You are missing our premiere tool bar navigation system! Register and use it for FREE!

NukeCops  
•  Home •  Downloads •  Gallery •  Your Account •  Forums • 
Readme First
- Readme First! -

Read and follow the rules, otherwise your posts will be closed
Modules
· Home
· FAQ
· Buy a Theme
· Advertising
· AvantGo
· Bookmarks
· Columbia
· Community
· Donations
· Downloads
· Feedback
· Forums
· PHP-Nuke HOWTO
· Private Messages
· Search
· Statistics
· Stories Archive
· Submit News
· Surveys
· Theme Gallery
· Top
· Topics
· Your Account
Who's Online
There are currently, 838 guest(s) and 0 member(s) that are online.

You are Anonymous user. You can register for free by clicking here
Hacked by (and at!) the Boys of Brazil
SecurityAdeptCoach writes "My site was attacked by 201.0.20.25 (a Brazilian ISP) using www.anjolinux.hpg.com.br and bi0s.8bit.co.uk. They succeeded in overwriting my index.php file using a bug in My_eGallery.

These guys have struck other php-nuke sites before and still haven't found anything better to do with their time!

I've added them to my banned list and fixed the security hole in the module.

It's previously been reported as an exploit that uses the $basepath variable in the displayCategory.php file. And that's exactly how these kiddo's got in.

The code is equally vulnerable to exploiting the $adminpath variable in the same file. And may be vulnerable to similar exploits in other files throughout the module.

The fix is to replace all of the instances of either variable with the actual path (for example, the basepath is usually modules/My_eGallery, pretty straight forward!)"
Posted on Sunday, February 08 @ 18:04:36 CET by Zhen-Xjell
 
Related Links
· Computer Cops
· More about Security
· News by Zhen-Xjell
Most read story about Security:
PHP-Nuke admin.php security hole - PATCHED
Article Rating
Average Score: 0
Votes: 0

Please take a second and vote for this article:

Excellent
Very Good
Good
Regular
Bad
Options

 Printer Friendly Page  Printer Friendly Page

 Send to a Friend  Send to a Friend
Threshold
The comments are owned by the poster. We aren't responsible for their content.

No Comments Allowed for Anonymous, please register

Re: Hacked by (and at!) the Boys of Brazil (Score: 1)
by pointman on Sunday, February 08 @ 19:46:48 CET
(User Info | Send a Message)
The kiddies are using Google to find these vulnerable installations.

Re: Hacked by (and at!) the Boys of Brazil (Score: 1)
by decker on Monday, February 09 @ 10:33:48 CET
(User Info | Send a Message)
Hi!

Where can i get the security patched version?

dec

Re: Hacked by (and at!) the Boys of Brazil (Score: 1)
by Jeruvy on Monday, February 09 @ 13:06:51 CET
(User Info | Send a Message)
Yes, google is a great way to find poorly configured web servers to attack. Sad to say that most scanning tools take a back seat to a 'search engine'...

J.

Re: Hacked by (and at!) the Boys of Brazil (Score: 1)
by decker on Tuesday, February 10 @ 17:27:44 CET
(User Info | Send a Message)
Is the displayCategory.php the only file that needs to be patched? I see alot of other $basepath's in the other files in the /public/ directory.

dec.
Powered by TOGETHER TEAM srl ITALY http://www.togetherteam.it - DONDELEO E-COMMERCE http://www.DonDeLeo.com - TUTTISU E-COMMERCE http://www.tuttisu.it
Web site engine's code is Copyright © 2002 by PHP-Nuke. All Rights Reserved. PHP-Nuke is Free Software released under the GNU/GPL license.
Page Generation: 0.089 Seconds - 357 pages served in past 5 minutes. Nuke Cops Founded by Paul Laudanski (Zhen-Xjell)
:: FI Theme :: PHP-Nuke theme by coldblooded (www.nukemods.com) ::