Advanced search  

News:

CPG Release 1.6.26
Correct PHP8.2 issues with user and language managers.
Additional fixes for PHP 8.2
Correct PHP8 error with SMF 2.0 bridge.
Correct IPTC supplimental category parsing.
Download and info HERE

Pages: [1]   Go Down

Author Topic: Someone tried to hack myserver by uploading php.rar file  (Read 6836 times)

0 Members and 1 Guest are viewing this topic.

marion

  • Coppermine newbie
  • Offline Offline
  • Posts: 1
Someone tried to hack myserver by uploading php.rar file
« on: March 12, 2006, 04:01:58 pm »

Hi,

I have cpg1.4.4 and some could upload a script file with extension name: php.rar, using this file he could get all necessary information from my server including /etc/passwd file. How can we prevent users from uploading such file with extension (RAR) and why disabling users from uploading files is not active?

This the script file that was uploaded to my server:

http://rst.void.ru/download/r57shell.txt
« Last Edit: November 20, 2007, 08:16:09 am by GauGau »
Logged

Nibbler

  • Guest
Re: Someone tried to hack myserver by uploading php.rar file
« Reply #1 on: March 12, 2006, 09:26:28 pm »

If you don't need .rar files uploaded then disallow them in config or with the filetypes plugin. If you do need to allow them then you need to ensure your server is setup to handle them.

http://forum.coppermine-gallery.net/index.php?topic=28079.msg129981#msg129981
Logged

DoctorMason

  • Coppermine newbie
  • Offline Offline
  • Posts: 1
Re: Someone tried to hack myserver by uploading php.rar file
« Reply #2 on: November 19, 2007, 10:22:58 pm »

If you don't need .rar files uploaded then disallow them in config or with the filetypes plugin. If you do need to allow them then you need to ensure your server is setup to handle them.

http://forum.coppermine-gallery.net/index.php?topic=28079.msg129981#msg129981
I got a notice today, 19-Nov-07 from my hosting company of the same "http://nst.void.ru/" happening to my site. I (hopefully) found all of their files, deleted them, posted the warning here, and will ask my host to re-open my subdirectory.

P.S., When visiting that website you can see the hack there, and others available.
Logged

Nibbler

  • Guest
Re: Someone tried to hack myserver by uploading php.rar file
« Reply #3 on: November 19, 2007, 10:43:49 pm »

You must keep your gallery up to date.
Logged

Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47843
  • aka "GauGau"
    • gaugau.de
Re: Someone tried to hack myserver by uploading php.rar file
« Reply #4 on: November 20, 2007, 08:15:58 am »

Locking.
Logged
Pages: [1]   Go Up
 

Page created in 0.02 seconds with 20 queries.