Advanced search  

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Pages: [1]   Go Down

Author Topic: [Solved]: Install of 1.4.10 hacked....how to get old version?  (Read 3015 times)

0 Members and 1 Guest are viewing this topic.

Mitchelled

  • Coppermine newbie
  • Offline Offline
  • Posts: 5

I have 1.4.10 installed (yeah, I know I should have upgraded), but somehow someone hacked in and deleted the login.php and the logout.php files (and who knows what else they might have done).  How can I go about getting this installation back up and running?  I'm willing to pay someone with more time than me to do it.

The gallery is at :

http://mitchelled.com/photob1/index.php

And I only have FTP access to it at this point.  Any thoughts?  I tried simply taking the 1.4.16 files from the download and putting them up there, but it doesn't log in (no longer gives me a 404), but just returns me to the main screen.  I looked around to see if I could find the 1.4.10 version, but it doesn't appear to be around for download.....would it be that simple?

Any help appreciated.

Perhaps this is a sign to move to a new host and have full cpanel access rather than living off someone else's charity and not having access to the cpanel!  But I'd hate to lose all the work on this gallery.
« Last Edit: March 27, 2008, 04:12:00 pm by Nibbler »
Logged

Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47843
  • aka "GauGau"
    • gaugau.de
Re: Install of 1.4.10 hacked....how to get old version?
« Reply #1 on: March 26, 2008, 06:58:29 am »

Perhaps this is a sign to move to a new host and have full cpanel access rather than living off someone else's charity and not having access to the cpanel!  But I'd hate to lose all the work on this gallery.
Cpanel won't help you in maintaining coppermine and keeping it up to date.

I looked around to see if I could find the 1.4.10 version, but it doesn't appear to be around for download.....would it be that simple?
Re-uploading cpg1.4.10 is not an option.

I have 1.4.10 installed (yeah, I know I should have upgraded)
Exactly. You just suffer from your reluctance to upgrade.

The attacker probably removed your account - you'll need to re-create it using phpMyAdmin or similar.

Logged

Mitchelled

  • Coppermine newbie
  • Offline Offline
  • Posts: 5
Re: Install of 1.4.10 hacked....how to get old version?
« Reply #2 on: March 27, 2008, 02:24:50 am »

Nope, account still exists.

How about if I install a new version of PHP and copy over the config file and run an upgrade?
Logged

Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47843
  • aka "GauGau"
    • gaugau.de
Re: Install of 1.4.10 hacked....how to get old version?
« Reply #3 on: March 27, 2008, 07:23:48 am »

That's nonsense and won't make any difference to what you did. What error message do you get when trying to log in? Is there any error message at all, or does your login just not stick?
Logged

Mitchelled

  • Coppermine newbie
  • Offline Offline
  • Posts: 5
Re: Install of 1.4.10 hacked....how to get old version?
« Reply #4 on: March 27, 2008, 04:08:31 pm »

Followed the upgrade instructions and that fixed the problem as I expected.  The hacker had obviously replaced one of the files related to login (besides just deleting the login.php and logout.php).  Now I'm up to the latest version too!

One question I now have after running the files/version checker is the two files you are instructed NOT to copy over as part of the upgrade are now listed as out of date.  Perhaps I misunderstood the upgrade directions and should have just backed them up, but still over written them????
Logged

Nibbler

  • Guest
Re: [Solved]: Install of 1.4.10 hacked....how to get old version?
« Reply #5 on: March 27, 2008, 04:13:11 pm »

Those 2 files are include/config.inc.php and anycontent.php. include/config.inc.php will not show up as outdated, so you did something wrong there. anycontent.php is fine to leave since it's just for custom content.
Logged

Mitchelled

  • Coppermine newbie
  • Offline Offline
  • Posts: 5
Re: [Solved]: Install of 1.4.10 hacked....how to get old version?
« Reply #6 on: March 27, 2008, 04:19:53 pm »

The two files that show up as red are:

include/crop.inc.php
anycontent.php

So per your last comment, I can ignore the anycontent.php, but what's with the first one?  It shows as

1.4.10  1.4.16

Should I re-run the upgrade script?
Logged

Nibbler

  • Guest
Re: [Solved]: Install of 1.4.10 hacked....how to get old version?
« Reply #7 on: March 27, 2008, 04:26:42 pm »

No, you just need to upload the new copy of include/crop.inc.php from the Coppermine package.
Logged

Mitchelled

  • Coppermine newbie
  • Offline Offline
  • Posts: 5
Re: [Solved]: Install of 1.4.10 hacked....how to get old version?
« Reply #8 on: March 27, 2008, 04:31:14 pm »

Ok, thanks!
Logged
Pages: [1]   Go Up
 

Page created in 0.019 seconds with 20 queries.