Advanced search  

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Pages: [1]   Go Down

Author Topic: Phishing trick  (Read 5370 times)

0 Members and 1 Guest are viewing this topic.

Funster

  • Coppermine newbie
  • Offline Offline
  • Posts: 18
    • Funsterfoto.de
Phishing trick
« on: March 24, 2006, 06:16:14 pm »

Hey folks,

tonight I noticed the following in my gallery: a new user named kktlung registered and immediately uploaded a file named q.php.rar with the following content:

Code: [Select]
<title>nsTView v2.0:: nst.void.ru</title>
<center>
<table width=100 bgcolor=#D7FFA8 border=1 bordercolor=black><tr><td>
<font size=1 face=verdana><center>
<b>nsTView v2.0 :: <a href=http://nst.void.ru style='text-decoration:none;'><font color=black>nst.void.ru</font></a><br></b>
</center>
<form method=post>
Password:<br>
<input type=password name=pass size=30 tabindex=1>
</form>
<b>Host:</b> www.domain.tld<br>
<b>IP:</b> 81.169.138.98<br>
<b>Your ip:</b> 84.131.56.144
</td></tr></table>
(domain.tld was altered by me)

Well, I deleted the whole thing, what else would be better? But if you search the web for the specific user name or the name of the file, you get some hits.
What do you think about it?


Keep your eyes open, guys!

Cheers,
F.

Logged

kegobeer

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 4637
  • Beer - it does a body good!
    • The Kazebeer Family Website
Re: Phishing trick
« Reply #1 on: March 24, 2006, 06:46:31 pm »

There are already discussions about the rar trick.  Please search before posting.

Don't allow rar files to be uploaded; verify people before allowing them access to your gallery; don't allow uploads; make your host properly configure the server so rar files are handled correctly.  All excellent ways to protect your gallery.
Logged
Do not send me a private message unless I ask for one.  Make your post public so everyone can benefit.

There are no stupid questions
But there are a LOT of inquisitive idiots

Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47843
  • aka "GauGau"
    • gaugau.de
Re: Phishing trick
« Reply #2 on: March 25, 2006, 09:21:06 am »

http://forum.coppermine-gallery.net/index.php?topic=29063.0
http://forum.coppermine-gallery.net/index.php?topic=22806.0
and some others. Actually, this is not a phising attack, but the server vulnerability can be used to even take over your server and execute any code.
Logged
Pages: [1]   Go Up
 

Page created in 0.018 seconds with 20 queries.