Home arrow Security arrow Page 4 - Regaining Control of a Hacked PHP-Nuke Site

Cleaning up - Security

PHP-Nuke is spreading over the Internet as a popular CMS system. If you have a PHP-Nuke installation which has been hacked into, read on to find out how to regain control of your site. If your site hasn't been hacked, read on to learn how to secure your installation.

  1. Regaining Control of a Hacked PHP-Nuke Site
  2. Bugs and How
  3. Regain your Site
  4. Cleaning up
By: Vinu Thomas
Rating: starstarstarstarstar / 37
May 18, 2004

print this article



Cleaning up After the Attack

Now that you have regained control of your installation, you can go ahead and clear up the mess that the attackers have made. The first place to head over to is the Preferences section. The attackers usually modify this section to place their signature. The options Site Name, Site URL and Site Slogan are where they head over to first to add their hack signature. Changes to these options will make their signature appear on all pages of your PHP-Nuke site. Change the values of these options to what you had running previously. Make sure the other options on this page are set to your requirements.

If you have any file upload modules active, head over to the upload directory and make sure that they havenít uploaded any unwanted files or scripts to your server. Delete any suspicious looking files from your server.

Protector System for PHP-Nuke

To further protect your site from further attacks, Marcus & Graeme have come up with a module called The Protector System for PHP-Nuke. This module is compatible with PHP-Nuke versions 6.5 to 7.2. Their system claims to protect your PHP-Nuke installation from all types of SQL-Injection Attacks, Get/Post Attacks and Hammer Attacks. It also automatically blocks or bans users by username or IP address when they try attacking your site using these known methods.

Get/Post attacks use your submission scripts to add or edit your site's content from a remote location. Using this method, attackers can change or add content to your site from a remote location. Hammer Attacks are brute force attacks on the site to either bring the site down, or they can be caused with a password attack program, which hits the server with all permutations of passwords from a dictionary.

This system also logs visitor details. The system logs the user's IP address, country, username, the pages or URLs they've tried to access and their User Agent. This will allow you to track their activity on your site. Since their system is continuously evolving, I would suggest that you keep updating the Protector System each time they come out with a stable version of the module.

More information on The Protector System go over to: http://protector.warcenter.se

>>> More Security Articles          >>> More By Vinu Thomas

blog comments powered by Disqus
escort Bursa Bursa escort Antalya eskort


- Secure Your Business for Data Privacy Day
- Google Testing Security Fob Password Alterna...
- Security News Highlights Concerns
- Going to Extremes for Data Security
- Skipfish Website Vulnerability Scanner
- Critical Microsoft Visual Studio Security Pa...
- US Faces Tech Security Expert Deficit
- LAN Reconnaissance
- An Epilogue to Cryptography
- A Sequel to Cryptography
- An Introduction to Cryptography
- Security Overview
- Network Security Assessment
- Firewalls
- Whatís behind the curtain? Part II

Developer Shed Affiliates


Dev Shed Tutorial Topics: