Protect Yourself From Hackers

TNG Forums TNG Home Page TNG Wiki TNG Hosting

Help Search Members Calendar Member Sites Install Help TNG Modifications

Protect Yourself From Hackers, php hacks.

reverendspam	Apr 29 2007, 07:24 PM Post #1
Advanced Member Group: Members Posts: 267 Joined: 10-October 02 From: Deep Gap, NC Member No.: 19	There has been a lot of talk lately of people's TNG sites being hacked and files deleted. A couple of folks had their index.php file deleted. It Just happened to me a couple of days ago. My surnames.php file was deleted and I did not think anything of it until others on the TNG mail list started reporting issues as well as those on this forum. A wonderful group (tongue in cheek) called "Angels of Death" hacked me. They left their tell tale sign in my errors.log. They were pure amateurs as the pros will typically redirect you or add a page to your file with thier calling card stating their name. Apparently the script kiddies are at the end of a school year and are bored between studying for their exams (IMG:style_emoticons/default/icon_smile.gif) Anyways, the theme of those that are being hacked has to do with their php.ini files having rester globals set to On. Per Darrin: Go to your admin backend -->Setup-->Diagnostics and see if your register_globals is turned off. If not then edit your php.ini file and turn it off. You may have php.ini in numerous directories as I do. I would advise to changing every file. Per Darrin again: QUOTE Also, I noticed another vulnerability that affects people with register_globals turned OFF. If you think that's you, you should edit your globallib.php file and replace this code: if( $_GET && is_array( $_GET ) ) { foreach( $_GET as $key=>$value ) { ${$key} = $value; } } if( $_POST && is_array( $_POST ) ) { foreach( $_POST as $key=>$value ) { ${$key} = $value; } } with this: if( $_GET && is_array( $_GET ) ) { foreach( $_GET as $key=>$value ) { if($key == 'cms' \|\| $key == 'lang' \|\| $key == 'mylanguage') die("sorry!"); ${$key} = $value; } } if( $_POST && is_array( $_POST ) ) { foreach( $_POST as $key=>$value ) { if($key == 'cms' \|\| $key == 'lang' \|\| $key == 'mylanguage') die("sorry!"); ${$key} = $value; } } (two lines added). I believe Darrin will fix this in the next upgrade. You may also want to check your directories to make sure there are no strange files that you do not recognize. You may want to delete them. Check your directory permissions as well. If you have TNG in its own directory try setting the permission to 750 making sure to check your program still runs effectively. Joe

Posts in this topic

reverendspam Protect Yourself From Hackers Apr 29 2007, 07:24 PM

genfan Go to your admin backend -->Setup-->Diag... May 1 2007, 12:29 PM

genfan If not then edit your php.ini file and turn it o... May 1 2007, 01:04 PM

reverendspam I do not see a php.ini file in any of my director... May 1 2007, 06:34 PM

Rush If you are on a hosted provider, you will not see ... May 1 2007, 05:52 PM

Rush Definitely worth a shot, but I don't know to... May 1 2007, 07:50 PM

genfan Definitely worth a shot, but I don't know to ... May 2 2007, 09:52 AM

Roy Thank you Rush. I made the changes to my Globall... Dec 13 2007, 10:12 PM

TNGUSER In the TNG version that I have, register_globals ... Dec 14 2007, 10:03 AM

theKiwi In the TNG version that I have, register_globals ... Dec 14 2007, 10:17 AM

Rush I was curious if you tried the php.ini files in yo... May 2 2007, 04:16 PM

kpeirce End boring history And now for some more boring s... May 3 2007, 02:43 AM

reverendspam ... Part one: Find a web site that is vulnerable... May 3 2007, 05:59 PM

Brenda There has been a lot of talk lately of people... May 2 2007, 04:34 PM

Rush I just tested it again on my local server: With r... May 2 2007, 05:03 PM

Brenda I just tested it again on my local server: With ... May 2 2007, 05:06 PM

tngrlkrz I just tested it again on my local server: With ... Jul 19 2007, 06:36 AM

mugwumpr If with register_globals ON and no change to glob... Aug 8 2007, 10:56 PM

