| Author |
Message |
StaticBeats
Nuke Cadet
Joined: Aug 18, 2003
Posts: 5
|
 Posted:
Fri Mar 05, 2004 4:51 pm |
  |
I added all the patches I found in the downloads section here.
I deleted webmail folder and journal folder as well.
Next iteration of my site will NOT be php-nuke. Im sick of patching the software over and over each time I get hacked.
I was hacked 2 weeks ago and applied every patch I could find. Then I get hacked today again and find that I somehow missed the other half of patches.
More than anything it's a huge waste of my time, a headache, and a nuisance. |
_________________
StaticBeats
http://www.staticbeats.com
Electronic Music > Digital Culture |
|
    |
|
southernwolf
Corporal
Joined: Dec 14, 2003
Posts: 56
Location: Texas
|
| Posted:
Fri Mar 05, 2004 5:17 pm |
|
| StaticBeats wrote: |
I added all the patches I found in the downloads section here.
I deleted webmail folder and journal folder as well.
Next iteration of my site will NOT be php-nuke. Im sick of patching the software over and over each time I get hacked.
I was hacked 2 weeks ago and applied every patch I could find. Then I get hacked today again and find that I somehow missed the other half of patches.
More than anything it's a huge waste of my time, a headache, and a nuisance. |
Sorry for your problems but forgive me if I opine that you give up too easy. Pioneers, whether of the frontier variety or the Internet development sort, never have it as easy as those who prefer the comforts and reassurances of known routine. So you've been hacked? So you back off, knees trembling. You'd never make it on the western frontier, either.  |
|
|
|
|
reikimaster
Sergeant
Joined: Jan 31, 2004
Posts: 148
|
| Posted:
Fri Mar 05, 2004 5:19 pm |
|
I understand your frustration. However as someone who has been making web sites since before there were even any PICTURES on the web... I can tell you without hesitation that if they want to deface your site, they will hack away at it until they find a way.
Sad but true, I'm afraid. Some folks are just idiots and get pleasure in destroying stuff. Like kids shaving a cat..... |
|
|
|
|
StaticBeats
Nuke Cadet
Joined: Aug 18, 2003
Posts: 5
|
| Posted:
Fri Mar 05, 2004 5:23 pm |
|
Well I dont know that I agree in this context. I've been a web developer for 7 years now and the *only* sites of mine that have gotten hacked are PHP-Nuke sites.
Having a nuke site is like throwing out a welcome mat for these guys.
"Welcome. I have holes. Please Hack Me. Enjoy!"
 |
_________________
StaticBeats
http://www.staticbeats.com
Electronic Music > Digital Culture |
|
|
|
reikimaster
Sergeant
Joined: Jan 31, 2004
Posts: 148
|
| Posted:
Fri Mar 05, 2004 5:32 pm |
|
maybe it's the name.... it IS kinda hacker-ish sounding.
Say it to yourself....
P H P - N U K E
Kinda makes ya wanna shave a cat, don't it?
Maybe the name should be changed to Php-CMS
or take the Php out and call it..... The-CMS
yeah.... I think that's kinda catchy
and I think the cats are safe...
 |
|
|
|
|
StaticBeats
Nuke Cadet
Joined: Aug 18, 2003
Posts: 5
|
| Posted:
Fri Mar 05, 2004 5:35 pm |
|
|
|
|
southernwolf
Corporal
Joined: Dec 14, 2003
Posts: 56
Location: Texas
|
| Posted:
Fri Mar 05, 2004 9:10 pm |
|
| StaticBeats wrote: |
Having a nuke site is like throwing out a welcome mat for these guys.
"Welcome. I have holes. Please Hack Me. Enjoy!"
|
Please do hack me, if you have enough hair on your chest. Or is that big red S Neet rash? 
