Possible security alert: admin_db_utilities.php ?

[LupinOne]

Long time no talk to.

Well, I didn't get the notice on the patches and I got hacked... and bad. Server rooted and all that nastiness. One thing I kept seeing in the logs was this:

[Evaders99]

Oh I haven't made phpNuke 8.1 compatible patches here.
But the Patched files at http://www.nukeresources.com are updated for 8.1.
(They just don't include any of the recent security issues for 2008)

I personally don't recommend 8.1 anyway. A lot of untested code and not worth your money.

As to the attacks against the Forums admin scripts, they have been patched a long time ago. Automated bots are trying anyway, on the slight chance you have not been patched. I doubt you were hacked by this exact attack, but there are lots of other vulnerabilities.

If you are sure there's a specific one that allowed hackers in, and you believe your site is properly patched, please let me know and I can investigate it.
_________________
Evaders99
Webmaster
Administrator

Fighting is terrible, but not as terrible as losing the will to fight.
- SW:Rebellion Network - Evaders Squadron Coding -

The cake is a lie.

[LupinOne]

yeah, I spent the $12 and got 8.1, but I still had to apply your 2 patches to the ../modules/Search/index.php and to the phpbb2nuke 2.0.22 I downloaded. I guess that 8.1 comes with .21

Not really sure how they got in, but most likely via the PM exploit or the search one.

At any rate, the fantasy is - I may be patched. I just wanted to toss that file up in case it was something new since it was all over my logs.

Oh yeah... and happy new year and all that since we haven't chatted in a while

[Evaders99]

Yea you'll need to use BBToNuke 2.0.22. Looks like you're good.

Happy new year to you too!
_________________
Evaders99
Webmaster
Administrator

Fighting is terrible, but not as terrible as losing the will to fight.
- SW:Rebellion Network - Evaders Squadron Coding -

The cake is a lie.