Hello,

Well the reason my site went down yesterday is because it had been hacked. As soon as I got rid of the error message I realized that my database had been wiped out as well. I restored some of the site to it's original state... before the hacker returned and cleaned out all of my files, email addresses, mailing lists and everything else associated with the account. Then they changed my password information so I was unable to do anything with that account at all.

So I have moved hosting accounts and have decided to start with a new kind of forum script, one that has less security concerns as I understand.

I want to thank everyone here for all the help and assistance you have offered to me. I will miss coming here and I really appreciated everything even though I always felt a little useless because I was unable to assist others most times. So thank you all and if I ever start another nuke site, I will definately be back.

Hilary

who in their right mind would hack into your site like that. That is real sick and I mean sick. Isn't there anything you can do so that can't happen again? ops:

can you tell us the URL of your site also?..i'm supposing is not working but maybe some of us can "remember" about your site

Can you give more info about how and why your site was hacked?
Also full info about your site will help chatserv and other great ppl concerned and working to improve security of the nuke...

I know how you feel ... but only sharing all info to comunity will improve this CMS ...

Good Luck with the new site.

Hilary, it would be intersting to know the details of your Hack attack.
Did you have all the latest Security patches installed?
If so, this is interesting beacuse if you did, then there may be another big security hole in either the Forums or Nuke.
Were you running Nuke6.5 or Nuke6.0?

I really hate to see you give up on Nuke when you've done so much work up to this point. It's going to be like learning something over again for ya... :?

mikem

mikem, i agree with you there. hillary, dont give up on nuke yet. if we find out more info on you attack, we can possibly fill that security hole, then you will not have to worry about that same type of attack again.

yeah some one hacked into my site www.cosclan.com twice and deleted every thing and now i change my pass word on my site every day

I was running 6.0 and I did not have the news module patch installed yet. About a week ago my news module was hacked and someone wrote "no to war yay to peace" or something. It didn't really bother me, it was easily deleted.

However, after that I noticed my http referrers were referring to a site called zone-h.com (do not link to them from here, I suspect it may make you a target.) They have what they call a "digital attacks" archive wherre they posted my web sites link after attacking me. I suspect this made me the target of a more serious hacker, perhaps only because it was a military related site. (Although I don't know why.) All the sites listed in the "digital attack" archive are nuke sites and I love their disclaimer so if you go there check it out.

I think that is how whoever hacked me found me. But I have no way of knowing for sure. I don't know how they got so much access that they were able to delete my email accounts and change my password, etc. I really have no idea. Especially since the sites password was not something I use anywhere else. It was a random password that was generated by the hosting company...

As I said before, the first thing they wiped was the database. I just didn't realize it because of the themes error. Once I fixed the themes error I had a default-looking version of nuke installed. Everything was gone. I fixed it up a little bit, but gave up to do other less frustrating things. An hour later when I checked it all I got was a parent directory the only file left was the cgi-bin file (but it was empty.) I decided I would put a message on the front page letting people know what happened, but when I tried to log in I got repeated "password not accepted" messages. My pop email accounts no longer worked.. I had even set up a mailing list (listserve) for my users until I could repair the forums, but they deleted that too!

This morning I called and cancelled that account and moved elsewhere. I don't know how helpful any of this info will be to you, but I hope it can do something good for the nuke community in general.

Hilary

Sadly PHP-Nuke 6.0 has 3 very serious vulnerabilities, the News ratings, the Webmail's mailattach.php file and the referers code in index.php, hence the ease with which they attacked you.

Originally Posted by chatserv

Sadly PHP-Nuke 6.0 has 3 very serious vulnerabilities, the News ratings, the Webmail's mailattach.php file and the referers code in index.php, hence the ease with which they attacked you.

Right after my site was hacked (i think because of the News rating hole, i had a message on a higher layer) I applied the fix for News.
How the other 2 (Webmail and Referers) can be fixed?
I think i deleted mailattach.php after i was noticed by analyze.php security script from NukeCops.

Any other advice for Nuke6.0?

In Nuke's main index.php find:

Code:

$referer = getenv("HTTP_REFERER");

Below it insert a new line:

Code:

$referer = check_html($referer, nohtml);