PHP Nuke vunerability

For some reason I had PHP Nuke installed on my server at hostmonster.com, some hackers used a vunerabilty in this to install a script in the home directory which sent hundreds of phishing emails and then completely wiped every file and folder from my account on the server. luckily I had done a full local backup 3 day ago, but still is a major headache to re install everything when there were 5 sub domains.

So if PHP Nuke is installed on your account at hostmonster, it is not the latest version and you should update it or if you are not using it, disable it. to do this, log into your control panel, go to fantastico deluxe, click on PHP Nuke and see if its installed.

Wouldn't want anyone else to have this problem.

DosDawg(positive)

161 days ago


	shared hosting, must have register_globals on, this is a big problem. there is no way for them to install a script on your machine if you were on a dedicated machine (even if shared with other dolphin hosting accounts) and register_globals were OFF. later, DosDawg thanks for the info though.

tango3d(positive)

161 days ago


	register_globals were off but am on shared hosting, it was hostmonster that alerted me to the problem with PHP Nuke

connections

159 days ago


	I've been running Nuke since late 2005 and never had hacker problems other than bots, spam bots and porn bots (forum areas, an occasional shout) which are more of an annoyance than a threat IMO. .htaccess edits control them to the most part but what i would suggest, if you're not already running, is Sentinel and or Protector. They are the bomb ;o) Both are part of my Nuke Platinum but are also stand alone mods you can get for free.

tango3d(positive)

159 days ago


	Hey, thanks for that advice, I will go check it out

PHP Nuke vunerability

Comments

Post a Comment