FoU clan site hacked!
FoU clan site hacked!
Yeah we were kinda hacked by the notorious Perfect.BR team, as I'm sure most of you noticed. I have spent most of the day resolving this and everything should be back up and running within the next half hour.I will also explain in depth who hacked us and how to up site security so it can't happen again.
Hehe good and proper. Well hats off to 'em.Perfect.BR are a group of Brazilian site defacement hackers who find backdoors in Apache using sites (which ours is) and then redirects every single URL to one of their templates. Such as the one we had or "You were owned by Perfect.BR" etc.From what I've managed to find out about them, in a recent hacking competition where the goal was to hack as many sites as possible during a certain weekend they won with 192 points (over 2.5 times that of 2nd place). So they do know what they're doing.Here's a couple of sites with info on them:http://www.dominasecurity.com/hackerz/p ... try9366And I know the majority of you don't use pHp but to those who do, or intend to at some point I think I've found where they got in and for users of phpnuke 6.x you will need to open up your '/modules/News/index.php' file and find:[code:1:a7795fdb78]function rate_article($sid, $score) { global $prefix, $dbi, $ratecookie, $sitename, $r_options; if ($score) {if (isset($ratecookie)) { $rcookie = base64_decode($ratecookie); $r_cookie = explode(":", $rcookie);}for ($i=0; $i < sizeof($r_cookie); $i++) { if ($r_cookie[$i] == $sid) {$a = 1; }}if ($a == 1) { Header("Location:modules.php?name=News&op=rate_complete&sid=$sid&rated=1");} else { $result = sql_query("update ".$prefix."_stories set score=score+$score,ratings=ratings+1 where sid='$sid'", $dbi); $info = base64_encode("$rcookie$sid:"); setcookie("ratecookie","$info",time()+3600); Header("Location:modules.php?name=News&op=rate_complete&sid=$sid$r_options");} } else {include("header.php");title("$sitename: "._ARTICLERATING."");OpenTable();echo "<center>"._DIDNTRATE."<br><br>" .""._GOBACK."</center>";CloseTable();include("footer.php"); }}[/code:1:a7795fdb78]Then replace with:[code:1:a7795fdb78]function rate_article($sid, $score) { global $prefix, $dbi, $ratecookie, $sitename, $r_options; $score = intval($score); if ($score) { if ($score > 5) { $score = 5; } if ($score < 1) { $score = 1; } if ($score != 1 AND $score != 2 AND $score != 3 AND $score != 4 AND$score != 5) { Header("Location: index.php"); die(); } if (isset($ratecookie)) { $rcookie = base64_decode($ratecookie); $r_cookie = explode(":", $rcookie); } for ($i=0; $i < sizeof($r_cookie); $i++) { if ($r_cookie[$i] == $sid) { $a = 1; } } if ($a == 1) { Header("Location:modules.php?name=News&op=rate_complete&sid=$sid&rated=1"); } else { $result = sql_query("update ".$prefix."_stories setscore=score+$score, ratings=ratings+1 where sid='$sid'", $dbi); $info = base64_encode("$rcookie$sid:"); setcookie("ratecookie","$info",time()+3600); Header("Location:modules.php?name=News&op=rate_complete&sid=$sid$r_options"); } } else { include("header.php"); title("$sitename: "._ARTICLERATING.""); OpenTable(); echo "<center>"._DIDNTRATE."<br><br>" .""._GOBACK."</center>"; CloseTable(); include("footer.php"); }}[/code:1:a7795fdb78]Everything should be all back up and running now (finally!) but please be on the lookout for any bugs or errors that you find and let me know so I can fix them. Thanks.
-
DaikatanaGenshu
- Posts: 5829
- Joined: Thu Feb 17, 2022 8:24 pm
-
FailedMunchkin
- Posts: 715
- Joined: Thu Feb 17, 2022 8:24 pm
