| Author |
Message |
mrix
Client
Joined: Dec 04, 2004
Posts: 757
|
 Posted:
Tue Apr 04, 2006 10:57 am |
|
Hello all, two of my sites were hacked today and left this message
Defaced By D.O.M
domteam.info
HEy Just Remember Jesus Love You!
I have everything up to date as far as I know and havnt been hacked in over a year now
any idea`s
Cheers
mrix |
| |
|
 
|
|
hitwalker
Sells PC To Pay For Divorce
Joined:
Posts: 5661
|
| Posted:
Tue Apr 04, 2006 12:19 pm |
|
yeah well known..has a lot of victims...
no sentinel? |
| |
|
|
|
|
Raven
Site Admin/Owner
Joined: Aug 27, 2002
Posts: 17088
|
| Posted:
Tue Apr 04, 2006 12:29 pm |
|
NukeSentinel(tm) installed and configured?
Any photo galleries which all have known exploits?
Forums up to date (v2.0.19) with all patches?
Nuke up to date with all patches? |
| |
|
|
|
|
panda
Hangin' Around
Joined: May 09, 2004
Posts: 32
|
| Posted:
Tue Apr 04, 2006 12:38 pm |
|
Hi mine got done as well, I am upto date on my Forums & Sentinel Gallery i am using is coppermine the newest one. Is there anyway to sort this out ?
Thanks
Panda |
| |
|
|
|
|
Raven
|
| Posted:
Tue Apr 04, 2006 12:54 pm |
|
Review your access logs to see how they got in. I would suspect Coppermine right off the bat. |
| |
|
|
|
|
panda
|
| Posted:
Tue Apr 04, 2006 1:12 pm |
|
Access logs are huge !! what should i be looking for ? !! nothing is standing out !! |
| |
|
|
|
|
panda
|
| Posted:
Tue Apr 04, 2006 1:51 pm |
|
Does this look line anything dodgy ?!!
EDIT !! |
Last edited by panda on Tue Apr 04, 2006 3:08 pm; edited 1 time in total |
|
|
|
|
kenwood
Worker
Joined: May 18, 2005
Posts: 119
Location: SVCDPlaza
|
| Posted:
Tue Apr 04, 2006 2:21 pm |
|
Thats a nice script but je better strip the link out .
And yes there is your bug in your site |
| |
|
|
|
|
panda
|
| Posted:
Tue Apr 04, 2006 3:08 pm |
|
I know there is a bug in my site !! |
| |
|
|
|
|
mrix
|
| Posted:
Tue Apr 04, 2006 3:24 pm |
|
Both my sites have the latest sentinal and updates patches and the latest forum patches I did find that I was using the vwar clan install on one of my sites and that has just had issues I have updated that and hope that fixed it???? Raven is it possible you could look at my logs as I am lost with them 
Thanks
mrix
Michael Rixon
www.sea-fishing.org
the site that has vwar running is this one www.battlefield-2.biz |
| |
|
|
|
|
kenwood
|
| Posted:
Tue Apr 04, 2006 3:29 pm |
|
| panda wrote: | | I know there is a bug in my site !! |
Vwar is the bug panda its not secure . |
| |
|
|
|
|
mrix
|
| Posted:
Tue Apr 04, 2006 3:36 pm |
|
I have gone to the vwar site and have updated it with the new functions_install.php they suggest would you say this is secure?
thanks
mrix |
| |
|
|
|
|
panda
|
| Posted:
Tue Apr 04, 2006 3:40 pm |
|
Mrix, how did you sort your site out ?
Thanks
Andy |
| |
|
|
|
|
Raven
|
| Posted:
Tue Apr 04, 2006 3:45 pm |
|
Check http://secunia.com for 2 days of huge announced exploits with vwar. If you use sQuery, search your logs for sQuery. That's how many sites are being cracked right now. The kiddies are doing searches on Google for things like squery+4.5 to locate vulnerable sites. |
| |
|
|
|
|
kenwood
|
| Posted:
Tue Apr 04, 2006 3:47 pm |
|
|
|
|
|
panda
|
| Posted:
Tue Apr 04, 2006 3:57 pm |
|
I have loads of lines like this one
edit
from ip address 84.51.41.166 are these lot from Turkey ?
Also how do i correct it ?
Many Thanks
Andy |
Last edited by panda on Tue Apr 04, 2006 4:00 pm; edited 1 time in total |
|
|
|
|
kenwood
|
| Posted:
Tue Apr 04, 2006 4:00 pm |
|
|
|
|
|
Raven
|
| Posted:
Tue Apr 04, 2006 4:14 pm |
|
|
|
|
|
VinDSL
Life Cycles Becoming CPU Cycles
Joined: Jul 11, 2004
Posts: 614
Location: Arizona (USA) Admin: NukeCops.com Admin: Disipal Designs Admin: Lenon.com
|
| Posted:
Tue Apr 04, 2006 4:25 pm |
|
| panda wrote: | | Access logs are huge !! what should i be looking for ? !! nothing is standing out !! |
Probably a sql injection... Do a search for 'nuke_config' too.  |
_________________
.:: "The further in you go, the bigger it gets!" ::.
.:: Only registered users can see links on this board! Get registered or login! | Only registered users can see links on this board! Get registered or login! ::.
Last edited by VinDSL on Tue Apr 04, 2006 4:28 pm; edited 1 time in total |
|
 |
|
panda
|
| Posted:
Tue Apr 04, 2006 4:26 pm |
|
Cheers i'll being doing that one. Just need to try and correct my Site now !! |
| |
|
|
|
|
hitwalker
|
| Posted:
Tue Apr 04, 2006 4:28 pm |
|
as i was trying to help panda and the used code couldnt be used in public i send you a pm,would help if you read it and replied. |
| |
|
|
|
|
mrix
|
| Posted:
Tue Apr 04, 2006 4:35 pm |
|
| Quote: | Mrix, how did you sort your site out ?
Thanks
Andy |
I just uploaded a backup through cpanel and updated the vware
thanks
mrix |
| |
|
|
|
|
evaders99
Former Moderator in Good Standing
Joined: Apr 30, 2004
Posts: 3221
|
| Posted:
Tue Apr 04, 2006 4:37 pm |
|
|
|
|
|
panda
|
| Posted:
Tue Apr 04, 2006 4:38 pm |
|
Bugger last backup i did was Jan 06 Crap !! I presume ya mean DB Backup !!
Walker you have PM
Cheers
Andy |
| |
|
|
|
|
mrix
|
| Posted:
Tue Apr 04, 2006 4:42 pm |
|
I have just noticed at the bottom of my htaccess file these added????
deny from 86.16.61.105
deny from 202.149.36.158
deny from 80.74.199.146
deny from 87.82.20.199
anyone have any idea who they are???
cheers
mrix |
| |
|
|
|
|
|
|
![[Valid RSS]](https://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
