Advanced search  

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Pages: [1]   Go Down

Author Topic: Very puzzling  (Read 3827 times)

0 Members and 1 Guest are viewing this topic.

lilguy43uk

  • Coppermine newbie
  • Offline Offline
  • Posts: 17
Very puzzling
« on: October 07, 2017, 02:24:27 pm »

For some time now someone has been trying to access restricted system files on my gallery (latest stable release). Example from the security log.......
    Oct 06, 2017 at 08:26 PM - Denied privileged access to usermgr.php by user Guest at IP
    Oct 07, 2017 at 03:41 AM - Failed login attempt at IP with Username: GeorgeThery
    Oct 07, 2017 at 04:58 AM - Denied privileged access to register.php by user Guest at IP
    Oct 07, 2017 at 10:38 AM - Denied privileged access to usermgr.php by user Guest at IP
What is puzzling me is that there is no user called "Guest" on the board and guest logins are blocked anyway.
Note the failed login from GeorgeThery. User "Guest" seems to have been able to access the system in some way without logging in as there is never a record of him doing so in the Access Log, and yet the log identifies him as a user.
I've tried deactivating all the users but it's made no difference.
Any idea how he's getting in and how I can stop him? I lost the site once through this sort of thing and I don't want it to happen again.
Thanks
Logged

lilguy43uk

  • Coppermine newbie
  • Offline Offline
  • Posts: 17
Re: Very puzzling
« Reply #1 on: October 09, 2017, 09:40:33 am »

A bit more to the puzzle. I've changed the path to the gallery as a temporary measure and it seems to have stopped him and indicates to me that he's getting in through the front end and not the back end. So how is it that he doesn't appear in the access log?
I have no IP or email to let me block him and the username Guest doesn't appear in any of the members' profiles.
Guest access is disabled.
I can't leave the gallery offline for ever and would like to find a solution as soon as I can.
Logged

ron4mac

  • Administrator
  • Coppermine addict
  • *****
  • Country: us
  • Offline Offline
  • Posts: 2026
Re: Very puzzling
« Reply #2 on: October 09, 2017, 06:43:04 pm »

The username 'Guest' is just the default that is used for logging and error messages when CPG is accessed without being logged in. It does NOT mean that someone is logged in as 'Guest'.

It would seem that someone (or thing) has tried to access your site in hopes of discovering/using some exploit to gain controlling access. As annoying as it is, it is not at all uncommon in today's web landscape.  Just make sure you are using the latest CPG version (1.5.46 or 1.6.03).
Logged

lilguy43uk

  • Coppermine newbie
  • Offline Offline
  • Posts: 17
Re: Very puzzling
« Reply #3 on: October 10, 2017, 08:43:15 am »

Thanks for the reassurance Ron4mac. i was worried because i lost the site last year through this king of behaviour and I've only just restored it.
Logged

Αndré

  • Administrator
  • Coppermine addict
  • *****
  • Country: de
  • Offline Offline
  • Gender: Male
  • Posts: 15764
Re: Very puzzling
« Reply #4 on: November 08, 2017, 06:28:28 pm »

Please don't forget to create regular backups. Marking thread as solved.
Logged

lilguy43uk

  • Coppermine newbie
  • Offline Offline
  • Posts: 17
Re: Very puzzling
« Reply #5 on: November 08, 2017, 08:31:33 pm »

Thanks Andre

My apologies for forgetting to close the thread.

Cheers
Jim
Logged
Pages: [1]   Go Up
 

Page created in 0.018 seconds with 20 queries.