Advanced search  

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Pages: [1]   Go Down

Author Topic: Phishing site in my gallery  (Read 11200 times)

0 Members and 1 Guest are viewing this topic.

Naif

  • Coppermine novice
  • *
  • Offline Offline
  • Posts: 26
Phishing site in my gallery
« on: March 13, 2007, 04:26:02 pm »

Hello

I've been notified that someone uploaded a phishing site in my gallery (in userpics/10001). The file in question has been deleted, and I have upgraded the software (from 1.4.9 to 1.4.10), but I'd like to know if this is enough to prevent further attacks.
Logged

Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47843
  • aka "GauGau"
    • gaugau.de
Re: Phishing site in my gallery
« Reply #1 on: March 14, 2007, 07:08:36 am »

How could one possibly upload a phishing site? Did your site get hacked? Post a deep link, or (if you have already removed the offending stuff) post a screenshot of the "thing" that you refered to as "phising site".
Logged

Naif

  • Coppermine novice
  • *
  • Offline Offline
  • Posts: 26
Re: Phishing site in my gallery
« Reply #2 on: March 14, 2007, 05:55:01 pm »

That's what I wonder... I didn't even know how my site got hacked, it's my hosting provider who warned me. This is the phishing site: http://theothersize.com/galeria/albums/userpics/10001/muie/ But they already deleted that file.

So, how may have this happened? And how can I solve it, and prevent further problems...?
Logged

Nibbler

  • Guest
Re: Phishing site in my gallery
« Reply #3 on: March 14, 2007, 06:10:46 pm »

The fact they uploaded into userpics/10001 indicates they gained access to your Coppermine admin account. Change the password and check your webspace for anything that looks suspicious.
Logged

Naif

  • Coppermine novice
  • *
  • Offline Offline
  • Posts: 26
Re: Phishing site in my gallery
« Reply #4 on: March 14, 2007, 07:17:32 pm »

But how could they possibly find my password? It is one that is not precisely easy to guess (very long, using letters and numbers mixed...)
Logged

Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47843
  • aka "GauGau"
    • gaugau.de
Re: Phishing site in my gallery
« Reply #5 on: March 14, 2007, 07:23:04 pm »

There are several methods: brute force, exploits of known issues, keystroke loggers. Hard to guess, as your overall web presence is empty (nothing in http://theothersize.com/). Start from scratch. Keep your apps up-to-date. Backup-up regularly.
Logged

Naif

  • Coppermine novice
  • *
  • Offline Offline
  • Posts: 26
Re: Phishing site in my gallery
« Reply #6 on: March 16, 2007, 04:27:03 pm »

Oh, the web is not exactly empty but it's not available now, only the domain is currently not visible. It only contained some other scripts like a phpbb forum and a wiki, but they didn't get hacked.

Keeping this gallery updated can guarantee no further attacks?
Logged

Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47843
  • aka "GauGau"
    • gaugau.de
Re: Phishing site in my gallery
« Reply #7 on: March 16, 2007, 08:06:31 pm »

Can going to the doctor guarantee that you're never going to become ill? There's no absolute sure things in life, nor is there such a thing as a bug-free software. Keeping your software up-to-date and applying all safety precautions you possibly could makes another attack less likely, that's all I can promise. Applies for every software in the world.
I suggest relying on brain.exe and regular-backups.exe - those are the mightiest programs in the world.
Logged

EZ

  • VIP
  • Coppermine frequent poster
  • ***
  • Offline Offline
  • Posts: 130
Re: Phishing site in my gallery
« Reply #8 on: March 18, 2007, 11:33:11 pm »

I've just been hit with the same problem! My hosting provider notified me that the gallery contains a phishing page. In my case some files (html, php, txt) were uploaded into /gallery/include/makers.

A day later I was also notified that my phpBB forum has been hacked. A spam script was uploaded to /forum/images/avatars.

At the moment I have no idea how this could have happened. I don't think my password was compromised. Of course there's no way I can be 100% sure about it, but apparently there's no other damage except for the uploaded files.

