webpage possibly hacked

New Member Joined: Dec 24, 2008 Posts: 13

Good morning. I have a webpage that was possibly hacked. I left by mistake an SQL installer in the public html area in that folder. Could that be the issue? Could someone install that and screw up the installer?

www.shocknaweclan.net is that page.

Please advise.

Thanks so much for your help.

Posted: Wed Dec 24, 2008 10:42 am

Here is the error:

Warning: include_once(themes/Aviator/theme.php) [function.include-once]: failed to open stream: No such file or directory in /home/shock/public_html/mainfile.php on line 1125

Warning: include_once() [function.include]: Failed opening 'themes/Aviator/theme.php' for inclusion (include_path='.:/usr/lib/php') in /home/shock/public_html/mainfile.php on line 1125

Warning: include_once(themes/Aviator/theme.php) [function.include-once]: failed to open stream: No such file or directory in /home/shock/public_html/mainfile.php on line 1363

Warning: include_once() [function.include]: Failed opening 'themes/Aviator/theme.php' for inclusion (include_path='.:/usr/lib/php') in /home/shock/public_html/mainfile.php on line 1363

Warning: include_once(themes/Aviator/theme.php) [function.include-once]: failed to open stream: No such file or directory in /home/shock/public_html/header.php on line 31

Warning: include_once() [function.include]: Failed opening 'themes/Aviator/theme.php' for inclusion (include_path='.:/usr/lib/php') in /home/shock/public_html/header.php on line 31
/>
Fatal error: Call to undefined function themeheader() in /home/shock/public_html/header.php on line 55

registered · Posted: Wed Dec 24, 2008 10:45 am

Does the theme Aviator exist?
It looks like the default theme is set to it but it doesn't exist?

Posted: Wed Dec 24, 2008 10:51 am

Yes, that theme does exist but the pointers do not point to it or something. The only way to get into that is to go to the admin panel, but I cannot get in. The page does not go into it. This is the Raven Nuke software by the way.

Posted: Wed Dec 24, 2008 11:24 am

Change in database table nuke_config the Default theme to e.g.: RavenIce or one of the the other standard Raven Nuke themes to access your administration again.
I believe your aviator theme will not work without some modifications.
Not sure if you finished the install process already.
But afterthat you should delete or rename the install scripts.

Posted: Wed Dec 24, 2008 11:39 am

The aviator theme is gone actually. I logged into the ftp and saw no aviator theme. Thank you for pointing me to the nuke_config table. How do I get there?

Posted: Wed Dec 24, 2008 11:40 am

Don´t know how your host handle this.
I use phpMyAdmin to go to my database.

Posted: Wed Dec 24, 2008 11:42 am

Ok, that is what I have. Where do I find it there? In the phpmyadmin and tables?

Posted: Wed Dec 24, 2008 11:48 am

Click on the table nuke_config in your database and click show.Now you should see an icon to edit the table. Scroll down and change the default _theme name and save it with OK.

Posted: Wed Dec 24, 2008 1:26 pm

Hey Susann, we got it back up, but I think I need to update our nuke. My site is here. www.shocknaweclan.net. What version do we have and are we totally secure. Please advise.

Thanks soo much for your great help

Posted: Wed Dec 24, 2008 1:46 pm

NukeSentinel(tm) 2.5.16: This is our version of Sentinel. How are we on that?

Posted: Wed Dec 24, 2008 1:51 pm

Ok found it, the newest version seems to be: Current NukeSentinel(tm) version is 2.6.00. I haven't done this in awhile, so, wonder if you have a tutorial or instructions on the procedure to update. Would greatly be appreciated.

Thank you.

Posted: Wed Dec 24, 2008 1:57 pm

No site is totally secure..... Smile

Lot of depends on 3rd party mods and stuff added by users. I did notice that your Nuke Sentinel is a little behind on updates. May want to look at updating it. If you go to phpmyadmin and click on the database that holds your nuke site, then find the table called nuke_config. Click on the name nuke_config and it should open up in the structure tab ( at least that is how mine does). If you then click on the browse tab, it will show you the contents of the nuke_config table. Scroll over to the far right and there should be a column named Version_Num. Under that column will be your version of Nuke.

Posted: Thu Dec 25, 2008 9:41 am

Download NukeSentinel 2.6.01 full version and update NS from 2.5. - 2.6. and 2.6. - 2.6.01 and use the newest IP2Country.The included readme file explains how to do this.If you have still questions post in the NukeSentinel forum.
Current RavenNuke version is 2.3.0 but Version 2.3.01 is coming soon.

Posted: Fri Dec 26, 2008 3:53 pm

I need to update/upgrade my RavenNuke. Is there a guide for dummies? I have experience and have the technical know how to at least manipulate something, but is the exact upgrade information avaialable?

registered · Site Admin Joined: Jun 04, 2004 Posts: 6437

Check your entire structure for writeable directories - check to see if there are any additional htaccess files and php scripts with 5 or 6 digit numbers for names. I saw this same activity on a server earlier this month, and the scripts are very bad.

If you find them, have your host update cpanel, and change all folders that are writeable to not be. Of course, remove the htaccess and php script files.

Posted: Fri Dec 26, 2008 10:57 pm

thegeneral2 wrote:

I need to update/upgrade my RavenNuke. Is there a guide for dummies? I have experience and have the technical know how to at least manipulate something, but is the exact upgrade information avaialable?

All the information you need is in the HowToInstall directory within the latest RavenNuke.

Posted: Sat Dec 27, 2008 8:38 am

I'm not suggesting that you not upgrade, of course, but pointing out that your version of Nuke might not be what caused the breach...

Posted: Sat Dec 27, 2008 12:44 pm

Thanks Guardian and kguske, I agree with you. Guardian, I have a download named RavenNuke_v2.30.00.tgz. How do I decompress this? What file format is that. Where is the HowToInstall directory? Don't mean to take up your time. I am a "do it yourself" type of guy and hate to take too much time away from people.

Thanks

Posted: Sat Dec 27, 2008 12:49 pm

The file format is usually indicated by the file extension, in this case a compressed archive in .tgz
Most decent archive handling software should be able to unzip/unpack the archive including, WinRar, 7Biz, Ace and probably WinZip.
They all work pretty much the same; right click the package and select 'unzip' or 'unpack'.

Posted: Sat Dec 27, 2008 1:13 pm

Yep, makes sense. I thought that Vista would see it but forgot that usually it won't, so I downloaded winrar. Thanks a bunch for your help.

Posted: Sat Dec 27, 2008 8:25 pm

I think Guardian meant 7-zip, my preferred archive utility.

Leaving the installer might affect your database, but it's not likely that it would allow a theme to be deleted. More likely, there is something much more nefarious going on, and it's outside of Nuke.