forum.coppermine-gallery.net

Support => cpg1.4.x Support => Older/other versions => cpg1.4 miscellaneous => Topic started by: chuck6478 on February 17, 2010, 04:00:55 am

Title: Hacked or hijacked?
Post by: chuck6478 on February 17, 2010, 04:00:55 am

Example: http://www.threedogsportinggoods.com/gallery/displayimage.php?album=8&pos=1

The caption below the filmstrip now contains an ad for some sort of Rolex knockoff watches.  :-\   Trust me, I didn't put it there and I have no idea how to get rid of it.

Every file in my gallery (php and images) is now dated 1/17/2010. I've not uploaded any photos since 2009.

How can I remove the trash?  ???

How can I prevent this happening again?

Thanks
Title: Re: Hacked or hijacked?
Post by: Jeff Bailey on February 17, 2010, 04:30:24 am
Try what is suggested here: Yikes, I've been hacked! Now what? (http://forum.coppermine-gallery.net/index.php/topic,51927.0.html)
Title: Re: Hacked or hijacked?
Post by: phill104 on February 17, 2010, 08:16:34 am
Please render the Powered by Coppermine footer visible if you want further support.
Title: Re: Hacked or hijacked?
Post by: chuck6478 on February 17, 2010, 01:24:37 pm
The footer used to be there. That's just one more thing I guess. Is there a setting to turn it on/off?

Thanks
Title: Re: Hacked or hijacked?
Post by: AntonLargiader on February 17, 2010, 02:52:42 pm
You were advised last fall to update away from 1.4.24. Now CPG is at 1.4.26.
Title: Re: Hacked or hijacked?
Post by: AntonLargiader on February 17, 2010, 04:41:29 pm
The footer used to be there. ..

It's there, but your stylesheet specifically/deliberately makes it the same color as the background.
Title: Re: Hacked or hijacked?
Post by: phill104 on February 17, 2010, 05:58:26 pm
Yep, I doubt a hacker would deliberately go to the extent of changing a bit of css to match your background and specifically with your footer. What would be their motiv? Please restore the footer.
Title: Re: Hacked or hijacked?
Post by: phill104 on February 17, 2010, 06:07:11 pm
Looking further into your problem it appears you used your hosts installer. They might have modified the footer, they might be injecting the adverts. If you are still using your hosts install package and just replaced the missing filed from the download you got here then that could very well be the problem.

Upgrade to the latest version using a copy from this site. Then install a test copy from your host. If you see adverts on the copy your host provides then you will know exactly where they came from. If you do not see the adverts on the test install then read the yikes thread suggested above.
Title: Re: Hacked or hijacked?
Post by: AntonLargiader on February 17, 2010, 06:09:43 pm
SiteGround has nine free templates on their site; that one is the only one where the CPG credit is so hard to see. Of course they made their own credit very easy to see, but in the other eight you can easily read the CGP credit although it has different styling than SiteGround's credit.

I suppose under their terms of use, you could change the the CSS classes around and make theirs hard to read instead...

Anyway, if SG is doing the hosting and is providing the installation...  they should get involved. They're running out-of-date software and you got hacked. The need to stay up to date is all over these boards and was pointed out specifically in your previous thread.

It's pretty typical for installers like Fantastico to have old software, too.
Title: Re: Hacked or hijacked?
Post by: chuck6478 on February 17, 2010, 06:29:25 pm
Too all who have replied, thank you.

1) It was never my intention to not give Coppermine credit. I understand how open source software works and why.
2) I must have missed any notification of a new version because I usually do update to the latest release as soon as it is stable.

Thanks Anton for investigating the missing footer. I never noticed.

I'll take care of it this evening.

Thank you.
Title: Re: Hacked or hijacked?
Post by: François Keller on February 17, 2010, 10:03:51 pm
just my though. It seems that the advertise are in comments who where posted on each pictures (see the lateste comment meta album...).
Title: Re: Hacked or hijacked?
Post by: phill104 on February 17, 2010, 10:21:18 pm
Too all who have replied, thank you.

1) It was never my intention to not give Coppermine credit. I understand how open source software works and why.
2) I must have missed any notification of a new version because I usually do update to the latest release as soon as it is stable.

Thanks Anton for investigating the missing footer. I never noticed.

I'll take care of it this evening.

Thank you.

I have contacted Siteground re the footer. Thanks to those who made us aware of it. Siteground have provided some templates where they have always kept the footer in-tact so I am sure it is an oversight on their part.

Your second point about notification. Well that really needs you to keep a check on this site for release announcements. The forthcoming cpg1.5 now gives the admin of the site a warning in the back end making it far easier for admins to keep up to date. We realise that not everyone can regularly check here so as long as people upgrade when they are requested to do so in a support thread then that is great for both you and us. CPG1.5 will make that even easier.
Title: Re: Hacked or hijacked?
Post by: Joe Carver on February 17, 2010, 11:22:51 pm
The caption below the filmstrip now contains an ad for some sort of Rolex knockoff watches.

Francois is correct - what you have is called "Forum Spam"

How can I remove the trash?  ???

Delete the Comments for each or all. (your Coppermine docs will tell you how (as admin))

How can I prevent this happening again?

Disable Comments for unregistered users OR search around the plugins and the Support forum for Captcha - reCaptcha or just plain old spam.
Title: Re: Hacked or hijacked?
Post by: chuck6478 on February 18, 2010, 12:36:25 am
Thank you all.

I'm glad to find out it is something as simple as mass unwanted comments. I will clean them up after I update the site and fix the footer.
Title: Re: Hacked or hijacked?
Post by: phill104 on February 18, 2010, 01:36:57 am
The footer is simple. Just edit the templates css file.

Open the templates css file (style.css) and around line 272 you will find 3 entries - .footer, .footer a and .footer a:hover

Simply change the colours for each of those to something visible.

so

Code: [Select]
.footer {
color: 444c5b;
text-decoration: none;
}

would become something like

Code: [Select]
.footer {
color: BBBBBB;
text-decoration: none;
}

Do the same for the other 2 classes and you will be once again a happy bunny.

As mentioned above, the capcha plugins will reduce your comment spame to next to nothing.
Title: Re: Hacked or hijacked?
Post by: chuck6478 on February 18, 2010, 02:53:27 am
Thanks fellows.

Updated, comments removed, and footer fixed.

Title: Re: Hacked or hijacked?
Post by: François Keller on February 18, 2010, 07:30:55 am
yes it seems to be ok now.
Please resolve your thread as explained here http://forum.coppermine-gallery.net/index.php/topic,55415.msg270631.html#msg270631 (http://forum.coppermine-gallery.net/index.php/topic,55415.msg270631.html#msg270631)
Title: Re: Hacked or hijacked?
Post by: chuck6478 on February 18, 2010, 01:50:10 pm
Resolved:  ;D