Advanced search  

News:

CPG Release 1.6.26
Correct PHP8.2 issues with user and language managers.
Additional fixes for PHP 8.2
Correct PHP8 error with SMF 2.0 bridge.
Correct IPTC supplimental category parsing.
Download and info HERE

Pages: [1]   Go Down

Author Topic: i done dos'd myself  (Read 2894 times)

0 Members and 1 Guest are viewing this topic.

fishkill

  • Coppermine newbie
  • Offline Offline
  • Posts: 3
i done dos'd myself
« on: February 01, 2007, 01:30:47 am »

Not really sure on how to approach this problem. I was testing a commercial web application vulnerability testing tool against my server and now i cant log into coppermine at all (all galleries are private). Apache is working normally (other pages are served) , as is mysql ( can log in to mysql on the server itsself) but i cant seem to authenticate at all via the web interface - when i do attempt to login , no errors are generated i just get presented with the login screen. Additionally I had a friend register an account on the site, but she was unable to proceed past the disclaimer.

any suggestions would be greatly appreciated

P.S. I would have posted debug info, but i cant access any pages that would have it.

Thanks in advance

-Fish
« Last Edit: February 06, 2007, 08:20:26 am by GauGau »
Logged

eruss

  • Supporter
  • Coppermine frequent poster
  • ****
  • Country: us
  • Offline Offline
  • Gender: Male
  • Posts: 105
Re: i done dos'd myself
« Reply #1 on: February 01, 2007, 05:58:49 am »

Not really sure on how to approach this problem. I was testing a commercial web application vulnerability testing tool against my server and now i cant log into coppermine at all (all galleries are private). Apache is working normally (other pages are served) , as is mysql ( can log in to mysql on the server itsself) but i cant seem to authenticate at all via the web interface - when i do attempt to login , no errors are generated i just get presented with the login screen. Additionally I had a friend register an account on the site, but she was unable to proceed past the disclaimer.

any suggestions would be greatly appreciated

P.S. I would have posted debug info, but i cant access any pages that would have it.

Thanks in advance

-Fish

Interesting.  A few questions to clarify...

Did you have a working installation of the most current version of Coppermine?  If yes, how long was it running?
Were you able to previously log in, upload, view, etc?
Then you ran the tool and it caused you to lose access?

When your friend went to register, did the account get created in the MySQL database?  (Can you see the account using phpMyAdmin?)
Logged

Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47843
  • aka "GauGau"
    • gaugau.de
Re: i done dos'd myself
« Reply #2 on: February 01, 2007, 07:13:10 am »

I was testing a commercial web application vulnerability testing tool against my server
Ask the people who created that tool. They probably ran a brute force attack against the site which resulted in your logon being banned (which is a feature against brute force attacks). Use phpMyAdmin or similar to remove the temporary ban.
Logged

fishkill

  • Coppermine newbie
  • Offline Offline
  • Posts: 3
Re: i done dos'd myself
« Reply #3 on: February 01, 2007, 08:45:37 am »

Ask the people who created that tool. They probably ran a brute force attack against the site which resulted in your logon being banned (which is a feature against brute force attacks). Use phpMyAdmin or similar to remove the temporary ban.


there was most certainly a bruteforce attack in play, ive installed pma but there is nothing listed in the bans. unfortunately the only time i can work on this is when the kid is asleep and i think i zigged when i should have zagged and dropped a table... now all i get is this - "Critical error There was an error while processing a database query"

am i hosed?

also this PMA tool isnt very intuitive, what would i be looking for really?

 sorry for being so troublesome
-Fish
Logged

Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47843
  • aka "GauGau"
    • gaugau.de
Re: i done dos'd myself
« Reply #4 on: February 01, 2007, 09:55:17 am »

Dropping a table without knowing what it actually does is not a bright idea. Restore the table from your backup. Enable debug_mode manually to see what the actual error message is (do not post the debug_output, but only the error message). To find out how to manually enable debug_mode, check the tutorial http://coppermine-gallery.net/tutorial/debug_mode.php
Logged

fishkill

  • Coppermine newbie
  • Offline Offline
  • Posts: 3
Re: i done dos'd myself
« Reply #5 on: February 06, 2007, 05:32:59 am »

duly noted ... thanks for the direction

-Fish
Logged
Pages: [1]   Go Up
 

Page created in 0.024 seconds with 20 queries.