Hacked - config.php changed

Regular Joined: Sep 12, 2003 Posts: 63

Hi

got hacked last night. The only change was that the original config.php was deletet and changed with a new one with html codes with hack-info.

I use php-nuke 7.6 with sentinel 2.3.0. Have studied the tracked IP, but cant find any IP who have done this.

Can it be a security problem my ISP have?

regards fondy

registered · Posted: Wed May 24, 2006 5:33 am

Quote:

Can it be a security problem my ISP have?

It could be. The only way I think this can happen is:

1) If they have figured out your login or even worse, root access.

2) Or you have a nuke add-on or other script running on that domain which has allowed the uploading of files.

There may be more, but being able to overwrite / upload files is a very serious hack indeed.

I would also check to make sure your files are 644 by default and folders are 755 by default (you may even be able to get away with less, but depends on how your host is set up). Only in rare occassions, such as NukeSentinel needing .htaccess set to 666, should you have permissions set any higher than that, especially if you are on a shared server.

Posted: Wed May 24, 2006 5:49 am

Thanks a lot, I will check my site. Have also contacted my ISP, and they ar checking logs now.

regards fondy

registered · Posted: Wed May 24, 2006 9:13 am

If a file was changed then they either compromized your webserver or they used an exploit that allowed access to cmd. Are you using SPChat, vWar, Coppermine, or NuClendar?

Posted: Wed May 24, 2006 10:29 am

I use none of them. I use Gallery (menalto), Autotheme, Kisgb and MS analysis. Gallery is version 1.4.1, maybe I must upgrade here.

Posted: Wed May 24, 2006 11:23 am

Is Coppermine really a serious security risk? If so is there anything that can be done to overcome the risks of using Coppermine?

Using RN2.02 NSN2.4.2pl6. No other addons other than CPG.

Posted: Wed May 24, 2006 10:55 pm

Coppermine has always been on the "bad list". I have no idea, though, if its being actively developed to where it is not a "bad boy" any longer? Any know?

Posted: Thu May 25, 2006 2:21 am

Now i may be completely wrong here(information i HEARD)

But ive been told coppermin has not completely abandoned the script but has made another script and attempted to secure it a lot better.

registered · Posted: Thu May 25, 2006 4:05 am

Ezekiel wrote:

Is Coppermine really a serious security risk? If so is there anything that can be done to overcome the risks of using Coppermine?

I'm using Coppermine 1.1d, which according to most ppl is the devils child. I've been using it since like 2003, and it's survived numerous hacking attempts, according to my logs, but I couldn't tell you what I've done to it -- it's been so long ago.

So, I guess, like everything else -- it all depends... Wink

Posted: Thu May 25, 2006 4:12 am

Coppermine has revived. Another developer group took over the development of it.
http://www.max.pcnuke.com/modules.php?name=Downloads&op=MostPopular&ratenum=50&ratetype=num
I don't know if it's better by now just know some ppl are working on it.

Posted: Thu May 25, 2006 6:03 am

http://www.ravenphpscripts.com/article2181.html

Sad

Just make sure you do your due diligence.

Posted: Thu May 25, 2006 1:25 pm

I would look at upgrading your version of Sentinel also. Do you use chatserv patches with your version of php 7.6?

Posted: Fri May 26, 2006 6:49 am

Yes, I am using the patches from chatserv. Maybe I will go to the latest version of RavenNuke with the patches and sentinel included.

Do I have to upgrade the tables in the database if I go from standard nuke 7.6 to RavenNuke 7.6?

regards fondy