| Author |
Message |
NukeStyles
Nuke Soldier
Joined: Feb 10, 2003
Posts: 20
Location: USA
|
 Posted:
Fri Mar 28, 2003 12:46 pm |
  |
Can I get some help guys?? My site was just hacked, and it's pissing me off... someone submmitted a article, and went ahead and added it right through my admin... I was at my fathers funeral all day, got home, and this crap... Some little kid hacks my site. No damage done, but just the fact he had control of my admin is really annoying.
I'm using nuke 6.0, deleted the viewpage file, and have applied all the current security fixes... now what?????????? What else is there??
I can give you guys my files or whatever to see if you can figure it out, but I have applied everything I know of, and it still happened.
Help! 
Shawn |
|
|
    |
|
ArtificialIntel
Joined: Jan 31, 2004
Posts: -88
|
| Posted:
Fri Mar 28, 2003 12:49 pm |
|
something similar happend to my site, but I'd like to assure you that they didn't do it through ur admin panel.
There's a security hole in nuke somewhere (that's been plugged now btw) that allows ppl to post articles streight to the site using an SQL injection.
Chatserv posted the fix somewhere if you'd care to look. (I can't remember it off hand, but there is a download if you were running nuke 6.5 not 6.0
AI |
|
|
|
|
sixonetonoffun
Major
Joined: Jan 13, 2003
Posts: 892
|
| Posted:
Fri Mar 28, 2003 1:04 pm |
|
|
|
|
NukeStyles
Nuke Soldier
Joined: Feb 10, 2003
Posts: 20
Location: USA
|
| Posted:
Sat Mar 29, 2003 9:07 am |
|
Well, I applied that patch, and still got hacked yet again. Some war protesting Rainbow Brite...
They seem to be going right into my news, and adding whatever they want. Changing articles, and whatever. WTF.
I applied the score codes, that patches the security hole in the rate article... is there other changes in the index.php file that I need to know about? I use a heavily modified index file, and don't just want to overwrite it...
Maybe I'll just overwrite the damn file, if there is other fixes in it... but I looked through the code and didn't see anything.
Just really irratating that some freaking little kids got to do this crap. But just letting everyone know, that if the score codes were all that was included for the patch, it ain't working to well.. because they get my site everyday it seems like.
Shawn |
|
|
|
|
NukeStyles
Nuke Soldier
Joined: Feb 10, 2003
Posts: 20
Location: USA
|
| Posted:
Sat Mar 29, 2003 9:28 am |
|
And, anyone know of this site???? I'm posted there, but it's in different language... I'm not sure if it's a hack site or what, and they are bragging what sites they hack...
http://www.delta5.com.br/mirror/
I'm close to the damn top.. figures.
Just letting someone know... Irratating jerks.
Shawn |
|
|
|
|
ArtificialIntel
Joined: Jan 31, 2004
Posts: -88
|
| Posted:
Sat Mar 29, 2003 9:47 am |
|
those lying gits.
They're taking credit for other ppls work. How do I Know??? cause I know quite a few ppl in the hacking community and the some of the people who really did hack most of those sites have already been "dealt with"
AI |
|
|
|
|
NukeStyles
Nuke Soldier
Joined: Feb 10, 2003
Posts: 20
Location: USA
|
| Posted:
Sat Mar 29, 2003 1:07 pm |
|
I just got it AGAIN!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Damnit, what the HELL can I do???
I feel like FB, just closing the shop until something is done... total Rainbow Brite. I busted my Rainbow Brite building my site, and to have some stupid jerk keep up this bull is ridiculous... |
|
|
|
|
sixonetonoffun
Major
Joined: Jan 13, 2003
Posts: 892
|
| Posted:
Sat Mar 29, 2003 1:18 pm |
|
Bunch of bottom feeders. The thread got posted to Bugtraq I noticed. That didn't likely help much. Now not only the skiipt KidDies are focusing in on you the real bangers are likely to get interested. |
_________________
www.netflake.com
www.glowoptics.com |
|
|
|
chatserv
General
Joined: Jan 12, 2003
Posts: 3128
Location: Puerto Rico
|
| Posted:
Sat Mar 29, 2003 10:18 pm |
|
NukeStyles can you post your rate article function? |
_________________
Feed a man a fish and you feed him for a day. Teach a man to fish and you feed him for a lifetime.
