What we could use is a report from someone who was already running cpg1.4.16 (and only coppermine) on his webspace before the infaction happened.
I had a problem yesterday with intermediate (mid-size images) not displaying properly. Turns out the solution to this was to simply shut off the EXIF data display --- which I did. This is in a separate forum posting.
As part of trying to figure out the mid-size image problem, I realised I hadn't updated the gallery to
1.4.16 (I was running 1.4.12). I updated successfully to
1.4.16 yesterday afternoon, UK time, and all was well. Once I turned off the EXIF data display, the website ---
www.bark.ch --- seemed to be working perfectly.
I woke up this morning with Kaspersky growling at me. Seems that when I try to go to
www.bark.ch with IE7 I get what Kaspersky says is "Trojan-Downloader.Java.OpenStream.c." Kaspersky also mentions ..//cdpuvbhfzz.com/dl/loadereadv598.jar/Matrix.cl and ..//cdpuvbhfzz.com/dl/java.jar/GetAccess.class
It seems that our CPG site has been hacked. And we were running 1.4.16 at the time, and the only thing we have on the
www.bark.ch domain is CPG. This, however, runs on a dedicated Linux server with our other websites, which include other CPG galleries (all fine --- so far), and some BB's (also fine).
As I'd installed
1.4.16 yesterday, it was quite easy to find files that had been amended since the update. I removed these files from our server, and I saved them --- safely --- in a folder on my workstation. I can zip them up and attach them here if they'd be helpful.
I then proceeded to re-install
1.4.16, as I'd done yesterday. It seems to have installed an updated correctly --- no warning signs or other flags. But the problem is still there when trying to view the site with IE.
As we have a managed server, I've contacted our hosting company and they are in the process of trying to track this down for me.
I'm afraid that much of the intricate workings of CPG and PHP are over my head --- which is why, at least with PHP, we rely upon the folks who manage our server.
If I can help in any way, please let me know. I'll also continue to watch this posting to see if others have been able to solve this problem --- and find a way to prevent it from happening again.