Advanced search  

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Pages: [1] 2   Go Down

Author Topic: Prenting File Types  (Read 22418 times)

0 Members and 1 Guest are viewing this topic.

keith10456

  • Coppermine novice
  • *
  • Offline Offline
  • Posts: 35
    • http://www.morrisania.com
Prenting File Types
« on: March 19, 2006, 12:52:49 am »

Someone uploaded a file titled "img.php.rar".

I'm not exactly what they were trying to accomplish by doing this but I would like to prevent files of this type from being uploaded.  Kindly let me know how to prevent this.
« Last Edit: March 21, 2006, 04:43:52 pm by keith10456 »
Logged

Nibbler

  • Guest
Logged

keith10456

  • Coppermine novice
  • *
  • Offline Offline
  • Posts: 35
    • http://www.morrisania.com
Re: Prenting File Types
« Reply #2 on: March 19, 2006, 03:16:43 am »

Thanks!

keith10456

  • Coppermine novice
  • *
  • Offline Offline
  • Posts: 35
    • http://www.morrisania.com
Re: Prenting File Types
« Reply #3 on: March 20, 2006, 07:03:45 pm »

I noticed in the latest version of the Gallery that there is a titled "no ftp in this directory" or something of that nature, should I place a copy of this file in all of my gallery directories?

Nibbler

  • Guest
Re: Prenting File Types
« Reply #4 on: March 20, 2006, 07:18:55 pm »

No, it's just there to remind you.
Logged

keith10456

  • Coppermine novice
  • *
  • Offline Offline
  • Posts: 35
    • http://www.morrisania.com
Re: Prenting File Types
« Reply #5 on: March 20, 2006, 10:26:26 pm »

I don't know how but my gallery keeps getting hacked.  Apparently someone is able to upload an ".userpics" folder into the gallery's directory.  They then used it to send spam e-mails via the gallery.

Any ideas on how to prevent this?  I suspect it had something to do with the rar file.

from /home/sitename/public_html/website/coppermine_dir/albums/userpics/.userpics 1141581PLNT

Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47843
  • aka "GauGau"
    • gaugau.de
Re: Prenting File Types
« Reply #6 on: March 21, 2006, 07:37:14 am »

disable the upload of rar files in coppermine, scan your webspace for leftover backdoors the attacker might have left there. To accomplish this, download all files from your webspace to your client and look for files that aren't meant to be there. Ask your webhost to fix the Apache vulnerability asap.
Logged

keith10456

  • Coppermine novice
  • *
  • Offline Offline
  • Posts: 35
    • http://www.morrisania.com
Re: Prenting File Types
« Reply #7 on: March 21, 2006, 07:01:38 pm »

How do I prevent them from creating a "folder" in the directory - maybe it was uploaded (not sure)?

Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47843
  • aka "GauGau"
    • gaugau.de
Re: Prenting File Types
« Reply #8 on: March 21, 2006, 10:52:16 pm »

huh?
Logged

keith10456

  • Coppermine novice
  • *
  • Offline Offline
  • Posts: 35
    • http://www.morrisania.com
Re: Prenting File Types
« Reply #9 on: March 22, 2006, 02:54:39 am »

Attached is zip of the directory that the person either uploaded to my directory or created with the .rar file.  Hopefully you can use it this to prevent things of this nature from happening again (a security patch).
« Last Edit: March 22, 2006, 03:01:47 am by keith10456 »
Logged

keith10456

  • Coppermine novice
  • *
  • Offline Offline
  • Posts: 35
    • http://www.morrisania.com
Re: Prenting File Types
« Reply #10 on: March 22, 2006, 03:00:02 am »

This zip file contains the rar file and a ".index.php" file that I found they added.

Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47843
  • aka "GauGau"
    • gaugau.de
Re: Prenting File Types
« Reply #11 on: March 22, 2006, 07:12:27 am »

delete all of those files and change all your passwords.
Logged

keith10456

  • Coppermine novice
  • *
  • Offline Offline
  • Posts: 35
    • http://www.morrisania.com
Re: Prenting File Types
« Reply #12 on: March 22, 2006, 03:17:21 pm »

Thanks for getting back to me... Big problem though.

In the "Files and thumbnails advanced settings", I the following settings:


Allowed image types:  jpg/bmp/tif/png/gif/jpeg
Allowed movie types: wmv/avi/mov


However, as a test, I created a text file with the file name "img.php.rar" - which is the same name of the file the hacker used - and was able to upload the file to the gallery (I wasn't logged-in as an admin).

On another note, once you have a copy of the attachments I added to my previous posts, please delete them.  We don't want the wrong people to get their hands on it.

kegobeer

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 4637
  • Beer - it does a body good!
    • The Kazebeer Family Website
Re: Prenting File Types
« Reply #13 on: March 22, 2006, 03:33:30 pm »

Have you changed your allowed document types?
Logged
Do not send me a private message unless I ask for one.  Make your post public so everyone can benefit.

There are no stupid questions
But there are a LOT of inquisitive idiots

keith10456

  • Coppermine novice
  • *
  • Offline Offline
  • Posts: 35
    • http://www.morrisania.com
Re: Prenting File Types
« Reply #14 on: March 22, 2006, 06:11:40 pm »

Yes...  In my previous post (before this one) I listed what my settings are.

kegobeer

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 4637
  • Beer - it does a body good!
    • The Kazebeer Family Website
Re: Prenting File Types
« Reply #15 on: March 22, 2006, 08:29:12 pm »

Yes...  In my previous post (before this one) I listed what my settings are.

No, you changed the allowed image and movie types.  You did not change the allowed document or audio types.
Logged
Do not send me a private message unless I ask for one.  Make your post public so everyone can benefit.

There are no stupid questions
But there are a LOT of inquisitive idiots

keith10456

  • Coppermine novice
  • *
  • Offline Offline
  • Posts: 35
    • http://www.morrisania.com
Re: Prenting File Types
« Reply #16 on: March 22, 2006, 09:29:42 pm »

You're right!

What do I put to set it so no document types can be added?

kegobeer

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 4637
  • Beer - it does a body good!
    • The Kazebeer Family Website
Re: Prenting File Types
« Reply #17 on: March 22, 2006, 09:30:22 pm »

Remove "ALL".
Logged
Do not send me a private message unless I ask for one.  Make your post public so everyone can benefit.

There are no stupid questions
But there are a LOT of inquisitive idiots

keith10456

  • Coppermine novice
  • *
  • Offline Offline
  • Posts: 35
    • http://www.morrisania.com
Re: Prenting File Types
« Reply #18 on: March 22, 2006, 09:32:17 pm »

I got it... Leave it blank!  I tested it and it blocked the file.

Thanks!

keith10456

  • Coppermine novice
  • *
  • Offline Offline
  • Posts: 35
    • http://www.morrisania.com
Re: Prenting File Types
« Reply #19 on: March 22, 2006, 09:40:10 pm »

Any word on those files the hacker used (what files were doing, how to block them form executing, etc.)?
Pages: [1] 2   Go Up
 

Page created in 0.023 seconds with 20 queries.