Advanced search  

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Pages: [1]   Go Down

Author Topic: I've been hacked........again  (Read 3297 times)

0 Members and 1 Guest are viewing this topic.

banthes

  • Coppermine newbie
  • Offline Offline
  • Posts: 4
I've been hacked........again
« on: September 27, 2007, 12:31:12 am »

For the second time this year my Coppermine gallery has been hacked and used for internet phishing. I am upgrading to 1.4.13 from 1.4.12 right now.
Link to my gallery:
www.countryluau.com/Photos
Message from one of several email informing me of the phishing:

 
Quote
See the link below that's from you website:
 
http://www.countryluau.com/Photos/albums/Autos/images/www.irs.gov/pas.php?certegy_vm=trueportlet_change_1_actionOverrideFchaseonlineFchangeFsigninDetails_windowLabel_portlet_signin_pageLabel_page_signin
 
I'll bet most DA's could nail you on several felony counts with this.
 
Have fun!!

I've tried to delete the Auto folder without any success. Any suggestions?
Logged

banthes

  • Coppermine newbie
  • Offline Offline
  • Posts: 4
Re: I've been hacked........again
« Reply #1 on: September 27, 2007, 02:04:45 am »

I managed to force delete the offending file. Is there any other files I need to remove?
Logged

Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47843
  • aka "GauGau"
    • gaugau.de
Re: I've been hacked........again
« Reply #2 on: September 27, 2007, 08:21:49 am »

The attacker left a backdoor. Upgrading alone will not close those backdoors. You need to make sure that no more backdoors exist. Has been explained in detail, e.g.
The only thing we can provide help with is how to secure your coppermine gallery against known vulnerabilities. We can not help you with cleaning up your gallery if the attack has already happened. After all, once your gallery has been hacked, there can be a myriad of things that the attacker could have done. Usually, the attackers leave a backdoor behind so they can re-enter your coppermine install with admin privileges even after you have upgraded. So once you have been attacked, there are two things you have to do: first, upgrade coppermine. Second: scan your entire webserver for potential backdoors. This second task can be time-consuming and hard to perform for newbies who don't know potential attacking schemes - after all you have to be a hacker to know what evil hackers can do. Most coppermine users are not hackers, nor do they know their way around good enough in closing backdoors and figuring out what the attacker actually did.
Bottom line: best practise is to keep your gallery up-to-date, make frequent backups both of your files as well as the database. This should keep attackers away. If you have still fallen victim to an attack, seek professional help.
Logged
Pages: [1]   Go Up
 

Page created in 0.022 seconds with 19 queries.