Support Forum Project Downloads FAQ Documentation About Demo Tutorials Blog Plugins
November 21, 2009, 11:24:25 am *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: cpg1.5.2 beta released
The brand new cpg1.5.x series that comes with a lot of new features finally has reached the release stage: a first public beta release cpg1.5.2 has been released that is mainly aimed at translators, testers and community members that have contributed in the past. The beta release is not meant to be used in a production environment, but only on testbeds and for evaluation purposes. There is currently no support for cpg1.5.x yet!
[more]
   Home   Help Search Board rules Login Register  
forum.coppermine-gallery.net > No Support > General discussion (no support!) > Topic: ly.php.rar & smekerie.php.rar uploaded to multiple coppermine based sites.
Pages: [1]   Go Down
« previous next »
  Send this topic  |  Print  
Author Topic: ly.php.rar & smekerie.php.rar uploaded to multiple coppermine based sites.  (Read 2196 times)
0 Members and 1 Guest are viewing this topic.
mike5751 Topic starter
Coppermine newbie

Posts: 1
« on: September 01, 2006, 08:00:27 pm »
Hello

I run coppermine photo software on my site and a few days ago, two people from a European country uploaded a file called “ly.php.rar” and "smekerie.php.rar".  They each joined as a new member and uploaded the file within 2 minutes of each other.  Upon doing a google search of the uploaded files, it turns out this file is uploaded on numerous coppermine based photo galleries.  The file title is random keystrokes and the user name is some made up one.  Anyone have any ideas? I am hesitant to open the file as it maybe a virus or nasty code.  Any idea whats going on? Its not just my site, its hundreds of sites that have this same file uplaoded in the same fashion.  I think somethings going on here.

Thanks
« Last Edit: September 01, 2006, 10:00:07 pm by mike5751 » Logged
Nibbler
Dev Team member
****
Gender: Male
United Kingdom United Kingdom

Posts: 19445



WWW
« Reply #1 on: September 01, 2006, 09:55:07 pm »
This was fixed ages ago, update your gallery.

http://forum.coppermine-gallery.net/index.php?topic=31534.0
http://forum.coppermine-gallery.net/index.php?topic=31671.0
Logged
I don't care about what they say, I won't live or die that way.
Xerom
Coppermine newbie

United States United States

Posts: 2
« Reply #2 on: November 06, 2009, 03:59:41 am »
This has been fixed by coppermine, however if you want to know how to deny execution of scripts in any folder, you can create a .htaccess file and place it into the folder then add the following to it:

RemoveHandler cgi-script .pl .py .jsp .asp .htm .shtml .sh .cgi .php
RemoveHandler php5-script .php

Instead of executing the script it just displays the script code as text in the browser

As a precaution I placed this in /albums/userpics/.htaccess and /albums/edit/.htaccess seems to have solved my problem and peace of mind.
Logged
Pages: [1]   Go Up
  Send this topic  |  Print  
forum.coppermine-gallery.net > No Support > General discussion (no support!) > Topic: ly.php.rar & smekerie.php.rar uploaded to multiple coppermine based sites.
 « previous next »
 
Jump to:  

Powered by SMF 1.1.10 | SMF © 2006-2009, Simple Machines LLC
Page created in 0.039 seconds with 15 queries.