My Site was hacked by some Turkish Hackers

[veryboredme]

My site was hacked by some Turkish hackers:

Turkish Hackers
| Afillidelikanli |
| Z.U.L.K.A.R.N.E.Y.N.|

What should I do now? How can I prevent this from happening again?
My site wasn't really known yet, and didn't had much content, and still, I'm sooo angry and sad right now :td:
I used php-nuke, which CMS should I use now? which one won't be that easy to huck? I'm afraid that my site will be hacked again and again cause they already know it, and I don't know what to do
That never happened to me before

 

[weblord]

Always install the latest update and patches for your site. Don't click on links sent to you via email, type them by hand, and don't download .exe files. Those are the basic ones.

Enable php su exec on your server and install mod_security and also apf (firewall)

 

[Peter]

although weblord's advice is good it is not always practicle. some scripts do not work with su exec enabled (not sure about php-nuke) and to do the others you need root level access to the server.

I used to run a php-nuke site and was acked as such all it was, was that there was a bug that enabled anyone to publish a story without it being authorised by an admin. Does it looks like just another story? or is it the whole page taken over.

php-nuke used to be well known for bugs not sure if it is now. Ensure that you have the very latest version installed. There is ussually a version that is only available to club members but it can be found ussually by doing a search (ensure however that if you download it from another site that the site you are downloading from is highly respected as someone could easily tamper with the code and re package it).

Also take a look over at http://www.nukecops.com/ as this is a very good site that posts fixes to further secure php-nuke.

 

[veryboredme]

All the sites was taken over, they posted their nicknames, and some pics.
I just uninstalled php-nuke, I guess I'll have to use another CMS, but still I'm afraid that it will happen again

 

[Peter]

the only proper way to see what caused it is to gain access to the http logs and see the logs for the time of the hack.

 

[veryboredme]

Hmmm, can I do it from the Cpanel? and if yes how?

 

[weblord]

it's in your raw access logs just grep it or download it and use excel to open it, if you remember the date/time of the hack incidence then "search" for it using excel. HTH

 

[sin]

I never see any sites that are claimed to be hacked by people in the US. Lol http://universityhumor.com/ was hacked recently by some foreign people also.
I don't have any advice but I feel bad for you

 

[veryboredme]

weblord- ok, will try it now, thanx.

rocca~thanx for your sympathy.
I always heard of sites being hacked, but never thought that it will ever happen to me, as I thought that my site is not important enough to get hacked.

ok, I downloaded the Raw access log, it appears to be a .gz file, and inside a .com file, how do I open it? Do I have to change the extension?

 

[Peter]

you can just open it in any text editor.

 

[dhscott]

Try nuke-evolution, handles itself pretty well

 

[veryboredme]

filth@flexiwebhost - it won't open there

qwhois - isn't nuke-evolution a lot like nuke? is it more secure?

 

[dhscott]

Yes it is a lot more secure

 

[veryboredme]

I just googled one of the hackers and found out that they hacked a lot of sites,and also found a forum profile of one of them:
http://www.cyber-warrior.org/forum/pop_up_profile.asp?profile=66682&ForumID=21

 

[EGS]

You should use a better content management system, like Joomla or Mambo. If you're looking for something like PHP Nuke, more-over a portal CMS, there are some alternatives out there.

There is, for example, Xoops. Alternatively, you can just use a forum to be your website. Many forum software have a portal feature which is a convenient way to hold a community website portal, and is actually quite similar to PHP Nuke's functioning - just a lot more secure.

As far as I know phpBB, punBB, MyBB, IPB, and vB all have a portal feature - you just have to choose which one to go for. I'd recommend punBB because it's so simple and easy to customize, but choose one that'll fit your needs.

Oh, and if you found this post useful...please give me some positive reputation. :tu:

 

[dhscott]

phpbb is worse than phpnuke, the two should be married in my opinion!

 

[veryboredme]

I use Xoops for one of my other sites, and quite like it, but I don't think that it will suit this site, and I already tried Joomla, don't really like it, and I read somewhere that it's not that secure too.
I wonder if there are any special stand alone scripts that can help with the site security.

 

[MickeyKid]

I also have a PHP-NUKE SITE and I would like to know if anyone knows how I could EXPORT the data into some other software that is more secure?

That would be so cool!
Mickey

 

[weblord]

sorry for the delay of reply
download winrar so you can decompressed it, .gz is a zipped file
http://www.rarlab.com/download.htm

or use this .gz windows viewer and extractor
http://www.altap.cz/salam_en/features/tar.html

ok, I downloaded the Raw access log, it appears to be a .gz file, and inside a .com file, how do I open it? Do I have to change the extension?