Well, it was fun for a while but after getting a bunch of emails I decided to turn off the link above. It breaks my heart to have to put a couple of prankish peeps in my deny file, but the wages of sin is death.  |
Last edited by southernwolf on Sun Mar 07, 2004 7:26 am; edited 1 time in total |
|
|
|
djmaze
Captain
Joined: Nov 29, 2003
Posts: 566
Location: Netherlands
|
| Posted:
Sat Mar 06, 2004 1:43 am |
|
| StaticBeats wrote: |
| Well I dont know that I agree in this context. I've been a web developer for 7 years now and the *only* sites of mine that have gotten hacked are PHP-Nuke sites. |
Time to make your own CMS then, then we can hack that 2 
Get real, you are using a system without waranty if you want security then buy one, and when your hacked sue them  |
_________________
Famous people never give their signature
http://www.cpgnuke.com <- back online thanks to dedicatednow.com
Don't ask me to be admin on your site please  |
|
|
|
southernwolf
Corporal
Joined: Dec 14, 2003
Posts: 56
Location: Texas
|
| Posted:
Sat Mar 06, 2004 6:31 am |
|
It's not just nuke that gets hacked, heck even the US State Department and FBI websites have been hacked and other non-nuke sites. You're entitled to your pessimistic view of nuke, StaticBeats, but every web technology from html to .asp is hack-able. Are we just supposed to retreat from hackers and cede control of the Internet to 'em? And, btw, don't thank me for the hack alert script- thank Raven. |
|
|
|
|
Def
Sergeant
Joined: Feb 08, 2004
Posts: 105
|
| Posted:
Sat Mar 06, 2004 8:43 am |
|
I do security for a job. There is only 1 way to have a secure website, and that's to provide flat html only on a server that doesn't allow connections to anything other than port80. If they can't hack the site, they'll try and hack the sql db, or the ftp used to let you upload. Simple fact is, there is no such thing as a 100% secure computer - website, desktop, server or otherwise. For public hosting, it only needs a hole in someone else's website to allow access to every site on the server.
To reduce the risk of a nuke hack, stop allowing lots of options for ppl to post or modify your site's content. Every time someone can provide input that is then displayed (comments, avatar uploads, web links, whatever), you have a potential hole. Reduce this to the bare minimum. Of course people then start complaining they lose functionality - that's your choice. Functionality, or easily hacked. |
|
|
|
|
reikimaster
Sergeant
Joined: Jan 31, 2004
Posts: 148
|
| Posted:
Sat Mar 06, 2004 12:05 pm |
|
Def-
True. We walk a fine line when we try to make our sites more interesting. I think Php-Nuke is still the best CMS out there for what I do. And that "for what I do" part is a big qualifier.
I recently discovered nuke. I'm hangin with it. It does everything I need and then some. It's customizable. It's interesting.
If I get hacked I get hacked. I been hacked before and it's always a new twist. Once through someone else's security problem on the same server. Once actually from a disgruntled employee where my site was hosted. It takes all kinds. I'm not gonna blame nuke for the actions of a hacker. You do the best you can to secure your belongings. You make adjustments if someone finds a way to break into your house and spray grafitti on the walls. You clean up and you change the locks.
There ARE and always have been IDIOTS in this world. *shrug* |
|
|
|
|
Chinese_Power
Private
Joined: Feb 16, 2004
Posts: 38
|
| Posted:
Sat Mar 06, 2004 7:39 pm |
|
|
|
|
djmaze
Captain
Joined: Nov 29, 2003
Posts: 566
Location: Netherlands
|
| Posted:
Sat Mar 06, 2004 10:11 pm |
|
|
|
|
maciekp
Sergeant
Joined: Sep 09, 2003
Posts: 94
Location: Perth, WA
|
| Posted:
Sun Mar 07, 2004 11:27 am |
|
|
|
|
disgruntledtech
Site Admin
Joined: Apr 14, 2003
Posts: 991
Location: Tulsa, OK
|
| Posted:
Sun Mar 07, 2004 5:09 pm |
|
all these hacks can be stopped easily with this simple hack
http://nukecops.com/uploads/disgruntledtech/mysql.zip
its just a simple 1 line code hack
db/mysql.php line 103
change
to
| Code: |
| if($query != "" AND !stristr($query, "UNION")) |
this will prevent somone from tacking on additional queries to existing unsecured queries. its the nuke equivilant to writing that line you write on a check that prevents someone from writing "and a million dollars" after the amount |
|
|
 |
|
|
|
