Home arrow Security arrow Page 2 - Regaining Control of a Hacked PHP-Nuke Site

Bugs and How - Security

PHP-Nuke is spreading over the Internet as a popular CMS system. If you have a PHP-Nuke installation which has been hacked into, read on to find out how to regain control of your site. If your site hasn't been hacked, read on to learn how to secure your installation.

TABLE OF CONTENTS:
  1. Regaining Control of a Hacked PHP-Nuke Site
  2. Bugs and How
  3. Regain your Site
  4. Cleaning up
By: Vinu Thomas
Poor Best
Rating: starstarstarstarstar / 37
May 18, 2004

print this article
SEARCH DEV SHED

TOOLS YOU CAN USE

advertisement

PHP-NUKE Vulnerability

Most standard installations of PHP-Nuke are vulnerable to remote hack attacks. Hackers and script kiddies are able to gain control of the installation by means of a remotely exploitable SQL injection bug. In the default installation of most PHP-Nuke sites, multiple modules are vulnerable to SQL injection. This is because the underlying code does not sanitize the user-supplied variables after it is decoded for use as an SQL query. This allows attackers to craft query strings that allow them to run SQL commands, which otherwise should not be permitted by the script.

Using this method, the attacker can steal or overwrite the administrator’s password hash. Once the password hash has been compromised, the attacker heads over to the admin module and takes full control of the PHP-Nuke installation.

I’m hacked - now what?

The first thing to do when you realize that your site has been the target of a hack attack, would be to check if you’ve still got administrative control of the site. If the attacker has not yet changed your administrative password, you can still retain control of the site. More often than not, the attacker would immediately change the admin password and take full control of your site. In this case, you should immediately bring down your site, and block access to the administrative module before the attacker destroys your content.

How do I bring down the site?

Since the attackers have gained full administrative permissions on your site, the first thing to do is to disable the site and the admin functions. To do this, we'll need to block access to three main files: index.php, modules.php and admin.php. These files reside in the root folder of your PHP-Nuke installation. Head over to your site using ftp and download the files index.php, modules.php and admin.php to your system and store them in a backup folder. We may need these files later when we reopen the site to the public. Now create a blank file or a file with the message “This site is down for maintenance” and save the file as index.php. Copy the same contents to the new files modules.php and admin.php. Upload these three newly created files to the root directory of the server and overwrite the older files. This should effectively shut down the site and prevent the attackers from further exploiting your site.



 
 
>>> More Security Articles          >>> More By Vinu Thomas
 

blog comments powered by Disqus
   

SECURITY ARTICLES

- Secure Your Business for Data Privacy Day
- Google Testing Security Fob Password Alterna...
- Security News Highlights Concerns
- Going to Extremes for Data Security
- Skipfish Website Vulnerability Scanner
- Critical Microsoft Visual Studio Security Pa...
- US Faces Tech Security Expert Deficit
- LAN Reconnaissance
- An Epilogue to Cryptography
- A Sequel to Cryptography
- An Introduction to Cryptography
- Security Overview
- Network Security Assessment
- Firewalls
- What’s behind the curtain? Part II
Find More Security Articles

Developer Shed Affiliates

 

© 2003-2013 by Developer Shed. All rights reserved. DS Cluster - Follow our Sitemap

Dev Shed Tutorial Topics: