Print

[Grendel]

Ok guys... I believe I am getting remote hacked.  I checked my user logs regularly and found direct linking into the gallery on my site that basically gives a hacker major access...

PLEASE ADVISE!... I know you do not like having info posted on the board but I do not know how else to contact the appropriate people.  Here is a sample link... I have removed user info from my site and left it open so you may investigate... everything is backed up...


I use Joomla 1.0.8  Coppermine 1.4.4 and CoppermineVis 1.3.0

This sucks and would appreciate any type of immediate action.

[Grendel]

Ok guys... I believe I am getting remote hacked.  I checked my user logs regularly and found direct linking into the gallery on my site that basically gives a hacker major access...

PLEASE ADVISE!... I know you do not like having info posted on the board but I do not know how else to contact the appropriate people.  Here is a sample link... I have removed user info from my site and left it open so you may investigate... everything is backed up...


I use Joomla 1.0.8  Coppermine 1.4.4 and CoppermineVis 1.3.0

[kegobeer]

Looks like a problem with the Joomla wrapper and not Coppermine.  If you disable the Joomla wrapper, does this attack work?  I'm guessing it won't.

[kegobeer]

You've also removed the Coppermine tag line.  Please replace it immediately.

[Grendel]

Actually it was part of a purchased module from http://www.joombla.com/  it has a configuration option to remove it and states it is legal to do so... Talk with that guy. Coppermine is not sold there... but the integration with Joomla is.

[kegobeer]

You need to address this potential hack to the author of the Joomla wrapper.  It looks like he/she did not do any sanitizing of request variables.

[Grendel]

Wish I knew more about programming... what a pain in the butt!.... Thank you for such a quick response... You rule!

[Joachim Müller]

we're aware that he tells people it's legal to remove the "Powered by Coppermine" footer. It is not. He doesn't have the power to allow you to do that. We have already contacted the guy. We do not recommend CoppermineVis.

[Tranz]

So should the thread be invalid?

[Joachim Müller]

@Thu: yes, marking accordingly.

@Grendel: don't shout at us (your thread subject actually blames us of having released vulnerable code) - your thread is trying to make it look as if your site got hacked because of coppermine flaws. Although there have been flaws in coppermine in the past (and there probably will be in the future, as we're only human - we will probably make coding mistakes), the issues you're having and the reason for your site getting hacked are not related to coppermine, but using another third party app that the Coppermine team clearly disapproves. Shouting "thief" or "bug" actually means smacking us in the face. I suggest you keep your cool in the future...

[Grendel]

@Thu: yes, marking accordingly.

@Grendel: don't shout at us (your thread subject actually blames us of having released vulnerable code) - your thread is trying to make it look as if your site got hacked because of coppermine flaws. Although there have been flaws in coppermine in the past (and there probably will be in the future, as we're only human - we will probably make coding mistakes), the issues you're having and the reason for your site getting hacked are not related to coppermine, but using another third party app that the Coppermine team clearly disapproves. Shouting "thief" or "bug" actually means smacking us in the face. I suggest you keep your cool in the future...

Sorry if it seemed so... thing is... the site was hacked and there was an immediate need to find out why.  Shouting is a way of getting attention to the matter in as fast of time as possible... The problem was unknown... it could have been your code (even though in this case it was not) and people should have a right to know that something is up... once identified as to who the culprit was.... then you will see that I give credit when it was due...

I appreciate your guys passion... maybe it is a cultural difference... but do not be too sensitive. Remember you are reading written word... Meaning can be interpreted many different ways.