Rush Not a problem... ;) I think one of the best thi... May 2 2007, 05:08 PM

Rush Once the attack is successful they can do anythin... May 4 2007, 06:15 AM

reverendspam If they have an ounce of common sense (or comput... May 4 2007, 06:53 AM

William There has been a lot of talk lately of people... May 11 2007, 02:13 PM

eilthireach I bought the software last year and have it set up... May 11 2007, 03:08 PM

Rush William, A test and fix is posted in this message... May 11 2007, 06:02 PM

William if one were to wait to use web software that was... May 12 2007, 09:51 AM

dlassen Hi Rush, I think I'm not "getting it... Jun 9 2007, 06:40 AM

Darrin Lythgoe Just for the record, all recommended security chan... Jan 17 2008, 11:06 AM

TNGUSER Rush, this is probably a silly question but here g... Jun 11 2007, 08:07 AM

JackM375 If my site is set for password only users, does th... May 12 2007, 10:59 AM

Rush William, Completely agree... Especially when deal... May 12 2007, 11:36 AM

thewag Well, here I am thinking that I'm safe running... May 12 2007, 01:02 PM

dicksonvm Hello! This is the second time in a few days ... May 20 2007, 06:29 AM

bryanlewis I got hacked and took my site offline for a little... Jun 5 2007, 11:31 AM

Rush I can only speak for my server, which was vulnerab... Jun 5 2007, 11:48 AM

Rush TNGUSER, Requiring a login did prevent this type ... Jun 11 2007, 09:15 AM

TNGUSER thank you Rush...will give it a try. Jun 11 2007, 11:06 AM

TNGUSER TNGUSER, Requiring a login did prevent this type... Jun 17 2007, 07:28 AM

macfocus Hi all, Can anyone tell me if this hack thingy ca... Jun 29 2007, 01:57 PM

Rush Yes, the data in the database can be compromised (... Jun 29 2007, 04:41 PM

ms Jay Rush, I agree that nothing is completely free of... Oct 14 2007, 12:11 AM

Northern New Mexico Families My hosting provider tells me that my TNG site was ... Nov 19 2007, 06:29 PM

Rush The snip of the log file doesn't show how they... Nov 19 2007, 09:27 PM

Northern New Mexico Families The snip of the log file doesn't show how the... Nov 20 2007, 03:47 PM

Northern New Mexico Families In the log file a successful hijack isn't app... Nov 20 2007, 05:10 PM

Rush Well, I suppose we will be at a stand still on tha... Nov 20 2007, 06:40 PM

thewag I've installed a my own historytemplate.php: ... Nov 24 2007, 05:49 PM

Rush I did basically the same thing too, but I used hta... Nov 24 2007, 06:06 PM

Paul Wake My global registers show up as being on. As of mi... Dec 14 2007, 12:41 PM

Brad :!: I'm having real installation problems... Dec 19 2007, 06:29 PM

genfan When I run this line: I get the following error... Dec 19 2007, 09:17 PM

theKiwi I think that line means exactly what it says. If ... Dec 19 2007, 07:35 PM

Brad I think that line means exactly what it says. If... Dec 19 2007, 07:53 PM

Paul Wake So, what is still confusing is simply to figure o... Dec 19 2007, 09:03 PM

theKiwi Rush has not posted on this thread since the relea... Dec 19 2007, 08:57 PM

theKiwi Yes if you have TNG 6.1.3 and you DON'T have h... Dec 19 2007, 09:30 PM

tmcguire 1. To determine if "register_globals" is... Jan 18 2008, 01:56 PM

Ken Roy 3. I dislike the fact that TNG comes with the dat... Jan 20 2008, 11:01 AM

tmcguire I for one would be interested in what you have do... Jan 21 2008, 07:09 PM

tmcguire I just wanted to add one more item to the list: S... Apr 12 2008, 06:03 PM

tmcguire Regarding "register_globals": (see first... Apr 13 2008, 12:21 PM

Dremel Hi, i am a new TNG User and i am now a litle bit ... Apr 14 2008, 10:58 AM

tmcguire Dremel - You must remember, as elsewhere, TNG web... Apr 14 2008, 02:53 PM

Patsy Go to your admin backend -->Setup-->Diagn... Apr 30 2008, 08:45 AM

« Next Oldest · Installation and Configuration · Next Newest »

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members: