Why do people do this? Suggestions to help...

Posted: Sat Oct 16, 2004 10:05 pm

Hey guys,
I currently got hacked this morning while I was editing some files on my site, all of a sudden I noticed that parts of my site were starting to disappear and then my admin access all of a sudden failed. Next thing I do is refresh the page and theres a bit Fu*k you message on it lol. Well before all of this I did hop on my protector system I had installed and copied down his IP Laughing

. So now I know his name, address, and phone number after a quick trace. But Ill leave the torture up to my friends. Since I saw him doing it, I quickly got in contact with my hosting company who did a great job helpin me out, they shut it down within 3 min of the intrustion, www.onsmart.com. Anyway I reset the stuff and gave myself access again. I proceeded to install admin secure and nuke sentinel. So all together I have protector, nuke sentinel, and admin secure. Is there any other way I can help reduce my site gettin hacked, or better protect it? This is the second time its happened lol. Thats the big question, is there anything else I can do to prevent it?
Sam

Site Admin/Owner Joined: Aug 27, 2002 Posts: 17088

First of all, identify the cause. Do you use Coppermine? Chances are, unless you are up2date, that's how they got in. Feel free to email me the hack and I can tell you if NukeSentinel would have caught it. I can guarantee you beyond a shadow of a doubt, if they hacked your admin, NukeSentinel stops them dead in their tracks.

Secondly, by using all 3 you risk the chance of one not working correctly, it's overkill, and your site will be slower. At the risk of sounding vain, NukeSentinel is all you need. Otherwise, I would not be using it only, as well as many, many, others.

Posted: Sat Oct 16, 2004 11:03 pm

Well I dont know exactly how he did it, but Ill tell you the symptoms, One of my datatables was erased, my shout box, kinda weird, but other than that Im guessing he either got in through admin or he went in by mysql, and created himself an admin account. I dont notice any speed difference in the site, so im too lazy to uninstall them. Im glad sentinel will stop them, Im gettin real tired of this hacking crap. I dont think I use coppermine, but it might be. lol I dont even really know what it is Wink

Sam

Posted: Sun Oct 17, 2004 9:37 pm

ok BIG problem, just this moment, a new admin account was created and somehow got past admin secure, it is a god admin that I surely did not create. WTF do I do lol? Its night here so ill post what happens to my site in the mornin.
Frantz

Posted: Sun Oct 17, 2004 9:41 pm

As I told you already, dump those other systems and use NukeSentinel's HTTP Auth system. It is 100% foolproof.

Posted: Sun Oct 17, 2004 9:52 pm

but will it protect my admin? he somehow created an admin god account on my site, he does not have the pw im sure of it. I have nukesentinel installed. and working

Posted: Sun Oct 17, 2004 10:07 pm

Yes - It protects it 100% - Activate HTTP Auth

Posted: Sun Oct 17, 2004 10:39 pm

lol guess what I did that hehe, but knowing my luck it completely locked me out, none of my admins can log in and it says "leave this site now"
its doin a great job of protecting lol, no one can get in hehe

Posted: Sun Oct 17, 2004 11:00 pm

ok i went back into my table and disabled auth, everytime i disable it, it locks me out, how can i fix this?

Posted: Mon Oct 18, 2004 8:41 am

Are you using your username and pass case sensitive?

Posted: Mon Oct 18, 2004 4:33 pm

certainly, tried it through all the admins.

Posted: Wed Oct 20, 2004 7:21 pm

bump. lol

Posted: Sat Oct 23, 2004 10:31 am

I found that if you are using the newest sentinel and after the install and everything when the management area comes up I have to click on "Admin Auth List" and set my primary Admin first before logging out. if you do anything before doing this it will ask you to log in and your screwed. or atleast that is how it is for me.

Great program. No Hacker trouble since then

New Member Joined: Jun 17, 2004 Posts: 8

I got hacked, they used Coppermine to attack the server. I nearly got kicked off.
Is there a nuke gallery that is more secure? With Sentinal 2.02, have upgraded to 2.1

registered · Regular Joined: Oct 08, 2004 Posts: 55 Location: Texas

This link might help Cheers

Regaining Control of a Hacked PHP Nuke Website
Only registered users can see links on this board! Get registered or login!

Posted: Tue Oct 26, 2004 8:45 am

mxb wrote:

I got hacked, they used Coppermine to attack the server. I nearly got kicked off.
Is there a nuke gallery that is more secure? With Sentinal 2.02, have upgraded to 2.1

The security exploit in Coppermine was mentioned since february 2004 and it's now the end of oktober.

If you still didn't update your website and didn't read the instructions iy's your own fault and not that from coppermine.

Posted: Tue Oct 26, 2004 4:01 pm

So you think Coppermine is secure? What version should I look for?
DJMaze, Im not bagging the program, I love the program and want it back. I looked for an update but the nuke module version is discontinued as far as I could tell.

Posted: Tue Oct 26, 2004 11:01 pm

Correct the development has stopped.
And a new version will only be made if someone starts it again.

I can give you the fixed versions OR the complete CVS on sourceforge so you can play with it.
It's up to you or someone else.

Posted: Thu Oct 28, 2004 6:36 am

Thanks DJMaze I do want to get the gallery up and running again so the fixed version would be good. I don't know much about security but would be interested in a play.

registered · New Member Joined: Sep 13, 2004 Posts: 16

Have you tried Only registered users can see links on this board! Get registered or login!? I like it better than Coppermine and I haven't had any problems with it... yet Very Happy

, but I do use NukeSentinel with HTTP Auth too. Also Gallery can be standalone and PHP-Nuke module so it is always up to date when a new version comes out.

Posted: Fri Oct 29, 2004 11:45 pm

yep Gallery is another good option.
The layout and features are different.

Just pick the one you like most and when you have chosen i will give you an url when necesary