Knowledge Base Navigation

Articles: 51 Categories: 8

KB Article: Nuke Security

Article:Nuke Security     Popular
Submitted By:Telli
Date Added:12-13-2005 9:49:48
Hits:8,621



Some tips on tightening up your Nuke site.

These are tips from all over if I don't credit the original author I apologize. This article is due to the recent attacks on Nuke sites.

First things first, change your passwords on a weekly basis and make it hard to guess, an example of a good password is "68gzJ8A2x", and a bad example of a password is "admin". You have to make it tough for someone that wants to expose (hack) you.

Don't give out your password or user name to anyone! PERIOD! If you need help on your site then make them an admin with temporary rights and make sure you know who you are giving it to.

Don't use the same password for your FTP, database, site or hosting Panel you're just asking to get everything destroyed if they get your information.

It's a good idea to put your config.php file outside the
Web Server path, then you can create a new config.php with this line in it:

<?php include("../config.php"); ?>


The best automated protection that I have seen is the [ Register or login to view links on this board.] it automatically bans IP's if they attempt SQL injections or breeches on the admin.php. Although this isn't 100% secure it reduces your chances greatly.

Now, on to some file editing. Before you begin make sure to make a back-up of your original. I won't be held responsible if you mess up your site. I will show you the code and where to replace or place it then explain what it is doing.

Fist one and probably the most important will be to edit the db/mysql.php where all the SQL queries go before they hit your database. Find in db/mysql.php the following function.



   //
   // Base query method
   //
   function sql_query($query = "", $transaction = FALSE)
   {
      // Remove any pre-existing queries
      unset($this->query_result);
      if($query != "")
                {

         $this->query_result = @mysql_query($query, $this->db_connect_id);

      }
      if($this->query_result)
      {
         unset($this->row[$this->query_result]);
         unset($this->rowset[$this->query_result]);
         return $this->query_result;
      }
      else
      {
         return ( $transaction == END_TRANSACTION ) ? true : false;
      }
   }


And replace it with:


   //
   // Base query method
   //
   function sql_query($query = "", $transaction = FALSE)
    {
        // Remove any pre-existing queries
        unset($this->query_result);
        if($query != "")
                {
            $query = eregi_replace('UNI0N','UNI0N', $query);
            $this->query_result = @mysql_query($query, $this->db_connect_id);

        }
        if($this->query_result)
        {
            unset($this->row[$this->query_result]);
            unset($this->rowset[$this->query_result]);
            return $this->query_result;
        }
        else
        {
            return ( $transaction == END_TRANSACTION ) ? true : false;
        }
    }


This I found at NC basically what this is doing is telling any query that is about to enter the database using the word UNI0N to replace it with the word UNI0N with a zero in it:

$query = eregi_replace('UNI0N','UNI0N', $query);


This says to replace UNI0N with uni0n this time I wrote in small letters to show you that the letter o is replaced with the number zero thus not passing any information into the database. This is probably one of the BEST fixes available as it will stop just about anything.




This next fix is from zx at NC. This one is called the Fortress for more information and installation instructions see this article:
[ Register or login to view links on this board. ]

I have not tested the one above but zx is a reliable source so if you're worried about your site security then install it. It will not affect the first db/mysql changes you made.

According to Chatserv, one other way to prevent base64 exploits is to use the addslashes() command before any reference of the base64_decode function. The following is the documentation of this particular fix.
[ Register or login to view links on this board. ]

If someone gets into your database and makes a GOD admin they still cannot hurt your site if they can't get into your admin.php page.

Here is a simple check function that I wrote that will require them to know another password not stored in any database. Make a backup of your original admin.php.

Open admin.php find:

function login() {
    global $gfx_chk;
    include ("header.php");
    mt_srand ((double)microtime()*1000000);
    $maxran = 1000000;
    $random_num = mt_rand(0, $maxran);
    OpenTable();
    echo "<center><font class=\"title\"><b>"._ADMINLOGIN."</b></font></center>";
    CloseTable();
    echo "<br>";
    OpenTable();
    echo "<form action=\"admin.php\" method=\"post\">"
        ."<table border=\"0\">"
   ."<tr><td>"._ADMINID."</td>"
   ."<td><input type=\"text\" NAME=\"aid\" SIZE=\"20\" MAXLENGTH=\"25\"></td></tr>"
   ."<tr><td>"._PASSWORD."</td>"
   ."<td><input type=\"password\" NAME=\"pwd\" SIZE=\"20\" MAXLENGTH=\"18\"></td></tr>";
    if (extension_loaded("gd") AND ($gfx_chk == 1 OR $gfx_chk == 5 OR $gfx_chk == 6 OR $gfx_chk == 7)) {
   echo "<tr><td colspan='2'>"._SECURITYCODE.": <img src='admin.php?op=gfx&random_num=$random_num' border='1' alt='"._SECURITYCODE."' title='"._SECURITYCODE."'></td></tr>"
       ."<tr><td colspan='2'>"._TYPESECCODE.": <input type=\"text\" NAME=\"gfx_check\" SIZE=\"7\" MAXLENGTH=\"6\"></td></tr>";
    }
    echo "<tr><td>"
   ."<input type=\"hidden\" NAME=\"random_num\" value=\"$random_num\">"
   ."<input type=\"hidden\" NAME=\"op\" value=\"login\">"
   ."<input type=\"submit\" VALUE=\""._LOGIN."\">"
   ."</td></tr></table>"
   ."</form>";
    CloseTable();
    include ("footer.php");
}


