My site was recently hacked running 7.8 not patched. I went through the log file and found out where they hacked me from...it's a site with a hack webpage that you put the admin name in (don't even need a PW) and then tell it to create a new admin and voila...it creates a new admin that gives you access to everything!!
I took a back up that I had from the 29th and threw it up on a test site and applied the new 3.2 patches for 7.8 with bbtonuke 2.0.21NP. I go to the site where the hacker got me from and ran their little script and it's still creating an admin account!
Short of installing Sentinel (if that will even work) what can be done?? I will not post the site and the hack here so if you would like to see it, please let me know and I will PM it to you...admins only!!!
Please help me out on this if you can...Evaders...I'm sure you have an answer for me!!!!! If you need more information, please let me know!!!
Thanks!
Last edited by TRUFR34K on Thu Aug 03, 2006 2:34 am; edited 3 times in total
OK...I have changed my admin.php file to a different name and that seems to give the hack site a 404 error...but whenever I try to do certain things inside the admin panel, it gives me an access denied! Any suggestions on that as well as I think changing that file will help prevent this??
The site that is running the hack, has a title of php-nuke-sql injection if that helps at all!!!!
Well if your mainfile.php has the Patched copyright code, you should be running it. Make sure you have uploaded all the files.
As I told him, by itself, that script can't do anything. It needs to figure out your admin login hash... which is usually done by stealing your admin cookie. Somewhere, the hacker has used code to grab that data, usually by inserting javascript code on your site. When you hit it, it sends back to the hackers site and gives them the correct hash. You need to change your admin password ASAP. Also, it does require knowledge of the admin script name, which you changed.. that's a good thing.
- Did you change your admin file in the config.php ? Are you running older scripts that don't support 7.6 and higher?
You may need to secure your site with Sentinel too. Also, any other insecure modules you are running? vWar and coppermine seem to be active targets. Also anything that allows uploading?
Check your site for any backdoor files your hacker has left behind
I did change my admin.php filename as well as reflected it in my config.php but over 95% of my admin functions are not working. They give me the access denied...any suggestions on that?
You know...I do have an attachment mod loaded on my website...do you think they could have used that to insert javascript? And I am unsure if that is safe for 7.8 or not...it doesn't really say anything about what version it's for! But my question is, the person that did this hacking...the first time he entered my site, he did nothing other than go to the search function...which I thought he was doing to find out an admin user name. The next time he connected to my site was through the link that I gave you. Why wouldn't I see him connecting to try and insert some javascript to gain my PW through my cookies?
Also, is the reason that I can automatically create a new admin account because my admin info is in my cookie??
And last question...for now...if I just insert my backed up sql file and recreate my db, can I just upload 7.6, run the de-stall script and be running 7.6? Is that possible? I just don't want to lose any of my users or forum information.
As soon as I am done with upgrading/downgrading, I will be installing sentinel!!!
OK Evaders I have destalled to 7.6 and patched it up to 3.2b...and it's great!!! EXCEPT for ...it's adding the slashes when I edit things in the admin panel. I have exhaustively searched and found some things but nothing that works for me!! Can you point me in the right direction on this?? I know that you have to have an answer for this!!
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
Latest: 
Visitation: 
