forum.coppermine-gallery.net

No Support => General discussion (no support!) => Topic started by: mike5751 on September 01, 2006, 09:00:27 pm

Title: ly.php.rar & smekerie.php.rar uploaded to multiple coppermine based sites.
Post by: mike5751 on September 01, 2006, 09:00:27 pm

Hello

I run coppermine photo software on my site and a few days ago, two people from a European country uploaded a file called “ly.php.rar” and "smekerie.php.rar".  They each joined as a new member and uploaded the file within 2 minutes of each other.  Upon doing a google search of the uploaded files, it turns out this file is uploaded on numerous coppermine based photo galleries.  The file title is random keystrokes and the user name is some made up one.  Anyone have any ideas? I am hesitant to open the file as it maybe a virus or nasty code.  Any idea whats going on? Its not just my site, its hundreds of sites that have this same file uplaoded in the same fashion.  I think somethings going on here.

Thanks

Title: Re: ly.php.rar & smekerie.php.rar uploaded to multiple coppermine based sites.
Post by: Nibbler on September 01, 2006, 10:55:07 pm

This was fixed ages ago, update your gallery.

http://forum.coppermine-gallery.net/index.php?topic=31534.0
http://forum.coppermine-gallery.net/index.php?topic=31671.0

Title: Re: ly.php.rar & smekerie.php.rar uploaded to multiple coppermine based sites.
Post by: Xerom on November 06, 2009, 04:59:41 am

This has been fixed by coppermine, however if you want to know how to deny execution of scripts in any folder, you can create a .htaccess file and place it into the folder then add the following to it:

RemoveHandler cgi-script .pl .py .jsp .asp .htm .shtml .sh .cgi .php
RemoveHandler php5-script .php

Instead of executing the script it just displays the script code as text in the browser

As a precaution I placed this in /albums/userpics/.htaccess and /albums/edit/.htaccess seems to have solved my problem and peace of mind.