Advanced search  

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Pages: [1]   Go Down

Author Topic: Are they trying to HACK my gallery ?  (Read 2982 times)

0 Members and 1 Guest are viewing this topic.

ExElite

  • Coppermine newbie
  • Offline Offline
  • Posts: 9
Are they trying to HACK my gallery ?
« on: February 23, 2008, 09:06:19 am »

I have cpg1414 installed and it runs well, It's setup as Private and only for my Clients.

I had someone join about 3 weeks ago and I emailed them to see who they are so on ... NO info back, so I deleted them, 2 days later the same nick and email someone joined, No reply, Delete for the 2nd time, now they keep joining as a new nick and or email Are they trying to HACK my gallery ?


All looks ok, I can't see any deleted files or added so may be if I keep deleteing them they will get the s**** in the end and go away.

Thanks for any feedback.
Ex
Logged

Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47843
  • aka "GauGau"
    • gaugau.de
Re: Are they trying to HACK my gallery ?
« Reply #1 on: February 23, 2008, 12:15:20 pm »

Possible reasons:
  • Someone is actually trying to hack you
  • Some bot is trying to register to be able to post spam comments. Bots usually don't get tired, so don't expect that this will stop.
  • Some silly person is trying to register, but doesn't read your emails in which you ask for legitimation. Maybe your leigitimation emails get caught by a spam filter
Just the fact that you're getting registration attempt emails doesn't mean anything - you can't tell if it's a hacking attempt or not. However: if you're really concerned/afraid of getting hacked, then why do you run an outdated version (cpg1.4.14) that contains known security flaws? Upgrading is mandatory in terms of security. Most recent stable release currently is cpg1.4.16!
Logged

ExElite

  • Coppermine newbie
  • Offline Offline
  • Posts: 9
Re: Are they trying to HACK my gallery ?
« Reply #2 on: February 23, 2008, 12:26:48 pm »

outdated by 3 weeks or so.
Thx


Possible reasons:
  • Someone is actually trying to hack you
  • Some bot is trying to register to be able to post spam comments. Bots usually don't get tired, so don't expect that this will stop.
  • Some silly person is trying to register, but doesn't read your emails in which you ask for legitimation. Maybe your leigitimation emails get caught by a spam filter
Just the fact that you're getting registration attempt emails doesn't mean anything - you can't tell if it's a hacking attempt or not. However: if you're really concerned/afraid of getting hacked, then why do you run an outdated version (cpg1.4.14) that contains known security flaws? Upgrading is mandatory in terms of security. Most recent stable release currently is cpg1.4.16!
Logged

Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47843
  • aka "GauGau"
    • gaugau.de
Re: Are they trying to HACK my gallery ?
« Reply #3 on: February 23, 2008, 12:54:55 pm »

Don't you think that your reply is a bit silly? Do you think that hackers will care how long a maintenance release has been out or since how long your release is known to have flaws? You have to understand what hackers do: they monitor releases, compare the old release to the new one, find out what changed and then figure out a method to exploit the vulnerability that existed in the old release. Then they start their attack on unpatched, outdated releases like yours. Like it or not, that's what the bad guys do. This is not only the case for coppermine, but all kinds of apps. Happens for Windows as well ;)
Logged

kokkus

  • Coppermine novice
  • *
  • Offline Offline
  • Posts: 36
Re: Are they trying to HACK my gallery ?
« Reply #4 on: February 24, 2008, 01:27:45 am »

Maybe this won't help you but I had the same problem with phpbb for a long time ago.
The first thing I did was to find out if the idiot was a human or a bot. I did some changes in the registration file like duplicate the code thing so the bot won't recognize it and the registration won't be done.
If this works it's just a bot so DO NOT BAN THAIR IP's.
If this guy is a human, ban hes IP and if he comes back with another IP, unban the last one coz he's using a proxy (perhaps).
So now there is nothing to to. Maybe you can ban hes nick if it's the same nick everythime he registeres.
But good luck, and sorry about my dyslexia.
Logged
Pages: [1]   Go Up
 

Page created in 0.019 seconds with 19 queries.