I have a friend I let run a Coppermine on my server and I am sure it hasn't been updated in a while. He had some problems I could never fix for him like his SMF bridge broke & such and at that time I upgraded a new Coppermine because I thought that might help, that was maybe 6 months ago + or -...
Anyhow here's the deal. I also set some debug stuff and all I don't remember while trying to fix it but finally gave up and set it where he had to approve all uploads so he would know who they were from.
Today somebody was having trouble with a picture and to help him I took a look.
In one of the galleries there was a win.rar. I have no idea how long it was there or how many people clicked it.
I wondered what that was doing there so I clicked on it and it opened up a lot of stuff with loads of PHP and comments about passwords - new passwords and similar. I should have printed a copy so it could be analyzed or saved it but I didn't; I deleted it.
Now I am wondering how I got there
and if it could have compromised security not just on his small account but on the entire server?Since every photo had to be approved manually I was thinking this might be something that was generated and inserted while I was doing all the troubleshooting the bridge like a debug file and I never noticed.
Or perhaps he approved a win.rar file without knowing any better thinking it was a video clip.
My main concern is security so I have closed his photo gallery and told him I would wait until I could obtain an answer or some advice from someone.
If anyone here could help me
or else moved this post to the correct forum I would certainly appreciate it a great deal.
As long as passwords could not have been compromised outside his forums or his Coppermine installation then there is no problem. Since they are not bridged I doubt it could have affected even his forums. But the bad guys are sneaky these days and very good at what they do if they find and can upload something into a hole.
I thought someone here might know of some rogue script that someone was them planting using a win.rar type file.
Or (sigh of relief if anyone knew) it's very likely since I was in quite a hurry that I created that file somehow when trying to debug the photo gallery for him before and that all those references to usernames and passwords were just something in my attempts to reestablish the bridge between his photo galleries and SMF. If you think that might be the case I would appreciate that also.
Basically I'm just a little bit of a panic here because this is an account I let a friend have on a box which has other things on it that I
cannot risk being compromised.
::)So I would appreciate even just your opinions on what this might have been or if you think it could have caused some problems and then I will decide whether or not turn his Coppermine installation back on. He had not been getting very much use for a minute since the bridging with SMF broke anyway.
I appreciate any and all opinions help or advice more than you would know. Thank you very much in advance.