You are missing our premiere tool bar navigation system! Register and use it for FREE!

NukeCops  
•  Home •  Downloads •  Gallery •  Your Account •  Forums • 
Readme First
- Readme First! -

Read and follow the rules, otherwise your posts will be closed
Modules
· Home
· FAQ
· Buy a Theme
· Advertising
· AvantGo
· Bookmarks
· Columbia
· Community
· Donations
· Downloads
· Feedback
· Forums
· PHP-Nuke HOWTO
· Private Messages
· Search
· Statistics
· Stories Archive
· Submit News
· Surveys
· Theme Gallery
· Top
· Topics
· Your Account
Who's Online
There are currently, 285 guest(s) and 0 member(s) that are online.

You are Anonymous user. You can register for free by clicking here
Nuke Cops :: View topic - Hack added admin [ ]
 Forum FAQ  •  Search  •   •  Memberlist  •  Usergroups   •  Register  •  Profile •    •  Log in to check your private messages  •  Log in

Hack added admin
 
Post new topic  Reply to topicprinter-friendly view Nuke Cops Forum Index » Nuke Security
View previous topic Log in to check your private messages View next topic
Author Message
Propaganda
Nuke Soldier
Nuke Soldier


Joined: Apr 05, 2006
Posts: 15
PostPosted: Sat Apr 29, 2006 7:46 am Reply with quoteBack to top
I had an alert from nuke sentinel, someone ran the admin.php to add a superuser.

www.justfungaming.com//admin.php?add_aid=hacker&add_name=hacker&add_pwd=123456&add_email=birxx@yahoo.com&admin=(code edited to prevent more abuse)

And it worked and added a superuser. Anyone know how to prevent this?
Find all posts by PropagandaView user's profileSend private message
perfect-games
Site Admin
Site Admin


Joined: Jun 18, 2004
Posts: 217
PostPosted: Sat Apr 29, 2006 7:51 am Reply with quoteBack to top
what version of phpnuke are you running, seems you are not using current patches and sentinal either not done right or using an old version.

thanks

steve
Find all posts by perfect-gamesView user's profileSend private messageSend e-mailVisit poster's website
Propaganda
Nuke Soldier
Nuke Soldier


Joined: Apr 05, 2006
Posts: 15
PostPosted: Sat Apr 29, 2006 7:57 am Reply with quoteBack to top
I am running 7.8 with the latest patches and as far as I know sentinel is set up properly. I got this from sentinel:

Date & Time: 2006-04-29 12:36:27 EDT GMT -0400
Blocked IP: 85.96.125.137
User ID: Anonymous (1)
Reason: Abuse-Author
Find all posts by PropagandaView user's profileSend private message
perfect-games
Site Admin
Site Admin


Joined: Jun 18, 2004
Posts: 217
PostPosted: Sat Apr 29, 2006 9:57 am Reply with quoteBack to top
well thats normal someone attempted a hack and they were banned and its in your sentinal log and probley emailed to you as well.

you have nothing to worry about this is normal

thanks

steve
Find all posts by perfect-gamesView user's profileSend private messageSend e-mailVisit poster's website
Propaganda
Nuke Soldier
Nuke Soldier


Joined: Apr 05, 2006
Posts: 15
PostPosted: Sat Apr 29, 2006 5:09 pm Reply with quoteBack to top
It still created the user, and IP block doesn't mean much if someone is using a proxy. I set sentinel to http auth, maybe that will help.
Find all posts by PropagandaView user's profileSend private message
saho
Nuke Soldier
Nuke Soldier


Joined: Jun 26, 2005
Posts: 12

Location: Turkey
PostPosted: Sun May 21, 2006 10:30 pm Reply with quoteBack to top
admin.php open
require_once("mainfile.php");
later add

Code:
$checkurl = $_SERVER['REQUEST_URI'];
if((stripos_clone($_SERVER["QUERY_STRING"],'AddAuthor')) || (stripos_clone($_SERVER["QUERY_STRING"],'VXBkYXRlQXV0aG9y')) || (stripos_clone($_SERVER["QUERY_STRING"],'QWRkQXV0aG9y')) || (stripos_clone($_SERVER["QUERY_STRING"],'UpdateAuthor')) || (preg_match("/\?admin/", "$checkurl")) || (preg_match("/\&admin/", "$checkurl"))) {
   die("Illegal Operation");
}
Find all posts by sahoView user's profileSend private messageSend e-mailVisit poster's websiteYahoo MessengerMSN Messenger
spottedhog
Captain
Captain


Joined: Apr 30, 2004
Posts: 561
PostPosted: Mon May 22, 2006 2:53 am Reply with quoteBack to top
Something simple you could do is to change the name of the admin.php file....

_________________
SMF-Nuke admin

SMF and PHP Nuke integration is ready! Take a look at it by clicking on the link above.
Find all posts by spottedhogView user's profileSend private messageSend e-mailVisit poster's website
whitemax
Nuke Cadet
Nuke Cadet


Joined: May 28, 2006
Posts: 1
PostPosted: Sun May 28, 2006 2:21 pm Reply with quoteBack to top
This is not simple. I try change name, change admin name in config and repleace name in admin file security code.
In admin menu any option is "Acces denied".
Any idea??
Find all posts by whitemaxView user's profileSend private message
Display posts from previous:      
Post new topic  Reply to topicprinter-friendly view Nuke Cops Forum Index » Nuke Security
View previous topic Log in to check your private messages View next topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group

Ported by Nuke Cops © 2003 www.nukecops.com
:: FI Theme :: PHP-Nuke theme by coldblooded (www.nukemods.com) ::
Powered by TOGETHER TEAM srl ITALY http://www.togetherteam.it - DONDELEO E-COMMERCE http://www.DonDeLeo.com - TUTTISU E-COMMERCE http://www.tuttisu.it
Web site engine's code is Copyright © 2002 by PHP-Nuke. All Rights Reserved. PHP-Nuke is Free Software released under the GNU/GPL license.
Page Generation: 0.216 Seconds - 483 pages served in past 5 minutes. Nuke Cops Founded by Paul Laudanski (Zhen-Xjell)
:: FI Theme :: PHP-Nuke theme by coldblooded (www.nukemods.com) ::