Print

[sforick]

I have a coppermine gallery that contains nudity, so I require my users to register in order to see the albums.
I just noticed that a user uploaded the file ly_php.rar
It's a very long php script and I dont know what it's doing or has done.

When I google it I get over 217 pages of hits.  They seem to be coppermine installations with this suspect file recently uploaded by a user (in some cases identified as castanag@gmail.com). The google links seem to allow the public to see files without registering.

I can supply the php text of this rar file if needed.

Is this a known problem of something normal that I'm just ignorant of?
 

[Joachim Müller]

Not bad at all (on your setup). The file can not do any harm. The original uploader tried to exploit a vulnerability in Apache that was not sanitized in previous versions of coppermine. The original file was named ly.php.rar (notice the dot), which would have posed a risk on some server setups. Coppermine now renames such files, so you're save. You can savely ignore the file or delete it. No harm done. Searching the board would have told you so, please search before posting in the future.