Fix For All Admin.php Exploits (Maybe?)

newbie · Regular Joined: May 03, 2004 Posts: 62 Location: USA

Raven wrote:

Glad you got it Smile

. I'm on the road right now and am really behind on messages.

Guess I was a little premature in the Welcome back in the other thread Wink

'Tis good to see ya though!

Raven · Posted: Sat May 15, 2004 11:13 am

Thank you! Would be nice to know who 'newbie' is, as we all, at one time or another, held that moniker Smile

newbie · Regular Joined: May 03, 2004 Posts: 62 Location: USA

LOL,

Yep.... but in my case ... it's also my website ;o)

Only registered users can see links on this board!
Get registered or login to the forums!

I've just not been too keen on posting it in the forums anymore. I was JUST getting comfortable and really active in alot of the Nuke forums ... posting all over the place, developed a couple modules ... and WHAM!!! I started getting that, er, ummm ... UNwanted attention.

They got me good too. Defaced the nuke area 2x in 2 days with the "God Admin" hack.... then I find out they got my blog and my Guestbook! I'm just grateful I hadn't ported over all my content ... which was what I had planned to do.

All of that and now I've kind'a decided that ... (I think it was sixtonoffun who said something like) "Security through obscurity" may have some merit Wink

So it's incognito from here on out, LOL

Take care!

Darla

Raven · Posted: Sat May 15, 2004 12:03 pm

That has some merit, for sure. Me, I backup alot and stay ahead as much as I can, and throw caution to the wind. We post security traps here, often times ahead of some of the other 'official' this or that sites, as we peruse the exploit sites and have a pretty good network behind the scenes. Between Chat's fixes, hack alert script, and the methodology in this thread, you are about as safe as you can be right now, so post away and live vicariously, through us Laughing

. Toss in the other nuts (term of endearment) like Six and some others and if you weren't paranoid you soon will be. Six will have a tendancy to drive you to the edge and then suggest you switch to version 5.5 where life was simpler. Or another CMS. That's what I really like about him - he's flexible, for sure. Must be all that time on the tractor in the sun; I don't know.

sixonetonoffun · Posted: Sat May 15, 2004 12:13 pm

Its the schizophrenia I swear!

newbie · Regular Joined: May 03, 2004 Posts: 62 Location: USA

Raven wrote:

so post away and live vicariously, through us Laughing

.

I can NEVER turn down an invitation to fun!!!

Actually, I found your site in between the two hacks ... and have been loyally following it since then. The only exploit that passed through my site since then ... could have been avoided had I had your most recent update! You've got a good forum here and some great talent. And that guy Six ... he's pretty cool, too ;o)

And as far as those "other" forums ... they don't even compare. I'm glad they were there when they were, but ... the day I got hacked and needed help RIGHT now ... I couldn't get through ... and I found your site ... with solutions posted right there, in plain view, on the front page ... and the response time was/is fantastic. And this is just so much more ... personal. And that's what I am on the net for ... to learn, make friends and have some fun while helping those newer than me....

Anyway ... I'm getting long-winded ... so just let me say "Ya got my vote!"

Take care,

Darla

jonmcc33 · Posted: Mon May 17, 2004 3:46 pm

Raven, you've just became my #1 friend. I've been hacked twice in the past month by that lame waraxe2 tool (or at least his code).

Today I added your anti-hack PHP script (the one that sends you an e-mail notification of any hacks), the script to deny any idiots trying to make a new Godmode account (since it happened to me), and now this.

My site is non-profit and I actually provide great downloads for people so I don't know why hackers would waste their time with me. I do enjoy that all they can do is hack SQL and not actually my real website. It's rather simple to restore an SQL database from a backup so all their changes are gone.

At least now with this HTTP authentication I will be a little more secure. One question...how do you add that e-mail reporting script? I'd rather get that then the little "Get out..." part. Sorry, I'm not really a PHP guru and had to read this entire thread page for page to get my HTTP authentication to work right.

You're the man. Expect a donation for your hard work.

Raven · Posted: Mon May 17, 2004 3:58 pm

Try this

Code:

if (!($HTTP_SERVER_VARS['PHP_AUTH_USER']=="$ravenAdminID" && md5($HTTP_SERVER_VARS['PHP_AUTH_PW'])==trim("$ravenAdminPASS"))) {
header("WWW-Authenticate: Basic realm=Protected");
header("Location: hackattempt.php");
die();
}

I haven't tried this so it may need some tweaking. Keep in mind that legitimate users that just forget their login/pw will get it too Shocked

jonmcc33 · Posted: Mon May 17, 2004 4:14 pm

I'm the only admin at my site so I won't forget my password. This way I'll see anyone trying to access my admin.php.

