| Author |
Message |
The_cobra666
Hangin' Around
Joined: Oct 23, 2004
Posts: 38
Location: Belgium
|
 Posted:
Sat Jan 21, 2006 3:00 pm |
|
Hi,
I've got the original phpnuke platinum with the patch pack from platinummods. But now I'm having trouble with a cracker. I don't know how to stop him! He's using a proxy to get in. I've set the proxy blocker to it's max in nukesentinal but not helping at all. I'm realy realy stuck right now and don't know what to do anymore.
He's hacking accounts. I've disabled the memberlist and made it only avaibable to admin's. And still he's getting his user name's. I'm realy stuck and going out of my mind. I've tryid almost everything. It just ain't helping. I hope anybody of you got an idea. He is using the same password each time ==> downfo. |
| |
|
|
|
Guardian2003
Site Admin
Joined: Aug 28, 2003
Posts: 6799
Location: Ha Noi, Viet Nam
|
| Posted:
Sat Jan 21, 2006 5:24 pm |
|
I'm not too familiar with Platinum but I presume you have;
Sentinel settings to block union and other attacks
Have changed ALL admin passwords etc etc.
Checked for any new admin accounts you did not create and deleted them.
If you have block proxy turned on then he should be getting blocked anyway.
If all else fails, remove your admin.php file - that may give you some breathing space hopefully. |
| |
|
|
|
The_cobra666
|
| Posted:
Sat Jan 21, 2006 6:26 pm |
|
Nukesentinal proxy blocker is @ max, every blocker of sentinal is on and directly writing to .htaccess, but sentinal isn't blocking the proxy. He never toucht the admin. Only user and spamming on the forum. I've installed the mod_security on my server but he's still getting in. I've got not a clue were to look now  |
| |
|
|
|
|
Guardian2003
|
| Posted:
Sat Jan 21, 2006 6:33 pm |
|
So he is spamming the forums - are these set for registered users only?
He can still register a new account of course but atleast you can keep deleting his accounts. I'm sure he will get fed up before you.
I'm not too sure on how well they managed to integrate Sentinel with Platinum, I know some other 'forks' of phpNuke did not work well so perhaps the Platinum authors can answer why the proxy blocker is not working as it works on phpNuke site.
There are also some tweaks you can try that will prevent people signing up with free email accounts like hotmail, msn etc. At least if they start registering with proper domains, you can persue other courses of action. |
| |
|
|
|
|
The_cobra666
|
| Posted:
Sat Jan 21, 2006 6:38 pm |
|
The forum is not visible if your not a registerd user. He's not registering any new accounts only hacking old one's. I've tried everything to stop that guy but I can't find it. I'm going to delete the admin.php like you say, so he can't do anything wrong. |
| |
|
|
|
|
evaders99
Former Moderator in Good Standing
Joined: Apr 30, 2004
Posts: 3221
|
| Posted:
Sat Jan 21, 2006 9:51 pm |
|
Do you have access logs? That should show how exactly he is getting in |
_________________
- Only registered users can see links on this board! Get registered or login! -
Need help? Only registered users can see links on this board! Get registered or login! |
|
|
|
The_cobra666
|
| Posted:
Sun Jan 22, 2006 4:11 am |
|
I have access log's but the problem is, I can't make any out of them. It seems like because he's behind a proxy it does not logs everything he does. I mean the ip is there, the date is there, but the link is "dissapeared". I do know he's using firefox. From 20:25:45 until 20:25:51 he entired like 10 times this link ==> modules.php?name=Your_Account&op=userinfo&bypass=1&username=Flash"
And let that be the account that has been hacked yesterday. This is something I do find a lot if he's busy. |
| |
|
|
|
|
Guardian2003
|
| Posted:
Sun Jan 22, 2006 5:24 am |
|
That is a normal log-in url for nuke.
That would suggect to me that either the user had forgotten their password and were trying different ones or possibly someone else trying to 'guess' the users password.
If there are no url's after thatis then it would seem to indicate an unsuccesffull attempt.
Do you have the log-in code activated where a user has to type in his username/pasword and code? This may slow him down especially if they are using some automated scripting. |
| |
|
|
|
|
The_cobra666
|
| Posted:
Sun Jan 22, 2006 6:13 am |
|
If I activate that, the users can't login anymore from the block, for some reason it's not accepting the security code, but in the account module it is. |
| |
|
|
|
|
technocrat
Life Cycles Becoming CPU Cycles
Joined: Jul 07, 2005
Posts: 511
|
| Posted:
Mon Jan 23, 2006 10:08 am |
|
The proxy blocker is untouch in the PNP patched packs. It should be working normally. The problem with proxies are that the newer ones can fool the proxy blockers by sending in the correct headers. If he is using one then you have a problem. |
_________________
Only registered users can see links on this board! Get registered or login!
Only registered users can see links on this board! Get registered or login! / Only registered users can see links on this board! Get registered or login! |
|
|
|
|
The_cobra666
|
| Posted:
Mon Jan 23, 2006 1:19 pm |
|
Is there away to block proxy's on server level? |
| |
|
|
|
|
|
|
![[Valid RSS]](https://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
