Print

[ax2graphics]

Okay, so I'm running the standalone app, and out of no where, my client lets me know that there are pics of porn and other garbage posted in the gallery. I take a look, and have over 3000 images that were uploaded.

Anyone?

I have one gallery setup that only I, as an administrator can access. This was left untouched. The other gallery is for user uploads, which is where the mess came in. Now, I find it hard to believe that someone would upload each individual pic... it would HAVE to be a batch add. Now, I saw that there is a tool for XP... but I'm running a Mac, and have no way of investigating. What should I be looking for in my setting to ensure this won't repeat!?

Link to client's gallery: http://www.taboobaltimore.com/gallery/

Also, I noticed one image that portrayed the Godfather logo with the words "Upload Mafia". So, obviously, there may be more trouble in store for more Coppermine users from these ass clowns.

Thanks!

- Ax2

[Joachim Müller]

What exactly is your question? If you allow user upload and you disable approval and you don't set a quota that makes sense then yes: there can be people uploading junk. What's the point? WHat settings did you apply (approval, quota etc.)?

GauGau

[ax2graphics]

What SHOULD the settings be for anonymous users to allow them to upload individual photos (and disallow any batch uploading)?

[hyperion]

First, upload approval is definitely a good thing.  

The person who did this to your client probably did not use CPG's batch upload options (I'll have to run an experiment to see how CPG XP publisher behaves when anonymous uploads are allowed, though), and most likely wrote a custom script to do this.  (Also, check your version.  If you are running 1.0 and have not applied the security patch, then they could have easily done much worse.)

Next, look at all the pictures they uploaded and see what the IP address is for most of them.  Do a DNS lookup to see who owns those IP addresses.  If it is traceable to a single entity (most likely) then ban the IP address or block of IP adresses. Then contact the owner if it is a web hosting company, and tell the IP addresses and times of upload.  They can ban the person for engaging in abusive activities. Keep in mind that an IP address can be spoofed, so this may not lead you to the culprit.  Your server logs will be more reliable than CPG in this regard.

You should probably consider adding a .htaccess file that only allows external access to the index page (preventing a person from running the script on their server - everyone would have to arrive at a form from another page in the site), and you should set a reasonable limit for anonymous uploads.  What is your current limit?

Whatever you can tell about the timeframe of the attacks, etc. will make it easier to determine how the attack was carried out.