I've used Coppermine for years now and have never had a problem until 1/11/09. I have 3 sites hosted @EasyCpanelhost but only two of them have a Coppermine Gallery. My site has been online since 2003 and I've always had a Coppermine Gallery on it.
But until recently both websites have had directories unloaded to them and the hackers place a link on another website and link it to the directory uploaded by the hacker. The 1st attack consisted of directory unloaded to the site and linked to a UK Bank. When I tried to delete the directory I couldn't and got a "550" error. So I contacted my friendly hosting company about the problem and days went by and they did nothing about the problem. Finally I told them if they didn't fix the problem I was going to contact the UK Bank and tell them to explain to them why they weren't allowing me to delete it. Right after I emailed them the problem was solved. There wasn't any new registration in the Gallery.
On 1/11/09 I got flooded with emails stating I'm running a phishing scam on the IRS website. I contacted EasyCpanelhost and got no reply that day but did get one the following day. They said "What's been hacked ?". I can tell you the hacker uploaded a directory to my site and placed a link on the IRS website to the directory on my site and I got one new registration in my gallery. I talked to some support tech @EasyCpanelhost and they said there is no way of determining whos doing this. But at my domain registar she said that's bologna, they could tell by reading their FTP logs. I deleted the directory that day and I thought the problem was gone.
The next day 1/12/09 I got flooded with emails stating the directory is back to the IRS website.
I went online and I noticed all three of the sites I've have hosted from this company have been suspended even though I paid for hosting for one year until Sept09. There was a new registration in the gallery. I contacted them and George there told me he would move my account to more secure server. I was told my sites were suspended because of the phishing scam of which they knew it wasn't my fault along with all of my data I have no access to. Well days went by and they did nothing and didn't move my site to any new server.
So I started posting on a forum, imagine that, about what a good hosting company they were.
I got somebody who agreed and stated they need to learn how to secure their server that not matter what php scripts a customer used nobody could access unless they have root access.
Finally Easy Cpanelhost got back to me and told me since I was running a Coppermine Gallery version 1.4.19 with unsecure scripts that I voilated their TOS and would be charged $40 to get my service restored. I told them they must be smokin something if they thought I was gonna pay that when it was because their servers are unsecure. They blamed all hacking on the Coppermine Gallery because of it's unsecure scripts. All directories in Coppermine gallery were set to "711" except for albums and userpics were set to "777". I don't believe for a minute that Coppermine was at fault for any hacking, the company didn't know how to secure their servers so they blamed the customer and Coppermine. Am I still gonna use this Gallery, Yes!