You are missing our premiere tool bar navigation system! Register and use it for FREE!

NukeCops  
•  Home •  Downloads •  Gallery •  Your Account •  Forums • 
Readme First
- Readme First! -

Read and follow the rules, otherwise your posts will be closed
Modules
· Home
· FAQ
· Buy a Theme
· Advertising
· AvantGo
· Bookmarks
· Columbia
· Community
· Donations
· Downloads
· Feedback
· Forums
· PHP-Nuke HOWTO
· Private Messages
· Search
· Statistics
· Stories Archive
· Submit News
· Surveys
· Theme Gallery
· Top
· Topics
· Your Account
Who's Online
There are currently, 58 guest(s) and 0 member(s) that are online.

You are Anonymous user. You can register for free by clicking here
Nuke Cops :: View topic - Hacked by "Fatal Error" [ ]
 Forum FAQ  •  Search  •   •  Memberlist  •  Usergroups   •  Register  •  Profile •    •  Log in to check your private messages  •  Log in

Hacked by "Fatal Error"
 
This forum is locked: you cannot post, reply to, or edit topics.  This topic is locked: you cannot edit posts or make replies.printer-friendly view Nuke Cops Forum Index » Admin Secure
View previous topic Log in to check your private messages View next topic
Author Message
mikez68
Nuke Soldier
Nuke Soldier


Joined: Oct 11, 2003
Posts: 12
PostPosted: Sat Jun 12, 2004 2:11 am Reply with quoteBack to top
"Fatal Error Onwz You! Go-go-go admin ! " <br>
Seems my site was hacked. I guess ill just lock it up tighter. Thanx for exposing the flaw.<br>
if(stristr($_SERVER["QUERY_STRING"],'AddAuthor') || stristr($_SERVER["QUERY_STRING"],'UpdateAuthor')) { die("Illegal Operation"); }<br> this added to the end of admin.php (after the credits and before the ?> tag ) ended the exploit. Then I went into my nuke database with phpAdmin. Checked tha nuke_authors table to find a god user had been added, so I deleted him. Hope Google picks up on this soon. I want this fool to be out of luck asap.
Find all posts by mikez68View user's profileSend private message
madman
Support Mod
Support Mod


Joined: Feb 15, 2004
Posts: 806
PostPosted: Sat Jun 12, 2004 8:51 am Reply with quoteBack to top
Urm... What is that mean?
You've got hacked after installing Admin Secure 1.7?

_________________
I'm Image
Find all posts by madmanView user's profileSend private messageVisit poster's websiteYahoo MessengerMSN Messenger
eski
Nuke Cadet
Nuke Cadet


Joined: Jun 13, 2004
Posts: 4
PostPosted: Sun Jun 13, 2004 1:38 am Reply with quoteBack to top
thanks mate , had the same happen to me ..

good on ya for posting a fix
Find all posts by eskiView user's profileSend private message
jupiter
Nuke Soldier
Nuke Soldier


Joined: Jul 13, 2003
Posts: 22
PostPosted: Sat Jul 03, 2004 4:42 am Reply with quoteBack to top
I got a similar proble. How did you fix this? I have deleted the unwanted element as an admin user. But, please le me know how to remove the defacing. The words are similar to yours. Needless to say I am totally new to php Smile


jup
Find all posts by jupiterView user's profileSend private messageYahoo MessengerMSN Messenger
madman
Support Mod
Support Mod


Joined: Feb 15, 2004
Posts: 806
PostPosted: Sat Jul 03, 2004 11:28 am Reply with quoteBack to top
I saw many of that, different text but using the same attack engine. They got your MD5 admin password and replace/add your site's message. Check such message through admin menu (clicking on Message icon).

If you are installing Admin Secure (1.6 or above), you can prevent such exploit (prevent auto admin creation) or by enabling Auth Login from Admin Secure config menu (if exploit attack using existing admin account).

_________________
I'm Image
Find all posts by madmanView user's profileSend private messageVisit poster's websiteYahoo MessengerMSN Messenger
jupiter
Nuke Soldier
Nuke Soldier


Joined: Jul 13, 2003
Posts: 22
PostPosted: Sat Jul 03, 2004 2:14 pm Reply with quoteBack to top
Thanks for the lead. Removed the defacing. Would install the requisite admin security

jup
Find all posts by jupiterView user's profileSend private messageYahoo MessengerMSN Messenger
Display posts from previous:      
This forum is locked: you cannot post, reply to, or edit topics.  This topic is locked: you cannot edit posts or make replies.printer-friendly view Nuke Cops Forum Index » Admin Secure
View previous topic Log in to check your private messages View next topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group

Ported by Nuke Cops © 2003 www.nukecops.com
:: FI Theme :: PHP-Nuke theme by coldblooded (www.nukemods.com) ::
Powered by · TOGETHER TEAM srl ITALY http://www.togetherteam.it · DONDELEO E-COMMERCE http://www.DonDeLeo.com
Web site engine's code is Copyright © 2002 by PHP-Nuke. All Rights Reserved. PHP-Nuke is Free Software released under the GNU/GPL license.
Page Generation: 0.267 Seconds - 210 pages served in past 5 minutes. Nuke Cops Founded by Paul Laudanski (Zhen-Xjell)
:: FI Theme :: PHP-Nuke theme by coldblooded (www.nukemods.com) ::