Advanced search  

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Pages: 1 ... 4 5 6 7 [8] 9 10 11 12 ... 15   Go Down

Author Topic: Someone has Redirected my Site to cdpuvbhfzz.com-What do I do?  (Read 318706 times)

0 Members and 1 Guest are viewing this topic.

Nibbler

  • Guest
Re: Someone has Redirected my Site to cdpuvbhfzz.com-What do I do?
« Reply #140 on: April 13, 2008, 10:36:03 pm »

The latest patch indeed does not fix the problem - it fixes a different problem, one which this latest attack does not actually exploit. There will be a new release soon that will address the current issue, as a result of information provided to us by a webhost sysadmin that actually has the skills needed to investigate the problem properly.

Coppermine will not be brought down by hackers,  but by people like you dragging down developer morale until we all give up.
Logged

tfischer

  • Coppermine regular visitor
  • **
  • Offline Offline
  • Posts: 75
    • Fischersplace Photo Gallery
Re: Someone has Redirected my Site to cdpuvbhfzz.com-What do I do?
« Reply #141 on: April 13, 2008, 10:47:30 pm »

The latest patch indeed does not fix the problem - it fixes a different problem, one which this latest attack does not actually exploit. There will be a new release soon that will address the current issue, as a result of information provided to us by a webhost sysadmin that actually has the skills needed to investigate the problem properly.

Coppermine will not be brought down by hackers,  but by people like you dragging down developer morale until we all give up.

This is excellent news.  I hope I'm not adding to thread-clutter by saying this (if so please delete this reply and forgive me), but I really appreciate the work you guys do.  I felt a bit sickened when I read marian's response -- not sure why someone would treat people who volunteer to create a great product and also attempt to support it for free, like that.  The implication that nobody cared about the problem for three days was especially sickening...  I guess people like him don't understand software security -- that cannot be too transparent  until a specific problem is identified and a fix has been confirmed...

Anyway I for one, and surely countless others like me, really appreciate all the hard work you guys do. 

-Tim
Logged

marian

  • Coppermine frequent poster
  • ***
  • Offline Offline
  • Posts: 160
    • BYM Photo Gallery
Re: Someone has Redirected my Site to cdpuvbhfzz.com-What do I do?
« Reply #142 on: April 13, 2008, 11:00:39 pm »

Coppermine will not be brought down by hackers,  but by people like you dragging down developer morale until we all give up.
No Nibbler, Coppermine will not be brought down by “people dragging down developer morale until we all give up”, but by this forum dragging down Coppermine enthusiast morale, because they are treated like shit.
Being a major website with a big CPG, our Gallery Editor has had many emails saying “I know you have a very big Coppermine Gallery so you must be an expert and I hope you can help me” …………… What follows varies, according to the problem, but is along the lines of “Before contacting you, I’ve tried to find the answer by searching the Coppermine forum and couldn’t. Seeing responses to other novice questions, I don’t feel I can post my question on the forum, so I hope you can tell me what to do.”
Logged

Nibbler

  • Guest
Re: Someone has Redirected my Site to cdpuvbhfzz.com-What do I do?
« Reply #143 on: April 13, 2008, 11:08:31 pm »

Oh, you mean the same way you treated 'oflus' back there? Who just made his first post, was being helpful and you jumped down his throat?

If you don't like the support here then stick around, answer questions, and show us how it's done.
Logged

marian

  • Coppermine frequent poster
  • ***
  • Offline Offline
  • Posts: 160
    • BYM Photo Gallery
Re: Someone has Redirected my Site to cdpuvbhfzz.com-What do I do?
« Reply #144 on: April 13, 2008, 11:17:47 pm »

Oh, you mean the same way you treated 'oflus' back there? Who just made his first post, was being helpful and you jumped down his throat?
How was oflus' remark "I am sure that there is a simple shell command that you can think of to clean up your infected files, by using perl or sed." helpful, when the majority of Coppermine users do not understand the terms shell command, perl and sed?
I am a huge Coppermine - ie the way the Gallery works - fan; I appreciate the work that has been put into developing it; that does not alter the fact that I think the way the forum operates is counter productive to producing any sense of loyalty/community in Coppermine users.
Logged

Nibbler

  • Guest
Re: Someone has Redirected my Site to cdpuvbhfzz.com-What do I do?
« Reply #145 on: April 13, 2008, 11:27:29 pm »

Just because you don't understand it doesn't mean someone won't find it helpful. If you were prepared to actually learn such tools you could clean up an entire server in just a few minutes.

