forum.coppermine-gallery.net

Support => cpg1.4.x Support => Older/other versions => cpg1.4 miscellaneous => Topic started by: pftq on August 12, 2006, 01:10:08 pm

Title: Exploit/Hacked?
Post by: pftq on August 12, 2006, 01:10:08 pm
I was viewing what my visitors were doin on my site and I saw one viewing the admin panel of the gallery.  I know for sure I am the ONLY admin of the gallery - heck I'm the only member.  I thought it might have been that my tracker was wrong - but when I refreshed, the visitor was viewing the usermanager of the admin panel.

I changed my password to see if it helps - it sent the guy out to a logout screen - where he then went to log in page and made it back in.  I tried banning his IP.  Sent him out (saw him on Logout page) but he just went to the log in page and I next saw him on the album manager page.

I closed my gallery down for now just in case.

Is it possible my gallery got hacked?

I have latest 1.4.8 installed.

Sorry if it is really nothing - there's just been a few sites that have gotten hacked recently - and it just looks suspicious, especially since there are no other members on the gallery (and by the fact he kept getting sent to logout page, back to login etc).
Title: Re: Exploit/Hacked?
Post by: Joachim Müller on August 13, 2006, 08:10:15 am
How did you find out? What miracle tool do you use to find out what people do on your coppermine-driven gallery?
Title: Re: Exploit/Hacked?
Post by: pftq on August 13, 2006, 01:19:16 pm
I was watching thru a visitor tracker (tells you what page the visitor is on).  It doesn't seem like anythin's happened to my gallery tho (opened it for now).  Guess it was nothing - sorry bout that.  Just a bit paranoid atm :(
Title: Re: Exploit/Hacked?
Post by: Joachim Müller on August 13, 2006, 02:50:37 pm
Such a tracker can only tell you what page the visitor is browsing, but not if he can only do anything on that page. Test for yourself: log out, then go to a page only the admin can use (e.g. http://yoursite.tld/your_coppermine_folder/admin.php) and then check your "tracker": it appears as if someone was accessing an admin page.
This tells you something about the usefullness of your "tracker" software.
Title: Re: Exploit/Hacked?
Post by: pftq on August 13, 2006, 11:36:50 pm
Ok yes - but it just seems weird someone would have a link to those pages in the first place.
Title: Re: Exploit/Hacked?
Post by: Joachim Müller on August 14, 2006, 07:54:44 am
Someone could have typed the name in; everybody who knows coppermine a little bit can come up with the file names.
There are people around on the internet who are up to evil things. Make sure your passwords are not trivial and that all your software is up-to-date.
Title: Re: Exploit/Hacked?
Post by: pftq on August 14, 2006, 08:14:50 am
Alright got your point.  Thanks for the tip. :)  Sorry for the false alarm.