Advanced search  

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Pages: [1]   Go Down

Author Topic: Exploit/Hacked?  (Read 2837 times)

0 Members and 1 Guest are viewing this topic.

pftq

  • Contributor
  • Coppermine frequent poster
  • ***
  • Offline Offline
  • Posts: 111
Exploit/Hacked?
« on: August 12, 2006, 01:10:08 pm »

I was viewing what my visitors were doin on my site and I saw one viewing the admin panel of the gallery.  I know for sure I am the ONLY admin of the gallery - heck I'm the only member.  I thought it might have been that my tracker was wrong - but when I refreshed, the visitor was viewing the usermanager of the admin panel.

I changed my password to see if it helps - it sent the guy out to a logout screen - where he then went to log in page and made it back in.  I tried banning his IP.  Sent him out (saw him on Logout page) but he just went to the log in page and I next saw him on the album manager page.

I closed my gallery down for now just in case.

Is it possible my gallery got hacked?

I have latest 1.4.8 installed.

Sorry if it is really nothing - there's just been a few sites that have gotten hacked recently - and it just looks suspicious, especially since there are no other members on the gallery (and by the fact he kept getting sent to logout page, back to login etc).
« Last Edit: August 13, 2006, 02:50:55 pm by GauGau »
Logged

Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47843
  • aka "GauGau"
    • gaugau.de
Re: Exploit/Hacked?
« Reply #1 on: August 13, 2006, 08:10:15 am »

How did you find out? What miracle tool do you use to find out what people do on your coppermine-driven gallery?
Logged

pftq

  • Contributor
  • Coppermine frequent poster
  • ***
  • Offline Offline
  • Posts: 111
Re: Exploit/Hacked?
« Reply #2 on: August 13, 2006, 01:19:16 pm »

I was watching thru a visitor tracker (tells you what page the visitor is on).  It doesn't seem like anythin's happened to my gallery tho (opened it for now).  Guess it was nothing - sorry bout that.  Just a bit paranoid atm :(
Logged

Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47843
  • aka "GauGau"
    • gaugau.de
Re: Exploit/Hacked?
« Reply #3 on: August 13, 2006, 02:50:37 pm »

Such a tracker can only tell you what page the visitor is browsing, but not if he can only do anything on that page. Test for yourself: log out, then go to a page only the admin can use (e.g. http://yoursite.tld/your_coppermine_folder/admin.php) and then check your "tracker": it appears as if someone was accessing an admin page.
This tells you something about the usefullness of your "tracker" software.
Logged

pftq

  • Contributor
  • Coppermine frequent poster
  • ***
  • Offline Offline
  • Posts: 111
Re: Exploit/Hacked?
« Reply #4 on: August 13, 2006, 11:36:50 pm »

Ok yes - but it just seems weird someone would have a link to those pages in the first place.
Logged

Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47843
  • aka "GauGau"
    • gaugau.de
Re: Exploit/Hacked?
« Reply #5 on: August 14, 2006, 07:54:44 am »

Someone could have typed the name in; everybody who knows coppermine a little bit can come up with the file names.
There are people around on the internet who are up to evil things. Make sure your passwords are not trivial and that all your software is up-to-date.
Logged

pftq

  • Contributor
  • Coppermine frequent poster
  • ***
  • Offline Offline
  • Posts: 111
Re: Exploit/Hacked?
« Reply #6 on: August 14, 2006, 08:14:50 am »

Alright got your point.  Thanks for the tip. :)  Sorry for the false alarm.
Logged
Pages: [1]   Go Up
 

Page created in 0.017 seconds with 19 queries.