Here is an incomplete list of what you can do when you realize that your PHP-Nuke site has been hacked:
Check the files on your server against your latest backup to check for any modifications.Tripwire can help you with this task.
Reset all admin passwords.
Search the logs for the message posting URL, e.g. *admin.php?op=messages , find the perpetrator's IP and notify the person responsible for the network.
If using Apache, create "admin" user group, add a new user to this group and create the appropriate .htaccess file (Section 25.4).
Limit access to admin.php to a "tight" IP range/subnet.
Install the Protector module (Section 8.3.7), which gives you "high level" logs of session activity on your PHP-Nuke site.
Re-evaluate the security of installed 3rd party modules/blocks.
See also
Help us make a better PHP-Nuke HOWTO!Want to contribute to this HOWTO? Have a suggestion or a solution to a problem that was not treated here? Post your comments on my PHP-Nuke Forum! Chris Karakas, Maintainer PHP-Nuke HOWTO |