon Apr 10, 2006 4:44 am |
|
|
|
|
maxout
Corporal
Joined: Aug 16, 2004
Posts: 64
|
| Posted:
Mon Apr 10, 2006 3:14 pm |
|
My site was hacked 3 times this week
by same bastard they leave this massage:
| Quote: |
HackeD By NetWorkeR
Lütfen Açıklarınızı Kapatınız || Please Fix Your Bugs !
T Ü R K İ Y E
Greetz : PowerCobra, Rawkmetal, Secretlyx, iskorpitx, TheHacker, ShadowBoys & All PowerHack.Org Users
Fatal error: Cannot instantiate non-existent class: sql_db in /home/grabiecr/public_html/db/db.php on line 86 |
How I can find theirs code in DB.. what I should looking for to delete? |
|
|
|
|
ssace
Lieutenant
Joined: Dec 29, 2005
Posts: 175
|
| Posted:
Mon Apr 10, 2006 5:56 pm |
|
I think mine is fixed. I didn't see anything wrong in the database...of course I don't know what to look for...hehe
My config.php file was all screwed up. I uploaded a clean config file & it seemed to have fixed mine. I also added the 7.8/3.2 patch. I'll put NukeSentinel on the site this weekend.
How could someone overwrite the config.php files unless they had the ftp password? |
|
|
|
|
Evaders99
Site Admin
Joined: Aug 17, 2003
Posts: 12403
|
| Posted:
Mon Apr 10, 2006 8:10 pm |
|
Any number of ways, usually a vulnerability that allows uploading. Avoid old modules with security flaws, Coppermine, some Calendars, even some reported for vWar. Always keep your phpNuke updated with the Patched files and Sentinel |
_________________
Helping those that help themselves
Read FIRST or DIE!
"Fighting is terrible, but not as terrible as losing the will to fight."
Star Wars Rebellion Network - Need Help? Evaders Squadron Coding |
|
|
|
maho
Corporal
Joined: Aug 15, 2004
Posts: 51
|
| Posted:
Tue Apr 11, 2006 12:44 am |
|
download your version of phpnuke and just replace index.php and that should do it.
Had same problems it was my fault leaving some folders to chmod 777
pm me if u need any help.....
also once u did that apply any security mods like sentinel etc ........ |
|
|
|
|
omar3
Nuke Cadet
Joined: Mar 08, 2006
Posts: 6
|
| Posted:
Tue Apr 11, 2006 2:37 am |
|
| ScinergyIa wrote: |
download your version of phpnuke and just replace index.php and that should do it.
Had same problems it was my fault leaving some folders to chmod 777
pm me if u need any help.....
also once u did that apply any security mods like sentinel etc ........ |
Can you be more specific while files/folders needs to be set with chmod?
and what are the correct settings?
What are the best tips or tricks to secure nuke? |
|
|
|
|
ssace
Lieutenant
Joined: Dec 29, 2005
Posts: 175
|
| Posted:
Tue Apr 11, 2006 6:03 pm |
|
Thanks. Now that you mention it Evaders, he had vWar installed recently. He had the whole vWar folder chmoded to 777. That was prob the gateway. |
|
|
|
|
kerman
Nuke Cadet
Joined: May 05, 2006
Posts: 1
|
| Posted:
Sun May 07, 2006 6:27 pm |
|
I was hacked by this guys, and all they do was very simple:
Get admin account, and change the preferences (title, footer, etc) with a piece of code that print that text instead of yor home.
The solution was very simple: In Mysql, check the nuke_config table, or do a search of the word "defaced". Clear all this tables and its ok.
Hope it helps! |
|
|
|
|
afirca
Nuke Cadet
Joined: Jun 17, 2006
Posts: 1
|
| Posted:
Sat Jun 17, 2006 2:01 pm |
|
|
|
|
|
|