You can't change anything by complaining. Stick around and provide the support you wish to see.
Logged

Hercules24

  • Coppermine regular visitor
  • **
  • Offline Offline
  • Posts: 71
    • High Resolution Party Pictures
Re: Someone has Redirected my Site to cdpuvbhfzz.com-What do I do?
« Reply #146 on: April 13, 2008, 11:28:07 pm »

I have a lot of respect for the mods here, who I'm sure are stressed out and work their ass off to get things solved asap.
But until the next patch comes out, is there anything users with a cleaned 1.4.17 can do to avoid getting hacked again?
Like temporary deleting some of the files in the CPG directory that are only needed to perform admin tools, but not when viewing the gallery?
Logged

strokesfan

  • Coppermine novice
  • *
  • Offline Offline
  • Posts: 47
Re: Someone has Redirected my Site to cdpuvbhfzz.com-What do I do?
« Reply #147 on: April 13, 2008, 11:34:26 pm »

How long will it be until the new version? The 'hacker' changed my settings again despite having 1.7 and there were no backdoors or anything. I checked the IP of whoever was doing it and it was someone from Russia w/ the IP:  91.76.173.220  and after researching, it was the domain: mtu.ru

Thank you for providing a wonderful service and all your hard work.
Logged

steveeh131047

  • Supporter
  • Coppermine frequent poster
  • ****
  • Offline Offline
  • Posts: 217
Re: Someone has Redirected my Site to cdpuvbhfzz.com-What do I do?
« Reply #148 on: April 13, 2008, 11:35:07 pm »

Folks - just wanted to say that I spent a few hours this afternoon with a close family friend who is in his last few weeks of life - he has terminal lung cancer. Suddenly, any worries I might have over cpg vulnerability were put into perspective!
Logged

marian

  • Coppermine frequent poster
  • ***
  • Offline Offline
  • Posts: 160
    • BYM Photo Gallery
Re: Someone has Redirected my Site to cdpuvbhfzz.com-What do I do?
« Reply #149 on: April 13, 2008, 11:38:10 pm »

Just because you don't understand it doesn't mean someone won't find it helpful. If you were prepared to actually learn such tools you could clean up an entire server in just a few minutes.

You can't change anything by complaining. Stick around and provide the support you wish to see.
You misundertand me Nibbler. I understood perfectly and our web people are experts in the use of such tools. Because I and other associated with our site understood, our site WAS cleaned up in a  few minutes, which is why we were so certain that the exploit that mod 17 addressed was NOT the problem. What I was pointing out was that the vast majority of coppermine users are not pros like me.
Logged

mr.goose

  • Tester
  • Coppermine novice
  • *
  • Offline Offline
  • Posts: 37
    • GarfNet | Penguin-powered and full of unixy goodness
Re: Someone has Redirected my Site to cdpuvbhfzz.com-What do I do?
« Reply #150 on: April 13, 2008, 11:40:40 pm »

How long will it be until the new version? The 'hacker' changed my settings again despite having 1.7 and there were no backdoors or anything. I checked the IP of whoever was doing it and it was someone from Russia w/ the IP:  91.76.173.220  and after researching, it was the domain: mtu.ru

Thank you for providing a wonderful service and all your hard work.

As I suggested in an earlier post, deleting update.php seems to "break" the hack. It looks at update.php before posting data to your cpgxxx_gonfig table. I think it uses this to determine the table prefix as Nibbler suggested earlier. Without this info, the hack seems unable to proceed. I have been hack free since doing this. http://www.garfnet.org.uk/coppermine


Best wishes, G
Logged

Nibbler

  • Guest
Re: Someone has Redirected my Site to cdpuvbhfzz.com-What do I do?
« Reply #151 on: April 13, 2008, 11:42:22 pm »

The release will be whenever GauGau finds time to put it together, it takes quite some time and effort.

