Hacked

Posted: Wed Aug 23, 2006 1:32 pm

Okay I was hacked. The people I bought it from are on it but it's been like a week now and I want my site back up. I know my old files are there cause they load and then the other page comes up instead. I looked it over and can't find it. Here is the site http://www.rsjrocks.net. Any help would be awesome. Thanks.

Posted: Wed Aug 23, 2006 5:38 pm

Do you have access to your database and to a good backup of that db? If so, we can get your site looking normal in no time. If not, then you got some work to do.

I looked at your page source, and see that you have TinyMCE, the WYSIWYG editor, available. So that tells me you are running either nuke 7.8 or 7.9. I have some bad news if you are. The TinyMCE editor is a potential security hazard, so you should really run a more secure nuke like 7.6 or 7.8 patched and consider installing NukeSentinel too.

What these bozos probably did is run a SQL injection script, either using TInyMCE or another security hole in your site. They did not change the files, only the db entries.

Where in Wyoming are you? I spent two years in Casper myself.

Captain Joined: Sep 13, 2003 Posts: 303

Ftp to your site and look if index.php or config.php have been altered, because it can cause similar results. Check also if an index.htm or index.html file have been put in your site. Similar hacks happen often for my site and they seem to use my coppermine gallery to upload those files.

Posted: Wed Aug 23, 2006 8:58 pm

Ah, yes, Coppermine has a few holes in it too. You need to make sure you have the latest version.

Captain Joined: Sep 13, 2003 Posts: 303

I have recently tried to decrease the hacking from coppermine by making it accessible for members only. Earlier guests could also access this module. I don't know if it will work though.

Nuke Soldier Joined: Oct 03, 2005 Posts: 34

That is caused by sql injection into your configuration table. Go into your phpmyadmin page and take out the offending code in the _config table and you will be good to go. you will need to go through each table since I forget the exact one

If you need help email me at nickhuffman74@yahoo.com and I will be more than happty to help you. I will be tied up tonight but I can get you fixed asap in the morning

Posted: Wed Sep 06, 2006 6:25 am

HalJordan wrote:

Do you have access to your database and to a good backup of that db? If so, we can get your site looking normal in no time. If not, then you got some work to do.

I looked at your page source, and see that you have TinyMCE, the WYSIWYG editor, available. So that tells me you are running either nuke 7.8 or 7.9. I have some bad news if you are. The TinyMCE editor is a potential security hazard, so you should really run a more secure nuke like 7.6 or 7.8 patched and consider installing NukeSentinel too.

What these bozos probably did is run a SQL injection script, either using TInyMCE or another security hole in your site. They did not change the files, only the db entries.

Where in Wyoming are you? I spent two years in Casper myself.

Thank you all for the help. The first thing I did was check my index.php files and look for an index.htm file and that was not changed or added. I try to keep my php nuke updated but I am not sure which one I am running right now. I thought I just updated it.

So I have access to my database as far as I know. I own my own site. Do I get to it through phpmyadmin? As for a backup I am not sure about that. It's been a little while since I actually backed up my files.

I live in Gillette. 2 hours from Casper.

Posted: Wed Sep 06, 2006 7:45 pm

Yikes! Backup those files now! There are two backups you need: your entire nuke directory and your database. For the first, you can just ftp the whole works to your home computer, or gzip the directory to a file to store in a safe place. For the db, you can use nuke's own backup option in the admin cpanel or use phpmyadmin to export the db to a SQL file or gzipped archive.

Been to Gillette. Wasn't much there back in 1980 when I last visited. Is it any different now?

Nuke Soldier Joined: Apr 28, 2006 Posts: 16

We got hacked by the same person, but it hopefully is as easy as this, in your phpmyadmin, open up nuke_config and browse, then change what they put in there back to the original text.

Been hacked again since then even with added security, makes you wonder if its all worth the bother. Sad

Posted: Mon Sep 25, 2006 12:37 pm

tommas wrote:

We got hacked by the same person, but it hopefully is as easy as this, in your phpmyadmin, open up nuke_config and browse, then change what they put in there back to the original text.

Been hacked again since then even with added security, makes you wonder if its all worth the bother. Sad

That is what they did! After I go to browse how do I change it back?

Private Joined: Oct 08, 2005 Posts: 43 Location: York UK

by the sound of it they used a sql injection through a module, most common is the search module. gained admin access of nuke. Gone into your admin area. went into prefrences. Changed footer info with a load of code to cause the home page of you nuke site to appear hacked.

As you have found go into phpmyadmin edit the row nuke_config. Best thing to do is just empyt the colums foot1, foot2 and foot3. Usually these the fields filled with malicious code.

Once removed you caan get to your admin panel and then go to prefs to correct the rest of the info.

Then once you got control back get some security. If you need help or advice on this feel free to pm or email me

Nuke Soldier Joined: Apr 28, 2006 Posts: 16

Exactly as Scott says, but the second attack on my site was more of a complete edit, most of the nuke tables were destroyed, so even with a backup I'm seriously considering using something else altogether.

Private Joined: Oct 08, 2005 Posts: 43 Location: York UK

what ever cms you use that is public you will always have hackers finding ways in. If you really want to be able to protect yourself you need to think like a hacker. Find out what he/she knows and use that info to your benefit.

I always say with nuke once your happy with a version of nuke stick with it. Each time you upgrade you put yourself out to new security threats. Patch up your current version get it secure and once your happy with it there is no need to upgrade it. As time goes by new version come out and so the hackers move on.

The best way to protect yourself is build your own cms and addons. Don't give them to the public and then it makes it very very difficult for hackers to find a way in.

Posted: Thu Oct 05, 2006 12:20 pm

Okay... so I have never done much with phpmyadmin. So sorry but I need basic step by step instructions. Also what kind of secreity do I need and where do I get it?

Private Joined: Oct 08, 2005 Posts: 43 Location: York UK

if you need help installing and fixing the mess the hacker has done you can get me on msn scottcariss@msn.com or skype scott2500uk