| Author |
Message |
dean
Worker
Joined: Apr 14, 2004
Posts: 193
|
 Posted:
Fri Mar 04, 2005 1:59 pm |
|
Our site was hacked this morning by an unknown individual/group who deleted and replaced files that look like this: Only registered users can see links on this board! Get registered or login!. I am wondering if anyone else has been defaced in the same way as I have not figured out how they got in to do their nasty work.
Since the content of my sites is primarily related to dogs and dog activities, I was surprised my site would be targeted with this type of propaganda.
I was using patched nuke 7.3 and latest Sentinel and no warnings were provided. I am fairly unsophisticated at programming and realize there are many different ways of accessing a sites underlying files but have no idea how to find out. I am working with the abuse department of my host (Ipowerweb) to ascertain what I can, restore and secure my site. Any thoughts or suggestions would be appreciated....... |
| |
|
|
|
Raven
Site Admin/Owner
Joined: Aug 27, 2002
Posts: 17088
|
| Posted:
Fri Mar 04, 2005 2:39 pm |
|
Using Coppermine or My_eGallery? If so, you can bet dollars to doughnuts that's your problem. It's not the content for the idiots. It's the ease of copy-n-paste  |
| |
|
|
|
|
dean
|
| Posted:
Fri Mar 04, 2005 3:37 pm |
|
Using neither - menalto gallery, latest version. |
| |
|
|
|
|
sharlein
Member Emeritus
Joined: Nov 19, 2002
Posts: 322
Location: On the Road
|
| Posted:
Fri Mar 04, 2005 3:47 pm |
|
Did you check your log for any postings? |
_________________
Give Me Ambiguity Or Give Me Something Else! |
|
|
|
|
Raven
|
| Posted:
Fri Mar 04, 2005 3:49 pm |
|
Since they modified your files, they have gained upload access. Check the upload/download exploits at like http://security-focus.com/ . Of course NukeSentinel does not and can not defend against programming holes in 3rd party applications, unfortunately. |
| |
|
|
|
|
djmaze
Subject Matter Expert
Joined: May 15, 2004
Posts: 727
Location: http://tinyurl.com/5z8dmv
|
| Posted:
Fri Mar 04, 2005 4:07 pm |
|
A week ago someone provided me a upload script for the downloads module, and the question if it would work in CPG-Nuke.
The script was such a huge hole i deleted it from our forums instantly.
It seems these days there are so much crappy scripts, that you can't keep saying that it's the fault of coppermine and my_egallery who have fixed their scripts more then a year ago.
This constant accusation to the 2 modules is making me sick, the people who still use the old scripts should be slapped.
There are more then 1001 unsecure scripts available for php-nuke so can someone list them all ?
Coppermine 1.2.x (themes XSS when register_globals=on)
My_eGallery 3.1.1.f and prior (XSS)
download_upload_nuke v.1c (terrible upload system without any checks)
etc. |
| |
|
|
|
Raven
|
| Posted:
Fri Mar 04, 2005 4:18 pm |
|
DJM,
I agree it's the fault of the users who don't upgrade. Didn't mean to come across otherwise. However, those 2 are #2 and #3, right behind FB himself, that are the cause of most exploits like this one described. That's why I always ask the question. Especially on a 7.3 installation. |
| |
|
|
|
|
djmaze
|
| Posted:
Sat Mar 05, 2005 4:59 am |
|
So true Raven, but wouldn't it a good idea to list them somewhere ? |
| |
|
|
|
|
Raven
|
| Posted:
Sat Mar 05, 2005 8:12 am |
|
| DJMaze wrote: | | So true Raven, but wouldn't it a good idea to list them somewhere ? |
What do you mean? |
| |
|
|
|
|
|
|
![[Valid RSS]](https://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
