Advanced search  

News:

CPG Release 1.6.26
Correct PHP8.2 issues with user and language managers.
Additional fixes for PHP 8.2
Correct PHP8 error with SMF 2.0 bridge.
Correct IPTC supplimental category parsing.
Download and info HERE

Pages: [1]   Go Down

Author Topic: Weird code in security.log.php  (Read 3475 times)

0 Members and 1 Guest are viewing this topic.

isajade

  • Coppermine regular visitor
  • **
  • Offline Offline
  • Gender: Female
  • Posts: 67
Weird code in security.log.php
« on: February 20, 2009, 02:07:51 pm »

Hi,

I am upgrading today and found a weird code in security.log.php (in logs folder). It is located just after a short list of failed login attempts, then the list continues.
I was hacked a couple of years ago, and had sanitized the whole gallery. Maybe I missed this?

My gallery http://gallery.angel-us.com/ I have put it offline

Quote
Failed login attempt with Username: into5603@gallery.angel-us.com from IP 140.115.117.6 on Oct 15, 2006 at 01:39 AM
Failed login attempt with Username: g
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain
X-Mailer: Calypso Version 3.30.00.00 (4)
Subject: sweet, delicately flavoured moist
cc: burto131@aol.com
cc: xxjosh29xx@aol.com
cc: wernerjerneizig@aol.com
cc: jean73210@aol.com
cc: chumki100@aol.com
cc: topcopl2@aol.com

in the regulations for the production of ayonne am. he meat itself does not=
 have to come from

Logged

isajade

  • Coppermine regular visitor
  • **
  • Offline Offline
  • Gender: Female
  • Posts: 67
Re: Weird code in security.log.php
« Reply #1 on: February 21, 2009, 01:52:32 pm »

I noticed that the file was not in the original package, so felt it was generated when the first failed login happened. so I have deleted the file and entered a wrong login and the gallery generated a fresh file. Please let me know if I did the right thing.

Is there a place where I can see all the files that should be on the FTP? (including the ones the gallery generated itself) thank you
Logged

Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47843
  • aka "GauGau"
    • gaugau.de
Re: Weird code in security.log.php
« Reply #2 on: February 25, 2009, 08:55:36 am »

I noticed that the file was not in the original package, so felt it was generated when the first failed login happened. so I have deleted the file and entered a wrong login and the gallery generated a fresh file. Please let me know if I did the right thing.

Is there a place where I can see all the files that should be on the FTP?
Just download a vanilla package and then perform a comparison. You probably have been hacked. Do as suggested in Yikes, I've been hacked! Now what?
Logged

isajade

  • Coppermine regular visitor
  • **
  • Offline Offline
  • Gender: Female
  • Posts: 67
Re: Weird code in security.log.php
« Reply #3 on: February 25, 2009, 10:36:51 am »

Thank you. By vanilla package you mean a new one?

Some files are generated by the gallery itself, like security.log.php. so If I delete a file that is not in a new package, it's ok? I have deleted the .DS_Store file when I updated, as this one wasn't in the new package. I've checked the board before, and read in a message that it wasn't a problem to delete it.
Logged

Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47843
  • aka "GauGau"
    • gaugau.de
Re: Weird code in security.log.php
« Reply #4 on: February 25, 2009, 05:36:14 pm »

Thank you. By vanilla package you mean a new one?
Yes.

Some files are generated by the gallery itself, like security.log.php. so If I delete a file that is not in a new package, it's ok?
Yes
I have deleted the .DS_Store file when I updated, as this one wasn't in the new package.
That's fine - this is a Mac file that doesn't have any impact on a webserver.
Logged

isajade

  • Coppermine regular visitor
  • **
  • Offline Offline
  • Gender: Female
  • Posts: 67
Re: Weird code in security.log.php
« Reply #5 on: February 25, 2009, 06:07:39 pm »

Thank you.
Logged
Pages: [1]   Go Up
 

Page created in 0.019 seconds with 20 queries.