Many of my sites, also running PhpNuke, had been hacked numerous times in the past but since deploying a coiuple of the security "patches", I only get notification of hack attempts and so far, after 6 months, no successful breaches. I dont have the two patches handy, but a google search should turn them up, assuming they have not already been applied. Most appear to be some for of sql injection hack, but earlier versions of PhpNuke also had numerous holes elsewhere.
Cheers ------ original message ------ From: Jarrod Major <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Sent: Sun Sep 05 14:29:40 MDT 2004 Subject: [clug-talk] clug.ca 'hacked' again -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hey All, I'm sad to report that the CLUG website has been hacked yet again. Thank-you to everyone who called me and informed me of the news. I was aware of it late last night but haven't been able to do anything about it till recently. It appears that there is a hack where someone may inject an admin account into our Nuke and I found two of them as it turns out. The accounts have been removed for now but I have not been able to track down where they managed to get their cute little post into our home page. It's irrelevant. This has pretty much tied the Executive Board's hands. We decided to make it easy on ourselves and go with a Nuke rather than making our own content-management system or doing static web pages that only we had access to. This will be rectified shortly. This kind of thing cannot continue, the vandalism of our site has been relatively tame, no real vulgarity but at some point they could start making changes to things like meeting notices and input incorrect dates or times. As we want the most accurate, secure website that we can have we will be changing it once again. You patience in the meantime is appreciated. - -- Jarrod Major GPG Fingerprint: FA4A 1EA3 A0EE A842 07BB 804C 0090 14F6 BE6E DE3D CLUG President Registered Linux User: #224211 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2-rc1-SuSE (GNU/Linux) iQCVAwUBQTt3NACQFPa+bt49AQIp1gQAh2WoKayjtLXRJcvVi7PgjrXYTTUCLn4s vVs3UxUN4xfJ2obl+pGoZv0FAUwLU6T/4OmwUXJUfww9QMs/K9gn/jOqTrFT9PBF PAB5fNmszD5v4rHwmofA20OTkxrW/qL4CM63YoQe733eRh42aXJpnC1Rf4qvZsQo ZPvCVz3V88s= =lB7h -----END PGP SIGNATURE----- _______________________________________________ clug-talk mailing list [EMAIL PROTECTED] http://clug.ca/mailman/listinfo/clug-talk_clug.ca _______________________________________________ clug-talk mailing list [EMAIL PROTECTED] http://clug.ca/mailman/listinfo/clug-talk_clug.ca
