You are missing our premiere tool bar navigation system! Register and use it for FREE!

NukeCops  
•  Home •  Downloads •  Gallery •  Your Account •  Forums • 
Readme First
- Readme First! -

Read and follow the rules, otherwise your posts will be closed
Modules
· Home
· FAQ
· Buy a Theme
· Advertising
· AvantGo
· Bookmarks
· Columbia
· Community
· Donations
· Downloads
· Feedback
· Forums
· PHP-Nuke HOWTO
· Private Messages
· Search
· Statistics
· Stories Archive
· Submit News
· Surveys
· Theme Gallery
· Top
· Topics
· Your Account
Who's Online
There are currently, 210 guest(s) and 0 member(s) that are online.

You are Anonymous user. You can register for free by clicking here
Nuke Cops :: View topic - Hacked by diditforthelulz crew - bypassing Sentinel [ ]
 Forum FAQ  •  Search  •   •  Memberlist  •  Usergroups   •  Register  •  Profile •    •  Log in to check your private messages  •  Log in

 
Post new topic  Reply to topicprinter-friendly view
View previous topic Log in to check your private messages View next topic
Author Message
HalJordan
Support Staff
Support Staff


Joined: Aug 07, 2004
Posts: 1117

Location: Somewhere around Hunan, China

PostPosted: Mon Jul 23, 2007 9:16 am Reply with quoteBack to top

Anyone been hacked by these guys? They slipped past Sentinel, by inserting queries in the User's Custom Box, Messages and Amazon blocks (piggybacking on a googlebot address, it seems). Defaced the site, took away all my blocks, erased the stories from the database. Pretty slick, even if it does hurt to admit it.

_________________
Obedezco, pero no cumplo.

Proprietor, www.computernewbie.info
Support staff, www.nukecops.com
Find all posts by HalJordanView user's profileSend private messageSend e-mailVisit poster's websiteAIM Address
Evaders99
Site Admin
Site Admin


Joined: Aug 17, 2003
Posts: 12482


PostPosted: Mon Jul 23, 2007 10:44 am Reply with quoteBack to top

Ouch man, give me a PM or email of the details. If they left any logs, worth checking into as well. If they're getting past Sentinel, we would want to see the evidence and work on a fix.

_________________
Helping those that help themselves
Read FIRST or DIE!

"Fighting is terrible, but not as terrible as losing the will to fight."
Star Wars Rebellion Network - Need Help? Evaders Squadron Coding
Find all posts by Evaders99View user's profileSend private messageVisit poster's websiteAIM Address
HalJordan
Support Staff
Support Staff


Joined: Aug 07, 2004
Posts: 1117

Location: Somewhere around Hunan, China

PostPosted: Mon Jul 23, 2007 12:27 pm Reply with quoteBack to top

I haven't checked the logs yet, but I'll send you a copy of the tables as they looked after the hacking.

It looked like they knew how to evade Sentinel. They changed my admin pwd, too.

Thanks.

_________________
Obedezco, pero no cumplo.

Proprietor, www.computernewbie.info
Support staff, www.nukecops.com
Find all posts by HalJordanView user's profileSend private messageSend e-mailVisit poster's websiteAIM Address
Slackervaara
Captain
Captain


Joined: Sep 13, 2003
Posts: 355


PostPosted: Mon Jul 23, 2007 4:30 pm Reply with quoteBack to top

Did you protect your admin.php via .htaccess so that only your own ip-adress could access it?
http://www.nukesecurity.com/modules.php?name=Forums&file=viewtopic&t=18&highlight=htaccess

# Allow phpNuke Admin access from Special IPs
<Files "admin.php">
Order allow,deny
Allow from xx.xx.xxx.xxx
Allow from xx.xx.xx.
Allow from xx.xx.
</Files>
Find all posts by SlackervaaraView user's profileSend private message
kbgus
Premium
Premium


Joined: Jul 17, 2003
Posts: 49


PostPosted: Mon Jul 23, 2007 5:50 pm Reply with quoteBack to top

Not sure about Amazon block, but I doubt it was through messages or custom box, unless the admin.php wasn't protected properly against XSS as Slackervaara suggested (there are other ways to protect that, incuding Admin Authentication, which NukeSentinel supports). The resulting tables won't be of any assistance - the only useful information will come from your access log (the error log might help, but not as much as access log). Get your access logs asap since these usually cycle on a daily basis and may not be backed up.

_________________
Software is like sex: It's better when it's free. (Linus Torvalds)
http://nukeSEO.com - PHPNuke SEO Search Engine Optimization, professional tools for PHP-Nuke
Find all posts by kbgusView user's profileSend private messageVisit poster's website
Slackervaara
Captain
Captain


Joined: Sep 13, 2003
Posts: 355


PostPosted: Tue Jul 24, 2007 9:13 am Reply with quoteBack to top

I think it is good to totally protect the admin.php to avoid that things in the database are deleted. I think it is very easy to delete and change things in the database, if the hacker has access to admin.php.
Find all posts by SlackervaaraView user's profileSend private message
HalJordan
Support Staff
Support Staff


Joined: Aug 07, 2004
Posts: 1117

Location: Somewhere around Hunan, China

PostPosted: Tue Jul 24, 2007 10:41 am Reply with quoteBack to top

Thanks for the tips. I am inserting that into .htaccess now. Meanwhile, evaders99 is checking my logs for clues.

_________________
Obedezco, pero no cumplo.

Proprietor, www.computernewbie.info
Support staff, www.nukecops.com
Find all posts by HalJordanView user's profileSend private messageSend e-mailVisit poster's websiteAIM Address
Evaders99
Site Admin
Site Admin


Joined: Aug 17, 2003
Posts: 12482


PostPosted: Wed Jul 25, 2007 5:13 am Reply with quoteBack to top

I didn't receive anything, please resend

_________________
Helping those that help themselves
Read FIRST or DIE!

"Fighting is terrible, but not as terrible as losing the will to fight."
Star Wars Rebellion Network - Need Help? Evaders Squadron Coding
Find all posts by Evaders99View user's profileSend private messageVisit poster's websiteAIM Address
Display posts from previous:      
Post new topic  Reply to topicprinter-friendly view
View previous topic Log in to check your private messages View next topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



Powered by phpBB © 2001, 2005 phpBB Group

Ported by Nuke Cops © 2003 www.nukecops.com
:: FI Theme :: PHP-Nuke theme by coldblooded (www.nukemods.com) ::
Powered by TOGETHER TEAM srl ITALY http://www.togetherteam.it - DONDELEO E-COMMERCE http://www.DonDeLeo.com - TUTTISU E-COMMERCE http://www.tuttisu.it
Web site engine's code is Copyright © 2002 by PHP-Nuke. All Rights Reserved. PHP-Nuke is Free Software released under the GNU/GPL license.
Page Generation: 0.043 Seconds - 184 pages served in past 5 minutes. Nuke Cops Founded by Paul Laudanski (Zhen-Xjell)
:: FI Theme :: PHP-Nuke theme by coldblooded (www.nukemods.com) ::