ScriptHeaven | NukeResources |
|
|
|
chatserv
General
Joined: Jan 12, 2003
Posts: 3128
Location: Puerto Rico
|
| Posted:
Sun Mar 30, 2003 5:21 am |
|
|
|
|
Daniel-cmw
Site Admin
Joined: Mar 02, 2003
Posts: 1662
Location: The UK!
|
| Posted:
Sun Mar 30, 2003 5:29 am |
|
Nice find Chatserv, ill be looking closely at that site.... dont be surprised if its not there later on today |
|
|
|
|
ArtificialIntel
Joined: Jan 31, 2004
Posts: -88
|
| Posted:
Sun Mar 30, 2003 6:08 am |
|
uwwww. I know who our next target is gonna be now  Don't be surprised if that site goes offline very very soon.
AI |
|
|
|
|
Daniel-cmw
Site Admin
Joined: Mar 02, 2003
Posts: 1662
Location: The UK!
|
| Posted:
Sun Mar 30, 2003 6:12 am |
|
Its already down   |
|
|
|
|
NukeStyles
Nuke Soldier
Joined: Feb 10, 2003
Posts: 20
Location: USA
|
| Posted:
Sun Mar 30, 2003 7:18 am |
|
OK... This is my rate function... I applied the score codes, and I still got hacked 2 times after that...
Some of my own codes are in there, but they don't effect anything for the function...
| Code: |
function rate_article($sid, $score) {
global $prefix, $dbi, $ratecookie, $sitename, $r_options;
$score = intval($score);
if ($score) {
if ($score > 5) { $score = 5; }
if ($score < 1) { $score = 1; }
if ($score != 1 AND $score != 2 AND $score != 3 AND $score != 4 AND $score != 5) {
Header("Location: index.php");
die();
}
if (isset($ratecookie)) {
$rcookie = base64_decode($ratecookie);
$r_cookie = explode(":", $rcookie);
}
for ($i=0; $i < sizeof($r_cookie); $i++) {
if ($r_cookie[$i] == $sid) {
$a = 1;
}
}
if ($a == 1) {
Header("Location: modules.php?name=News&op=rate_complete&sid=$sid&rated=1");
} else {
$result = sql_query("update ".$prefix."_stories set score=score+$score, ratings=ratings+1 where sid='$sid'", $dbi);
$info = base64_encode("$rcookie$sid:");
setcookie("ratecookie","$info",time()+3600);
Header("Location: modules.php?name=News&op=rate_complete&sid=$sid$r_options");
}
} else {
include("header.php");
ns_mod_title();
OpenTable();
echo "<br>";
OpenTable2();
echo "<center>"._DIDNTRATE."<br><br>"
.""._GOBACK."</center>";
CloseTable2();
echo "<br>";
CloseTable();
ns_link_bar();
include("footer.php");
}
} |
Did I miss something in this function???? Actually, I hope I did miss something... that explains why I'm still getting hacked... If I didn't, then something is definatly screwed...
Again, thx for the big help.
Shawn |
|
|
|
|
chatserv
General
Joined: Jan 12, 2003
Posts: 3128
Location: Puerto Rico
|
| Posted:
Sun Mar 30, 2003 9:15 am |
|
I have yet to see what a so called "poo.php" script being used has in its code, i do know i tested the previous haha.php and couldn't change anything in the site's articles, so i'd have to assume we are dealing with a different form of SQL injection, i'll see if i can find what this attack is and what method it uses to access the database. |
_________________
Feed a man a fish and you feed him for a day. Teach a man to fish and you feed him for a lifetime.
ScriptHeaven | NukeResources |
|
|
|
|
|
