forum.coppermine-gallery.net

Support => cpg1.3.x Support => Older/other versions => cpg1.3 Miscellaneous => Topic started by: stemmen on August 28, 2006, 04:16:36 pm

Title: CPG has been HACKED
Post by: stemmen on August 28, 2006, 04:16:36 pm

My gallery has been hacked.

They put their signature in my config-file. How can I restore it so the gallery works again?

Reg. Jan!

Title: Re: CPG has been HACKED
Post by: Joachim Müller on August 28, 2006, 04:30:26 pm

Best bet: restore from your backup (if you have one).
If you don't have a backup you could restore, download the entire content of your coppermine folder to your local hard drive, then examine what they did. Replace broken / modified files with clean ones from the package. Do the same thing with your database (create a dump and examine it). Pay particular attention to any backdoors (e.g. admin accounts) the attackers might have left. Change all your passwords (coppermine admin, FTP password, mySQL password) and reflect the changes by editing your_coppermine_folder/include/config.inc.php
Don't use trivial passwords. Review your server logs if you have access to them.
Make sure to upgrade your gallery to the most recent stable version of coppermine (currently cpg1.4.9) - you probably got hacked because you used outdated versions that have security flaws.

As you posted a generic question, above answers may appear generic to you as well. If you need details, search the board for similar questions (as this has been asked and answered before, and we're reluctant to repeat ourselves over and over). If you can't find the answers you need by searching, post more details (a link to your coppermine-driven gallery might be a good start).