| Author |
Message |
nndoc
New Member
Joined: Aug 14, 2006
Posts: 8
|
 Posted:
Mon Aug 14, 2006 10:49 am |
|
After installing nukesentinel, my upcoming events block is empty and my scrolling forums block is empty. If that is normal not sure if I want to leave it on. |
Last edited by nndoc on Mon Aug 14, 2006 9:30 pm; edited 1 time in total |
|
|
|
Tao_Man
Involved
Joined: Jul 15, 2004
Posts: 252
Location: OKC, OK
|
| Posted:
Mon Aug 14, 2006 11:20 am |
|
don't use them myself so I will not swear to it, but no Nuke Sentinel should not break those. It least I know there are versions that work with sentinel. |
_________________
------------------------------------------
To strive, to seek, to find, but not to yield!
I don't know Kara-te but I do know cra-zy, and I WILL use it! |
|
|
|
nndoc
|
| Posted:
Mon Aug 14, 2006 11:54 am |
|
the calendar is NuCalendar, not sure if there is a better one.
It only happens with the mainfile additions, if I reinstall the stock mainfile.php it goes back to normal. |
| |
|
|
|
|
montego
Site Admin
Joined: Aug 29, 2004
Posts: 9457
Location: Arizona
|
| Posted:
Mon Aug 14, 2006 7:30 pm |
|
First of all, welcome!
Cannot imagine what would be causing this to happen unless you made a mistake in the mainfile.php edits. Which NS version and what version of PHP-Nuke, including patch level, are you using?
P.S. You might want to modify your topic title as it is way too vague. Please read the forum rules Only registered users can see links on this board! Get registered or login! for additional helpful "tips".  |
_________________
Only registered users can see links on this board! Get registered or login!
Only registered users can see links on this board! Get registered or login! |
|
|
|
|
nndoc
|
| Posted:
Mon Aug 14, 2006 9:28 pm |
|
Thank you both for your help. I am installing NukeSentinel 2.5 and am not sure which version of Nuke I am using. It is this modification that does it.
Old line in my mainfile.php
if (defined('FORUM_ADMIN')) {
require_once("../../../config.php");
require_once("../../../db/db.php");
} elseif (defined('INSIDE_MOD')) {
require_once("../../config.php");
require_once("../../db/db.php");
} else {
require_once("config.php");
require_once("db/db.php");
/* FOLLOWING TWO LINES ARE DEPRECATED BUT ARE HERE FOR OLD MODULES COMPATIBILITY */
/* PLEASE START USING THE NEW SQL ABSTRACTION LAYER. SEE MODULES DOC FOR DETAILS */
require_once("includes/sql_layer.php");
$dbi = sql_connect($dbhost, $dbuname, $dbpass, $dbname);
}
With this from NukeSentinel
if (defined('FORUM_ADMIN')) {
@require_once("../../../config.php");
@require_once("../../../db/db.php");
@require_once("../../../includes/sql_layer.php");
@include_once("../../../includes/nukesentinel.php");
} elseif (defined('INSIDE_MOD')) {
@require_once("../../config.php");
@require_once("../../db/db.php");
@require_once("../../includes/sql_layer.php");
@include_once("../../includes/nukesentinel.php");
} else {
@require_once("config.php");
@require_once("db/db.php");
@require_once("includes/sql_layer.php");
@include_once("includes/nukesentinel.php");
}
The page loads fine, no errors, but the scrolling forums block is empty and my NuCalendar block shows no upcoming events.
My website has been hacked 2 times in 2 days and am not sure how they are able to do this. I looked inside phpMyAdmin and there are only 3 admins, no new additions so not sure how they are creating blocks and deleting shouts from my shout box. I am not sure if there is something in the database I should be looking for that would give the access to these functions.
I bit the bullet and just installed NukeSentinel and will not have the use of those 2 blocks. I activated the standard forums block but do not have a upcoming event calendar.
Any help would be appreciated, thanks again. |
| |
|
|
|
|
nndoc
|
| Posted:
Mon Aug 14, 2006 9:35 pm |
|
Wow, after reading my post I see my mistake. I am cutting out this line
$dbi = sql_connect($dbhost, $dbuname, $dbpass, $dbname);
After putting it back it works fine. I am very new to php-nuke and have not used nukesentinel before so not sure if everything is normal.
Do I need to install the IP files I saw in the download section?
Is there some script or hack that is still on my webserver that will still allow these jerks access eventhough I have NukeSentinel installed?
Thanks again for your help,
Jason (nndoc) |
| |
|
|
|
|
montego
|
| Posted:
Tue Aug 15, 2006 5:28 am |
|
Great, glad you found it. Regarding your other questions...
| Quote: |
Do I need to install the IP files I saw in the download section?
|
Yes, this is important so that your users do not get an "Invalid IP" error message.
| Quote: |
Is there some script or hack that is still on my webserver that will still allow these jerks access eventhough I have NukeSentinel installed?
|
There are many threads here regarding getting hacked and I hate to say it, but, depending on how they are getting in, NS may not stop them either. NS will not always protect you from poorly written scripts. For example, anything which allows someone to upload a file, such as a photo gallery, or even some Chat systems, are very vulnerable to this.
You have to find out how they are getting in. You may need to get your host involved, but you should also be able to review your Apache access logs around the time-frames you suspect it is happening and look for how they are doing it. However, if they have compromised someone else's account, or worse, "root", on the same server, they could be doing this even outside of PHP-Nuke.
Let us not continue this other thread here as it clouds the original issue. If you run into issues with your analysis, please search for similar "I've been hacked" type issues and if you still need specific assistance with something you are seeing, please post in maybe the PHP-Security forum. |
| |
|
|
|
|
|
|
![[Valid RSS]](https://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
