Advanced search  

News:

cpg1.5.46 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter recently discovered vulnerabilities. It is important that all users who run version cpg1.5.44 or older update to this latest version as soon as possible.
[more]

Pages: [1]   Go Down

Author Topic: 2008-02-12 coppermine webpage down  (Read 63282 times)

0 Members and 1 Guest are viewing this topic.

Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47844
  • aka "GauGau"
    • gaugau.de
2008-02-12 coppermine webpage down
« on: February 14, 2008, 07:31:23 pm »

On 2008-02-12, the coppermine webpage went down because it was hacked. The attacker appears to have exploited the vulnerability of the Linux kernel discussed in the news article "Root exploit for Linux kernel in circulation" on heise online.
After 36 hours of downtime (with a preliminary web page set up on our backup webspace at sourceforge.net that explained what happened) the original page was restored.
We apologize for the downtime - hopefully, the site will now stay up and the issue has been fixed for good.
In an attempt to make sure that the attacker has not left behind a backdoor on our webspace, the site has not yet been restored fully (but only step-by-step after performing scans and tests). If you encounter broken links within coppermine-gallery.net, please try again later.

Joachim Müller
Logged

AndrewC

  • Coppermine novice
  • *
  • Offline Offline
  • Posts: 34
Re: 2008-02-12 coppermine webpage down
« Reply #1 on: February 14, 2008, 08:38:12 pm »

Glad you're back  :)
Logged

cgc0202

  • Coppermine frequent poster
  • ***
  • Offline Offline
  • Posts: 199
Re: 2008-02-12 coppermine webpage down
« Reply #2 on: February 14, 2008, 09:12:28 pm »

On 2008-02-12, the coppermine webpage went down because it was hacked. The attacker appears to have exploited the vulnerability of the Linux kernel discussed in the news article ...

I am glad  you are back.  But, this is a great concern for me, also. During the past year, I had a number of the servers of the softwares I used hacked -- Joomla, CPG, etc. As far as I know, this has happened several times to CPG already, i.e., being down for a long time -- not just hiccups, or scheduled maintenance.

Had this happened to my website, I would not know what happened and how to deal with the issue.  This is onee of the reasons why I am still with a shared server hosting service.  Many of the dedicated server hosting services I contacted do not offer technical help, such as dealing with a hack.  If you require their services, it would cost a fortune.

Are there precautions that could be taken to minimize this?

Cornelio
Logged

Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47844
  • aka "GauGau"
    • gaugau.de
Re: 2008-02-12 coppermine webpage down
« Reply #3 on: February 14, 2008, 09:36:12 pm »

As far as I know, this has happened several times to CPG already, i.e., being down for a long time -- not just hiccups, or scheduled maintenance.
That's wrong. The site has been down some times because our webhost shut it down due to resources consumption (a lot of traffic). It has never been down due to hacks. Don't post such assumptions if you have no idea what you're talking about >:(.

Are there precautions that could be taken to minimize this?
This is an announcement thread! It's not a thread where you can request help. The reasons for the hack has been explained in my initial posting already: there used to be a flaw in the kernel of the operating system of the server that has been exploited. This is not related to an application on the webspace being hacked, but a hack on an entirely different level. There are many sites on the www that are dedicated to server setup, where you can ask such questions. Coppermine is not among those sites. Don't expect an explanation here what a kernel is or how the attack was carried out.
I remind everyone to stay on topic, especially in this thread. Don't force us to lock down every thread...
Possible precautions that we can recommend: keep your apps up-to-date. Perform backups frequently. That's all the advice that I'm ready to give here. Now back to the topic please.

Joachim
« Last Edit: February 15, 2008, 09:35:36 am by Joachim Müller »
Logged

nointerest

  • Translator
  • Coppermine regular visitor
  • **
  • Offline Offline
  • Gender: Female
  • Posts: 91
    • Karateschule Okinawa (Bayreuth, Kulmbach, Pegnitz, Auerbach)
Re: 2008-02-12 coppermine webpage down
« Reply #4 on: February 15, 2008, 12:26:41 am »

That explains why "suddenly" there was nothing there. I had thought that you where doing maintenance or something thought - I tend to not expect the worst *gg*.

