...I had a VERY hard time FINDING Admin Secure. Don't know if I completely overlooked something blaringly obvious or not
First thing I did was search the downloads section and came up with nothing. Trolling every post I could for an hour in THIS forum turned up nothing. I finally searched the news and found an obscured link to version 1.3, then had to 'back up' the tree on that site to get any response
Would it not be nice to post a sticky in this forum that has a link to the current version, or at least the downloads section of that board?
madman Support Mod
Joined: Feb 15, 2004
Posts: 806
Posted:
Sun Sep 12, 2004 2:22 pm
Thalgor wrote:
Would it not be nice to post a sticky in this forum that has a link to the current version, or at least the downloads section of that board?
Well, thank you Thalgor for the idea. But I though the link was available in forum sub-title.
Or click on my sig pic to go to AS project page at SourceForge.
Usually when I see a link on a nickname, I always assume it's an email link.
Guess what I'm saying is, for those of us not l33t enough or simply don't have the time to dig for the unobvious to search for links want something blaringly obvious like:
Usually when I see a link on a nickname, I always assume it's an email link.
Guess what I'm saying is, for those of us not l33t enough or simply don't have the time to dig for the unobvious to search for links want something blaringly obvious like:
Good idea i just deleted my admin.php and links.editadmins.php files to prevent access for the hackers totally , this should work though right instead?
Good idea i just deleted my admin.php and links.editadmins.php files to prevent access for the hackers totally , this should work though right instead?
Not totally, if that was you though. Cookie stealing and XSS can do the job even if you delete admin.php and all contents on "admin/" directory. Oh man, c'mon this is something like destroying your own house to stay away from thiefs.
btw; I think you're little bit misunderstood with all we have discussed here.
"Admin Secure" forum does not meant to be discussing about "Securing PHP-Nuke Administration", but more about a security add-on for PHP-Nuke that called "Admin Secure".
Admins already secured, 'coz they've equipped with nukes!
Just kidding...
_________________ I'm
JesseJames01 Lieutenant
Joined: Jan 15, 2004
Posts: 164
Location: U.S.A
Posted:
Tue Sep 14, 2004 4:25 am
madman wrote:
JesseJames01 wrote:
Good idea i just deleted my admin.php and links.editadmins.php files to prevent access for the hackers totally , this should work though right instead?
Not totally, if that was you though. Cookie stealing and XSS can do the job even if you delete admin.php and all contents on "admin/" directory. Oh man, c'mon this is something like destroying your own house to stay away from thiefs.
btw; I think you're little bit misunderstood with all we have discussed here.
"Admin Secure" forum does not meant to be discussing about "Securing PHP-Nuke Administration", but more about a security add-on for PHP-Nuke that called "Admin Secure".
Admins already secured, 'coz they've equipped with nukes!
Just kidding...
LOL , ok what should i do to prevent them from hitting my admin and gaining access to our admin panels and reaking havok on our sites and knocking them down , somehow also they've accessed our ftp's and deleting Rainbow Brite in them , and only way i can think of that is by getting access to our private messages we've sent our admins back and forth in our sites. I want this fixed , whats the best way to go about doing it , I'm at my wits end and deleting those files is the only way i stopped them. I mean look at this link from the hackers site for cripes sake:
ok what should i do to prevent them from hitting my admin and gaining access to our admin panels and reaking havok on our sites and knocking them down ,
For the precaution, it advisable to applying security patches. These patches will close sanitize known insecure variables used on script files comes with PHP-Nuke standard packages. You can find these patches on most PHP-Nuke support sites, or visit the ChatServ's website ( http://nukeresources.com ). Nuke Security website ( http://nukesecurity.com ) also provides latest patches for various PHP-Nuke version. Hacker Assasins ( http://www.hackerassassins.com ) also provide pre-compiled PHP-Nuke that already modified with latest patches and some security addons included.
JesseJames01 wrote:
somehow also they've accessed our ftp's and deleting Rainbow Brite in them , and only way i can think of that is by getting access to our private messages we've sent our admins back and forth in our sites. I want this fixed , whats the best way to go about doing it , I'm at my wits end and deleting those files is the only way i stopped them. I mean look at this link from the hackers site for cripes sake
If someone can get your FTP account, it's serious. Consider to transfer your files using secure protocol (SFTP). FTP not quite secure because the password isn't encrypted whatsoever. Someone can also gather your FTP account by doing some XSS and trojan techniques. If your site allowing people to upload some kind of files, your site being vulnerable to such attacks.
_________________ I'm
JesseJames01 Lieutenant
Joined: Jan 15, 2004
Posts: 164
Location: U.S.A
Posted:
Tue Sep 14, 2004 3:36 pm
madman wrote:
JesseJames01 wrote:
ok what should i do to prevent them from hitting my admin and gaining access to our admin panels and reaking havok on our sites and knocking them down ,
For the precaution, it advisable to applying security patches. These patches will close sanitize known insecure variables used on script files comes with PHP-Nuke standard packages. You can find these patches on most PHP-Nuke support sites, or visit the ChatServ's website ( http://nukeresources.com ). Nuke Security website ( http://nukesecurity.com ) also provides latest patches for various PHP-Nuke version. Hacker Assasins ( http://www.hackerassassins.com ) also provide pre-compiled PHP-Nuke that already modified with latest patches and some security addons included.
JesseJames01 wrote:
somehow also they've accessed our ftp's and deleting Rainbow Brite in them , and only way i can think of that is by getting access to our private messages we've sent our admins back and forth in our sites. I want this fixed , whats the best way to go about doing it , I'm at my wits end and deleting those files is the only way i stopped them. I mean look at this link from the hackers site for cripes sake
If someone can get your FTP account, it's serious. Consider to transfer your files using secure protocol (SFTP). FTP not quite secure because the password isn't encrypted whatsoever. Someone can also gather your FTP account by doing some XSS and trojan techniques. If your site allowing people to upload some kind of files, your site being vulnerable to such attacks.
Thank you very much madman , that was useful information , oh and i was looking through that site because i seen a new http referer from it and i guess they got a new list to hack today:
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
