forum.coppermine-gallery.net

Support => cpg1.3.x Support => Older/other versions => cpg1.3 Miscellaneous => Topic started by: puretalk on May 13, 2006, 06:12:38 am

Title: My Coppermine Site Sent out Spamming Email. How?
Post by: puretalk on May 13, 2006, 06:12:38 am
The followings are the message from my host, can someone help. I need to know which file should I change in order this to happen again.

"There are files on your site that are allowing the spam to be sent. Just this morning the server was trying to send over 2500 emails, this caused the server to become overloaded and none of the sites on our server were working. We have been able to find the files that are spamming from within the file manager.
 
One of the files that was sending spam is located at: / public_html / albums / userpics / 10008 / Allah.php"

Thanks
Title: Re: My Coppermine Site Sent out Spamming Email. How?
Post by: Joachim Müller on May 13, 2006, 07:26:00 am
Allah.php is not part of the coppermine package, but a file that just resides within a sub-folder of your coppermine install. It has probably been uploaded by a malicious user as a subsequent hacking attempt (they try to disguise their trojan horses by putting them into sub-folders that look innocently). Delete the file in question (after having made a backup of it for forensic reasons) and scan your whole webserver for similar backdoors. Make sure to have the most recent coppermine version (as you have started your thread on the outdated cpg1.3.x board, you probably are not up-to-date). Make sure that you have not fallen vistim to the rar vulnerability (a webserver vulnerabilty, not a coppermine one, so you should ask your webhost) that has been discussed frequently on this board.
To summarize: this is probably not a coppermine issue. Ask your webhost for support. Search the board to find out what similar issues others had and what they did to solve it.
Title: Re: My Coppermine Site Sent out Spamming Email. How?
Post by: puretalk on May 13, 2006, 02:42:50 pm
Dear GauGau

Thanks, will ask my host to help