>> Site Map >> Forums >> PHP-Nuke Security
Forum module - topics in forum:
PHP-Nuke Security - Been hacked? or have a question about securing your site, here's the place.
any way of testing security on my site?
Hi guys;
long time since I posted (sorry!)- but then again my site has been ok ish for the last few months........
Last week, someone managed to hack my site. I only found out from an irate email sent regarding a phishing link for paypal set up pointing towards one of the directories.......
We think they got in through an install of os commerce, using the admin bit tgo upload files, etc.
Since then, we've done the following;
1. Removed the oscommerce installation. Completely. (Apart from the tables in the database)
2. I'm on shared hosting- so we've changed my user name on the server
3. Changed the default user for the database- both the nuke username AND re-done the passwords using a mixture of uppercase, lowercase, numbers and special characters.
Apparently they were running a php shell, or something? (I know not what that is)- but the host has removed this capability for my on the server.
I've got nuke 6.9 patched, with Sentinel and DisError installed- in theory those following links in emails to the phishing site now go to an error 404 (or it comes up with "not authorised")
I've notified Paypal and have offered logs, etc. to see if it helps to find who the culprits are. Initial thoughts are they dropped three files onto the server (in an images directory, I think) in the shop installation part- two php files and a zip file. (Italian, if you are interested)
Last night, I got a rather nasty email through the contact us/ feedback feature on the site- luckily I've got IP tracking installed, so managed to find their IP address and add it to the Sentinel blocked list (I don't need the aggro)
I know at least 120+ people had followed the email links within the 6 hours or so they had set it up. I also know that at least 8 accessed a file called keylogger.php or similar......
So, on to my question:- is there any way I can test the site/ check there are no bugs/ errors/ folder permissions u/s / and everything is upto date?
I don't want to migrate to 7.xx - I had a site with this on, and didn't like it. (one of those gut feeling type things)
Any help/ suggestions welcome.
Is there any way I can tell if additional files have been placed elsewhere? I've asked the host to see if they can limit ftp access down to one IP address (I have a static IP address at home)- they are going to get back to me on this.
The site also has a version of gallery installed. (1.4.4 pl6)- I think the newer version I tried on another site had issues with regards integration..
If nobody has any suggestions, not a problem, I hope it's given some of you a "heads up" on other issues.
It looks like they had not messed with my nuke install- no additional admins attempted, etc. There's over 3 years worth of data on the site, and over 5,000 registered users (and over 9,000 photo's!)- so you can see why I am slightly concerned....
Thanks.
Andy
Problem is andy that you're missing out on any patch updates with 6.9, only 7.0 onwards now gets its patch updated.
By running 6.9 you are unfortunately leaving yourself open.
If nothing else maybe you could install the newest sentinel.
Thanks mate.
Is there a list of things I need to change so I can patch myself (I know it's not recommended due to amount of files and changes- I'm likely to bugger something up)
I'm sure the patches come with a list but if not.
2.9 http://www.nukefixes.com/ftopict-1251.html http://www.nukefixes.com/ftopict-1275.html
3.0 http://www.nukefixes.com/ftopict-1386.html
3.1 http://www.nukefixes.com/ftopict-1648.html
As always, you are a star!
I've been searching around a few of the "regular" nuke sites this last couple of days (been busy on other stuff, so not frequented any for a few months *ahem* - a LOT of them have changed, or do not appear to be offering the amount of support as they used to. Unless I was looking at the wrong places.
Raven's site- no forums for nuke? Just hosting?
Just a thought- thanks anyway
