[Message Prev][Message
Next][Thread Prev][Thread Next][Message
Index][Thread Index]
RE: ATTN: Steve Morgan (Wormpurple)
- Subject: RE: ATTN: Steve Morgan (Wormpurple)
- From: "Jon Whiten" <jon@xxxxxxxxxxxx>
- Date: Thu, 6 May 2004 17:56:34 +0100
Had something similar on my site. It looks as if it is directly hitting
the
MySQL database using some dodgy calls to the PHP-Nuke pages. I have
downloaded and applied some patches to my PHP-Nuke 6.5 site from
http://www.nukesecurity.com/
and I hope it is fixed!
Make sure that you have deleted the extra "God" accounts and also
changed
you PW for admin and your user account. Also, from the Readme.html file:
1-The default PHP-Nuke package requires folders to be chmod no higher than
755 and files no higher than 644.
2-When selecting a password it is always best to combine letters and
numbers.
3-If your website has been hacked before:
a-Change your admin and user password.
b-FTP to the server and replace any file newer than the rest unless you
know
you uploaded it at that time.
c-Delete any file you have not uploaded yourself.
d-Inspect the nuke_authors database table and remove any admin account you
did not create.
4-When possible avoid using add-ons that allow users to upload files.
5-Editing Nuke's files to allow javascript and more html tags than those
already allowed opens the door to possible
attacks, if this happens you can only blame yourself, why move to a
php/MySQL website only to turn it into a Java
or flash nightmare? You are better off with html if you plan to flood the
site with scripts.
6-After using any diagnostic/installer scripts remove them from the server.
7-Before using third party add-ons if you have a basic knowledge of
php/MySQL (which you should learn anyway)
check the code to make sure no malicious code has been inserted into it, if
you have no clue which way is up then
select add-ons by well known authors, you can always ask around if unsure.
Established PHP-Nuke authors often
state at their websites if they support "mirror" sites, otherwise
you should
only download files from the author's
website, download elsewhere at your sole risk.
8-Make it a rule to visit as many PHP-Nuke related websites as you can
regularly to keep up-to-date on Nuke news.
Regards
Jon Whiten
http://www.whiten.co.uk
-----Original Message-----
From: Steve Morgan [mailto:smorgo@xxxxxxx]
Sent: Thursday, May 06, 2004 5:44 PM
To: ukha_d@xxxxxxx
Subject: RE: [ukha_d] ATTN: Steve Morgan (Wormpurple)
Bloody hell. How did they do that, then?
Two new admins had appeared and they had edited two stories on the
homepage.
Haven't found any other evidence of tampering, yet.
Anyone know of any vulnerabilities with phpNuke or MySQL that may have been
exploited?
Thanks for letting my know, Matt, BTW.
Cheers,
Steve
> -----Original Message-----
> From: matt_miles_uk [mailto:m_miles@xxxxxxx]
> Sent: 06 May 2004 10:39
> To: ukha_d@xxxxxxx
> Subject: [ukha_d] ATTN: Steve Morgan (Wormpurple)
>
> Hey,
>
> Sorry to be the bearer of bad news but your site has been hacked
> rather distastefully! I tried to e-mail you but the address for your
> email has been changed as well I think.
>
> Sorry mate,
>
> Matt
UKHA_D Main Index |
UKHA_D Thread Index |
UKHA_D Home |
Archives Home
|