Advanced search  

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Pages: [1] 2   Go Down

Author Topic: Authenticate?  (Read 6500 times)

0 Members and 1 Guest are viewing this topic.

sandramichelle

  • Coppermine newbie
  • Offline Offline
  • Posts: 1
Authenticate?
« on: November 27, 2008, 02:27:17 am »

When trying to change some configuration settings, I click on "save new configuration" and come to a screen that says "Authenticate" with a box for user name and password.  I put mine in, and it goes back to my home page and the changes have not been made.

Can anyone help me with fixing this, please?  I have looked through the forum but if this was touched on in a prior post, I couldn't locate it.

Thanks!
Logged

Nibbler

  • Guest
Re: Authenticate?
« Reply #1 on: November 27, 2008, 04:55:14 am »

Can you post a screenshot of this? Doesn't sound like part of Coppermine to me.
Logged

lumo

  • Coppermine newbie
  • Offline Offline
  • Gender: Male
  • Posts: 13
    • My Coppermine Gallery
Re: Authenticate?
« Reply #2 on: November 29, 2008, 03:15:33 pm »

HI, I've got the same problem since today!

Yesterday, I didn't see my Captcha Image anymore. I disabled Captcha via PHPAdmin in order to be able to login. Then I removed Captcha with the Coppermine Plugin manager. Now, when trying to make changes to my Coppermine settings, this "Authenticate" screen appears. And no changes are accepted.
(http://www11.file-upload.net/thumb/29.11.08/mpdmk2.gif)

Please help!

lumo

Logged

lumo

  • Coppermine newbie
  • Offline Offline
  • Gender: Male
  • Posts: 13
    • My Coppermine Gallery
Re: Authenticate?
« Reply #3 on: November 29, 2008, 03:19:59 pm »

Screen after pressing submit button on authenticate screen:
(http://www11.file-upload.net/thumb/29.11.08/fo5eg.gif)

lumo
Logged

Nibbler

  • Guest
Re: Authenticate?
« Reply #4 on: November 29, 2008, 03:36:28 pm »

Can you zip up your admin.php and attach it to this thread please. Is your gallery up to date?
Logged

lumo

  • Coppermine newbie
  • Offline Offline
  • Gender: Male
  • Posts: 13
    • My Coppermine Gallery
Re: Authenticate?
« Reply #5 on: November 29, 2008, 03:53:04 pm »

I've just updated to last version.

Here's the admin.php:

http://www.file-upload.net/download-1284208/adminphp.zip.html

btw: How can I edit posts?

greetings
lumo

Logged

Nibbler

  • Guest
Re: Authenticate?
« Reply #6 on: November 29, 2008, 04:00:53 pm »

You can't edit posts. Please attach files to the thread instead of using some other website.

I wanted the version of admin.php that gives you this 'authenticate' box not the clean 1.4.19 version.
Logged

lumo

  • Coppermine newbie
  • Offline Offline
  • Gender: Male
  • Posts: 13
    • My Coppermine Gallery
Re: Authenticate?
« Reply #7 on: November 29, 2008, 04:19:29 pm »

Sorry, I'm new here. This is the admin.php i downloaded from my Coppermine directory. Are there different admin.php in the directory?

How can I attach a file properly?

Cheers  ;)
lumo
Logged

lumo

  • Coppermine newbie
  • Offline Offline
  • Gender: Male
  • Posts: 13
    • My Coppermine Gallery
Re: Authenticate?
« Reply #8 on: November 29, 2008, 04:28:55 pm »

Okay, I found out how to attach.

lumo
Logged

lumo

  • Coppermine newbie
  • Offline Offline
  • Gender: Male
  • Posts: 13
    • My Coppermine Gallery
Re: Authenticate?
« Reply #9 on: November 29, 2008, 09:03:35 pm »

Hi Nibbler,

any idea what's the problem here?

Greetings
lumo
Logged

Nibbler

  • Guest
Re: Authenticate?
« Reply #10 on: November 29, 2008, 09:13:28 pm »

The attached file is the 1.4.19 version again. Do you actually have the original?

Could be some other script interfering (possibly accidentally), or a hack to steal admin passwords.
Logged

lumo

  • Coppermine newbie
  • Offline Offline
  • Gender: Male
  • Posts: 13
    • My Coppermine Gallery
Re: Authenticate?
« Reply #11 on: November 29, 2008, 09:58:07 pm »

So then, would it be better to set up a whole new gallery and delete the old one, that is, make a new install rather than an update?

Concerning the admin.php, as I told you, I downloaded it directly from the coppermine folder (cpg148) on my webspace. I made the update to version 1.4.19 yesterday. So why are you astonished about the admin.php version?

