Jump to content

Phpnuke For Dummies

namaste

By namaste
in Security Discussions

 Share

Recommended Posts

namaste Contributor

namaste

Posted
Posted

We are not a businees site, just a group of individuals who happen to like hiking,camping,fishing so we have a site that caters to our needs. The various modules on the site alllow us to u/l jpgs. discuss and schedule events. The site was set up by a Technical person trained in the field and he opted for PHPNuke. Over the past 6-8 months we have been hacked by what would appear to be the same person. Fortunately he has not taken the site down thought I believe he has the capacity to do this. The Techie Person helped recently but his job does not allow day to day monitoring and he's really no longer with the Club. Through stumpling and prodding I have been able to find my way to PHPAdmin, and in the nuke config sql file I located his 'Redirector'. I deleted it and his God Status but he came back again yesterday and my Log File indicated the following two entries followed by another 5-6 minutes of 'Getting' various area;

 

*** CONTENT REMOVED *** - DON'T POST CLUES ON HOW TO HACK A SITE IN THESE FORUMS!!!!

 

I found via the web a number of steps to follow when your phpnuke site has been hacked, one being looking for message posting URL, e.g. "admin.php?op=message.".... so the above was the result. The other was to update via new security patches and install Protector modules (can't connect to the Server to get the software).

 

I did a WHOis DNS and found the above DNS to be located in Turkey.. (www.mynet.com) don't speak the lingo so can't contact the webmaster and yet the 'redirect' seemed to be a sub-domain, e.g. mysite.mynet.com or singleip.sitemynet.com/no.htm.... which made me supicious that this was also a hack.

 

Bottom line is I dont' have the depth or span of knowledge to update the Security patches to phpNuke BUT I'm reasonably good on following directions . . . even when I read them from the web as I did to 'discover' phpAdmin and how to use it. PLEASE can someone here / out there in cyberworld help me patch the dang blasted hole this script bunny/kiddie is using and STOP this ruddy nuisance. I'll do my best to insert a nice bottle of Red or White in your Cellar. Thanks much. namaste

 

 

Edit: TCH-Bruce - removed hacking scheme information. Don't post this in the forums

stevevan Grand Master

stevevan

Posted
Posted

Welcome to the forums! First of all, you might want to make sure you are running the latest and greatest version of phpNuke. That may be all you need to stop this person. Second of all, check out the phpNuke site...in particular here. Whilst I don't use phpNuke myself, I have used programs similar to this and found that the upgrading instructions were usually pretty straight-forward. Hope this helps some.

Just_Rob Enthusiast

Just_Rob

Posted
Posted (edited)

Depending on if you care to have mynet.com visitors come to your site you could also ban 85.106.178 in your cPanel to at least buy some time to get your site patched up.

 

You can always remove the ban after you have secured your site.

 

You can also download the file here;

 

http://nukecops.com/downloads-file-142-det...stem_1.13b.html

 

If you cant get it, let me know. I can get it and send it to you.

Edited by Just_Rob
namaste Contributor

namaste

Posted
  • Author
Posted
Depending on if you care to have mynet.com visitors come to your site you could also ban 85.106.178 in your cPanel to at least buy some time to get your site patched up.

 

Rob, Thank you for giving of your time to reply. I did attempt to block the IP via the IP Manager at cPanel. I also notice this feature is available in the phpbb forum, though I suspect that is restriced to the level of application if would have. In phpbb (which I access via Admin.php) they indicated you can block a range of IP numbers by inserting a comma between the start / end. I attempted this in cPanel but it did not work, so I entered the 85.106.178.189 and the 85.108.17.226 separately, plus the actual www.xxx.

 

You can always remove the ban after you have secured your site.
At the rate I'm progressing the learning curve would appear to be rather horizontal.

 

You can also download the file here;

 

http://nukecops.com/downloads-file-142-det...stem_1.13b.html

 

If you cant get it, let me know. I can get it and send it to you.

I would appreciate it very much if you could accommodate me here. I've attempted to d/l the file but when I clicked the <download> I get a new screen and nothing. Attempted this with 3 different browsers with the same results, and using the Search at nukecops comes up Zero! Is is accessable anywhere via FTP? Also, I am still not able to connect to the Home Server of this software.

 

With kind regards for your help and I sure hope folks in the Forum won't get 'ticked off' with me as I attempt to sort out this hacking problem via your valued input.

Just_Rob Enthusiast

Just_Rob

Posted
Posted

I should have gotten it while I had the chance. I can't get to it at the moment. You might want to research it a bit first. Google "Protector System" phpnuke. I see many references to cross site scripting and a few other issues that may not have been resolved yet.

 

I will keep looking into it for you.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...