forum.coppermine-gallery.net

Support => cpg1.4.x Support => Older/other versions => cpg1.4 miscellaneous => Topic started by: Paqui on April 01, 2010, 12:53:21 am

Title: I have a virus and don't know what to do
Post by: Paqui on April 01, 2010, 12:53:21 am

So I own http://www.paquifansites.net a server with all of my coppermine galleries (http://www.paquifansites.net/miley and others) and its been since 2 days ago that people get a virus warning and I don't know where the virus its since I checked all the files on there and I can't find any weird script. Maybe I missed some file or what can I do to know which file has that script? I'm really desperate... since I don't know much things about this. Thank you.

Btw. Google Webmaster Tools tells me there's a script code on some page, but doesnt say which...

Title: Re: I have a virus and don't know what to do
Post by: Joe Carver on April 01, 2010, 01:11:29 am

To be sure you should read and follow the steps in thread:

         Yikes, I've been hacked (http://forum.coppermine-gallery.net/index.php/topic,51927.0.html)

Title: Re: I have a virus and don't know what to do
Post by: scarr105 on April 01, 2010, 01:38:48 pm

You could alway start over since all your images are stored in the database.  If you have done a lot of customization then this may not be an option.

Just another though, could they have inserted the code in the database somehow, if you can't find it in the code.

just some thoughts.

Title: Re: I have a virus and don't know what to do
Post by: Paqui on April 01, 2010, 01:55:40 pm

I have thousands of pictures uploaded so I can't really delete them cause uploading them all again would be such a pain... and I looked all over the databases but I don't see any code in any of the files :(

Title: Re: I have a virus and don't know what to do
Post by: Paqui on April 01, 2010, 02:08:11 pm

On webmasters tools I get this: http://i44.tinypic.com/16gwqbs.jpg
You know where that code could be? :(

Title: Re: I have a virus and don't know what to do
Post by: Joachim Müller on April 01, 2010, 06:33:33 pm

You have already been told what to do:

Quote from: Joe Carver on April 01, 2010, 01:11:29 am

To be sure you should read and follow the steps in thread:

         Yikes, I've been hacked (http://forum.coppermine-gallery.net/index.php/topic,51927.0.html)

Do exactly as suggested there; there is nothing else we could do or recommend. It was a big effort to create that thread; I find it impolite of you to ignore it, as it's the only solution. What you're trying to do (analyzing the virus payload and trying to conclude the "easy cleaning" method out of the payload) is futile. The only method that will help is the one that I have mentioned in the "Yikes"-thread.