Advanced search  

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Pages: 1 [2]   Go Down

Author Topic: [Closed]: Helping each other with problems resulting from cdpuvbhfzz hacking?  (Read 9916 times)

0 Members and 1 Guest are viewing this topic.

Llama8668

  • Coppermine newbie
  • Offline Offline
  • Posts: 18
Re: Helping each other with problems resulting from cdpuvbhfzz hacking?
« Reply #20 on: April 12, 2008, 03:18:08 pm »

I've been hacked yet again despite upgrading to 4.1.7 and attempting to clean everything up. Anyone have any advice as to how they're still getting in (will it be that there are files still left in the upload/albums which are being used) as thing is getting ridiculous  >:(.
Logged

marian

  • Coppermine frequent poster
  • ***
  • Offline Offline
  • Posts: 160
    • BYM Photo Gallery
Re: Helping each other with problems resulting from cdpuvbhfzz hacking?
« Reply #21 on: April 12, 2008, 04:47:00 pm »

I've been hacked yet again despite upgrading to 4.1.7 and attempting to clean everything up. Anyone have any advice as to how they're still getting in (will it be that there are files still left in the upload/albums which are being used) as thing is getting ridiculous  >:(.
I had my doubts about this being over, once we were hacked AFTER our only URI upload was disabled. Bad, bad scene.
Logged

Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47844
  • aka "GauGau"
    • gaugau.de
Re: Helping each other with problems resulting from cdpuvbhfzz hacking?
« Reply #22 on: April 12, 2008, 05:02:00 pm »

No. Jpeg files can't be infected anyway, as Abbas already explained.
Logged

marian

  • Coppermine frequent poster
  • ***
  • Offline Offline
  • Posts: 160
    • BYM Photo Gallery
Re: Helping each other with problems resulting from cdpuvbhfzz hacking?
« Reply #23 on: April 12, 2008, 05:08:30 pm »

No. Jpeg files can't be infected anyway, as Abbas already explained.
I dont know if this is relevant but given the hackings after upgrades I thought I would mention it.
Someone has suggested to me that it could be that coppermine will accept a file as long as it contains jpg or other acceptable file format. So a file named PIC.jpg.php with malicious code would be accepted. Don't know if he is right and cant test as we have disabled gallery.
Logged

Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47844
  • aka "GauGau"
    • gaugau.de
Re: Helping each other with problems resulting from cdpuvbhfzz hacking?
« Reply #24 on: April 12, 2008, 05:11:20 pm »

Upgrading will not clean your site once it is infected. The attacker left a backdoor, you have to thoroughly sanitize your site - you can not just perform the upgrade and think that everything is dandy.
Logged

Llama8668

  • Coppermine newbie
  • Offline Offline
  • Posts: 18
Re: Helping each other with problems resulting from cdpuvbhfzz hacking?
« Reply #25 on: April 12, 2008, 05:13:49 pm »

Would preventing the upload of zips (forbid it in the accepted types options in the config section) help at all?

For one of the two sites which went down again the offending files were re uploaded again (after the upgrade to 4.1.7).

For the other I couldn't see the files present. It appears to have been hacked again though making it twice today.

To a degree I think all I need is a way to battern down the hatches, specifically stop the spread outside of the coppermine gallery (if it's just the addition of code they're doing I'm happy to keep re uploading the gallery files, it just becomes a big chore when it's spread to other files like forums and normal site php files).

The suggestion solution seems to be a PHP.ini file (specifically the open_basedir setting). I've tried to add that to the root of the gallery, however it spits out errors as the includes appear to fail with open_basedir set to off. I'm I just doing it wrong (should it perhaps be added to just the upload albums?) or is there some otherway of blocking the mass rewrite of an entire sites files?

Logged

sharpo

  • Coppermine frequent poster
  • ***
  • Country: gb
  • Offline Offline
  • Gender: Male
  • Posts: 326
Re: Helping each other with problems resulting from cdpuvbhfzz hacking?
« Reply #26 on: April 12, 2008, 05:15:04 pm »

Just noticed mine has been infected again.

Checked all the files in album folder for any uploads other than mine, there were none, checked the index files in those folders for the iframe code, then deleted everything else before uploading 1.4.17.

Perhaps it happened because I had not finished upgrading the other galleries in my web space.
Logged
Sharpo (not an expert, just a Coppermine user)
3 live galleries, first started in 2006, all now 1.6.04.
http://www.sharpos-world.co.uk/BB3cpg/ (1.6.07)with over 8,000 images.
http://www.sharpos-world.co.uk/cpg/ with over 25,000 images
http://www.sharpos-world.co.uk/kc/ with over 300 images

Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47844
  • aka "GauGau"
    • gaugau.de
Re: Helping each other with problems resulting from cdpuvbhfzz hacking?
« Reply #27 on: April 12, 2008, 05:18:47 pm »

This thread is not what you intended it to be. You don't help each other, obviously because you can't. You're posting panic-postings only. This thread is invalid and should never have been started. I deliberatly told you on the other thread that your "me too" reports won't help and threatened everyone to ban if the posting of invalid replies continues. Marian thought that he could circumvent the ban by starting another thread that deals with the very same issue. This is not the case. Thread locked.
Logged
Pages: 1 [2]   Go Up
 

Page created in 0.018 seconds with 20 queries.