Replace that with the following:

function login() {
    global $sitename;
    include ("header.php");
    // Telli's Double login Security
    include("includes/adminconfig.inc.php");
    if ($_POST['adminUsername'] != $adminname || $_POST['adminPassword'] != $adminpassword) {
    Opentable();
    echo "<center><h1>Restricted Access</h1></center><br>\n";
    echo "<center><h1>$sitename Administration only!</h1></center><br>\n";
    echo "<form name=\"form\" method=\"post\" action=\"";
    $_SERVER['PHP_SELF'];
    echo "\">\n";   
    echo "<p><label for=\"adminUsername\">Admin Name:</label>\n";   
    echo "<br /><input type=\"text\" title=\"Enter your Username\" name=\"adminUsername\" /></p>\n";   
    echo "<p><label for=\"adminpassword\">Admin Password:</label>\n";   
    echo "<br /><input type=\"password\" title=\"Enter your password\" name=\"adminPassword\" /></p>\n";   
    echo "<p><input type=\"submit\" name=\"Submit\" value=\"Continue To Admin Login\" /></p>\n";
    echo "</form>";
    Closetable();
    include ("footer.php");
    } else {
    global $gfx_chk;
    mt_srand ((double)microtime()*1000000);
    $maxran = 1000000;
    $random_num = mt_rand(0, $maxran);
    OpenTable();
    echo "<center><font class=\"title\"><b>"._ADMINLOGIN."</b></font></center>";
    CloseTable();
    echo "<br>";
    OpenTable();
    echo "<form action=\"admin.php\" method=\"post\">"
        ."<table border=\"0\">"
        ."<tr><td>"._ADMINID."</td>"
        ."<td><input type=\"text\" NAME=\"aid\" SIZE=\"20\" MAXLENGTH=\"25\"></td></tr>"
        ."<tr><td>"._PASSWORD."</td>"
        ."<td><input type=\"password\" NAME=\"pwd\" SIZE=\"20\" MAXLENGTH=\"18\"></td></tr>";
    if (extension_loaded("gd") AND ($gfx_chk == 1 OR $gfx_chk == 5 OR $gfx_chk == 6 OR $gfx_chk == 7)) {
        echo "<tr><td colspan='2'>"._SECURITYCODE.": <img src='admin.php?op=gfx&random_num=$random_num' border='1' alt='"._SECURITYCODE."' title='"._SECURITYCODE."'></td></tr>"
            ."<tr><td colspan='2'>"._TYPESECCODE.": <input type=\"text\" NAME=\"gfx_check\" SIZE=\"7\" MAXLENGTH=\"6\"></td></tr>";
    }
    echo "<tr><td>"
        ."<input type=\"hidden\" NAME=\"random_num\" value=\"$random_num\">"
        ."<input type=\"hidden\" NAME=\"op\" value=\"login\">"
        ."<input type=\"submit\" VALUE=\""._LOGIN."\">"
        ."</td></tr></table>"
        ."</form>";
    CloseTable();
    include ("footer.php");
     }
}


Then make another file called adminconfig.inc.php and save this in it:


<?php
/************************************************/
/* Admin Login Security                         */
/* © Codezwiz http://codezwiz.com/              */
/* Telli - [ Register or login to view links on this board. ]                    */
/************************************************/
// Set the admin name and login name here make it hard to guess!

$adminname = "some_admin_name_here";
$adminpassword = "some_admin_password_here";

?>


Upload that to your includes/ folder , upload your new admin.php and that is it. Now, when you go to your admin page and you're not logged in, you will get another login page separate from the Nuke login. You will have to enter the correct information to access the admin login box. Once logged in everything is normal. So even if they make an account or get your information to log in they still can't. icon_wink.gif

I will add things as I can. I hope someone finds this useful.

Current rating: 8.94 by 314 users
Please take one second and rate this article...

Not a Chance 12345678910 Absolutely

Please register or sign-in to post comments.


Jump to a selected article...