Advanced search  

News:

CPG Release 1.6.26
Correct PHP8.2 issues with user and language managers.
Additional fixes for PHP 8.2
Correct PHP8 error with SMF 2.0 bridge.
Correct IPTC supplimental category parsing.
Download and info HERE

Pages: [1]   Go Down

Author Topic: Preventing Phishing Hacks  (Read 2889 times)

0 Members and 1 Guest are viewing this topic.

bfrd

  • Coppermine newbie
  • Offline Offline
  • Posts: 3
Preventing Phishing Hacks
« on: October 23, 2008, 07:03:45 pm »

I got notified this morning by Wells Fargo that a Phishing site was being run off of my domain. The link was to a site being hosted within the userpics folder of my coppermine installation.  The installation was old I had been too busy to keep up with the updates.  Regardless I found some time this morning and upgraded 1.4.4 to 1.4.19.  The upgrade was simple and there were no problems that I could find.  While there is a wealth of information on the installation procedures, I couldn't find much on hardening the installation.  The userpics and other albums are being created with 777 since anything less than that will cause ImageMagick to fail.  My first glance would tell me that anything with wide open permissions like that is just asking for trouble.  Since php files had to be uploaded I am not sure exactly how the hacker got the files to my site.  I do have FTP access to the albums directory and have changed that password to make sure.

I have looked over the documentation a few times this morning, and haven't found a guide to securing the application.  Perhaps I missed it, but does anyone have any ideas on how to prevent this sort of attack in the future?

Thanks
Logged

Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47843
  • aka "GauGau"
    • gaugau.de
Re: Preventing Phishing Hacks
« Reply #1 on: October 23, 2008, 11:15:20 pm »

The installation was old I had been too busy to keep up with the updates.
That was the reason for being hacked: the attacker probably used known flaws.
http://forum.coppermine-gallery.net/index.php/topic,51671.0.html
http://forum.coppermine-gallery.net/index.php/topic,51927.0.html
Not related to initial install, moving accordingly.

Bottom line: to prevent any type of hacks (phishing or other), keep your coppermine (or any other app you run) up to date . Looking into such minor issues as permissions after having been hacked and after having been reluctant to upgrade for years sound a bit inadequate to me. You didn't care, and you have been taught a lesson for that.
« Last Edit: October 23, 2008, 11:22:26 pm by Joachim Müller »
Logged

bfrd

  • Coppermine newbie
  • Offline Offline
  • Posts: 3
Re: Preventing Phishing Hacks
« Reply #2 on: October 23, 2008, 11:50:41 pm »

My question was not addressed.  Besides installing the most recent version of the software what actions should be taken to help prevent attacks coming in from coppermine?  Obviously flaws happen, as the application was installed per the directions at ver 1.4.4.  I trusted the software then, I don't want to make the same mistake again.  And just for the record, being busy is not the same as being apathetic.
Logged

Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47843
  • aka "GauGau"
    • gaugau.de
Re: Preventing Phishing Hacks
« Reply #3 on: October 24, 2008, 12:31:37 am »

The script needs permissions to create folders and files within the albums folders. This being said, it's up to you to figure out what level of permissions is needed to allow the script to do what it needs to do without allowing hackers to run havoc on your page. This related to webserver setup, not to coppermine. You can't expect an easy answer like "CHMOD to XYZ and you'll be fine", because there can not be such a type of answer. Your question is invalid in the first place: your reluctance to upgrade got you hacked. The attacker probably used vulnerabilites that existed in old, outdated versions of coppermine to gain control over your site. They would have been able to do so no matter what level of permissions you would have set up on file system level, as they probably used a vulnerability in Coppermine to get in. What do you expect? A miracle "super-safe" setting in coppermine? OK, I have such a recommendation for you: set permissions (CHMOD) to 000. This will make sure that you won't get hacked, with only the smal drawback that you won't be able to use coppermine any longer ::).

This being said, in a reply to your original question
does anyone have any ideas on how to prevent this sort of attack in the future?
Yes: keep your app up to date!

My question was not addressed.
It was. Read my reply!

And just for the record, being busy is not the same as being apathetic.
I didn't say so. I said that you have been reluctant to upgrade. I didn't say that you were lazy, although one could conclude that from what you said above... ;)
Logged

bfrd

  • Coppermine newbie
  • Offline Offline
  • Posts: 3
Re: Preventing Phishing Hacks
« Reply #4 on: October 24, 2008, 01:25:41 am »

Regardless of your condescending attitude, your second reply at least clearly answered the question.  Other than keeping the application up to date or completeling disabling it there is no way to protect against hacks.

And again your assumptions are false.  I was not reluctant to upgrade, I was unware how insecure my version of coppermine was.  Being reluctant to upgrade would have been knowing that it was full of security flaws and then chosing to do nothing about it.  As I said earlier I trusted the software before, that will not happen again.  Is there a mailing list to inform users of updates, or do we just have to check back daily?
Logged

SaWey

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 1119
    • SaWey.be
Re: Preventing Phishing Hacks
« Reply #5 on: October 26, 2008, 10:14:07 pm »

You can subscribe to the RSS feed on sourceforge: http://sourceforge.net/export/rss2_projnews.php?group_id=89658
This will keep you up to date on the whereabouts of Coppermine.

Logged
Pages: [1]   Go Up
 

Page created in 0.021 seconds with 20 queries.