The "
Yikes, I've been hacked! Now what?" thread has been written on 2008-04-15. As it contains reference to cpg1.4.18, it must have been written after the release of cpg1.4.18, don't you agree? The
announcement thread for cpg1.4.18 has been written on 2008-04-14.
Anyway, the "Yikes" thread is generic: it explains what you need to do to sanitize your gallery no matter what - it does not only apply for the cdpuvbhfzz.com hack, but for others as well that may come after it and that might exploit the same vulnerability that existed in all cpg1.4.x versions before cpg1.4.18. That's why it doesn't contain reference to the attack pattern of the cdpuvbhfzz.com-hack (the iframes trick) - the pattern (payload) may differ in future exploits of the pre-cpg1.4.18 vulnerability.
Don't believe what non-experts on this thread said or suggested: after all, they are no experts and their suggestions are just speculation. Believe us (the coppermine dev team members, particularly Nibbler, who spotted and fixed the vulnerability).
To make this absolutely clear: there is absolutely nothing that you can do that makes it acceptable to delay the upgrade to cpg1.4.18 and the sanitization discussed in "Yikes". Your gallery will be vulnerable if you don't upgrade, no matter wether you allow URI uploads, no matter if you're the only user on your gallery or not, no matter whether your gallery is public or private, no matter wether you enabled debug_mode, no matter wether you set your gallery to offline mode. The exploit will not play by the rules and respect permissions. It's up to you all (infected or not) to fix your gallery
now! I have little sympathy for people who are aware that the hack is in the wild and that their gallery is outdated, yet they fail to upgrade. Repeat: perform the upgrade. Do so now; "now" as in "today", this very moment, immediately.
Joachim