forum.coppermine-gallery.net

No Support => General discussion (no support!) => Topic started by: tumnus on January 30, 2005, 02:18:51 pm

Title: Sinister cpg events
Post by: tumnus on January 30, 2005, 02:18:51 pm
Attack of the disappearing images.... part the second.

A continuing tale to make thee all beware, or something...

Ok, so maybe some of you noticed my other post from when a client's coppermine got all its images erased somehow. it was a bit like this:

Hiya. I've just gone through the arduous and boring task of re-uploading and re-filling a client's coppermine gallery. I admin it, and he does the uploads.
Last week though, all the folders in his gallery with 777 permissions have been utterly cleared out.
My ISP is getting back to me with the server logs, but is there any means by which i can avoid this is future?
must it be 777?

and anyway, i presume the average http user wouldn't know how to do this, right?

They told me in the end that the logs were rotated and gone, which i wasn't too impressed with.

Now, having re-uploaded the latest cpg (with watermark hack) it's gone and happened again. Same as last time the site's all there, but most of the images are gone. It's still only him that logs into the cpg, at home, where all is trustable. Only I ftp it and I'd know if someone got the ftp pass for my sites off me... they'd all be going down.

This time round, i'm getting a bit more attention from my server folk, but i chmodded all 777s to 755 wherever i could get away with it. But whatever this event is, i notice sinisterly that it waited til my client had done lots of uploading before emptying the site out.

If anyone can shed me any light or suggestions on this, that'd rule. If not..... warning!

and what kind of inside job did you mean here, kegobeer?
This sounds like an "inside job", and in that case permissions wouldn't really matter.

and btw: with all this jazz going on, how am i gonna keep the site up other than daily backup by ftp? is it even worth it, do you think? My client's already prodding me to go to a new provider. Any suggestions for good providers to run cpg in?
Title: Re: Sinister cpg events
Post by: kegobeer on January 30, 2005, 03:36:25 pm
An inside job = someone with access to your site via ftp/control panel/etc.  No hacking required.

I would definitely move to another host.  There are a bunch of good ones out there.  You need to evaluate how much traffic your site gets per month, the transfer per month, how much you are willing to pay, etc.  I think there is already a thread about recommended hosts.