Kicked ass and took names

New Member Joined: May 18, 2004 Posts: 11

Raven,

I'm new to your site, and have to say right off that bat. Thank you. Today I managed to bust someone for attempting the unionSQL injection. via your kickass hackattempt.php script. Some jack-ass from South Carolina University posted the following sting to my site

Code:

name=faq&myfaq=yes&id_cat=-1\\\'%20union%20select%200,0,aid,pwd%20from%20nuke_au


thors/*

The only other times I have seen the same thing in my logs was on the several ocations where my site was defaced.

They were so busted and I followed up with an e-mail to the Dean of the university, as well as the professor in charge of Computers and my Host. I was getting upwards of 5-10 attacks a day and was essentually babysitting my site until I came here and realized that aside from new releases....www.phpnuke.com is a worthless site. I appologize if this opinion offends anyone, not my intention.

I also applied the script for admin.php layer 2 security....nice...

I am trying to learn PHP from VB and have learned more from your site that I did spending several days looking at code.

Also.....with security in mind.....the hacker followed a link from here:
http://zone-h.org...... S C A R Y place. they have a "fixed" admin.php in their downloads someone may want to verify as being accurate and not some form of back-doored script.

Mr. Green

John

Site Admin/Owner Joined: Aug 27, 2002 Posts: 17088

Glad you found us. Can you PM me that 'fixed' script? Thanks!

Posted: Tue May 18, 2004 3:35 pm

Quote:

Glad you found us. Can you PM me that 'fixed' script? Thanks!

No problem at all. Hey I made a different graphic for the COUGHT.png nothing fancy..just different.

Thanks again.

New Member Joined: Jul 18, 2003 Posts: 1

I'm using this image Very Happy

I have also added a .txt log file that shows in a module all IP's hack attempts.
Thanks four your script Raven

Sorry for my bad english Embarassed

Posted: Sat May 22, 2004 5:23 pm

I think we all read this much sign language. Razz

Posted: Sun May 23, 2004 5:53 pm

Quote:

I'm using this image

Yes I like that even better Surprised

)

Client Joined: Jan 29, 2004 Posts: 624

Great images, guys! I use this one

Posted: Thu May 27, 2004 10:43 am

Hey Southern, you never commented about the test you ran. What'd you think?

Posted: Thu May 27, 2004 10:58 am

I was amazed. I sat back in my faux black leather executive chair and gawped in amazement at the monitor... I'd never seen such a godawful mess on the 'net before haha and Norton antivirus kept popping up warnings. If I was a hacker or script kiddie I would of creamed my pants. It's very good and I was mighty impressed. I want it for my site when you release it. Smile

registered · Posted: Thu May 27, 2004 11:25 am

Glad you like my little touch to the project. Nuke exploiters beware! Some long overdue payback is coming.

Posted: Thu May 27, 2004 2:55 pm

A very nice touch, too. Smile

Shouldn't you include a warning, something like Caution: Stock up on toilet paper before you hack this site haha

Posted: Thu May 27, 2004 3:02 pm

Just seeing the SENTINEL™ PROTECTED image, should be enough to strike fear in to the hearts of the script kiddies. Razz

Posted: Thu May 27, 2004 3:16 pm

You have a point, cousin, but a few of the dumber ones are sure to disregard that notice. Shocked

registered · Posted: Thu May 27, 2004 3:32 pm

i wonder what the security is like on my site... Shocked

You guys are scaring me..

Posted: Thu May 27, 2004 3:44 pm

Sentinel™ will provide better peace of mind.

Posted: Thu May 27, 2004 3:48 pm

JesseJames, if you would like to see how your security stacks up, try a union attack on this site. You will get banned and I will unban you. But, check out the message you now will see. Do this within the next couple of minutes so I know it is you.

Posted: Thu May 27, 2004 4:07 pm

Hey all,

Have a question. I am running IP_Tracker side by side with Raven's hackscript and the HTTP AUTH access script components. All the IPs aquired so far have standard URLs to my site such as index.php or a link straight to content, topic, or news materials on my site. Then there is one IP who has no normal URLs.......this is what was posted to my site

Quote:

