Results 1 to 8 of 8

Thread: php-nuke vulnerability?

  1. #1

    php-nuke vulnerability?

    Our website has been defaced 3 times in the last month or so. Could this be a new php-nuke exploit? I checked the OSVB and other db's but couldnt find anything substancial. I have the latest version of php-nuke we have been forced to shut down the php-nuke section because of the hole. my website is currently down because the host ran out of disk space (lol). Does anybody know of this?
    we got defaced by alucard, then another by wetico (alucard is a member), and then by #innocent boys
    if you have time be sure to drop my my website at www.johnscompany.net

  2. #2
    Senior Member
    Join Date
    Nov 2001
    Posts
    1,255
    How are they getting in? Surely you have logs. Examine them, see what the hits were. At the very least you will see the scripts involved and can start working towards repairing any such hole. As for there being holes in phpnuke, it doesn't surprise me, a lot of php-related projects haven't exactly had an astounding security track record. If this does turn out to be a vulnerability, you should notify the PHPNuke people, but I assume you already know that. :P
    Chris Shepherd
    The Nelson-Shepherd cutoff: The point at which you realise someone is an idiot while trying to help them.
    \"Well as far as the spelling, I speak fluently both your native languages. Do you even can try spell mine ?\" -- Failed Insult
    Is your whole family retarded, or did they just catch it from you?

  3. #3
    Senior Member cwk9's Avatar
    Join Date
    Feb 2002
    Posts
    1,207
    Anyone ever tried Protector System?
    http://protector.warcenter.se

    It claims to protect PHPNuke against a range of attacks.

  4. #4
    Senior Member
    Join Date
    Jan 2002
    Posts
    1,207
    PHP-Nuke and some other PHP based open source apps are very weakly written, there are a great deal of vulnerabilities, most of which allow the site to be defaced and possibly the server compromised.

    I would recommend that you do not run PHP-Nuke in a public-facing environment (might be safe for intranet)

    If you absolutely must run it, then you MUST run something like mod_security (Or Microsoft's URLScan if on IIS) to try to mitigate SQL injection exploits.

    These filtering tools aren't that good, and often turn up false positives - on the other hand, if you turn too many rules off, they won't work. So some tuning is required.

    Slarty

  5. #5
    thanks guys
    if I dont run php-nuke what do you suggest?
    if you have time be sure to drop my my website at www.johnscompany.net

  6. #6
    Senior Member
    Join Date
    Oct 2001
    Posts
    786
    I strongly dislike PHP-Nuke (various reasons), but I do love POST-Nuke. On the whole, POST-Nuke is more secure with the installations, but lacks some of the eye-candy of PHP-Nuke. It requires you to be comfortable to set up good security/permissions, but hasn't had many exploits found, except for a couple found somewhat recently that were quickly fixed. It is also more open than PHP-Nuke, and there are a lot of modules written for it. http://www.postnuke.com

    If you want to keep the current content on your website, moving to POST-Nuke won't be a problem - the installation can upgrade/import from PHP-Nuke. I recommend you make a backup of your MySQL databases first, and then you can try POST-Nuke.

    If you want other ideas, checkout http://www.opensourcecms.com/ and demo the different CMS solutions they have on their website to find one you like. You can demo POST-Nuke, Xoops, among others.

  7. #7
    Junior Member
    Join Date
    Jun 2004
    Posts
    6
    Until a few days ago I wasn't serious about wanting to learn security, and was acting like a script kiddie.

    While I was trying to cause as much havoc as possible, I was using a PHP-Nuke exploit. This is probably what the defacers of your site were using. It's an vulnerability in the AddAuthor module, allowing an addition of a God ( admin which cannot be deleted ) account, which has access to the admin panel and everything on it. I believe there is a patch out there somewhere, but I have not looked.

    Good luck with patching your site up.
    Security noob.

  8. #8
    try the nsn_your_account hack dont have to use email server and has some added security features you can see it at my sight http://linuxwagga.kicks-ass.org do a search on google for it im running phpnuke 7.2
    tell ya what i will put it in my download section for ya

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •