2008-02-12 coppermine webpage down

[Joachim Müller]

On 2008-02-12, the coppermine webpage went down because it was hacked. The attacker appears to have exploited the vulnerability of the Linux kernel discussed in the news article "Root exploit for Linux kernel in circulation" on heise online.
After 36 hours of downtime (with a preliminary web page set up on our backup webspace at sourceforge.net that explained what happened) the original page was restored.
We apologize for the downtime - hopefully, the site will now stay up and the issue has been fixed for good.
In an attempt to make sure that the attacker has not left behind a backdoor on our webspace, the site has not yet been restored fully (but only step-by-step after performing scans and tests). If you encounter broken links within coppermine-gallery.net, please try again later.

Joachim Müller

[AndrewC]

Glad you're back 

[cgc0202]

On 2008-02-12, the coppermine webpage went down because it was hacked. The attacker appears to have exploited the vulnerability of the Linux kernel discussed in the news article ...

I am glad  you are back.  But, this is a great concern for me, also. During the past year, I had a number of the servers of the softwares I used hacked -- Joomla, CPG, etc. As far as I know, this has happened several times to CPG already, i.e., being down for a long time -- not just hiccups, or scheduled maintenance.

Had this happened to my website, I would not know what happened and how to deal with the issue.  This is onee of the reasons why I am still with a shared server hosting service.  Many of the dedicated server hosting services I contacted do not offer technical help, such as dealing with a hack.  If you require their services, it would cost a fortune.

Are there precautions that could be taken to minimize this?

Cornelio

[Joachim Müller]

As far as I know, this has happened several times to CPG already, i.e., being down for a long time -- not just hiccups, or scheduled maintenance.

That's wrong. The site has been down some times because our webhost shut it down due to resources consumption (a lot of traffic). It has never been down due to hacks. Don't post such assumptions if you have no idea what you're talking about .

Are there precautions that could be taken to minimize this?

This is an announcement thread! It's not a thread where you can request help. The reasons for the hack has been explained in my initial posting already: there used to be a flaw in the kernel of the operating system of the server that has been exploited. This is not related to an application on the webspace being hacked, but a hack on an entirely different level. There are many sites on the www that are dedicated to server setup, where you can ask such questions. Coppermine is not among those sites. Don't expect an explanation here what a kernel is or how the attack was carried out.
I remind everyone to stay on topic, especially in this thread. Don't force us to lock down every thread...
Possible precautions that we can recommend: keep your apps up-to-date. Perform backups frequently. That's all the advice that I'm ready to give here. Now back to the topic please.

Joachim

[nointerest]

That explains why "suddenly" there was nothing there. I had thought that you where doing maintenance or something thought - I tend to not expect the worst *gg*.

Its good you were able to deal with it and now back thought. Hope that this stays this way.

[François Keller]

Thank's Joachim for your work, happy to see coppermine-gallery.net is back

[Makc666]

There are two problems:

• The Russian Language disappeared from forum
• The Russian Images disappeared from forum - like
  http://forum.coppermine-gallery.net/Themes/default/images/russian/new.gif

[Joachim Müller]

the site has not yet been restored fully

I haven't bothered about additional languages yet. Not sure I will. See

Allowing additional languages means additional maintenance works. That's why the additional languages have been removed - this thread is no longer valid.

[François Keller]

and do you mean the "new" icons can come back ? It's a usefull feature and on this time it's difficult to see new posts on the différents boards.
(i don't know if it's a lot of work to enable this or not, so i appologize if it is)

[SaWey]

I also noted that the topic icons are not available anymore ('Done', 'Solved', ...)

[Joachim Müller]

*Clearing throat*
Gentlemen, I have already said

the site has not yet been restored fully

. In other words: some features may be missing. The forum currently runs with SMF standard features. No mods applied. Please give me some time. I have spent many hours, restoring the site to be operational. Don't expect the icing on the cake yet - I'll do that when I have the time.

[SaWey]

Yes offcource, just posting as a reminder

PS: You're doing a fantastic job!!!

[François Keller]

I have spent many hours, restoring the site to be operational. Don't expect the icing on the cake yet - I'll do that when I have the time.

No problem, It was not a reproach. I know you spend a lot of your free time for the coppermine project. sorry for this silly question

[Phill Luckhurst]

Hope the hard work comes together.

We have over 1000 servers at one place I work so I know how hard it can be when a problem such as this arrises. We are lucky in that if one server goes down we can restore from a backup in minutes due to some custom software and backup hard disks/tape library. The basic build is on tha backup hard drives (which have to be swapped in manually) then the data is restored from tape. Various sites get hacked on a regular basis but the users rarely see too much of an impact. I wish I could run my sites on that system.

Good luck with the restore and keep up the good work.

[Hein Traag]

As it was just an announcement and no further usefull posts can be made for this thread it's now closed.