hosted by liquidweb


Go Back   Web Hosting Talk : Web Hosting Main Forums : Hosting Security and Technology : hacked nuke board
Reply

Forum Jump

hacked nuke board

Reply Post New Thread In Hosting Security and Technology Subscription
 
Send news tip View All Posts Thread Tools Search this Thread Display Modes
  #1  
Old 10-19-2006, 11:09 AM
SydneyJen SydneyJen is offline
Junior Guru
 
Join Date: May 2003
Location: New Hampshire
Posts: 225

hacked nuke board


Somebody keeps hacking into my nuke boards. I am using the latest version, is there any way to stop the hacker? Is there a known flaw in the script?



Sponsored Links
  #2  
Old 10-19-2006, 11:28 AM
Techark Techark is offline
Web Hosting Master
 
Join Date: Apr 2002
Location: Australia or US depends
Posts: 5,731
Do you own the server or is the site hosted? You need to grep the domlogs for the site to find out how they are getting in.
Nuke has so many holes in it I don't think you could 100% secure it unless you unplugged it from the net.

There is a hole in version 7.9 which is the latest if you have not patched it in module.php and in autohtml.php.

__________________
Techark Web Hosting
Cloud Servers and Managed Dedicated Servers with Live Proactive Monitoring
My Blog of Random Thoughts

  #3  
Old 10-19-2006, 11:30 AM
SydneyJen SydneyJen is offline
Junior Guru
 
Join Date: May 2003
Location: New Hampshire
Posts: 225
My site is hosted. Somebody told me to use cms as that is suppose to be more secure than a nuke board and it got hacked into too.

Sponsored Links
  #4  
Old 10-19-2006, 11:42 AM
Techark Techark is offline
Web Hosting Master
 
Join Date: Apr 2002
Location: Australia or US depends
Posts: 5,731
Ask your host if they are running mod_security most the hacks to the nuke is pretty easy to block with some good mod_sec rules.

__________________
Techark Web Hosting
Cloud Servers and Managed Dedicated Servers with Live Proactive Monitoring
My Blog of Random Thoughts

  #5  
Old 10-19-2006, 12:07 PM
Website Rob Website Rob is offline
learning is in the doing
 
Join Date: Sep 2000
Location: Alberta, Canada
Posts: 3,109
Have a look a see if any top level directories are 777 permissions.

i.e. public_html/images

If yes, change them to 755. And if you don't trust the security of your Hoster then change any sub-directories using 777 to 755 as well.

__________________
PotentProducts.com - for all your Hosting needs
Helping people Host, Create and Maintain their Web Site
ServerAdmin Services also available

  #6  
Old 10-19-2006, 01:51 PM
Patrick67 Patrick67 is offline
Out there beyond the Wall.
 
Join Date: Sep 2004
Location: Chicago
Posts: 835
NUKE is insecure as hell. Also check what types of modules are installed as alot of them have serious holes. Most nuke sites are run by gamers or clan based groups.

If so check and see if Vwar is installed. Serious holes in it. Latest version r15Highwire, also Squerry is another serious leak as well as coppermine. I host a ton of sites for gamers and they are always getting attacked. They all CHMOD there folders too 777 to get it to work and never think about why folder permissions are there in the first place.

I have been pushing alot of my clients towards e107. I find it easy to use and alot more secure than Nuke, plus the e107 community is doing good things and it can accomodate almost any type of enviroment from Commerce to gamers.

  #7  
Old 10-19-2006, 09:23 PM
JVS_Hosting JVS_Hosting is offline
Aspiring Evangelist
 
Join Date: Mar 2006
Location: New York USA
Posts: 402
Probably a remote file inclusion Vuln due to failure to sanitize requests. Or perhaps a SQL injection of sorts. Even a CMS which is not written properly can be just as unsafe. To be safe, do a nice site in html and css, or some other language. PHP-Nuke = PHP-Puke

__________________
JVS-Shaun
JVS Internet + Remote Management Solutions
We do it ALL!


  #8  
Old 10-19-2006, 09:29 PM
SydneyJen SydneyJen is offline
Junior Guru
 
Join Date: May 2003
Location: New Hampshire
Posts: 225
What is a safer alternative to a nuke board?

  #9  
Old 10-20-2006, 12:45 PM
JVS_Hosting JVS_Hosting is offline
Aspiring Evangelist
 
Join Date: Mar 2006
Location: New York USA
Posts: 402
Jen, i would go with something that is paid for. Not open source, security tends to be a bit better on those. Do a goodle search for something like vbulletin or something.