Its good you were able to deal with it and now back thought. Hope that this stays this way.
Logged

François Keller

  • Dev Team member
  • Coppermine addict
  • ****
  • Country: fr
  • Offline Offline
  • Gender: Male
  • Posts: 9093
  • aka Frantz
    • Ma galerie
Re: 2008-02-12 coppermine webpage down
« Reply #5 on: February 15, 2008, 08:34:41 am »

Thank's Joachim for your work, happy to see coppermine-gallery.net is back
Logged
Avez vous lu la DOC ? la FAQ ? et cherché sur le forum avant de poster ?
Did you read the DOC ? the FAQ ? and search the board before posting ?
Mon Blog

Makc666

  • Translator
  • Coppermine addict
  • **
  • Offline Offline
  • Gender: Male
  • Posts: 1608
  • Русский (ISO-8859-1) - Russian - Ğóññêèé (Windows)
    • Makc's home page
Re: 2008-02-12 coppermine webpage down
« Reply #6 on: February 15, 2008, 12:19:32 pm »

There are two problems:
Logged

Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47844
  • aka "GauGau"
    • gaugau.de
Re: 2008-02-12 coppermine webpage down
« Reply #7 on: February 15, 2008, 07:04:40 pm »

the site has not yet been restored fully
I haven't bothered about additional languages yet. Not sure I will. See
Allowing additional languages means additional maintenance works. That's why the additional languages have been removed - this thread is no longer valid.
Logged

François Keller

  • Dev Team member
  • Coppermine addict
  • ****
  • Country: fr
  • Offline Offline
  • Gender: Male
  • Posts: 9093
  • aka Frantz
    • Ma galerie
Re: 2008-02-12 coppermine webpage down
« Reply #8 on: February 16, 2008, 09:57:59 am »

and do you mean the "new" icons can come back ? It's a usefull feature and on this time it's difficult to see new posts on the différents boards.
(i don't know if it's a lot of work to enable this or not, so i appologize if it is)
Logged
Avez vous lu la DOC ? la FAQ ? et cherché sur le forum avant de poster ?
Did you read the DOC ? the FAQ ? and search the board before posting ?
Mon Blog

SaWey

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 1119
    • SaWey.be
Re: 2008-02-12 coppermine webpage down
« Reply #9 on: February 16, 2008, 01:48:11 pm »

I also noted that the topic icons are not available anymore ('Done', 'Solved', ...)
Logged

Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47844
  • aka "GauGau"
    • gaugau.de
Re: 2008-02-12 coppermine webpage down
« Reply #10 on: February 16, 2008, 02:30:12 pm »

*Clearing throat*
Gentlemen, I have already said
the site has not yet been restored fully
. In other words: some features may be missing. The forum currently runs with SMF standard features. No mods applied. Please give me some time. I have spent many hours, restoring the site to be operational. Don't expect the icing on the cake yet - I'll do that when I have the time.
Logged

SaWey

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 1119
    • SaWey.be
Re: 2008-02-12 coppermine webpage down
« Reply #11 on: February 16, 2008, 03:18:04 pm »

Yes offcource, just posting as a reminder :)

PS: You're doing a fantastic job!!!
Logged

François Keller

  • Dev Team member
  • Coppermine addict
  • ****
  • Country: fr
  • Offline Offline
  • Gender: Male
  • Posts: 9093
  • aka Frantz
    • Ma galerie
Re: 2008-02-12 coppermine webpage down
« Reply #12 on: February 16, 2008, 03:18:55 pm »

Quote
I have spent many hours, restoring the site to be operational. Don't expect the icing on the cake yet - I'll do that when I have the time.
No problem, It was not a reproach. I know you spend a lot of your free time for the coppermine project. sorry for this silly question
Logged
Avez vous lu la DOC ? la FAQ ? et cherché sur le forum avant de poster ?
Did you read the DOC ? the FAQ ? and search the board before posting ?
Mon Blog

Phill Luckhurst

  • Administrator
  • Coppermine addict
  • *****
  • Country: gb
  • Offline Offline
  • Gender: Male
  • Posts: 4456
    • Windsurf.me
Re: 2008-02-12 coppermine webpage down
« Reply #13 on: February 16, 2008, 05:39:22 pm »

Hope the hard work comes together.

We have over 1000 servers at one place I work so I know how hard it can be when a problem such as this arrises. We are lucky in that if one server goes down we can restore from a backup in minutes due to some custom software and backup hard disks/tape library. The basic build is on tha backup hard drives (which have to be swapped in manually) then the data is restored from tape. Various sites get hacked on a regular basis but the users rarely see too much of an impact. I wish I could run my sites on that system.

Good luck with the restore and keep up the good work.
Logged
It is a mistake to think you can solve any major problems just with potatoes.

Hein Traag

  • Dev Team member
  • Coppermine addict
  • ****
  • Country: nl
  • Offline Offline
  • Gender: Male
  • Posts: 2166
  • A, B, Cpg
    • Personal website - Spintires.nl
Re: 2008-02-12 coppermine webpage down
« Reply #14 on: February 17, 2008, 05:06:44 pm »

As it was just an announcement and no further usefull posts can be made for this thread it's now closed.
Logged
Pages: [1]   Go Up
 

Page created in 0.024 seconds with 21 queries.