| Author |
Message |
Meoff
Regular
Joined: Aug 05, 2006
Posts: 55
Location: Thailand
|
 Posted:
Wed Aug 09, 2006 4:01 am |
|
Hello to all,
I've learned a lot of great stuff about my PHP Nuke site from this forum, and hoping that some of you people who are a lot brighter than me can help me out.
My site was defaced last night by TILKIANDRE, who was able to create himself an admin account, and change my welcome message (#1) to a big F*** ISRAEL type political message.
From reading my IP logs, it seems that was all he did- so I guess that I have been lucky.
Doing some searching / reading about nuke security, I keep running across NukeSentinel, and how it is a worthwhile addition that combats alot of hack attempts / weaknesses in PHPNuke. I've read that I must also install patches prior to installing NukeSentinel.
Can someone steer me in the right direction... tell me (in basic / newbie style) everything I need to install to improve the security of my site? All the needed patches, programs, etc? Reaing the the topics in this forum is a little bit mind boggling / confusing.
I am currently using a plain - jane as downloaded version of PHPNuke 7.8. I've upgraded the PHPBB to the newest versions of BBtonuke 2.0.21.
Thanks for any and all input. Like I said, I believe that I was lucky this time, but realize that someone else who performs the same kind of attack and creates an admin account could do a world of damage. I might not be so lucky next time.
Meoff |
| |
|
 
|
|
jakec
Site Admin
Joined: Feb 06, 2006
Posts: 3048
Location: United Kingdom
|
| Posted:
Wed Aug 09, 2006 6:07 am |
|
Is this a new site?
If it is the best option maybe to scrap it and start over RavenNuke.
This comes preinstalled with the latest Sentinel and Patches at the time of release. It is also based on 7.6, which is more secure than 7.8.
If not it is possible to downgrade to 7.6 and install RavenNuke this way.
Most of this has been discussed previously on this site and therefore if you do a search you should be able to find some advice. |
| |
|
|
|
|
Meoff
|
| Posted:
Wed Aug 09, 2006 6:24 am |
|
Hello jakec,
Thanks for your reply.
No- it isn't a new site. It is over a year old, with several add-on modules, a lot of members and an active forum. Ideally, I'd like to find the way to secure what I have already. Any advice along this path would be appreciated!
From my rookie point of view, it seems that this would be the lesser nightmare- compared to migrating everything to the version 7.6 RavenNuke. Is it the correct way of thinking? How difficult would it be to migrate to another system? Could I still use my existing SQL database? |
| |
|
|
|
|
jakec
|
| Posted:
Wed Aug 09, 2006 6:35 am |
|
Securing 7.8 may be difficult due to it's inherent securities holes, but you can try the latest patches and Sentinel, but there is no guarantee it will work.
Sentinel can be downloaded from: http://www.nukescripts.net
and the latest patches can be found here: http://www.nukeresources.com/
I'm no expert, but the downgrade script, just downgrades your database to 7.6, which you should then be able to use with RavenNuke. Like I said this has been covered in other forums here, so probably best to have a read through them for advice. |
| |
|
|
|
|
kguske
Site Admin
Joined: Jun 04, 2004
Posts: 6437
|
| Posted:
Wed Aug 09, 2006 8:21 am |
|
Also, make sure to install Admin Authentication on both admin.php and your modules/Forums/admin (directory). |
_________________
I search, therefore I exist...
Only registered users can see links on this board! Get registered or login! |
|
|
|
|
|
|
![[Valid RSS]](https://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
