PHP Nuke vunerability

tango3d posted 31st of July 2008 in Community Voice. 4 comments.

For some reason I had PHP Nuke installed on my server at hostmonster.com, some hackers used a vunerabilty in this to install a script in the home directory which sent hundreds of phishing emails and then completely wiped every file and folder from my account on the server. luckily I had done a full local backup 3 day ago, but still is a major headache to re install everything when there were 5 sub domains.

 

So if PHP Nuke is installed on your account at hostmonster, it is not the latest version and you should update it or if you are not using it, disable it. to do this, log into your control panel, go to fantastico deluxe, click on PHP Nuke and see if its installed.

 

Wouldn't want anyone else to have this problem.

 
Comments
·Oldest
·Top
Please login to post a comment.
DosDawg
DosDawg31st of July 2008
 
shared hosting, must have register_globals on, this is a big problem. there is no way for them to install a script on your machine if you were on a dedicated machine (even if shared with other dolphin hosting accounts) and register_globals were OFF.

later,
DosDawg

thanks for the info though.
PermalinkReplyPlus0 pluses
tango3d
tango3d31st of July 2008
 
register_globals were off but am on shared hosting, it was hostmonster that alerted me to the problem with PHP Nuke
PermalinkReplyPlus0 pluses
connections
connections2nd of August 2008
 
I've been running Nuke since late 2005 and never had hacker problems other than bots, spam bots and porn bots (forum areas, an occasional shout) which are more of an annoyance than a threat IMO. .htaccess edits control them to the most part but what i would suggest, if you're not already running, is Sentinel and or Protector.

They are the bomb ;o)

Both are part of my Nuke Platinum but are also stand alone mods you can get for free.
PermalinkReplyPlus0 pluses
tango3d
tango3d2nd of August 2008
 
Hey, thanks for that advice, I will go check it out
PermalinkReplyPlus0 pluses
 
 
Home
Features
Pricing
Hosting
Support
About
StartDemo
Below is the legacy version of the Boonex site, maintained for Dolphin.Pro 7.x support.
The new Dolphin solution is powered by UNA Community Management System.

Blogs

Dolphin.Pro News
BoonEx News
Our Journey
Social Software World
Community Voice

Help

Support Forums
Documentation
BoonEx at GitHub
Custom Jobs
Contact Support Team

Product

Dolphin.Pro Features
Live Demo & Sandbox
Download Packages
Pricing & Order
Contact Sales Team

Company

Contact Us
About BoonEx
Privacy Policy
Terms & Conditions
© BoonEx Pty Ltd
SSL
© BoonEx
Home
Features
Pricing
Support
Hosting
About
Demo
PET:0.059762001037598