Ravens PHP Scripts: Forums
 

 
  Forum Index  •  Forum FAQ  •  Search  •  Memberlist  •  Usergroups  •  Profile  •  Log in to check your private messages  •  Log in

File Download
 View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke
Author Message
Dacubz
Worker
Worker



Joined: Apr 27, 2004
Posts: 156
Location: Homer Glen, Illinois
PostPosted: Tue Dec 27, 2005 6:39 pm Reply with quote
Something has corrupted my site, and is trying to force an image download a file expl1_tank.wmf from trust4free.ws every time my index.php is accessed. I overwrote my index.php and it appears OK for now. How can it have happened, and how can I stop it from happening again? I'm running Raven's 7.6 distro with Sentinel BTW.
 
View user's profile Send private message Visit poster's website
hitwalker
Sells PC To Pay For Divorce



Joined:
Posts: 5661
PostPosted: Tue Dec 27, 2005 7:14 pm Reply with quote
Well i doubt that..
Every idiot can try to abuse a site or try to hack it.
But it would help if you could provide more info...
 
View user's profile Send private message
Dacubz
PostPosted: Tue Dec 27, 2005 8:21 pm Reply with quote
Doubt what, and What kind of info should I provide?
 
hitwalker
PostPosted: Tue Dec 27, 2005 8:34 pm Reply with quote
well how do you know this?
How do you know they are using your index.php ?
 
montego
Site Admin



Joined: Aug 29, 2004
Posts: 9457
Location: Arizona
PostPosted: Tue Dec 27, 2005 9:26 pm Reply with quote
Dacubz, the base RavenNuke76 distribution should not have allowed this to happen. Now, if you have installed other modules or hacks which allow file uploads, such as Copermine, or a forum file upload mod, or some form of chat module, that could have been the way they broke in... Again, that is if you are certain your index.php was overwritten. Also, are you sure that you configured NukeSentinel per the provided instructions?

_________________
Only registered users can see links on this board! Get registered or login!
Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Visit poster's website
Dacubz
PostPosted: Wed Dec 28, 2005 8:03 pm Reply with quote
I don't have anything unusual installed, but one of my users did some research and came up with this. I haven't done anything besides overwrite my index.php so far.

http://www.mackenty.org/index.php/learn/comments/site_problem_found/#comments


Domain Name: TRUST4FREE.WS
Registrant: personal

Administrative Contact:
yo.wuzzup@gmail.com
18666254678

Registrar:
Rustelekom (www.NameServers.ru)
1 866 6254678
info@nameservers.ru

Domain created on 2005-10-15 10:10:39
Domain last updated on 2005-10-15 10:10:39

Name servers:

ns0.xname.org
ns1.xname.org
 
Dacubz
PostPosted: Wed Dec 28, 2005 8:29 pm Reply with quote
Reported to the host also, but I was wondering if this could have been caught.
 
evaders99
Former Moderator in Good Standing



Joined: Apr 30, 2004
Posts: 3221
PostPosted: Thu Dec 29, 2005 3:27 am Reply with quote
Well you'd need to look at your access logs to see how he got it. There's gotta be a vulnerable part somewhere.. usually its an uploading script

_________________
- Only registered users can see links on this board! Get registered or login! -

Need help? Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Visit poster's website
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke


 Jump to:   




View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©