forum.coppermine-gallery.net

Support => cpg1.3.x Support => Older/other versions => cpg1.3 Miscellaneous => Topic started by: nateoatari on December 21, 2004, 06:27:21 am

Title: What on earth...Worm?
Post by: nateoatari on December 21, 2004, 06:27:21 am
This site is defaced!!!
NeverEverNoSanity WebWorm generation 18.

This is what is displayed on my galllery...http://www.magesfire.com/coppermine/
Almost the exact same on one of my friends.
What's going on?
Title: Re: What on earth...Worm?
Post by: Tranz on December 21, 2004, 06:40:31 am
A lot of the hacked sites these days are due to using old phpbb versions but I can't seem to find one on your site; at least you don't have links to phpbb from your home page. In my webhost board, the people who reported getting hit by that group had old phpbb forums.

The other possibility is the vulnerability in php v.4.3.9
Title: Re: What on earth...Worm?
Post by: Tarique Sani on December 21, 2004, 08:25:21 am
Looks like the vulnerability in PHP version < 4.3.9 has been exploited
Title: Re: What on earth...Worm?
Post by: click on December 21, 2004, 09:28:02 am
Same problem on my website
http://www.martijnlammerts.nl/beeldbank2/

What can I do to remove this worm ?
Title: Re: What on earth...Worm?
Post by: Tranz on December 21, 2004, 09:34:08 am
It looks like your site is down; I got a "connection refused."

You need to replace your files from a backup and change account passwords.

You can also try looking over your raw logs to find who did the defacement and block the IP and contact their ISP.
Title: Re: What on earth...Worm?
Post by: raummusik on December 22, 2004, 01:47:49 am
same here. **** off.. and im fool, i got no recent backup of the changed php files.. damn it! hope my webspace prov. got a 2 days backup ..

cheers. raum

edited. Do not cuss, though I'm not sure if you were quoting, but no need to quote verbatim. -Tranzndance.