>>
Site Map
>>
Forums
>>
Security Issues
Forum module - topics in forum:
Security Issues - Get help in securing your PHP-NUKE Installation.
Site Hacked How to stop
I am running 7.8 and sometime today I was hacked. Not only did they put up their own page (which when I viewed the source it was and HTML page) Then I went to phpMyAdmin and found that they had also made themselves an admin, I knew something was wrong when there were 3 records instead of two, so I eliminated them and am in the process of reuploading all my files from those on my local PC, which is a fairly recent backup of the entire site.
So what must I do to prevent this from just happening again. I did put a security patch on it for 7.8 but apparently that is not enough. By the way they decided to put what appears to be a Chinese Flag along with their page as well as either a quicktime or some sort of audio file because a little audio icon opened. The page covers about 4/5 ths of the remainder of the page.
Would Nuke Sentinel work and if so what version should I use?
Yes NukeSentinel will work, it will stop most sql injections among other things. You can download and install the newest version of NukeSentinel
HERE. I would also suggest that you check to make sure your forums are patched as well. If not then you will need to update them to the newest available patch. You will have to go in order for your forums meaning if you are on version 2.0.17 you have to download and install 2.0.18 then 2.0.19 then 2.0.20 until you are updated. Also make sure you download the forum updates for bbtonuke and for the patched series. For NukeSentinel be sure to read and follow the install directions and make sure you make the edits to your core files.
Something else that should be addressed the new version of Sentinel also now validates all data from the phpbb port which it did not do prior to 2.4.2pl8 So there is now an additional level of protection for your website.
