Advanced search  

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Pages: [1]   Go Down

Author Topic: Protecting yourself from being hacked  (Read 2418 times)

0 Members and 1 Guest are viewing this topic.

bart5986

  • Coppermine novice
  • *
  • Offline Offline
  • Posts: 42
Protecting yourself from being hacked
« on: January 25, 2005, 09:49:01 am »

I got hacked earlier after my forum got hacked, and I was wondering what I can do to protect my gallery. I have already changed my password to a 20 character one.
« Last Edit: January 26, 2005, 09:07:23 am by GauGau »
Logged

Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47843
  • aka "GauGau"
    • gaugau.de
Re: Protecting yourself from being hacked
« Reply #1 on: January 25, 2005, 10:05:31 am »

If you use bridging with a forum, all an attacker will need is the forum's admin account. Once he was able to get it (or hack the forum in any other way), he will have access to everything on the server, including coppermine.
20 character passwords are not necessarily needed, make sure it's a password that can not be guessed nor found out using a brute force/dictionary attack. A good password should contain upper and lower case letters and numbers, e.g. "fG8Rpd5T".
Make sure you have secured every app on your webserver, as gaining access to one app usually means your whole site is vulnerable. Post details what exactly happened: has your site been defaced, did the attacker store warez on your server, did he manipulate or delete files/database tables etc. Are you self-hosted or webhosted? Are all components (OS, server, PHP, mySQL up-to-date).
When webhosted: ask your webhost for the log of the time the attack happened. When self-hosted: re-consider self-hosting; running your own webserver is not a job for a part-time newbie, you should leave this job to pros, i.e. consider switching to webhosting (maybe a dedicated server that is being looked after by a pro, housed at your webhost).

Joachim
Logged

bart5986

  • Coppermine novice
  • *
  • Offline Offline
  • Posts: 42
Re: Protecting yourself from being hacked
« Reply #2 on: January 25, 2005, 10:18:10 am »

i'm hosted by gamespy, and all I've had on there is the gallery. I didn't bridge the forum and gallery but I did have the same password for the two.

he deleted almost all of my categorys and albums and demoted my account to a normal user from what I saw.

So whats the process of someone hacking me? my password would take a very long time to crack so what else would be a problem?

my password is a mixture of numbers and letters and doesn't have any dictionary words
Logged

Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47843
  • aka "GauGau"
    • gaugau.de
Re: Protecting yourself from being hacked
« Reply #3 on: January 25, 2005, 10:23:29 am »

I can't give you detailed instructions on "how to hack a coppermine site in 5 minutes" ;).  Make sure your ftp account password can not be guessed easily, nor the password that protects your phpMyAdmin pages or cpanel.
In other words: I can only give generic advice, you might google for this issue. All I can say: there are no known security issues with coppermine, but there are several with various bbs apps (phpbb being the highest "candidate" on the list), so I suggest checking to have the most recent releases and bug fixes applied for those apps.

Joachim
Logged

bart5986

  • Coppermine novice
  • *
  • Offline Offline
  • Posts: 42
Re: Protecting yourself from being hacked
« Reply #4 on: January 25, 2005, 10:28:13 am »

well just as long as coppermine is mostly bug free there shouldn't be a problem
Logged
Pages: [1]   Go Up
 

Page created in 0.035 seconds with 21 queries.