We are not a businees site, just a group of individuals who happen to like hiking,camping,fishing so we have a site that caters to our needs. The various modules on the site alllow us to u/l jpgs. discuss and schedule events. The site was set up by a Technical person trained in the field and he opted for PHPNuke. Over the past 6-8 months we have been hacked by what would appear to be the same person. Fortunately he has not taken the site down thought I believe he has the capacity to do this. The Techie Person helped recently but his job does not allow day to day monitoring and he's really no longer with the Club. Through stumpling and prodding I have been able to find my way to PHPAdmin, and in the nuke config sql file I located his 'Redirector'. I deleted it and his God Status but he came back again yesterday and my Log File indicated the following two entries followed by another 5-6 minutes of 'Getting' various area;

*** CONTENT REMOVED *** - DON'T POST CLUES ON HOW TO HACK A SITE IN THESE FORUMS!!!!

I found via the web a number of steps to follow when your phpnuke site has been hacked, one being looking for message posting URL, e.g. "admin.php?op=message.".... so the above was the result. The other was to update via new security patches and install Protector modules (can't connect to the Server to get the software).

I did a WHOis DNS and found the above DNS to be located in Turkey.. (www.mynet.com) don't speak the lingo so can't contact the webmaster and yet the 'redirect' seemed to be a sub-domain, e.g. mysite.mynet.com or singleip.sitemynet.com/no.htm.... which made me supicious that this was also a hack.

Bottom line is I dont' have the depth or span of knowledge to update the Security patches to phpNuke BUT I'm reasonably good on following directions . . . even when I read them from the web as I did to 'discover' phpAdmin and how to use it. PLEASE can someone here / out there in cyberworld help me patch the dang blasted hole this script bunny/kiddie is using and STOP this ruddy nuisance. I'll do my best to insert a nice bottle of Red or White in your Cellar. Thanks much. namaste


Edit: TCH-Bruce - removed hacking scheme information. Don't post this in the forums

Welcome to the forums! First of all, you might want to make sure you are running the latest and greatest version of phpNuke. That may be all you need to stop this person. Second of all, check out the phpNuke site...in particular here. Whilst I don't use phpNuke myself, I have used programs similar to this and found that the upgrading instructions were usually pretty straight-forward. Hope this helps some.

Depending on if you care to have mynet.com visitors come to your site you could also ban 85.106.178 in your cPanel to at least buy some time to get your site patched up.

You can always remove the ban after you have secured your site.

You can also download the file here;

http://nukecops.com/downloads-file-142-det...stem_1.13b.html

If you cant get it, let me know. I can get it and send it to you.

Welcome to the forum, namaste.

Welcome to the forum, namaste

Welcome to the forum, namaste

Rob, Thank you for giving of your time to reply. I did attempt to block the IP via the IP Manager at cPanel. I also notice this feature is available in the phpbb forum, though I suspect that is restriced to the level of application if would have. In phpbb (which I access via Admin.php) they indicated you can block a range of IP numbers by inserting a comma between the start / end. I attempted this in cPanel but it did not work, so I entered the 85.106.178.189 and the 85.108.17.226 separately, plus the actual www.xxx.

At the rate I'm progressing the learning curve would appear to be rather horizontal.


I would appreciate it very much if you could accommodate me here. I've attempted to d/l the file but when I clicked the <download> I get a new screen and nothing. Attempted this with 3 different browsers with the same results, and using the Search at nukecops comes up Zero! Is is accessable anywhere via FTP? Also, I am still not able to connect to the Home Server of this software.

With kind regards for your help and I sure hope folks in the Forum won't get 'ticked off' with me as I attempt to sort out this hacking problem via your valued input.

I should have gotten it while I had the chance. I can't get to it at the moment. You might want to research it a bit first. Google "Protector System" phpnuke. I see many references to cross site scripting and a few other issues that may not have been resolved yet.

I will keep looking into it for you.