Security
  Home arrow Security arrow Page 4 - Regaining Control of a Hacked PHP-Nuke...
Dev Shed Forums 
Administration  
AJAX  
Apache  
BrainDump  
DHTML  
Flash  
Java  
JavaScript  
Multimedia  
MySQL  
Oracle  
Perl  
PHP  
Practices  
Python  
Reviews  
Security  
Style-Sheets  
Web Services  
XML  
Zend  
Zope  
Forums Sitemap 
IBM® developerWorks 
Sun Developer Network 
Dedicated Servers 
E-Commerce Hosting 
Linux Web Hosting 
Managed Hosting 
Small Business Hosting 
Actuate Whitepapers 
Moblin 
VPS Hosting 
Weekly Newsletter

 
Developer Updates  
Free Website Content 
IBM developerWorks
 RSS  Articles
 RSS  Forums
 RSS  All Feeds
Write For Us Get Paid 
Request Media Kit
Contact Us 
Site Map 
Privacy Policy 
Support 
 USERNAME
 
 PASSWORD
 
 
  >>> SIGN UP!  
  Lost Password? 
SECURITY

Regaining Control of a Hacked PHP-Nuke Site
By: Vinu Thomas
  • Search For More Articles!
  • Disclaimer
  • Author Terms
  • Rating: 4 stars4 stars4 stars4 stars4 stars / 35
    2004-05-18

    Table of Contents:
  • Regaining Control of a Hacked PHP-Nuke Site
  • Bugs and How
  • Regain your Site
  • Cleaning up

  • Rate this Article: Poor Best 
      ADD THIS ARTICLE TO:
      Del.ici.ous Digg
      Blink Simpy
      Google Spurl
      Y! MyWeb Furl
    Email Me Similar Content When Posted
    Add Developer Shed Article Feed To Your Site
    Email Article To Friend
    Print Version Of Article
    PDF Version Of Article
     
     
    ADVERTISEMENT

    AT&T devCentral & BlackBerry(r) Webcast Series: BlackBerry and GPS -Build Location Awareness into your BlackBerry Applications, July 10th -1:00PM EST. Register Today!

    Regaining Control of a Hacked PHP-Nuke Site - Cleaning up


    (Page 4 of 4 )

    Cleaning up After the Attack

    Now that you have regained control of your installation, you can go ahead and clear up the mess that the attackers have made. The first place to head over to is the Preferences section. The attackers usually modify this section to place their signature. The options Site Name, Site URL and Site Slogan are where they head over to first to add their hack signature. Changes to these options will make their signature appear on all pages of your PHP-Nuke site. Change the values of these options to what you had running previously. Make sure the other options on this page are set to your requirements.

    If you have any file upload modules active, head over to the upload directory and make sure that they haven’t uploaded any unwanted files or scripts to your server. Delete any suspicious looking files from your server.

    Protector System for PHP-Nuke

    To further protect your site from further attacks, Marcus & Graeme have come up with a module called The Protector System for PHP-Nuke. This module is compatible with PHP-Nuke versions 6.5 to 7.2. Their system claims to protect your PHP-Nuke installation from all types of SQL-Injection Attacks, Get/Post Attacks and Hammer Attacks. It also automatically blocks or bans users by username or IP address when they try attacking your site using these known methods.

    Get/Post attacks use your submission scripts to add or edit your site's content from a remote location. Using this method, attackers can change or add content to your site from a remote location. Hammer Attacks are brute force attacks on the site to either bring the site down, or they can be caused with a password attack program, which hits the server with all permutations of passwords from a dictionary.

    This system also logs visitor details. The system logs the user's IP address, country, username, the pages or URLs they've tried to access and their User Agent. This will allow you to track their activity on your site. Since their system is continuously evolving, I would suggest that you keep updating the Protector System each time they come out with a stable version of the module.

    More information on The Protector System go over to: http://protector.warcenter.se


    DISCLAIMER: The content provided in this article is not warranted or guaranteed by Developer Shed, Inc. The content provided is intended for entertainment and/or educational purposes in order to introduce to the reader key ideas, concepts, and/or product reviews. As such it is incumbent upon the reader to employ real-world tactics for security and implementation of best practices. We are not liable for any negative consequences that may result from implementing any information covered in our articles or tutorials. If this is a hardware review, it is not recommended to open and/or modify your hardware.

     

       

    SECURITY ARTICLES

    - An Epilogue to Cryptography
    - A Sequel to Cryptography
    - An Introduction to Cryptography
    - Security Overview
    - Network Security Assessment
    - Firewalls
    - What’s behind the curtain? Part II
    - What’s behind the curtain? Part I
    - Vectors
    - PKI: Looking at the Risks
    - A Quick Look at Cross Site Scripting
    - PKI Architectures: How to Choose One
    - Trust, Access Control, and Rights for Web Se...
    - Basic Concepts of Web Services Security
    - Safeguarding the Identity and Integrity of X...

    Click Here




    © 2003-2008 by Developer Shed. All rights reserved. DS Cluster 5 hosted by Hostway