| Author |
Message |
ozbutcher
Worker
Joined: Jan 17, 2007
Posts: 170
|
 Posted:
Wed Feb 07, 2007 5:55 am |
|
We got our first hack attempt this morning, good thing Sentinel stopped them! 
Code:Blocked IP: 12.201.52.*
User ID: Anonymous (1)
Reason: Abuse-Union
--------------------
User Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.9) Gecko/20061206 Firefox/1.5.0.9
Query String: ................../modules.php?name=Search&type=comments&query=not123exists&instory=/**/UNION/**/SELECT/**/0,0,pwd,0,aid/**/FROM/**/nuke_authors
Get String: ......................./modules.php?name=Search&type=comments&query=not123exists&instory=/**/UNION/**/SELECT/**/0,0,pwd,0,aid/**/FROM/**/nuke_authors
Post String: ................../modules.php
|
Now that it happened I am more wary about site security.
Should the config.php be in a folder where it cannot be called upon? Standard nuke installation puts it in the site root directory but I remember somewhere that it can be moved into another directory and somehow linked. Is this a threat since it contains database passwords etc? |
| |
|
|
|
hitwalker
Sells PC To Pay For Divorce
Joined:
Posts: 5661
|
| Posted:
Wed Feb 07, 2007 6:13 am |
|
well long ago we could actually place our config outside the root,but with all security and patched up nuke that isnt needed anymore.
but it cant harm if you do so..  |
| |
|
|
|
|
gregexp
The Mouse Is Extension Of Arm
Joined: Feb 21, 2006
Posts: 1497
Location: In front of a screen....HELP! lol
|
| Posted:
Wed Feb 07, 2007 9:35 am |
|
If your site is in the root Directory, you can put the nuke config.php above the root, Just move it, then create a config.php in the root and put this in for the contents:
<?php
if (stristr($_SERVER['SCRIPT_NAME'], "config.php")) {
Header("Location: index.php");
die();
}
if (defined('FORUM_ADMIN')) {
@require_once("../../../../config.php");
} elseif (defined('INSIDE_MOD')) {
@require_once("../../config.php");
} else {
@require_once("../config.php");
}
?>
That will allow the redirect to the NEW place possible, but you need to make sure that a config.php is placed in the root of the nuke site containing the above.
But as stated before, its not necessary for security, Although, it is a good idea if you have addons that cannot be secured by nuke, for example, other installations, A lot of Gallerys are not properly secured. Modules that are not secured.
The security patches for nuke, will stop almost all attacks on the nuke site, but other things can break that security for their environments. So then you must make sure its secure. Ultimatley, its your site that will face the damage, noone elses. Hop this helps you out. |
_________________
For those who stand shall NEVER fall and those who fall shall RISE once more!! |
|
   
  |
|
ozbutcher
|
| Posted:
Wed Feb 07, 2007 4:14 pm |
|
thanks I'll give that a go.
Is there a document somewhere that explains what attacks known and how they affect the system. I would like to find out what the union attack is all about.
cheers. |
| |
|
|
|
|
montego
Site Admin
Joined: Aug 29, 2004
Posts: 9457
Location: Arizona
|
| Posted:
Wed Feb 07, 2007 6:03 pm |
|
I'll say it again, though, if you are worried about a "hole" in another script that will allow an attacker to read a file from the file system, depending on what function is being used in that case, placing your config.php outside the web root isn't going to do you any good. Most of us are under the conclusion now that it is a complete waste of time, just as renaming your admin.php script is.
JMO.
Regarding the UNION attack and others, there are good books on PHP Security (this issue is NOT just limited to PHP - these principles are almost unniversal). |
_________________
Only registered users can see links on this board! Get registered or login!
Only registered users can see links on this board! Get registered or login! |
|
|
|
|
evaders99
Former Moderator in Good Standing
Joined: Apr 30, 2004
Posts: 3221
|
| Posted:
Thu Feb 08, 2007 2:18 am |
|
This particular attack is designed to read out the data from your nuke_authors table
With it, they can craft a cookie to enter your admin page and wreck havoc. |
_________________
- Only registered users can see links on this board! Get registered or login! -
Need help? Only registered users can see links on this board! Get registered or login! |
|
|
|
|
Gremmie
Former Moderator in Good Standing
Joined: Apr 06, 2006
Posts: 2415
Location: Iowa, USA
|
| Posted:
Thu Feb 08, 2007 8:28 am |
|
Google for SQL injection attacks. The UNION attack is a type of SQL injection where they try to append an additional SELECT onto a query to retrieve rows (often from a different table) that the original query wasn't designed to retrieve.
Also look up the MySQL SELECT syntax and you'll read about the optional UNION SELECT clause. |
_________________
Only registered users can see links on this board! Get registered or login! - An Event Calendar for PHP-Nuke
Only registered users can see links on this board! Get registered or login! - A Google Maps Nuke Module |
|
|
|
|
montego
|
| Posted:
Thu Feb 08, 2007 6:51 pm |
|
|
|
|
|
ozbutcher
|
| Posted:
Sat Feb 17, 2007 3:47 am |
|
wow thats scary if they managed to pull it off!! I've had two of these attempts now! thanks for the info. |
| |
|
|
|
|
|
|
![[Valid RSS]](https://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
