forum.coppermine-gallery.net

Support => cpg1.3.x Support => Older/other versions => cpg1.3 Permissions & Access Rights => Topic started by: help_james on February 05, 2006, 06:35:55 pm

Title: 777 folders hacked
Post by: help_james on February 05, 2006, 06:35:55 pm
I recently found all folders with 777 permissions have been hacked (such as /include and /albums) and usually injected with 3 files. ".htaccess file and two .php files something like include.php, base.php, create.php or coding.php etc."
I must have some of the folders on this site set to 777 as software such as coppermine requires it.
I have managed to go through and remove the damage in order to get the site operational again but still have a load of infected folders which need cleaning.
Can you advise how to stop this happening in the future and do you have an idea of how this occured?
Title: Re: 777 folders hacked
Post by: Joachim Müller on February 06, 2006, 01:37:55 am
can only happen on webservers where the virtual hosting accounts aren't properly shielded against each other. If one webspace hosted on your server got hacked one way or the other, the attacker can get access to all other virtual webspaces on the same server if the server itself isn't configured properly.
Usually, 777 is not a security risk, unless your webhost doesn't know his way around (or doesn't care).

Bottom line: complain at your webhost!
Title: Re: 777 folders hacked
Post by: help_james on February 11, 2006, 02:16:21 pm
they are responding with the point that 777 folders are world readable and writeable. surely this must be a security issue in coppermine as wouldn't it be better if no folders were writable by anonymous users. how can the hosting provider protect folders that have been given permission to be altered by anyone.
Title: Re: 777 folders hacked
Post by: Nibbler on February 11, 2006, 04:24:52 pm
To be able to accept uploads, Coppermine must be able to write to the 'albums' folder in order to store the files that are uploaded. If the permissions have to be 777 for that to be possible then it is a server setup issue. 'include' only requires write access during installation.
Title: Re: 777 folders hacked
Post by: kegobeer on February 11, 2006, 06:22:22 pm
they are responding with the point that 777 folders are world readable and writeable. surely this must be a security issue in coppermine as wouldn't it be better if no folders were writable by anonymous users. how can the hosting provider protect folders that have been given permission to be altered by anyone.

The only way someone can take advantage of 777 is if they can somehow upload a malicious script to your site.  If your host is hacked, then your site will be vulnerable, period.  If you don't allow non-image files, you are not vulnerable.  Besides, you should review all files uploaded to your site before the general public can see them.

As Nibbler stated, if you don't have writable folders, Coppermine won't work.
Title: Re: 777 folders hacked
Post by: testpig on September 16, 2006, 04:24:49 am
I have the same issue. 777 folders were exploited to hack my Coppermine gallery and create half a days work for me restoring it.
 
I understand the software needs to write to the server - catch is that users can also if the folders are set to 777. In my opinion this is a major risk and unfortunately I'll be reviewing which platform I use for my gallery going forward.
 
Dont get me wrong - great software...... but I'm concerned about 777 folders.
Title: Re: 777 folders hacked
Post by: Tranz on September 16, 2006, 06:21:35 am
As GauGau said, the problem is with an improper server setting. We use Coppermine ourselves so we wouldn't want our galleries nor our users' galleries to be hacked. If having writable directories were a problem, we wouldn't suggest allowing it.

So either complain to your host or get another one. You're bound to get hacked again sooner or later. The problem is not with the gallery.
Title: Re: 777 folders hacked
Post by: Joachim Müller on September 16, 2006, 07:50:22 am
Recommended reading: Why chmod 777 is NOT a security risk (http://www.simplemachines.org/community/index.php?topic=2987.0) by Unknown W. Brackets (Simple Machines Community Forum)