A few days ago, users starting reporting viruses when they went to my PHP 7.3 site. Sure enough, there was some sort of redirect going on that would try and open a porn site in a small window when any page was loaded on my site. I was able to isolate the problem to footer.php, then further isolate it to the copyright$ variable. I looked up the copyright field in my nuke_config table, and it was modified by someone other than me and included some code to load a porn site. I am the only admin for our site, so I've ruled out an unhappy admin changing the field. The only 2 options I came up with is someone either hacked into my web host's server, or someone logged into My PHP Admin account and did the change there. I'm running Nuke Sentinel on my site too. I did change my passwords, but was wondering if there's anything else I should look into. I wasn't sure if I should paste the contents of my hacked "copyright" field or not. If it's okay, I will do so if someone thinks it will help. Thanks.
HalJordan Support Staff
Joined: Aug 07, 2004
Posts: 1117
Location: Somewhere around Hunan, China
Posted:
Tue Nov 23, 2004 8:02 pm
PM it to me and I will take a look at it.
While Sentinel is good, I also run AdminSecure, which helps prevent admin account hacking. You should also get the patched 7.3 files available at nukefixes.com, which prevent SQL injection attacks, like the one you describe.
Finally, if we can trace the source of the injection you should block that IP or IP range from accessing your site.
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
