Security
  Home arrow Security arrow Page 2 - Regaining Control of a Hacked PHP-Nuke...
Dev Shed Forums 
Administration  
AJAX  
Apache  
BrainDump  
DHTML  
Flash  
Java  
JavaScript  
Multimedia  
MySQL  
Oracle  
Perl  
PHP  
Practices  
Python  
Reviews  
Security  
Style-Sheets  
Web Services  
XML  
Zend  
Zope  
Forums Sitemap 
IBM® developerWorks 
Sun Developer Network 
Dedicated Servers 
E-Commerce Hosting 
Linux Web Hosting 
Managed Hosting 
Small Business Hosting 
Moblin 
JMSL Numerical Library 
VPS Hosting 
Weekly Newsletter

 
Developer Updates  
Free Website Content 
 RSS  Articles
 RSS  Forums
 RSS  All Feeds
Write For Us Get Paid 
Request Media Kit
Contact Us 
Site Map 
Privacy Policy 
Support 
 USERNAME
 
 PASSWORD
 
 
  >>> SIGN UP!  
  Lost Password? 
SECURITY

Regaining Control of a Hacked PHP-Nuke Site
By: Vinu Thomas
  • Search For More Articles!
  • Disclaimer
  • Author Terms
    		•
    Rating: 4 stars4 stars4 stars4 stars4 stars / 35
    2004-05-18

    Table of Contents:
  • Regaining Control of a Hacked PHP-Nuke Site
  • Bugs and How
  • Regain your Site
  • Cleaning up
    		•

    Rate this Article: Poor Best 
      ADD THIS ARTICLE TO:
      Del.ici.ous Digg
      Blink Simpy
      Google Spurl
      Y! MyWeb Furl
    Email Me Similar Content When Posted
    Add Developer Shed Article Feed To Your Site
    Email Article To Friend
    Print Version Of Article
    PDF Version Of Article
    		 
     
    ADVERTISEMENT

    Regaining Control of a Hacked PHP-Nuke Site - Bugs and How
    (Page 2 of 4 )

    PHP-NUKE Vulnerability

    Most standard installations of PHP-Nuke are vulnerable to remote hack attacks. Hackers and script kiddies are able to gain control of the installation by means of a remotely exploitable SQL injection bug. In the default installation of most PHP-Nuke sites, multiple modules are vulnerable to SQL injection. This is because the underlying code does not sanitize the user-supplied variables after it is decoded for use as an SQL query. This allows attackers to craft query strings that allow them to run SQL commands, which otherwise should not be permitted by the script.

    Using this method, the attacker can steal or overwrite the administrator’s password hash. Once the password hash has been compromised, the attacker heads over to the admin module and takes full control of the PHP-Nuke installation.

    I’m hacked - now what?

    The first thing to do when you realize that your site has been the target of a hack attack, would be to check if you’ve still got administrative control of the site. If the attacker has not yet changed your administrative password, you can still retain control of the site. More often than not, the attacker would immediately change the admin password and take full control of your site. In this case, you should immediately bring down your site, and block access to the administrative module before the attacker destroys your content.

    How do I bring down the site?

    Since the attackers have gained full administrative permissions on your site, the first thing to do is to disable the site and the admin functions. To do this, we'll need to block access to three main files: index.php, modules.php and admin.php. These files reside in the root folder of your PHP-Nuke installation. Head over to your site using ftp and download the files index.php, modules.php and admin.php to your system and store them in a backup folder. We may need these files later when we reopen the site to the public. Now create a blank file or a file with the message “This site is down for maintenance” and save the file as index.php. Copy the same contents to the new files modules.php and admin.php. Upload these three newly created files to the root directory of the server and overwrite the older files. This should effectively shut down the site and prevent the attackers from further exploiting your site.

    Next: Regain your Site >>
     

    More Security Articles
    More By Vinu Thomas


     
    >>> Be the FIRST to comment on this article!

       

    SECURITY ARTICLES

    - An Epilogue to Cryptography
    - A Sequel to Cryptography
    - An Introduction to Cryptography
    - Security Overview
    - Network Security Assessment
    - Firewalls
    - What’s behind the curtain? Part II
    - What’s behind the curtain? Part I
    - Vectors
    - PKI: Looking at the Risks
    - A Quick Look at Cross Site Scripting
    - PKI Architectures: How to Choose One
    - Trust, Access Control, and Rights for Web Se...
    - Basic Concepts of Web Services Security
    - Safeguarding the Identity and Integrity of X...
    Find More Security Articles




    © 2003-2008 by Developer Shed. All rights reserved. DS Cluster 4 hosted by Hostway