Advanced search  

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Pages: [1]   Go Down

Author Topic: What on earth...Worm?  (Read 5324 times)

0 Members and 1 Guest are viewing this topic.

nateoatari

  • Coppermine newbie
  • Offline Offline
  • Posts: 1
What on earth...Worm?
« on: December 21, 2004, 06:27:21 am »

This site is defaced!!!
NeverEverNoSanity WebWorm generation 18.

This is what is displayed on my galllery...http://www.magesfire.com/coppermine/
Almost the exact same on one of my friends.
What's going on?
Logged

Tranz

  • Dev Team member
  • Coppermine addict
  • ****
  • Country: 00
  • Offline Offline
  • Gender: Female
  • Posts: 6149
Re: What on earth...Worm?
« Reply #1 on: December 21, 2004, 06:40:31 am »

A lot of the hacked sites these days are due to using old phpbb versions but I can't seem to find one on your site; at least you don't have links to phpbb from your home page. In my webhost board, the people who reported getting hit by that group had old phpbb forums.

The other possibility is the vulnerability in php v.4.3.9
Logged

Tarique Sani

  • VIP
  • Coppermine addict
  • ***
  • Offline Offline
  • Gender: Male
  • Posts: 2712
    • http://tariquesani.net
Re: What on earth...Worm?
« Reply #2 on: December 21, 2004, 08:25:21 am »

Looks like the vulnerability in PHP version < 4.3.9 has been exploited
Logged
SANIsoft PHP applications for E Biz

click

  • Coppermine newbie
  • Offline Offline
  • Posts: 1
Re: What on earth...Worm?
« Reply #3 on: December 21, 2004, 09:28:02 am »

Same problem on my website
http://www.martijnlammerts.nl/beeldbank2/

What can I do to remove this worm ?
Logged

Tranz

  • Dev Team member
  • Coppermine addict
  • ****
  • Country: 00
  • Offline Offline
  • Gender: Female
  • Posts: 6149
Re: What on earth...Worm?
« Reply #4 on: December 21, 2004, 09:34:08 am »

It looks like your site is down; I got a "connection refused."

You need to replace your files from a backup and change account passwords.

You can also try looking over your raw logs to find who did the defacement and block the IP and contact their ISP.
Logged

raummusik

  • Coppermine novice
  • *
  • Offline Offline
  • Posts: 30
Re: What on earth...Worm?
« Reply #5 on: December 22, 2004, 01:47:49 am »

same here. **** off.. and im fool, i got no recent backup of the changed php files.. damn it! hope my webspace prov. got a 2 days backup ..

cheers. raum

edited. Do not cuss, though I'm not sure if you were quoting, but no need to quote verbatim. -Tranzndance.
« Last Edit: December 22, 2004, 08:11:46 am by TranzNDance »
Logged
Pages: [1]   Go Up
 

Page created in 0.018 seconds with 21 queries.