php-nuke vulnerability?

[unit321]

Our website has been defaced 3 times in the last month or so. Could this be a new php-nuke exploit? I checked the OSVB and other db's but couldnt find anything substancial. I have the latest version of php-nuke we have been forced to shut down the php-nuke section because of the hole. my website is currently down because the host ran out of disk space (lol). Does anybody know of this?
we got defaced by alucard, then another by wetico (alucard is a member), and then by #innocent boys

[chsh]

How are they getting in? Surely you have logs. Examine them, see what the hits were. At the very least you will see the scripts involved and can start working towards repairing any such hole. As for there being holes in phpnuke, it doesn't surprise me, a lot of php-related projects haven't exactly had an astounding security track record. If this does turn out to be a vulnerability, you should notify the PHPNuke people, but I assume you already know that. :P

[cwk9]

Anyone ever tried Protector System?
http://protector.warcenter.se

It claims to protect PHPNuke against a range of attacks.

[slarty]

PHP-Nuke and some other PHP based open source apps are very weakly written, there are a great deal of vulnerabilities, most of which allow the site to be defaced and possibly the server compromised.

I would recommend that you do not run PHP-Nuke in a public-facing environment (might be safe for intranet)

If you absolutely must run it, then you MUST run something like mod_security (Or Microsoft's URLScan if on IIS) to try to mitigate SQL injection exploits.

These filtering tools aren't that good, and often turn up false positives - on the other hand, if you turn too many rules off, they won't work. So some tuning is required.

Slarty

[unit321]

thanks guys
if I dont run php-nuke what do you suggest?

[Tim_axe]

I strongly dislike PHP-Nuke (various reasons), but I do love POST-Nuke. On the whole, POST-Nuke is more secure with the installations, but lacks some of the eye-candy of PHP-Nuke. It requires you to be comfortable to set up good security/permissions, but hasn't had many exploits found, except for a couple found somewhat recently that were quickly fixed. It is also more open than PHP-Nuke, and there are a lot of modules written for it. http://www.postnuke.com

If you want to keep the current content on your website, moving to POST-Nuke won't be a problem - the installation can upgrade/import from PHP-Nuke. I recommend you make a backup of your MySQL databases first, and then you can try POST-Nuke.

If you want other ideas, checkout http://www.opensourcecms.com/ and demo the different CMS solutions they have on their website to find one you like. You can demo POST-Nuke, Xoops, among others.

[lomu]

Until a few days ago I wasn't serious about wanting to learn security, and was acting like a script kiddie.

While I was trying to cause as much havoc as possible, I was using a PHP-Nuke exploit. This is probably what the defacers of your site were using. It's an vulnerability in the AddAuthor module, allowing an addition of a God ( admin which cannot be deleted ) account, which has access to the admin panel and everything on it. I believe there is a patch out there somewhere, but I have not looked.

Good luck with patching your site up.

[reaper44]

try the nsn_your_account hack dont have to use email server and has some added security features you can see it at my sight http://linuxwagga.kicks-ass.org do a search on google for it im running phpnuke 7.2
tell ya what i will put it in my download section for ya