Advanced search  

News:

cpg1.5.46 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter recently discovered vulnerabilities. It is important that all users who run version cpg1.5.44 or older update to this latest version as soon as possible.
[more]

Pages: [1]   Go Down

Author Topic: Remove relocate_server.php file from your website  (Read 73863 times)

0 Members and 1 Guest are viewing this topic.

kegobeer

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 4637
  • Beer - it does a body good!
    • The Kazebeer Family Website
Remove relocate_server.php file from your website
« on: November 27, 2005, 02:09:59 pm »

If you installed 1.4.2 or any 1.4 betas, you have a file called relocate_server.php in your root Coppermine directory.  You need to remove this file as soon as possible.  This file is designed to assist when moving from one server to another.  It allows the user to view the information in config.inc.php, but doesn't ask for any authentication.  If you have this file on your server your MySQL database information is available for anyone who executes the script.

Remove this file from your website as soon as possible.

Thank you.
Logged
Do not send me a private message unless I ask for one.  Make your post public so everyone can benefit.

There are no stupid questions
But there are a LOT of inquisitive idiots

Makc666

  • Translator
  • Coppermine addict
  • **
  • Offline Offline
  • Gender: Male
  • Posts: 1608
  • Русский (ISO-8859-1) - Russian - Ğóññêèé (Windows)
    • Makc's home page
Re: Remove relocate_server.php file from your website
« Reply #1 on: November 27, 2005, 03:22:43 pm »

Why there is no any news about this "Critical Update" on the main page?
http://coppermine-gallery.net/
Now every one read the forums... ???
Logged

kegobeer

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 4637
  • Beer - it does a body good!
    • The Kazebeer Family Website
Re: Remove relocate_server.php file from your website
« Reply #2 on: November 27, 2005, 03:27:24 pm »

Maybe because not all the devs have access to change it?

Locking this thread now.

Edit: Now listed on the index.
« Last Edit: November 27, 2005, 08:58:14 pm by kegobeer »
Logged
Do not send me a private message unless I ask for one.  Make your post public so everyone can benefit.

There are no stupid questions
But there are a LOT of inquisitive idiots

Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47844
  • aka "GauGau"
    • gaugau.de
Re: Remove relocate_server.php file from your website
« Reply #3 on: April 09, 2006, 12:26:15 pm »

As suggested above, the file relocate_server.php must be removed from your server, as it could be used by others to tamper with your site. If you actually need it, get the copy I attached to this posting, but make sure to remove it from your server after having used it.
Logged

Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47844
  • aka "GauGau"
    • gaugau.de
Re: Remove relocate_server.php file from your website
« Reply #4 on: April 21, 2006, 09:09:56 am »

In cpg1.4.5, I re-added a file named relocate_server.php to make sure that users who upgrade actually fix the older, dangerous version of that file. The file I have added to cpg1.4.5 is harmless and will only forward users to your index page.
Logged
Pages: [1]   Go Up
 

Page created in 0.014 seconds with 21 queries.