Advanced search  

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Pages: [1]   Go Down

Author Topic: Bug?! (help)  (Read 3372 times)

0 Members and 1 Guest are viewing this topic.

monstar

  • Coppermine newbie
  • Offline Offline
  • Posts: 2
Bug?! (help)
« on: May 19, 2006, 01:58:19 pm »

I've got a notification from my web server saying that a vulnerability in the coppermine script had been used to send massive emails which is why they temporarly took down my site.
The affected file is: coppermine/include/.htaccess/sendlist2.php

I'm a bit worried... Any ideas on what I should do??

By the way, how do I edit/remove files on an .htaccess folder?

Thanks :)
Logged

Abbas Ali

  • Administrator
  • Coppermine addict
  • *****
  • Country: in
  • Offline Offline
  • Gender: Male
  • Posts: 2165
  • Spread the PHP Web
    • Ranium Systems
Re: Bug?! (help)
« Reply #1 on: May 19, 2006, 02:20:04 pm »

Remove the folder include/.htaccess along with its contents (take a backup of .htaccess folder on your local disk first) and upgrade to the latest stable version of cpg.
Logged
Chief Geek at Ranium Systems

Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47843
  • aka "GauGau"
    • gaugau.de
Re: Bug?! (help)
« Reply #2 on: May 19, 2006, 04:29:30 pm »

Logged

monstar

  • Coppermine newbie
  • Offline Offline
  • Posts: 2
Re: Bug?! (help)
« Reply #3 on: May 19, 2006, 07:38:18 pm »

How are .htaccess folders created? Is this folder supposed to be there?

I'm finding a lot of suspicious files (4 of which I can't even open/copy: x.php, fromemail.txt, fromname.txt, subject.txt) but I can't delete neither the htaccess folder nor the include folder, permision denied because the htaccess folder is inside.

I couldn't find any rar files... there's a zip file that I can't open either but it's not php.zip...  ??? Oh wait, I *can* open and it does in fact contain all the files that have been copied into the .htaccess folder. Still, no way to delete it...

As far as coppermine is concerned. How can I prevent users from uploading *anything* into my space? (not even their own galleries)
Logged

Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47843
  • aka "GauGau"
    • gaugau.de
Re: Bug?! (help)
« Reply #4 on: May 19, 2006, 08:24:07 pm »

I'm finding a lot of suspicious files (4 of which I can't even open/copy: x.php, fromemail.txt, fromname.txt, subject.txt) but I can't delete neither the htaccess folder nor the include folder, permision denied because the htaccess folder is inside.
Ask your webhost for support.

As far as coppermine is concerned. How can I prevent users from uploading *anything* into my space? (not even their own galleries)
In the groups page set upload permissions to "no" both for public as well as for personal albums for all groups but the admin group.
Logged
Pages: [1]   Go Up
 

Page created in 0.027 seconds with 20 queries.