 |
|
 |
 |
Menu |
 |
|
 Home |
| |
|
 Discussions |
| |
|
 Tools |
| |
|
| Affiliates |
| |
|
 Content |
| |
|
 Info |
| | |
|
|
|
|
|
User Info |
|
 Membership:
 Latest: MichaelSnaRe
 New Today: 0
 New Yesterday: 0
 Overall: 9144
 People Online:
 Visitors: 49
 Members: 0
 Total: 49
|
|
|
|
|
|
Full disclosure |
|
|
|
 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
|
Ways to protect ones Php-Nuke Site. |
|
 Posted: Tue Jun 29, 2004 3:58 am |
 |
|
| Emerica |
| Beginner |
 |
|
| Joined: Jun 28, 2004 |
| Posts: 1 |
|
|
|
 |
|
 |
|
Two days after loading a newer 6.9 -> 7.2 My nuke site starts to get slammed from Sk's. I had a look at the logs, and sure enough.
Looks like one person started, passed info to another then he deleted the first and took over, posting some text via stories admin and was into the Forums stuff. I fixed the admins table and started looking around things to help.
After a bunch of reading at other sites and then alot of here it seems the best nuke install is either no nuke install, or a very very slim one. That is untill FB or someone nice comes along and wants to patch it all.
What i have done is slim it down. And i would like your ideas on what other areas would be avaliable to exploits.
Currently ive removed almost every module except for:
News
Your Account
Now i realize that alot of you would have use for more modules. but on this install i dont. I guess the idea is remove what you dont use, its just gonna get exploted. 
So i did the same thing with the admin stuff as well, ie Backup DB? Um ya thats fun. Gone. There are good tools for this purpose 
Pretty much anything that had to do with the modules i deleted before was removed. This is mainly just incase someone does manages to get a admin cookie going and manages to get by the server (below).
The next thing i did was do a little bit of searching on .htaccess and have a look about permissions for single files. Then i blocked access to my admin.php to only my ip. You could password this too.
<Files admin.php>
deny from all
allow from xxx.xxx.xxx.xxx
</Files>
Im thinking the htaccess stuff would have its flaws too
(someone else here might be of better information there)
But restriting it to my ip seems to work great, if my ip changes i can ftp in and fix it up.
Id like to know what areas may be affected. Ill be seeing how this works out over the next few days i guess |
|
|
|
|
|
|
hrmm |
|
| Posted: Tue Jun 29, 2004 5:48 am |
|
|
| icenix |
| Advanced user |
|
|
| Joined: May 13, 2004 |
| Posts: 106 |
| Location: Australia |
|
|
|
|
|
|
interesting,
best way is to not let them get to you,
if you show that you have dissabled such things, its them winning 
why not just patch your site completley?
Install maybe some "protector" or somthing similar?
restricting you IP to Admin Login would seem quite logical and effective, although multiple administrators would soon become a pain in the ass,
not to mention Dynamic IP addresses (if you have one / if one of your administrators had one)
currently Waraxe, the crew and I are designing our www.waraxe.us nuke site and Waraxe the almighty PHPNuker himself is in the progress of making sure all the coding is perfect,
No Doubt if they are severley harming your site then their using an Administrator exploit or something there-of,
Patch your site so that these people(s) can-not access it,
with every exploit that waraxe publishes there is a solution present / workaround / patch available.
Just do alittle Research
Will be interesting to see how you overcome your problem! |
|
|
|
|
|
www.waraxe.us Forum Index -> PhpNuke
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|