Until then, you can replace your copy of bridge/coppermine.inc.php with the fixed copy in svn, here.
Logged

mr.goose

  • Tester
  • Coppermine novice
  • *
  • Offline Offline
  • Posts: 37
    • GarfNet | Penguin-powered and full of unixy goodness
Re: Someone has Redirected my Site to cdpuvbhfzz.com-What do I do?
« Reply #152 on: April 13, 2008, 11:58:16 pm »

The release will be whenever GauGau finds time to put it together, it takes quite some time and effort.

Until then, you can replace your copy of bridge/coppermine.inc.php with the fixed copy in svn, here.

Thanks for that. Getting it now.

Meantime, what's the current thinking about leaving update.php accessible? I know the security boys at Waraxe seem to think its a bad idea. http://www.waraxe.us/advisory-66.html

What would you advise?
Best wishes, G
Logged

Nibbler

  • Guest
Re: Someone has Redirected my Site to cdpuvbhfzz.com-What do I do?
« Reply #153 on: April 14, 2008, 12:01:36 am »

It's admin only as of 1.5
Logged

gertiebeth

  • Coppermine newbie
  • Offline Offline
  • Gender: Female
  • Posts: 10
    • http://fan-sites.org
Re: cpg1.4.17 Security release - upgrade absolutely mandatory!
« Reply #154 on: April 14, 2008, 12:04:17 am »

I have a gallery that was NOT hacked and these are the steps I took to secure it:

1. Disabled uploads server wide via php.conf
2. Disabled user group uploads
3. Upgraded the gallery to version 1.4.17
4. Changed all passwords including FTP, admin and database

But my gallery was hacked today. Is there any information available for this new vulnerability so we can start patching until a new version comes out?
« Last Edit: April 14, 2008, 12:31:32 am by gertiebeth »
Logged
Gertie

slausen

  • Coppermine regular visitor
  • **
  • Offline Offline
  • Posts: 67
Re: Someone has Redirected my Site to cdpuvbhfzz.com-What do I do?
« Reply #155 on: April 14, 2008, 12:53:03 am »

Fortunately, my install has not gotten hacked, but I want to take whatever measures are needed to protect my users.

So then, would it be correct to summarize the temporary fixes (until the next patch) to keep from getting infected as follows:

delete update.php from server
delete upload.php from server
delete bridge/coppermine.inc.php from server

If there are any other files to be deleted, please quote my reply and add them. If my list is incorrect, or there is another procedure, please let me know.

Thanks.
Logged

Nibbler

  • Guest
Re: Someone has Redirected my Site to cdpuvbhfzz.com-What do I do?
« Reply #156 on: April 14, 2008, 12:58:59 am »

Deleting bridge/coppermine.inc.php doesn't make sense.

If you are not bridged you will bring down your gallery.
If you are bridged then you are not vulnerable there to begin with.

Deleting update.php is reasonable, deleting upload.php is reasonable if you don't use http/uri uploads.
Logged

mr.goose

  • Tester
  • Coppermine novice
  • *
  • Offline Offline
  • Posts: 37
    • GarfNet | Penguin-powered and full of unixy goodness
Re: Someone has Redirected my Site to cdpuvbhfzz.com-What do I do?
« Reply #157 on: April 14, 2008, 01:02:45 am »

Seems one could alternatively:-
  • delete update.php, 
  • patch upload.php by upgrading to 1.4.17, which means users can still upload things,
  • patch bridge/coppermine.inc.php with the fixed copy in svn, as described by Nibbler a couple of posts ago .

At least, that's what we have done.
Best wishes, G.
Logged

mr.goose

  • Tester
  • Coppermine novice
  • *
  • Offline Offline
  • Posts: 37
    • GarfNet | Penguin-powered and full of unixy goodness
Re: Someone has Redirected my Site to cdpuvbhfzz.com-What do I do?
« Reply #158 on: April 14, 2008, 01:04:39 am »

Sorry Nibbler - seems our posts crossed. Does the above make sense?
Best wishes, G
Logged

Nibbler

  • Guest
Re: Someone has Redirected my Site to cdpuvbhfzz.com-What do I do?
« Reply #159 on: April 14, 2008, 01:06:20 am »

Yes, that's fine.
Logged
Pages: 1 ... 4 5 6 7 [8] 9 10 11 12 ... 15   Go Up
 

Page created in 0.027 seconds with 20 queries.