| Author |
Message |
triple7
Hangin' Around
Joined: Jul 28, 2008
Posts: 25
|
 Posted:
Sat Sep 27, 2008 8:17 am |
|
Hi all,
I run a small gaming site, and recently, it was compromised and used to send spam.
I noticed the hack in relatively short order, and deleted all the scripts the hacker uploaded, which stopped the spam.
In that time though the host locked our account due to spam. They have since unlocked it becuase the issue was stopped, however, they sent me some suggestions on what to do to shore up the points of entry.
I am a server admin, but have very little experience in php nuke.
So I have to ask you for your help, and any ideas would be greatly appreciated. Here is the text of the mail that the host sent us:
> please tell your server guy to close the intrusion points, too.
> He did a good job so far. The intrusion points were:
>
> Domain /Script $Variable(s)
> /ultrastats/include/functions_common.php $gl_root_path
>
> and ./admin.php
>
> We changed the mode both to 200 to prevent further hack attempts.
> Please update both scripts. You will be unlocked after this email.
>
> Best regards,
>
> Abuse Team
> --
> Abuse Department
OK, so I dumped the ultrastats module since we're not using it anyway, that one is taken care of.
1) I can't quite figure out what "Domain /Script $Variable(s)" is or what I should be doing to fix it?
2) I know there are steps to be taken to protect admin.php, but I am also a little lost on what to do there.
I didn't install this site, just transferred it over to the current host and kept the original file structure and .htaccess settings.
any advice you can gve would be greatly appreciated.
Thanks
Triple7 |
| |
|
|
|
Raven
Site Admin/Owner
Joined: Aug 27, 2002
Posts: 17088
|
| Posted:
Sat Sep 27, 2008 11:01 am |
|
On #1 you need to get clarification from your host.
On #2, if you are using NukeSentinel(tm) correctly, then your admin.php is already protected via .htaccess. |
| |
|
|
|
|
triple7
|
| Posted:
Sat Sep 27, 2008 12:12 pm |
|
| Raven wrote: | On #1 you need to get clarification from your host.
On #2, if you are using NukeSentinel(tm) correctly, then your admin.php is already protected via .htaccess. |
Great, thank you very much.
Just to be certain because i didn't check before the host changed it to 200, the file attributes for admin.php should be 755?
Thanks again. |
| |
|
|
|
|
Susann
Moderator
Joined: Dec 19, 2004
Posts: 3191
Location: Germany:Moderator German NukeSentinel Support
|
| Posted:
Sat Sep 27, 2008 12:45 pm |
|
644 is admin.php and folders have normally 755 |
| |
|
|
|
|
triple7
|
| Posted:
Sat Sep 27, 2008 9:30 pm |
|
| Raven wrote: | On #1 you need to get clarification from your host.
On #2, if you are using NukeSentinel(tm) correctly, then your admin.php is already protected via .htaccess. |
I am sorry, I am using NukeSentinel, but I guess the question remains if I am using it correctly.
I cannot say that I am, as I have little exposure to it, and didn't set the site up.
Do you have a link for a walk through or setup guideline?
Thanks again |
| |
|
|
|
|
Raven
|
| Posted:
Sat Sep 27, 2008 11:24 pm |
|
|
|
|
|
triple7
|
| Posted:
Sun Sep 28, 2008 7:37 pm |
|
I didn't have the directory but I dowloaded it and put it back up into the site.
I followed all the instructions, and it doesn't seem to be working, let me qualify this:
My server is using the CGI Auth.
So, I followed all the steps in the setup file, and now, when I try to hit admin.php, I am prompted for a PW, but I put in my username and PW, and it doesn't authenticate.
I went into edit under the user admin in NS and I see my username, but the password has changed from what it previously once was? I also tried to put in the PW that was listed in NS, and no go.
Any help you can provide would be greatly appreciated. |
| |
|
|
|
|
montego
Site Admin
Joined: Aug 29, 2004
Posts: 9457
Location: Arizona
|
| Posted:
Tue Sep 30, 2008 6:00 am |
|
triple7, now that you have a specific issue/questions around NukeSentinel setup, I would search the forums or look in the NukeSentinel forums for your answers and if you cannot find them there (doubtful), you could open up a new thread under the appropriate forum.
But, do let us know what the answer was to 1) as I too have no idea what they are referring to. |
_________________
Only registered users can see links on this board! Get registered or login!
Only registered users can see links on this board! Get registered or login! |
|
|
|
triple7
|
| Posted:
Fri Oct 03, 2008 3:42 pm |
|
| montego wrote: | triple7, now that you have a specific issue/questions around NukeSentinel setup, I would search the forums or look in the NukeSentinel forums for your answers and if you cannot find them there (doubtful), you could open up a new thread under the appropriate forum.
But, do let us know what the answer was to 1) as I too have no idea what they are referring to. |
It's supposed to be like a header for the list of compromised files.
Domain is your damin script/or variable is what was compromised.
i guess they could have been a bt clearer.
Still don;t have my Admin Auth working yet.. |
| |
|
|
|
|
|
|
![[Valid RSS]](https://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
