You are missing our premiere tool bar navigation system! Register and use it for FREE!

NukeCops  
•  Home •  Downloads •  Gallery •  Your Account •  Forums • 
Readme First
- Readme First! -

Read and follow the rules, otherwise your posts will be closed
Modules
· Home
· FAQ
· Buy a Theme
· Advertising
· AvantGo
· Bookmarks
· Columbia
· Community
· Donations
· Downloads
· Feedback
· Forums
· PHP-Nuke HOWTO
· Private Messages
· Search
· Statistics
· Stories Archive
· Submit News
· Surveys
· Theme Gallery
· Top
· Topics
· Your Account
Who's Online
There are currently, 365 guest(s) and 0 member(s) that are online.

You are Anonymous user. You can register for free by clicking here
Nuke Cops :: View topic - My site was HACKED BY EHSAN! [ ]
 Forum FAQ  •  Search  •   •  Memberlist  •  Usergroups   •  Register  •  Profile •    •  Log in to check your private messages  •  Log in

 
Post new topic  Reply to topicprinter-friendly view
View previous topic Log in to check your private messages View next topic
Author Message
Slackervaara
Captain
Captain


Joined: Sep 13, 2003
Posts: 355


PostPosted: Tue Aug 26, 2008 8:46 pm Reply with quoteBack to top

makuks wrote:
By the way, I put this in my .htaccess and I got a server error:

RewriteEngine On

RewriteCond %{THE_REQUEST} .*http:\/\/.* [OR]
RewriteCond %{THE_REQUEST} .*http%3A%2F%2F.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^libwww(-FM|-perl) [OR]
RewriteCond %{HTTP_USER_AGENT} Indy\ Library [NC,OR]
RewriteRule ^.* - [F]


Maybe your web hotel does not have mod_rewrite, which is needed for this to work. This has worked for almost all that have tested it.

I suggest that you change password for admins and then protect admin.php as I suggested.

Then create a copy of your site on your PC with Xampp. Then you can test to install Sentinel on it without being stressed by negatively affecting your ordinary site.
Find all posts by SlackervaaraView user's profileSend private message
makuks
Nuke Soldier
Nuke Soldier


Joined: Aug 26, 2008
Posts: 14


PostPosted: Wed Aug 27, 2008 1:52 am Reply with quoteBack to top

Thanks for the replys, I got the rewrite thing to work, so thanks for that, I have added a .htpsswd file on my site and protected my admin.php script

When I added the IP address allow for the admin.php file it wouldn;t let me access the page even though I am on a fixed IP.

I will take a look at Xampp that sounds very interesting.

Thanks for your help.
Find all posts by makuksView user's profileSend private message
Slackervaara
Captain
Captain


Joined: Sep 13, 2003
Posts: 355


PostPosted: Wed Aug 27, 2008 2:59 am Reply with quoteBack to top

The only time I have not been able to access admin.php have been, when my ip-adress have changed. You could check your ip-adress at this page:
http://www.nukescripts.net/

When I patched my site and added Sentinel I run an exact copy of my site with Xampp. When everything worked I just uploaded it and the run the upgrade scripts. This worked very well. No problems.
Find all posts by SlackervaaraView user's profileSend private message
makuks
Nuke Soldier
Nuke Soldier


Joined: Aug 26, 2008
Posts: 14


PostPosted: Wed Aug 27, 2008 5:17 am Reply with quoteBack to top

Do you think the password protection via .htaccess and .htpasswd will be secure enough or should I attempt to get Sentinel running.
Find all posts by makuksView user's profileSend private message
Slackervaara
Captain
Captain


Joined: Sep 13, 2003
Posts: 355


PostPosted: Wed Aug 27, 2008 5:27 am Reply with quoteBack to top

You are pretty safe with password protection and protection against cross scripting. I have similar protection in my .htaccess and it is rarely that Sentinel gives extra protection. It might be enough for you perhaps. How long have you had your site without being hacked? For me it took approximately a year.
Find all posts by SlackervaaraView user's profileSend private message
perfect-games
Site Admin
Site Admin


Joined: Jun 18, 2004
Posts: 217


PostPosted: Wed Aug 27, 2008 9:20 am Reply with quoteBack to top

i would also sudgest if you own the server install some good security , myself i use alot of custom rules target around phpnuke and mod security 2 is really great to stop offsite urls and will stop it right away.

also pending on youe setup cpanel i would install config server firewall
if not that a good setup of apf and bfd even good brute force protection on apache which if i recall is called Mod_Evasive i know they chaged there name in the past so you might want to google this.

also i find best way to stop admin.php access is either you are running 7.6 if i recall where they introduced $admin_file rename your admin file it will prevent but not always the solution.

make sure your running latest php and also harden php project also great which secures alot of those holes in the code base.

till i owned my own server i was hacked daily and every year i may of had my nuke site compromised even the server compromised in the past and had complete lockout but i hope this information is helpfull.

but if you dont have server access please install sentinal its the only solution on shared hosts, and you need to secure your site on shared sites not just for the sake of your site but your host provide could have there server at rick and some hosts dont like that sort of thing and are known to boot people , even happened to me many years ago

i hope this information is helpfull to those that need it

steve Smile

happy nuking ^^
Find all posts by perfect-gamesView user's profileSend private messageSend e-mailVisit poster's website
Display posts from previous:      
Post new topic  Reply to topicprinter-friendly view
View previous topic Log in to check your private messages View next topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



Powered by phpBB © 2001, 2005 phpBB Group

Ported by Nuke Cops © 2003 www.nukecops.com
:: FI Theme :: PHP-Nuke theme by coldblooded (www.nukemods.com) ::
Powered by TOGETHER TEAM srl ITALY http://www.togetherteam.it - DONDELEO E-COMMERCE http://www.DonDeLeo.com - TUTTISU E-COMMERCE http://www.tuttisu.it
Web site engine's code is Copyright © 2002 by PHP-Nuke. All Rights Reserved. PHP-Nuke is Free Software released under the GNU/GPL license.
Page Generation: 0.040 Seconds - 296 pages served in past 5 minutes. Nuke Cops Founded by Paul Laudanski (Zhen-Xjell)
:: FI Theme :: PHP-Nuke theme by coldblooded (www.nukemods.com) ::