Advanced search  

News:

CPG Release 1.6.26
Correct PHP8.2 issues with user and language managers.
Additional fixes for PHP 8.2
Correct PHP8 error with SMF 2.0 bridge.
Correct IPTC supplimental category parsing.
Download and info HERE

Pages: [1]   Go Down

Author Topic: Spam Message  (Read 8495 times)

0 Members and 1 Guest are viewing this topic.

puretalk

  • Coppermine newbie
  • Offline Offline
  • Posts: 9
Spam Message
« on: September 26, 2006, 04:17:10 pm »

My site was bombered with messages and generate huge number of spam message. Below is the message from my host, need someone to help how to solve the problems. Thanks a lot.

One of the scripts on uglycars.info domain was compromised and used to
generate huge number of spam messages and to run network scans. This
activity was immediately detected and stopped. To stop this form
happening we had to disable any access to the
/home/uglycars/public_html/albums/userpics directory. Please urgently check software that is responsible
for content located in the /home/uglycars/public_html/albums/userpics
directory and update to the latest available version to make sure that
any current security holes are resolved. Do _NOT_ re-enable access to
the /home/uglycars/public_html/albums/userpics directory until you're
absolutely sure that security hole was closed.
After closing the security hole make sure to remove content of the
following directories (might be others but these were used to send spam
emails and run scans):

/home/uglycars/public_html/albums/userpics/10009
/home/uglycars/public_html/albums/userpics/10002

The attack was launched from the 86.34.120.236 IP, below please find
complete access log (except requests for .gif files) registered today
from this IP. Apparently your scrpts allowed to upload and execute custom
php scripts


86.34.120.236 - - [25/Sep/2006:20:01:40 -0400] "GET /favicon.ico
HTTP/1.0" 200 894 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
86.34.120.236 - - [25/Sep/2006:20:01:40 -0400] "GET
/themes/eyeball/style.css HTTP/1.0" 200 11276
"http://www.uglycars.info/displayimage.php?album=lastup&cat=0&pos=6"
"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
86.34.120.236 - - [25/Sep/2006:20:01:40 -0400] "GET /scripts.js
HTTP/1.0" 200 2715
"http://www.uglycars.info/displayimage.php?album=lastup&cat=0&pos=6"
"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
« Last Edit: September 26, 2006, 04:30:01 pm by puretalk »
Logged

Nibbler

  • Guest
Re: Spam Message
« Reply #1 on: September 26, 2006, 04:51:15 pm »

You are using 1.3.4. Update !
Logged

Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47843
  • aka "GauGau"
    • gaugau.de
Re: Spam Message
« Reply #2 on: October 01, 2006, 09:53:16 am »

As suggested various times, this is what you need to do (mandatory):
- Update (cpg1.3.x support has run out)

Using cpg1.4.x, this is what you might want to do:
- disable anonymous comments
- use the captcha mod
- use the akismet mod.
Logged
Pages: [1]   Go Up
 

Page created in 0.022 seconds with 19 queries.