Print

[Nibbler]

Read the link I gave you earlier. That contains code to stop .rar files being treated as php scripts by apache.

[keith10456]

Got... Sent it to my host.

Many thanks!

[Joachim Müller]

ask your webhost to fix his server - the attacker used a vulnerability that exists on Apache webserver setups that aren't hardened against such attacks. Regular servers aren't meant to parse files with the extension ".rar" with the PHP processor. Your server is configured improperly - it doesn't treat ".rar" files and document files, but parses PHP included in it. By not allowing the upload of .rar files using coppermine, you just keep future attackers from exploting the server setup glitch. However, you haven't cured the webserver itself. The attacker might have used the security flaw to create backdoors on your server that allows him to enter later (even after having fixed everything), so it's mandatory to scan the server for those backdoors as suggested. It's mandatory as well that your webhost fixes the server setup vulnerability. Contact them asap, asking them to do as advised here. You're welcome to make your webhost visit this thread and the other one Nibbler refered to - they should know what to do then. I'm convinced they will, as the said vulnerability will not only have an impact on your domain, but on the accounts of other website owners who are hosted on the same server.