EZ.
Logged

martl

  • Coppermine newbie
  • Offline Offline
  • Posts: 11
Re: Phishing site in my gallery
« Reply #9 on: May 02, 2007, 12:35:15 pm »

My gallery has caught a phishing website too and was shut off by the webhoster :(

Doing a google search, i found this one:
http://www.virenschutz.info/beitrag_Angriffe+auf+das+Galeriescript+Coppermine_1020.html

its german, but Gaugau should be able to understand it :)

it talks about a vulnerability of coppermine that has to do with inserting an iframe  (or so... ;))

they give the advice to shut down down the website until a patch is available... well do the devs already know about it and when can we expect a patch?

Martin
Logged

martl

  • Coppermine newbie
  • Offline Offline
  • Posts: 11
Re: Phishing site in my gallery
« Reply #10 on: May 02, 2007, 12:38:47 pm »

 :-X pease disregard... the news message i quoted was exactly 1 year old.. all i saw was "28th of April" and so i assumed it was news... sorry for any confusion! :)

My gallery has caught a phishing website too and was shut off by the webhoster :(

Doing a google search, i found this one:
http://www.virenschutz.info/beitrag_Angriffe+auf+das+Galeriescript+Coppermine_1020.html

its german, but Gaugau should be able to understand it :)

it talks about a vulnerability of coppermine that has to do with inserting an iframe  (or so... ;))

they give the advice to shut down down the website until a patch is available... well do the devs already know about it and when can we expect a patch?

Martin

Logged

Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47843
  • aka "GauGau"
    • gaugau.de
Re: Phishing site in my gallery
« Reply #11 on: May 02, 2007, 12:48:33 pm »

The site you refer to deals with the outdated and unsupported coppermine versions for nuke anyway, so the alert you refer to doesn't apply. We only and exclusively support the standalone version of coppermine, and only the most recent stable release. The site you refer to isn't very helpfull: any good bug report site that is worth mentioning should mention what version of the app they refer to their bug report applies. The site virenschutz.info fails to do so, so I wouldn't trust anything they claim. In my eyes, those are just rumors. Their report is just damaging our app's reputation but fails to improve the situation for those who have fallen victim of their wannabe-report.
Logged

martl

  • Coppermine newbie
  • Offline Offline
  • Posts: 11
Re: Phishing site in my gallery
« Reply #12 on: May 07, 2007, 07:22:50 pm »

I agree, i also was angry about that website not giving any version numbers of the software involved, as well as the insufficient timestamp. Still i had to kick two different chatbot subdirs and a phishing site mimmicking "bank of America" out of my userpics subdirs, but it can well be that it is me to blame for running a not-too-clean installation. I will check the permissions on file level and also rethink my liberal strategy of allowing users to self-register and upload :p a pity, it ran well for a long time, but i guess the internet is a bad place to rely on trust and common sense :)
Logged

bern5

  • Coppermine newbie
  • Offline Offline
  • Posts: 9
Re: Phishing site in my gallery
« Reply #13 on: July 24, 2009, 01:03:15 am »

whats the solution to fix ?

just had 2 phising folders setup in 2 days in /include/  - ive changed permission to 755

also have a folder /include/makers/ - should that be there?

running  1.4.10 (stable)

thx in advance.
Logged

Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47843
  • aka "GauGau"
    • gaugau.de
Re: Phishing site in my gallery
« Reply #14 on: July 24, 2009, 09:35:33 am »

whats the solution to fix ?
The solution is pretty straightforward: in the future, don't be lazy - failing to perform frequent updated of any pre-written script-driven web app will result in getting hacked sooner or later. The fact that you're running
running  1.4.10 (stable)
shows that you must have been very lazy: cpg1.4.10 has been released three years ago. The fact that you tried to hijack such an ancient thread shows your laziness as well. Anyway, sanitize as suggested in the thread Yikes, I've been hacked! Now what?. Just upgrading is not enough now that your site was hacked. Locking.
Logged
Pages: [1]   Go Up
 

Page created in 0.022 seconds with 20 queries.