Advanced search  


cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.

Pages: [1]   Go Down

Author Topic: [Solved]: Think my site has been hacked...  (Read 2720 times)

0 Members and 1 Guest are viewing this topic.


  • Coppermine newbie
  • Offline Offline
  • Posts: 2
[Solved]: Think my site has been hacked...
« on: March 17, 2008, 01:02:15 pm »

Yesterday my site was working fine... this morning I tried and now all I get is a prompt to install a missing language pack (which I ignore) and now the entire site has Arabic text and the theme has changed.

I have checked the files and re-uploaded them - no change.
I have checked the MySQL database - all the information is there still.
I have checked my Albums - all info is there.

I am running the latest version of Coppermine.

My setup never forced a Login before - so that has been implemented.

The url is

Can anyone help?


« Last Edit: March 17, 2008, 01:39:42 pm by Nibbler »


  • Guest
Re: Think my site has been hacked...
« Reply #1 on: March 17, 2008, 01:08:30 pm »

Switch to english ( then login and see what happened. Check for admin accounts that shouldn't be there and change your pass. Disable the login requirement in config too.


  • Coppermine newbie
  • Offline Offline
  • Posts: 2
Re: Think my site has been hacked...
« Reply #2 on: March 17, 2008, 01:27:53 pm »

Thanks - just managed to fix this...
I deleted all language packs other than English (it's a personal site, so no need for multilanguage stuff).
I used phpMyAdmin and searched for (that is what the person changed the admin email to) - and changed it back to what it should have been.

I reset the admin password to another one - no other users were created.

I am going to change the MySQL password now....

Thanks for your help!


Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47843
  • aka "GauGau"
Re: [Solved]: Think my site has been hacked...
« Reply #3 on: March 17, 2008, 05:16:35 pm »

That's the proper method to clean your site. Make sure to scan for potential backdoors that the attacker might have left. To do so, download the entire content of the gallery by FTP, then make sure that only the expected files (images) reside within the albums folder. Compare the script files (PHP files) against a vanilla copy of the coppermine package (using a diff-viewer like WinMerge).
Also make sure that your passwords are non-trivial.
Pages: [1]   Go Up

Page created in 0.017 seconds with 19 queries.