__________________
JVS-Shaun
JVS Internet + Remote Management Solutions
We do it ALL!


  #10  
Old 10-21-2006, 06:29 AM
Jeff Smith Jeff Smith is offline
WHT Addict
 
Join Date: Feb 2006
Location: Honolulu, Hawaii
Posts: 165
Hi Jen,

There is a PHP NUKE security hack called NukeSentinel™ 2.5.02 70-79 that is supposed to work well. I had installed on one of my sites back in the day and only got my site hacked twice which is pretty good.

If you want an alternative to PHP NUKE, a popular choice is Joomla. There are lots of plug-ins and templates available for it too. The forum that comes with it is pretty decent, and looks better than SMF, and phpBB IMO.

The best paid forums you will find are vBulletin, and Invison Power Board.

Hope this helps. Good luck with your boards!

__________________
<<< Please see Forum Guidelines for signature setup. >>>

  #11  
Old 10-21-2006, 10:12 AM
SydneyJen SydneyJen is offline
Junior Guru
 
Join Date: May 2003
Location: New Hampshire
Posts: 225
Talking

Quote:
Originally Posted by Jeff Smith
Hi Jen,

There is a PHP NUKE security hack called NukeSentinel™ 2.5.02 70-79 that is supposed to work well. I had installed on one of my sites back in the day and only got my site hacked twice which is pretty good.

If you want an alternative to PHP NUKE, a popular choice is Joomla. There are lots of plug-ins and templates available for it too. The forum that comes with it is pretty decent, and looks better than SMF, and phpBB IMO.

The best paid forums you will find are vBulletin, and Invison Power Board.

Hope this helps. Good luck with your boards!
Thanks for the info. Joomla looks good, almost like Mambo! I will look into that.
I need something that is totally hackproof!

  #12  
Old 10-21-2006, 10:15 AM
SydneyJen SydneyJen is offline
Junior Guru
 
Join Date: May 2003
Location: New Hampshire
Posts: 225
Quote:
Originally Posted by Website Rob
Have a look a see if any top level directories are 777 permissions.

i.e. public_html/images

If yes, change them to 755. And if you don't trust the security of your Hoster then change any sub-directories using 777 to 755 as well.
Thanks, I will do that now! Maybe that will stop the hacker.

  #13  
Old 10-21-2006, 12:02 PM
JVS_Hosting JVS_Hosting is offline
Aspiring Evangelist
 
Join Date: Mar 2006
Location: New York USA
Posts: 402
Even Joomla has issues with Vulnerabilities. Nuke Sentenel works, but still leaves your site pretty open to DoS attacks, as in http get flood requests.

__________________
JVS-Shaun
JVS Internet + Remote Management Solutions
We do it ALL!


  #14  
Old 10-21-2006, 12:20 PM
SydneyJen SydneyJen is offline
Junior Guru
 
Join Date: May 2003
Location: New Hampshire
Posts: 225
In other words nothing is safe online???????

  #15  
Old 10-21-2006, 12:30 PM
cyberturk cyberturk is offline
Ex-Hoster
 
Join Date: Apr 2005
Location: Istanbul
Posts: 763
all of the ready scripts have vulnererbilities but you can fix them if you follow their support sites.

__________________
Kind regards

Reply

Related posts from TheWhir.com
Title Type Date Posted
GCHQ, Not NSA, Behind Belgian Telecom Attack: Report Web Hosting News 2013-09-20 12:16:20
Could Website Hackers be Chasing Hosting Customers Away? Blog 2013-08-27 09:07:42
Syrian Electronic Army Targets Top US Media Websites in Outbrain Platform Hack Web Hosting News 2013-08-16 10:46:10
Report Finds Dutch Government was Ill-Prepared to Handle 2011 SSL Hack Web Hosting News 2012-07-23 11:38:13
SwaggSec Hackers Release 900 Admin Credentials from China Telecom Attack Web Hosting News 2012-06-04 15:24:03


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Postbit Selector

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Forum Jump
Login:
Log in with your username and password
Username:
Password:



Forgot Password?
Advertisement:
Web Hosting News:



 

X

Welcome to WebHostingTalk.com

Create your username to jump into the discussion!

WebHostingTalk.com is the largest, most influentual web hosting community on the Internet. Join us by filling in the form below.


(4 digit year)

Already a member?