site got hacked via an SQL injection

  Post new topicReply to topicPrintable Version
<< View previous topic View next topic >>
Share: Del.icio.us  Digg  Google  Spurl  Blink  Furl  Y! MyWeb  
#1   site got hacked via an SQL injection
fr34k
CZ Super Newbie
fr34k has been a member for over 20 year's 20 Year Member
Status: Offline
Joined: Oct 29, 2004
0.00 posts per day
Posts: 36
Points: 464
   
Hi guys
wondered if someone could help me out.
This morning i put my website on only to find all the right/left and top center blocks had disapeared with a large logo in it's place saying 'you have been hacked by .......'
Underneath this it displayed a resolution to the problem, it said:
You have been hacked by ..... SQL injection through referals modules. To sort this problem out either deactivate the module or delete it from your site.

I have done this and made sure the last referals module has been removed from the site via [ Register or login to view links on this board. ] and so far the site has been returned to it's former state. I have also changed the god admin passwords for the site.
This hack also required me to go into my admin panel site preferences and change all the information (when hacked the site name was called: you have been hacked by....)

We are currently running nuke 7.9 patched with Nuke Sentinal which is all up to date.

The problem i have is that i only know the basics of phpnuke, and nuke sentinal was installed and setup by a guy i had woerking for me some months ago. Since he no longer works on my site i have no idea of how to increase the site security to ensure this doesn't happen again. I was told that messing with nuike sentinal can seriously mess up your site if you dont know what you are doing.

Any help on this would be greatly apreciated. currently our nuke sentinal settings are:

Help System Type: On Image Click
NukeSentinel(tm) Status: Enabled
IP Lookup Site: DNS Stuff
Force Nuke URL: No
Page Delay: 5
Flood Delay: 2 (Only if Flood Blocker is activated)
Display Link: All Visitors
Display Reason: All Visitors
Site Switch: Site Enabled
Default Page: Site reason
Block Proxies: Off
Default Page: Admin
AutoClear Blocks: Off
Santy Worm Protection: On
DOS Protection: On
Admin Auth: Off

This type of hack was a quick 5 mins put right job, however if they have done it once i fear it will only get worse.
Any guidence'/help on how to step up the site secuirity would be greatly apreciated.

thanks


`



Back to top Reply with quote
#2   re: site got hacked via an SQL injection
rlgnak
CZ Super Newbie
rlgnak has been a member for over 20 year's 20 Year Member
usa.gif alaska.gif
Occupation: College
Gender: Male
Status: Offline
Joined: Jun 22, 2004
0.01 posts per day
Posts: 62
Points: 3,367
   
too understand how it happens and how to fix it in php ( i don't know if you know php very well tho ). these are all more technical.
[ Register or login to view links on this board. ]

a second way to fix it is to apply addslashes function to all the variables that apply to the mysql query. [ Register or login to view links on this board. ]

and lastly i don't recommend it because it usually messes up phpnuke is magic_quotes which automatically does it to everything. [ Register or login to view links on this board. ]

OR you could post module and i bet someone would look into it for you.

assuming he's telling the truth and it was referral module and it was an sql injection and not him just running a password cracker thats one of the usual things people do and just say something like that to sound smarter icon_rolleyes.gif

to stop that one go into your config.php and change
$gfx_check = 0;
to
$gfx_check = 1;




_________________
[ Register or login to view links on this board.]
Back to top Reply with quote
#3   re: site got hacked via an SQL injection
fr34k
CZ Super Newbie
fr34k has been a member for over 20 year's 20 Year Member
Status: Offline
Joined: Oct 29, 2004
0.00 posts per day
Posts: 36
Points: 464
   
hi rlgnak
Thanks for the reply.
Ive looked at the various links you gave and don't have a clue what they are telling me to do.
If i know what file to go into and what text needs changing i can do that no probs, anything beyond that is way too complicated icon_smile.gif

I have changed the string of text you suggested in the config.php:
$gfx_chk = 1;

Is there anything else i could do to further increase the site security to prevent this sort of thing happening again?

The guy who used to do our website work did tell me that our site is very secure and it would take a person who knows their stuff to access and ruin any of it (don't know how true that statement was)

Any suggestions are greatly apreciated.
Thanks



Back to top Reply with quote
Display posts from previous:      
Add To: Del.icio.us  Digg  Google  Spurl  Blink  Furl  Y! MyWeb  
<< View previous topic View next topic >>
Post new topicReply to topic

Jump to 
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum