The changes made by the hackers were in two places. First, during the installation routine all data submitted (this includes the server, the database credentials, the admin name and password) is sent to a different server. Second, in one file there was code allowing a malicious user to execute any shell command on the web server.
As noted before, immediate action
is required from everyone who downloaded the .zip package between Sunday (24.Oct) at 23:50 GMT until Tuesday (26.Oct) at 8:30 GMT.
1. Immediately remove the affected file /includes/pnAPI.php and replace it on your server with the original one (either from a fresh download or from http://cvs.postnuke.com/viewcvs.cgi/Historic_PostNuke_Library/postnuke-devel/html/includes/pnAPI.php?rev=1.86&content-type=text/vnd.viewcvs-markup
2. Check the access-logs for any entry containing 'oops='. If you find any call please contact the PostNuke Security Team via http://forums.postnuke.com/index.php?module=vpContact
providing the access log for further investigation.
3. Change your database details, username, password and if possible, database name.
Future Safety Precautions
In the future to avoid downloading tampered files please compare the MD5 checksums with an independent source to ensure legitimacy, such as http://www.post-nuke.net. For those unfamiliar with MD5 it is a check you can use to make sure the download has not been tampered with and can be trusted. In order to compute a checksum you need an MD5 utility and you can find a variety of tools (for windows) here: http://lists.gpick.com/pages/Checksum_Tools.htm
and another favorite is the free and platform independent open source project jacksum (http://www.jonelo.de/java/jacksum/
) You can also find more information about this topic on Wikipedia at http://en.wikipedia.org/wiki/Md5
Finally, be assured we are working to find the hacker and will take any and all legal action when they are found.
PostNuke is a community, content, collaborative management system, a C3MS providing webmasters with a set of tools to build a dynamically generated web site within minutes of downloading the software. It's backed by a team of dedicated, talented developers, designers, and volunteers with years of experience.
General Info About PostNuke:
Modular Structure, Customized Functionality through Third-Party Modules, Advanced User Group Permissions System, Multi-language Support (Approximately 36 Language Packs Available), Embedded WYSIWYG HTML Editor Activated on Most Text Entry Areas, Site Search, Advanced API (Application Programming Interface), Focused on High Level of Security, Easy-to-Use Guided Browser Based Installation, Easily Change/Customize Your Site's Look/Feel Through Plug-in Themes, Provides advanced content management features while promoting collaboration, communication and community around the content.
A Short List of Available Modules
News Publishing, Content Management, RSS Feeds, Voting Booth/Polls, Banners Module, Comments Module- allows other modules, including Downloads, Web_Links, News, and Reviews to attach comments to posted content, FAQ Module, Forums Module, Member's List, Private Messaging, Ratings Module, Recommend Us Module, Reviews Module, Sections Module, Stats Module