have 7.9, need security, will pay for help!

New Member Joined: Jul 30, 2006 Posts: 16

ok, here's our problem(s): we currently have nuke 7.9. After all the reading I've done on here, I now believe that's probably not the best idea!! I've spent several hours trying to install sentinal on it, on a few different occasions, all of which end the same...badly! Mad

...I search for (and usually find) each problem as I come accross it, and fix them as is recommended here, but every time there is a new problem, then another, and another, and another...you get the idea, and it seems like MANY of you have had the same dillemmas. So today, for the third time, I have given up, deleted it entirely and undone all the file edits.

Our nuke site (spaceaceonline.com/phpnuke) has over 400 members, and approximately 30 blocks, 30 modules. We've been hacked recently, thankfully with not MUCH deletion, but highly annoying nonetheless.

Our goal is to have a secure site...or as secure as possible, without having to get everyone to sign up again.

We would like to either
A: successfully add sentinal to our existing nuke 7.9
B: switch it all to Raven
C: downgrade to a lower nuke version and add sentinal successfully to that
D: whatever you recommend is our best bet

So here's our questions:
What is the best thing for us to do at this point? Options?
Would anyone be willing to do it for us, and at what cost?

We are at our wit's end, and will gladly pay someone who knows what the heck they're doing, as we, apparently, do not! Confused

Any help would be GREATLY appreciated!!! Smile

registered · Site Admin Joined: Jun 04, 2004 Posts: 6437

The first thing to do is to figure out how they are able to get access. Check your server logs for details. Likely, it's through the forum administration. You can find in the forums here instructions for protecting that, as well as the admin.php file using HTTP Authentication.

I'm not sure what it would take to switch from 7.9 to RavenNuke (based on 7.6), but you might consider using NukeScripts.net's downgrade from 7.7 / 7.8. 7.9 is supposedly more secure than previous versions, but...I guess you know the truth in that.

There may be some who are able to assist you. Unfortunately, I don't have the time to do that right now.

registered · Posted: Sun Jul 30, 2006 9:15 pm

If you like, I can move this to the "For Hire" forum.

Posted: Mon Jul 31, 2006 5:43 am

kguske, thank you, i believe they did in fact get in through the forums, and i'm working on getting the http authentication to work right now..

montego, oops, i didn't see that forum...that would be great, thank you!

Posted: Mon Jul 31, 2006 5:50 am

Topic moved and <bumped>

Posted: Mon Jul 31, 2006 8:12 am

frehleyfreakey wrote:

kguske, thank you, i believe they did in fact get in through the forums, and i'm working on getting the http authentication to work right now..

montego, oops, i didn't see that forum...that would be great, thank you!

it may be simply a matter of upgrading your Forums.
Are you using the latest phpbbtoNuke forums?
2.0.21

Posted: Mon Jul 31, 2006 10:53 am

myrtletrees wrote:

it may be simply a matter of upgrading your Forums.
Are you using the latest phpbbtoNuke forums?
2.0.21

Thank you, we had 2.0.15!!! I'm upgrading now, never even occurred to me to check! Embarassed

Posted: Mon Jul 31, 2006 11:17 am

I would advise against 2.021 for the moment.
Go for 2.0.20

You might want to list any modules you have added as some have known problems and check wether you have any files in your nuke root which are world writable.

Posted: Mon Jul 31, 2006 11:42 am

Guardian2003 wrote:

I would advise against 2.021 for the moment.
Go for 2.0.20

You might want to list any modules you have added as some have known problems and check wether you have any files in your nuke root which are world writable.

I run 2.0.21 on 4 Nuke sites I manage and have never had an issue.

Are there known issues?

Posted: Mon Jul 31, 2006 1:15 pm

Really?
Please let me know if you have any issues adding smiley packsor if the bbcode 'quote' tags are working if the forum config has 'allow html' enabled.
There are some other issues that have been reported (I think Hitwalker mentioned a couple in some other posts here).

Posted: Mon Jul 31, 2006 1:53 pm

Guardian2003 wrote:

Really?
Please let me know if you have any issues adding smiley packsor if the bbcode 'quote' tags are working if the forum config has 'allow html' enabled.
There are some other issues that have been reported (I think Hitwalker mentioned a couple in some other posts here).

k.

This is one site running Nuke 7.6 stock with Chatserv's pl3.2a and phpBB port 2.0.21, from nukeresources.com

I checked posting a reply with Quotes, from before login and after, both worked, even before loggin, it redirected correctly and had the quote there. Not like the old error that used to be "No Post topic defined" when trying to reply with quote prior to logging in.

Where can I get a smiley pack? *.pak file? That is what the admin Smileys import calls for.

Do you have a link to hitwalkers post, or maybe I can find it. Be interesting.

Posted: Tue Aug 01, 2006 10:38 am

Guardian2003 wrote:

I would advise against 2.021 for the moment.
Go for 2.0.20

You might want to list any modules you have added as some have known problems and check wether you have any files in your nuke root which are world writable.

thanks...we don't actually use the forum for anything but the mailing list, so we haven't added any modules or anything...and by world writable, you are referring to the chmod, yes?

Posted: Tue Aug 01, 2006 10:58 am

Yes thats correct.

Posted: Tue Aug 01, 2006 5:13 pm

Great, thanks for the advice!

For now we are just banning any bad IPs that are listed on sites whose sentinal DOES work (along with the ones we caught), and we haven't had any hackers since...maybe I'll try installing the sentinal again myself this weekend...

Thanks all! Mr. Green