23.6. Hacked - now what?

Here is an incomplete list of what you can do when you realize that your PHP-Nuke site has been hacked:

• Check the files on your server against your latest backup to check for any modifications.Tripwire can help you with this task.

• Reset all admin passwords.

• Search the logs for the message posting URL, e.g. *admin.php?op=messages , find the perpetrator's IP and notify the person responsible for the network.

• If using Apache, create "admin" user group, add a new user to this group and create the appropriate .htaccess file (Section 25.4).

• Limit access to admin.php to a "tight" IP range/subnet.

• Install the Protector module (Section 8.3.7), which gives you "high level" logs of session activity on your PHP-Nuke site.

• Re-evaluate the security of installed 3rd party modules/blocks.

See also

• My site running phpnuke 6.9 got hacked,

• Hacked - what do I do?,

• My site has reset itself to the 'welcome to php-nuke' screen.