Page 4 - Regaining Control of a Hacked PHP-Nuke Site

Dev Shed Forums

Administration
AJAX
Apache
BrainDump
DHTML
Flash
Java
JavaScript
Multimedia
MySQL
Oracle
Perl
PHP
Practices
Python
Reviews
Security
Smartphone Development
Style-Sheets
Web Services
XML
Zend
Zope

Mobile Linux
App Generation ROI
IBM® developerWorks

Forums Sitemap

E-Commerce Hosting
Linux Web Hosting
Managed Hosting
Small Business Hosting
VPS Hosting

Weekly Newsletter
Developer Updates
Free Website Content

Articles

Forums

All Feeds

Write For Us Get Paid

Request Media Kit

Site Map

Privacy Policy
Support

USERNAME

PASSWORD


>>> SIGN UP!
Lost Password?
Google.com

SECURITY

RSS

Regaining Control of a Hacked PHP-Nuke Site

By: Vinu Thomas	Search For More Articles! Disclaimer Author Terms
Rating: / 36
2004-05-18

Table of Contents:

Regaining Control of a Hacked PHP-Nuke Site

Bugs and How

Regain your Site

Cleaning up

	ADD THIS ARTICLE TO:
	Del.ici.ous	Digg
	Blink	Simpy
	Google	Spurl
	Y! MyWeb	Furl

Email Me Similar Content When Posted

Add Developer Shed Article Feed To Your Site

Email Article To Friend

Print Version Of Article

PDF Version Of Article

Regaining Control of a Hacked PHP-Nuke Site - Cleaning up
( Page 4 of 4 )

Cleaning up After the Attack

Now that you have regained control of your installation, you can go ahead and clear up the mess that the attackers have made. The first place to head over to is the Preferences section. The attackers usually modify this section to place their signature. The options Site Name, Site URL and Site Slogan are where they head over to first to add their hack signature. Changes to these options will make their signature appear on all pages of your PHP-Nuke site. Change the values of these options to what you had running previously. Make sure the other options on this page are set to your requirements.

If you have any file upload modules active, head over to the upload directory and make sure that they haven’t uploaded any unwanted files or scripts to your server. Delete any suspicious looking files from your server.

Protector System for PHP-Nuke

To further protect your site from further attacks, Marcus & Graeme have come up with a module called The Protector System for PHP-Nuke. This module is compatible with PHP-Nuke versions 6.5 to 7.2. Their system claims to protect your PHP-Nuke installation from all types of SQL-Injection Attacks, Get/Post Attacks and Hammer Attacks. It also automatically blocks or bans users by username or IP address when they try attacking your site using these known methods.

Get/Post attacks use your submission scripts to add or edit your site's content from a remote location. Using this method, attackers can change or add content to your site from a remote location. Hammer Attacks are brute force attacks on the site to either bring the site down, or they can be caused with a password attack program, which hits the server with all permutations of passwords from a dictionary.

This system also logs visitor details. The system logs the user's IP address, country, username, the pages or URLs they've tried to access and their User Agent. This will allow you to track their activity on your site. Since their system is continuously evolving, I would suggest that you keep updating the Protector System each time they come out with a stable version of the module.

More information on The Protector System go over to: http://protector.warcenter.se

	Discuss Regaining Control of a Hacked PHP-Nuke Site

	>>> Be the FIRST to comment on this article!



	>>> More Security Articles >>> More By Vinu Thomas

SECURITY ARTICLES

- Critical Microsoft Visual Studio Security Pa...
- US Faces Tech Security Expert Deficit
- LAN Reconnaissance
- An Epilogue to Cryptography
- A Sequel to Cryptography
- An Introduction to Cryptography
- Security Overview
- Network Security Assessment
- Firewalls
- What’s behind the curtain? Part II
- What’s behind the curtain? Part I
- Vectors
- PKI: Looking at the Risks
- A Quick Look at Cross Site Scripting
- PKI Architectures: How to Choose One
Find More Security Articles