Anyone been hacked by these guys? They slipped past Sentinel, by inserting queries in the User's Custom Box, Messages and Amazon blocks (piggybacking on a googlebot address, it seems). Defaced the site, took away all my blocks, erased the stories from the database. Pretty slick, even if it does hurt to admit it.
# Allow phpNuke Admin access from Special IPs
Allow from xx.xx.xxx.xxx
Allow from xx.xx.xx.
Allow from xx.xx.
Joined: Jul 17, 2003
Mon Jul 23, 2007 5:50 pm
Not sure about Amazon block, but I doubt it was through messages or custom box, unless the admin.php wasn't protected properly against XSS as Slackervaara suggested (there are other ways to protect that, incuding Admin Authentication, which NukeSentinel supports). The resulting tables won't be of any assistance - the only useful information will come from your access log (the error log might help, but not as much as access log). Get your access logs asap since these usually cycle on a daily basis and may not be backed up.
_________________ Software is like sex: It's better when it's free. (Linus Torvalds)
http://nukeSEO.com - PHPNuke SEO Search Engine Optimization, professional tools for PHP-Nuke
Joined: Sep 13, 2003
Tue Jul 24, 2007 9:13 am
I think it is good to totally protect the admin.php to avoid that things in the database are deleted. I think it is very easy to delete and change things in the database, if the hacker has access to admin.php.
HalJordan Support Staff
Joined: Aug 07, 2004
Location: Somewhere around Hunan, China
Tue Jul 24, 2007 10:41 am
Thanks for the tips. I am inserting that into .htaccess now. Meanwhile, evaders99 is checking my logs for clues.
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum