forum.coppermine-gallery.net
Support => cpg1.4.x Support => Older/other versions => cpg1.4 miscellaneous => Topic started by: fishkill on February 01, 2007, 01:30:47 am
-
Not really sure on how to approach this problem. I was testing a commercial web application vulnerability testing tool against my server and now i cant log into coppermine at all (all galleries are private). Apache is working normally (other pages are served) , as is mysql ( can log in to mysql on the server itsself) but i cant seem to authenticate at all via the web interface - when i do attempt to login , no errors are generated i just get presented with the login screen. Additionally I had a friend register an account on the site, but she was unable to proceed past the disclaimer.
any suggestions would be greatly appreciated
P.S. I would have posted debug info, but i cant access any pages that would have it.
Thanks in advance
-Fish
-
Not really sure on how to approach this problem. I was testing a commercial web application vulnerability testing tool against my server and now i cant log into coppermine at all (all galleries are private). Apache is working normally (other pages are served) , as is mysql ( can log in to mysql on the server itsself) but i cant seem to authenticate at all via the web interface - when i do attempt to login , no errors are generated i just get presented with the login screen. Additionally I had a friend register an account on the site, but she was unable to proceed past the disclaimer.
any suggestions would be greatly appreciated
P.S. I would have posted debug info, but i cant access any pages that would have it.
Thanks in advance
-Fish
Interesting. A few questions to clarify...
Did you have a working installation of the most current version of Coppermine? If yes, how long was it running?
Were you able to previously log in, upload, view, etc?
Then you ran the tool and it caused you to lose access?
When your friend went to register, did the account get created in the MySQL database? (Can you see the account using phpMyAdmin?)
-
I was testing a commercial web application vulnerability testing tool against my server
Ask the people who created that tool. They probably ran a brute force attack against the site which resulted in your logon being banned (which is a feature against brute force attacks). Use phpMyAdmin or similar to remove the temporary ban.
-
Ask the people who created that tool. They probably ran a brute force attack against the site which resulted in your logon being banned (which is a feature against brute force attacks). Use phpMyAdmin or similar to remove the temporary ban.
there was most certainly a bruteforce attack in play, ive installed pma but there is nothing listed in the bans. unfortunately the only time i can work on this is when the kid is asleep and i think i zigged when i should have zagged and dropped a table... now all i get is this - "Critical error There was an error while processing a database query"
am i hosed?
also this PMA tool isnt very intuitive, what would i be looking for really?
sorry for being so troublesome
-Fish
-
Dropping a table without knowing what it actually does is not a bright idea. Restore the table from your backup. Enable debug_mode manually to see what the actual error message is (do not post the debug_output, but only the error message). To find out how to manually enable debug_mode, check the tutorial http://coppermine-gallery.net/tutorial/debug_mode.php
-
duly noted ... thanks for the direction
-Fish