|
|
|
|
Menu |
|
|
Home |
| |
|
Discussions |
| |
|
Tools |
| |
|
Affiliates |
| |
|
Content |
| |
|
Info |
| | |
|
|
|
|
|
User Info |
|
Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 53
Members: 0
Total: 53
|
|
|
|
|
|
Full disclosure |
|
|
|
|
|
|
|
|
|
IT Security and Insecurity Portal |
|
|
www.Nuke100.com sploited |
|
Posted: Fri Aug 27, 2004 12:46 pm |
|
|
Harry |
Regular user |
|
|
Joined: May 20, 2004 |
Posts: 14 |
|
|
|
|
|
|
|
www.nuke100.com was exploited by someone yesterday, it wasnt any of the exploits listed here....anyone aware of the new exploit? |
|
|
|
|
|
|
|
|
Posted: Fri Sep 03, 2004 11:08 am |
|
|
shane |
Beginner |
|
|
Joined: Sep 03, 2004 |
Posts: 1 |
|
|
|
|
|
|
|
hmm...
reet, well guys, nuke100 is my site.
when i first iinstalled it using nuke 7.3 i did have it checked out for sql injections etc by a few of the guys from nukecops, and got the green light saying that everthingwas kool.
but last week i was defaced on the front page.. no biggie, i can handle that, i even admire the cheek of a hacker sometimes, because the message said, that they could have done more if they had wanted.
the problem is... they sent a newsletter to each and everyone of members asking them to "download a freesms.exe" file. which i would be presuming would end up being a trojan or even worse a possible premium rate dialler software.
which has opened my eyes, because i always assumed the hacking was for a little fun by script kiddies.. obviously its a multi million pound industry for scammers with the ?1.50 per minute diallers nowadays.. scary.
but that aside.. what the hell can i do to protect myself ??
i have removed the admin.php file now (not renamed, but deleted all together until i need it, when i then upload it again) i have also done the same with all my admin modules, is this enough?
any ideas appreciated.
cheers
shane. |
|
|
|
|
|
|
|
|
Posted: Sat Sep 04, 2004 2:50 am |
|
|
Harry |
Regular user |
|
|
Joined: May 20, 2004 |
Posts: 14 |
|
|
|
|
|
|
|
Deleting admin.php is fine...I would rather password protect my admin.php using a .htaccess.... you got a cool site.... theres one flaw on ur site tho..anyone can cheat by voting multiple times frm same ip within 24 hrs....you need to care of tht |
|
|
|
|
|
|
|
|
Posted: Fri Dec 24, 2004 10:18 pm |
|
|
tokugawa |
Beginner |
|
|
Joined: Sep 24, 2004 |
Posts: 4 |
|
|
|
|
|
|
|
Hellow, remove admin.php isn`t necesary, with the .htaccess and .htpasswd files you can restrict access to any file with password or generating 403 error.
in http://slp.cl you can find manual for htaccess and htpasswd uses on apache servers, or you can read the apache manual, downolad from http://apache.org.
Sorry for mu bad English, but my language es the Spanish and the English language education in the Estatal Schools are Bad, i'm learning speak "This is a Window, this is a door, this is a pencil" jaajj the education of english language is very bad. |
|
_________________ the hack is for construct no for destruct, sorry mi english is bad. |
|
|
|
www.waraxe.us Forum Index -> PhpNuke
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|