forum.coppermine-gallery.net

No Support => General discussion (no support!) => Topic started by: Funster on March 24, 2006, 06:16:14 pm

Title: Phishing trick
Post by: Funster on March 24, 2006, 06:16:14 pm

Hey folks,

tonight I noticed the following in my gallery: a new user named kktlung registered and immediately uploaded a file named q.php.rar with the following content:

Code: [Select]

<title>nsTView v2.0:: nst.void.ru</title>
<center>
<table width=100 bgcolor=#D7FFA8 border=1 bordercolor=black><tr><td>
<font size=1 face=verdana><center>
<b>nsTView v2.0 :: <a href=http://nst.void.ru style='text-decoration:none;'><font color=black>nst.void.ru</font></a><br></b>
</center>
<form method=post>
Password:<br>
<input type=password name=pass size=30 tabindex=1>
</form>
<b>Host:</b> www.domain.tld<br>
<b>IP:</b> 81.169.138.98<br>
<b>Your ip:</b> 84.131.56.144
</td></tr></table>(domain.tld was altered by me)

Well, I deleted the whole thing, what else would be better? But if you search the web for the specific user name or the name of the file, you get some hits.
What do you think about it?


Keep your eyes open, guys!

Cheers,
F.

Title: Re: Phishing trick
Post by: kegobeer on March 24, 2006, 06:46:31 pm

There are already discussions about the rar trick.  Please search before posting.

Don't allow rar files to be uploaded; verify people before allowing them access to your gallery; don't allow uploads; make your host properly configure the server so rar files are handled correctly.  All excellent ways to protect your gallery.

Title: Re: Phishing trick
Post by: Joachim Müller on March 25, 2006, 09:21:06 am

http://forum.coppermine-gallery.net/index.php?topic=29063.0
http://forum.coppermine-gallery.net/index.php?topic=22806.0
and some others. Actually, this is not a phising attack, but the server vulnerability can be used to even take over your server and execute any code.