>> Site Map >> Forums >> PHP-Nuke Security
Forum module - topics in forum:
PHP-Nuke Security - Been hacked? or have a question about securing your site, here's the place.
Another hackee - need advice please
Hi!
A site I admin has been hacked and is being redirected elsewhere (http://www.sharingadvice.com).
I understand that i will need to make changes to my database to fix this, yes? Small problem. The other site admin who installed the whole thing is very ill and until she gets out of ICU i'm on my own figuring this out. And i'm a little... erm php remedial.
Don't suppose someone could give me a hint, which files i'm looking for in php myadmin and how/what to change?
thanks in advance
| Quote: : |
I understand that i will need to make changes to my database to fix this, yes? |
Not necessarily.
Check Admin/Messages first off.. to see if its being redirected from there..... also have a look in Admin/Preferences to see if its been placed in one of the Footers.
Whilst in Adin panel have a check for extra admin accounts that may have been created - and delete them - if there are extra God accounts these will need to be removed via phpyadmin from the nuke_authors table.
Change your admin password and get some security installed - such as Sentinel.
Got a URL for us to see?
yes there was something in the footers, and i removed it. and there was something in the nuke_message table, removed that too.
still no joy tho! there are no extra admins added. i have checked the regular users and there were a couple that joined over the weekend while i were away, that were most likely just spammers (russian emails etc). they are gone.
any other places i should look? i'm kinda reduced to looking at all these files one by once since i'm not confident in using any of this.
I have already downloaded sentinel and will install as soon as this is fixed. we were in the middle of a complete site upgrade when this happened, and as i mentioned above the woman doing it for us is quite ill so i'm left trying to figure it out. I'm really appreciative of the help
oh and the url is http://www.sharingadvice.com
ok i tihnk i fixed it!!! there was a custom title added to one of the modules in nuke_modules, which had a script in it. i have removed that and we have access now.
thanks for this forum's advice, i'd be lost without it
ok off to do something about my security lol!!!
Seeing as you are dealing with security now, I would first downgrade your version of nuke! Looking at your source code, I can tell you're using version 7.7+. Have a read through this: http://phpnuke-uk.net/modules.php?name=Forums&file=viewtopic&p=26050
If you install one of the recommended versions, it will come included with Sentinel.
ah.
don't suppose there's an idiots guide to downgrading then? i'm sure you might have noticed i'm a bit php retarded
so - 7.6 comes with sentinel, yes? so i can just not load that up now? how at risk am i of deleting crap that i need? (how long is a piece of string...) i just mean, with a set of clear instructions i'll be fine, but if it's tricky and requires decent knowlege of my database then not so good?
First of all, the standard version of 7.6 does not include sentinel.
Firstly, you will need to download the standard 7.6 ( link ). Then, download the downgrader script ( link ).
Before continuing, backup your DB incase anything happens.
Next, upload the file that came with the downgrader to the root of your nuke install (the folder will have files like config.php and manfile.php). After it is uploaded, type in the address to it in your browser (should be http://www.sharingadvice.com/downgrade78-76.php). Follow the instructions it gives you. After that is finished, you will need to upload the 7.6 files.
Firstly, delete all the 7.8/7.7 files. Once they have been deleted, upload the 7.6 files and remember to change config.php (Instructions on how to edit it are here: link ). DON'T upload the db inlcuded with 7.6 as you already have the one that you downgraded to.
After you have done that, go to your site and see if everything is working properly. Make sure you still have all the content you used to have. If everything is working fine, you can install sentinel.
Download sentinel ( link ). To install it, just follow the instuctions that came with it.
