| Author |
Message |
rith
New Member
Joined: Sep 12, 2006
Posts: 7
|
 Posted:
Wed Sep 13, 2006 12:01 pm |
|
To make a VERY long story short, my site became much more popular the last couple months, I guess that attracts hackers  Well we were attack with the top news post saying 'pwned by g00ns ect ect.' about 2 days ago.
So I spent the next couples hours changing the admin passwords, creating new database users and delteing the old ones, and loading up p3.2b.
Everything seemed perfect, until yesterday at around 5pm the site seemed as if it could not connect to the nuke portion of the database: the news was gone, total member = 0, ect. - but certain non-nuke tables were working just fine (phpraid, eqdkp)
I went on and spent hours trying to find out wtf happened and learned that the DB was fine, and the ftp files were fine. So I went in and looked at the DB users - they had the right permissions, I unchecked and rechecked them. BAM the site worked perfect.
So later that day I loaded up Sentinal (amazing BTW) and had it set to track all IPs among other things.
Now I got on this morning and the site had lost connections to that individual DB user again (note all 3 other DB users still were connected just fine, it was only the nuke one)
So I looked at al the IPs that touched the site and they were all legit and people I know.
So now I'm wondering if this is not a hack but rather a glitch. It never did this until p3.2b.
Inout please.
Thanks in advanced,
Rith |
| |
|
|
|
evaders99
Former Moderator in Good Standing
Joined: Apr 30, 2004
Posts: 3221
|
| Posted:
Wed Sep 13, 2006 2:19 pm |
|
It's weird that phpNuke is losing the connection, but the other scripts aren't. Is your SQL server stable?
THere have been reports of hacks against phpRaid and eqdkp |
_________________
- Only registered users can see links on this board! Get registered or login! -
Need help? Only registered users can see links on this board! Get registered or login! |
|
|
|
rith
|
| Posted:
Wed Sep 13, 2006 3:19 pm |
|
Ill try to explain the best I can in more detail -
When this happens, the site comes up with no errors (error printing is turned on in the config.php) but the news is gone, the membership block reports that im not signed in and the total member reads 0. Whenever I try to sign in it says name does not exist, and when I try to create a new member it gets to the last step and once you hit confirm it says '_ERROR'. Because im not signed in I can not goto the forums or other places since it is members only.
During this problem, one thing that I noticed was that the 'Menu' block shows up and works just fine... which is wierd because thats part of phpnuke and would connect to the database to grab the 'menu' just like the other things.
Before the update to p3.2b the site never had this problem for over a year.
Also my phpraid has been reinforced and reinforced again, im pretty sure its as secure as it can get as of this point. But im not to sure of EQDKP. - note phpraid and EQDKP access the DB using two different names.
What would cause the site to be able to access only certain parts of the DB and not others on the same DB username. This is beyond my knowledge.  |
| |
|
|
|
|
rith
|
| Posted:
Wed Sep 13, 2006 8:01 pm |
|
Hmm happened again a couple minutes ago, but this time I got a error:
phpBB : Critical Error
Could not obtain lastvisit data from user table
DEBUG MODE
SQL Error : 1226 User 'DBUSERNAMEHERE' has exceeded the 'max_questions' resource (current value: 50000)
SELECT * FROM nuke_users WHERE user_id = '410'
Line : 74
File : sessions.php |
| |
|
|
|
|
rith
|
| Posted:
Wed Sep 13, 2006 8:20 pm |
|
I understand what that means but it doesnt make sense... why happen every 8 hours since the upgrade. Could their be a leak in the patch that runs up the number of resources? |
| |
|
|
|
|
Tao_Man
Involved
Joined: Jul 15, 2004
Posts: 252
Location: OKC, OK
|
| Posted:
Thu Sep 14, 2006 10:30 am |
|
what version of nuke are you using? did you install Nuke Sentinel 2.5.02 or another version? Your hosting company is cutting off your nuke db user name, because of the 50000 limit. It is possable that someting in nuke or the patches has caused an increase in db calls more then you had, but you may have been very close to this limit to begain with. |
_________________
------------------------------------------
To strive, to seek, to find, but not to yield!
I don't know Kara-te but I do know cra-zy, and I WILL use it! |
|
|
|
|
rith
|
| Posted:
Thu Sep 14, 2006 11:41 am |
|
That sounds very possible - its phpnuke 7.8 (i know i know) and NukeSentinel(tm) 2.5.01. I have set up 4 DB names for nuke and Im going to see it that works |
| |
|
|
|
|
evaders99
|
| Posted:
Thu Sep 14, 2006 3:36 pm |
|
It is your hosting company limiting you. You should get another host without such restrictions - phpNuke is a database intensive script |
| |
|
|
|
|
rith
|
| Posted:
Thu Sep 14, 2006 9:45 pm |
|
hmmm.... Now this limit we speak of, it is by monitered by per DB username, or as a total of the site. I set up 4 names for DB and it still happens on one or two of them, but not the others... now while thier is a chance of hitting 50,000 requests on a simgle name, but its unlikly that when the site randomly picks one of 4 names, that one of them hits that limit. |
| |
|
|
|
|
Tao_Man
|
| Posted:
Fri Sep 15, 2006 10:16 am |
|
Well I can't know how your host is set up, but most of the people that had this problem with there host it is on a per user name basis. |
| |
|
|
|
|
evaders99
|
| Posted:
Fri Sep 15, 2006 8:44 pm |
|
|
|
|
|
|
|
![[Valid RSS]](https://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