THANKS AGAIN!

Edit- It doesn't work. It doesn't give you a chance to login and automatically takes you to the hackattempt.php file.

Raven · Posted: Mon May 17, 2004 5:52 pm

Let me play with it in a while and I'll get back to you Smile

jonmcc33 · Posted: Mon May 17, 2004 6:18 pm

Thanks, it'll be a real plus if I can get it to report any ADMIN.PHP hack attempts.

Raven · Posted: Mon May 17, 2004 11:50 pm

jonmcc33 wrote:

I'm the only admin at my site so I won't forget my password. This way I'll see anyone trying to access my admin.php.

THANKS AGAIN!

Edit- It doesn't work. It doesn't give you a chance to login and automatically takes you to the hackattempt.php file.

Try this

Code:

if (!($HTTP_SERVER_VARS['PHP_AUTH_USER']=="$ravenAdminID" && md5($HTTP_SERVER_VARS['PHP_AUTH_PW'])==trim("$ravenAdminPASS"))) {
header("WWW-Authenticate: Basic realm=Protected");
header("HTTP/1.0 401 Unauthorized");
echo "<script>window.location='http://your_domain.com/hackattempt.php';</script>";
die();
}

blith · Posted: Tue May 18, 2004 9:03 am

Raven, I just posted:

Quote:

I am sorry if this has been asked but how do you add more admin?

in the quick reply box and I got

Code:

The html tags you attempted to use are not allowed

Raven · Posted: Tue May 18, 2004 9:39 am

I just tried it and it worked ok. Try it again.

blith · Posted: Tue May 18, 2004 9:49 am

I am sorry if this has been asked but how do I add more admin?

*edit* hmmm worked this time I even tried it three times before reporting */edit*

Raven · Posted: Tue May 18, 2004 9:55 am

Only registered users can see links on this board!
Get registered or login to the forums!

blith · Posted: Tue May 18, 2004 9:56 am

Raven wrote:

http://your_domain.com/admin.php?op=mod_authors

Oh Raven I am not that new Embarassed

... what I meant was your HTTP auth. Waht it does is ask for username and then password. I was wondering if I could add more to that? Thanks!

Raven · Posted: Tue May 18, 2004 10:01 am

Real quick, and I have not tried this, try

Code:

<?
$ravenAdminID0 = 'secretID0';
$ravenAdminPASS0 = '8xxx3efdde1eb6cf6639a58848362bf4';
$ravenAdminID1 = 'secretID1';
$ravenAdminPASS1 = '8yyy3efdde1eb6cf6639a58848362bf4';
$ravenAdminID2 = 'secretID2';
$ravenAdminPASS2 = '8zzz3efdde1eb6cf6639a58848362bf4';
?>

if (!($HTTP_SERVER_VARS['PHP_AUTH_USER']=="$ravenAdminID0" && md5($HTTP_SERVER_VARS['PHP_AUTH_PW'])==trim("$ravenAdminPASS0")) AND !($HTTP_SERVER_VARS['PHP_AUTH_USER']=="$ravenAdminID1" && md5($HTTP_SERVER_VARS['PHP_AUTH_PW'])==trim("$ravenAdminPASS1")) AND !($HTTP_SERVER_VARS['PHP_AUTH_USER']=="$ravenAdminID2" && md5($HTTP_SERVER_VARS['PHP_AUTH_PW'])==trim("$ravenAdminPASS2")))

You should see where the code should go. There is a more efficient way but this should work for now.

blith · Posted: Tue May 18, 2004 10:06 am

thanks! Will do!

jonmcc33 · Posted: Tue May 18, 2004 10:08 am

That works perfectly, Raven. Thanks again.

blith · Posted: Tue May 18, 2004 10:16 am

The additional code worked and the new user and password did also. thanks!

blith · Posted: Tue May 18, 2004 11:35 am

Actually now that I am trying it. The first set do not work now, just the second that I have added does.

anfer · New Member Joined: May 18, 2004 Posts: 10

never mind

anfer · New Member Joined: May 18, 2004 Posts: 10

im confuse

anfer · New Member Joined: May 18, 2004 Posts: 10

Hi....my web page just got hacked...and im looking for security....i tried this system of two passwords, everything worked propertly, execpt that when I try to get in the admin page, my pass or login is not accepted. I type the same that i used for myprivatefile.php but i cant get in. I dont know what happen...plz help me. is a good security system for admin.

PD: (sorry for my bad english)

ANFER