mbakshi Posted June 12, 2004 Posted June 12, 2004 Well, for the second time this year, my site (techautos.com) was hacked on June 8 using what seems like some kind of SQL Insertion bug in PHP-Nuke. The issue is that when you go to any page, the correct page title shows up, but nothing else. I checked the authors table with phpMyAdmin and sure enough, there was an unwanted, new entry. Here's the information I have on the script kiddies who did this: kiegera Goda r00t_System@hush.com d074ae22efc470558775a20cbe956c5eCollected from other sites these guys have compromised: r00t_System by : AFROM4N nos somos : Spofs , ownz_ , Kieger , MC_KiNNeY irc.brasnet.org #ry afrom4n@hotmail.com So anyway, I deleted the extra entry from the authors table. However, the site itself is, of course, not working. So I talked with some people on the NukeCops forums, and they basically said there's no way to fix it as the issue (assuming it was indeed a SQL Insertion attack) could be anywhere in the database. They said basically just restore it from your latest database backup. Problem is...I've been really busy over the last few months, so my last DB backup was from January of this year. So I uploaded this DB backup from January as another database, then table-by-table, I manually updated it with all the changes (new articles, members, forum posts, etc.) that have taken place since then - using phpMyAdmin from cpanel. So then I went to check something out - in the cpanel file manager, I went to config.php to update it to the name of the new database. Then I clicked save, and when I got back to the file/directory listing, it said config.php size was 0 (empty). When I clicked edit again, there was nothing there. I tried again - same thing. I tried to delete it, then created a new file, named it config.php - but same thing again. Then the Trash bin stopped working. Whenever I delete something, it disappears from the directory listing, but under trash can image, where the list of trash files should be, I instead get this: Unable to change directory to /home/techaut/.trash! You do not seem to have access permissions! (System Error: No such file or directory) This was quite puzzling - now I'm in even more of a mess. Can anyone help out? Quote
TCH-Rob Posted June 12, 2004 Posted June 12, 2004 Open a help desk ticket. We will look at your trash error message and we might be able to restore from a good backup date. I am not sure how far back we keep it. Quote
TCH-Dick Posted June 12, 2004 Posted June 12, 2004 Also, you need to check the security forums on nukecops and install ALL of the fixes. You should also run protector or admin secure on your nuke site, either of them will block common hack attempts and e-mail you all of the info for the suspected hacker. Open a support ticket and we can restore the site from the latest weekly back up. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.