Ravens PHP Scripts: Forums
 

 
  Forum Index  •  Forum FAQ  •  Search  •  Memberlist  •  Usergroups  •  Profile  •  Log in to check your private messages  •  Log in

phpnuke hacked
 View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke
Author Message
diablo
Hangin' Around



Joined: Feb 01, 2004
Posts: 34
PostPosted: Wed Apr 07, 2004 1:38 am Reply with quote
Well ive been reading this forums about all the hack attacks and vulnerabilities but i dont know where to start. I have a pphpnuke gaming site running 6.9 autoinstall with phpbb2.0.6 forums in it. Last night someone posted in my public area my administrator account md5 password. i checked the mysql tables and it was the right one. Obviously i changed the password but i have some sort of vulnerability on the site. Where's the best place to start to block the leaks? Is there a script to run to check the secuirty?

Thanks
 
View user's profile Send private message
Nukeum66
Life Cycles Becoming CPU Cycles



Joined: Jul 30, 2003
Posts: 551
Location: Neurotic, State, USA
PostPosted: Wed Apr 07, 2004 3:45 am Reply with quote
Apply PHP-Nuke Patched Series By Chatserv for your version, you can find a link on the index page. Then you may want to install Raven's Hack Alert script located here>> http://www.ravenphpscripts.com/downloads-cat12.html , then possibly a ban system.

_________________
Scott Johnson MIS Ubuntu/Linux 11.10 
View user's profile Send private message Visit poster's website
diablo
PostPosted: Wed Apr 07, 2004 4:36 am Reply with quote
Incidently some more info. I use ip logger and i logged this ip 66.185.84.200 and he used the name of Xboit
 
Raven
Site Admin/Owner



Joined: Aug 27, 2002
Posts: 17088
PostPosted: Wed Apr 07, 2004 5:08 am Reply with quote
Look the IP up at arin. Then contact the abuse address and provide them his IP, date, time, timezone, your IP, name, and the exploit he used from your logs. He used the UNION exploit. Get my hackattempt script.
 
View user's profile Send private message
diablo
PostPosted: Wed Apr 07, 2004 5:37 am Reply with quote
Thanks for the info. I have installed your hack attempt scrip now and am looking at the chatserv script although it looks a bit daunting.
 
diablo
PostPosted: Mon Apr 12, 2004 1:55 am Reply with quote
Thanks for script, captured one last night.

NetRange: 24.215.128.0 - 24.215.255.255
CIDR: 24.215.128.0/17
NetName: ERLK-CBL-TW-NYC
NetHandle: NET-24-215-128-0-1
Parent: NET-24-0-0-0-0
NetType: Direct Allocation
NameServer: ITCHY.MINDSPRING.NET
NameServer: SCRATCHY.MINDSPRING.NET
Comment:
RegDate: 2003-06-26
Updated: 2003-10-17

OrgAbuseHandle: ABUSE60-ARIN
OrgAbuseName: ABUSE TEAM
OrgAbusePhone: +1-404-815-0770
OrgAbuseEmail: abuse@abuse.earthlink.net


REMOTE_ADDR : 24.215.132.163


20SELECT%20user_id,username,user_password%20FROM%20nuke_users/*
REQUEST_URI : /phpnuke/hackattempt.php?name=Downloads&d_op=viewdownload&cid=-1%20UNION%20SELECT%20user_id,username,user_password%20FROM%20nuke_users/*
SCRIPT_NAME : /phpnuke/hackattempt.php


Is that what i need to send the abuse email?

Thanks again

Very Happy
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke


 Jump to:   




View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©