/modules.php?name=Forums&file=viewforum&f=1&sid=825cc8456c7e67cd18a44155218b6376 2004-05-27 09:41:15
/modules.php?name=Forums&file=faq&sid=c989b399a06e0182b323fc4c60a3735e 2004-05-27 08:27:35
/modules.php?name=Forums&file=index&sid=477a3e602ffdaae1c765d0e293a28410 2004-05-27 07:03:32
/modules.php?name=Forums&file=faq&sid=e7eeebcd411364e89c4cacc71f2d3b5d 2004-05-27 03:26:36
/modules.php?name=Forums&file=viewforum&f=1&sid=c989b399a06e0182b323fc4c60a3735e 2004-05-27 02:13:35
/modules.php?name=Forums&file=groupcp&sid=8d4cca33c2d60ec454360dc2bf084194 2004-05-26 23:38:48
/modules.php?name=Your_Account&redirect=posting&mode=reply&t=10&sid=40c0aebbc8f5f6df944e3b398689206e 2004-05-26 22:11:06
/modules.php?name=Forums&file=posting&mode=reply&t=10&sid=f880dac7ca0e11cfc1a6c69f39f8d1a9 2004-05-26 22:10:58
/modules.php?name=Your_Account&redirect=index&sid=1a8427bfe535d91bf87a5372f86f7f01 2004-05-26 21:02:28
/modules.php?name=Forums&file=viewforum&f=2&sid=7b8b725b9d2b5d461ee3e12641908388 2004-05-26 19:15:32
/modules.php?name=Forums&file=index&c=2&sid=9cb2dbfd497dd52c8afa5535a8295da1 2004-05-26 17:53:41
/modules.php?name=Forums&file=groupcp&sid=b33cfb02c9d920f1ae4a31d2e014c86d 2004-05-26 16:33:25

The last set of numbers of course being date and time. I was wondering if this is some sort of attempts at unauthorized access ? I can think of no activity that would generate these URLs into my site. And more importantly, can I add these to the hackattempt script ?

Thank again,
Jt

Posted: Thu May 27, 2004 4:37 pm

Just the users session ID.

Posted: Thu May 27, 2004 4:44 pm

Well for one , i don't know what the the hell a union attack is and wouldn't know how to do one, nor am I interested in trying to hack ANYONE site. But just for fun , if you'll unban me , you can show me how in a pm or post here. Then i will try it out bud. Smile

Man this is how addicted i am to cigarettes , i walked my dog to the store in a rainstorm , lighting all around me and black ass clouds , just for a pack of smokes. LOL

Just for arguments sakes i would like to try that hacking attempt or whatever and try to secure my server more if i can get some help.

I use to have chatserv as my main man , but when my money order failed to arrive to him , im a little wary of sending money oders again. I wish paypal would still let me use them.

I used my 2000 limit and they won't let me re-open now.

Posted: Thu May 27, 2004 5:07 pm

Ok, the only reason I found it odd was that they came into those URLs directly, did nothing more and each one was several minutes apart.

Thank you, one tends to get a bit parinoid after a few defacings Mr. Green

Posted: Thu May 27, 2004 7:32 pm

Quote:

I use to have chatserv as my main man , but when my money order failed to arrive to him , im a little wary of sending money oders again. I wish paypal would still let me use them.

I used my 2000 limit and they won't let me re-open now.

You know you could have retried sending it, i get mail from all over the world and it always arrives regardless of which address i use.

Posted: Thu May 27, 2004 8:14 pm

JesseJames wrote:

Well for one , i don't know what the the hell a union attack is and wouldn't know how to do one, nor am I interested in trying to hack ANYONE site. But just for fun , if you'll unban me , you can show me how in a pm or post here. Then i will try it out bud. Smile

Man this is how addicted i am to cigarettes , i walked my dog to the store in a rainstorm , lighting all around me and black ass clouds , just for a pack of smokes. LOL

Just for arguments sakes i would like to try that hacking attempt or whatever and try to secure my server more if i can get some help.

I use to have chatserv as my main man , but when my money order failed to arrive to him , im a little wary of sending money oders again. I wish paypal would still let me use them.

I used my 2000 limit and they won't let me re-open now.

Son, you as good as got yourself permanently banned were you now to attempt to unionize this site, just for starters those cigarets and that poor dog...

Posted: Thu May 27, 2004 10:31 pm

lol , read above , raven WANTED me to try and do it , which i don't even have a clue how. And also he would unban me afterwards. He was trying to show me how god i should getmy security set on my site thats all. I would never hack anyones site. im not your son either im 34 lol.

Posted: Thu May 27, 2004 10:48 pm

i'm going to save that link for some a**hole i don't like raven lol , that was scary LOL. wife was going what the hell did you do , f**k the computer up. ..lol

Posted: Thu May 27, 2004 11:00 pm

Ah, well far be it from me to tell someone how to get in trouble, so I won't. Smile

I smoke cigars myself and I'd ban anyone smoked those skinny white tubes haha and I guess you're right you aren't my son.