I guess this is the only admin.php file which should be situated in the cpgxxx directory, isn't it?

lumo
Logged

Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47843
  • aka "GauGau"
    • gaugau.de
Re: Authenticate?
« Reply #12 on: November 29, 2008, 10:33:45 pm »

You probably have been hacked before performing the upgrade - your issues sound familiar: read up http://forum.coppermine-gallery.net/index.php/topic,56516.msg276234.html#msg276234 - the user there reported the very same thing.
Please note that upgrading a gallery that already was hacked won't make the hack go away - you have to sanitize your entire webspace.
Logged

lumo

  • Coppermine newbie
  • Offline Offline
  • Gender: Male
  • Posts: 13
    • My Coppermine Gallery
Re: Authenticate?
« Reply #13 on: November 29, 2008, 11:54:38 pm »

Hallo Joachim, danke für den Hinweis. Ich mach jetzt erst mal ein Backup von meinen htdocs.
Die Galerie kann ich nicht auf Wartungsmodus stellen, weil ich ja nichts verändern kann. Ich denke, ich werde von Grund auf alles neu aufbauen.

Hi Joachim, thanks for your hint. First, I'm going to make a backup of my htdoc files. I can't set the gallery into maintenance mode because of the (assumed) hack. I think I'll need to rebuild everything.  :'(

lumo
Logged

Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47843
  • aka "GauGau"
    • gaugau.de
Re: Authenticate?
« Reply #14 on: November 30, 2008, 09:35:24 am »

It doesn't hurt if you can't put the gallery into maintenance mode. Skip that step from the sanitization instructions - it is only meant to make sure that the content of your gallery doesn't change during sanitization because of users uploading images. Starting from scratch will not automatically sanitize your webspace. The attacker may have left behind a backdoor somewhere outside of the coppermine folder. I strongly suggest that you sanitize as suggested. Only English please on this part of the forum.
Logged

lumo

  • Coppermine newbie
  • Offline Offline
  • Gender: Male
  • Posts: 13
    • My Coppermine Gallery
Re: Authenticate?
« Reply #15 on: November 30, 2008, 12:32:24 pm »

May I post my first results of sanitization?
  • "anycontent.php" is unchanged, although it was supposed to be. Maybe when updating to 1.4.19, I made the mistake of ovwerwriting the previous file.
  • in /docs/pics I've got a file named "bridge_02_app.gif" which should not be there
  • in /include I've got three unexpected files named "vote.php", "readme.txt" and "exifReader.inc.php". The "config.inc.php" was changed, I found a string of program code in it, beginning with:
Code: [Select]
<? /**/eval(base64_decode('aWY
    , my database acces data left at the end of the string.
    • in /logs I've got a surplus file named "security.log.php"

    I moved all the corrupted (?) files to a new folder before changing or deleting them.

    I replaced the messy content of config.inc.php with the text which was proposed by Joachim, and adding my data instead of the XXX placeholders.

Code: [Select]
<?php
// Coppermine configuration file

// MySQL configuration
$CONFIG['dbserver'] =                         'xxx';        // Your databaseserver
$CONFIG['dbuser'] =                         'xxx';        // Your mysql username
$CONFIG['dbpass'] =                         'xxx';                // Your mysql password
$CONFIG['dbname'] =                         'xxx';        // Your mysql database name


// MySQL TABLE NAMES PREFIX
$CONFIG['TABLE_PREFIX'] =                'xxxx';
?>

Would anyone be so kind (I know well that you are all very busy) and analyze the content of the messy config.inc.php in order to find out, what it does?

I'll continue, if I may.

Yours
lumo
Logged

lumo

  • Coppermine newbie
  • Offline Offline
  • Gender: Male
  • Posts: 13
    • My Coppermine Gallery
Re: Authenticate?
« Reply #16 on: November 30, 2008, 12:44:05 pm »

I forgot one thing:

In the /include folder, "install.lock" was not empty. It contained the text "locked"
Logged

lumo

  • Coppermine newbie
  • Offline Offline
  • Gender: Male
  • Posts: 13
    • My Coppermine Gallery
Re: Authenticate?
« Reply #17 on: November 30, 2008, 01:27:25 pm »

Report continued:

  • Removed suspicious files from server (look above)
  • replaced config.inc.php on server with "clean" version"
  • replaced install.lock on server with "clean" version"
  • made database update

Result: "Authenticate" screen still appears. Damn!

Then I did the following:

As I knew I had no plugins installed, but there were a lot of them (uninstalled ones) in my plugins folder (don't ask me how or when I got them ...), I decided to remove all of them.

  • Removed all uninstalled plugins with the pluginmgr.php
  • Tried to make changes in my config table
  • Success! No more "Authenticate" window opening, config changes are accepted.

So how to continue now?

Yours
lumo
Logged

lumo

  • Coppermine newbie
  • Offline Offline
  • Gender: Male
  • Posts: 13
    • My Coppermine Gallery
Re: Authenticate?
« Reply #18 on: November 30, 2008, 04:35:19 pm »

Note:
Also the file "themes.php" in my customized "gray satin" theme was affected. At the beginning of the file, I found some code that should not be there. I replaced the file with an original version of "themes.php". Are you interested in the code that was smuggled in? Tell me, so I could post a screenshot.

Thank you very much, Joachim!
Logged

Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47843
  • aka "GauGau"
    • gaugau.de
Re: Authenticate?
« Reply #19 on: November 30, 2008, 11:50:48 pm »

No thanks, the payload is unimportant for us, as it may differ on the next attack.
Logged
Pages: [1] 2   Go Up
 

Page created in 0.024 seconds with 20 queries.