Advanced search  

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Pages: [1]   Go Down

Author Topic: Weird code in security.log.php  (Read 3198 times)

0 Members and 1 Guest are viewing this topic.

isajade

  • Coppermine regular visitor
  • **
  • Offline Offline
  • Gender: Female
  • Posts: 67
Weird code in security.log.php
« on: February 20, 2009, 02:07:51 pm »

Hi,

I am upgrading today and found a weird code in security.log.php (in logs folder). It is located just after a short list of failed login attempts, then the list continues.
I was hacked a couple of years ago, and had sanitized the whole gallery. Maybe I missed this?

My gallery http://gallery.angel-us.com/ I have put it offline

Quote
Failed login attempt with Username: into5603@gallery.angel-us.com from IP 140.115.117.6 on Oct 15, 2006 at 01:39 AM
Failed login attempt with Username: g
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain
X-Mailer: Calypso Version 3.30.00.00 (4)
Subject: sweet, delicately flavoured moist
cc: burto131@aol.com
cc: xxjosh29xx@aol.com
cc: wernerjerneizig@aol.com
cc: jean73210@aol.com
cc: chumki100@aol.com
cc: topcopl2@aol.com

in the regulations for the production of ayonne am. he meat itself does not=
 have to come from

Logged

isajade

  • Coppermine regular visitor
  • **
  • Offline Offline
  • Gender: Female
  • Posts: 67
Re: Weird code in security.log.php
« Reply #1 on: February 21, 2009, 01:52:32 pm »

I noticed that the file was not in the original package, so felt it was generated when the first failed login happened. so I have deleted the file and entered a wrong login and the gallery generated a fresh file. Please let me know if I did the right thing.

Is there a place where I can see all the files that should be on the FTP? (including the ones the gallery generated itself) thank you
Logged

Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47843
  • aka "GauGau"
    • gaugau.de
Re: Weird code in security.log.php
« Reply #2 on: February 25, 2009, 08:55:36 am »

I noticed that the file was not in the original package, so felt it was generated when the first failed login happened. so I have deleted the file and entered a wrong login and the gallery generated a fresh file. Please let me know if I did the right thing.

Is there a place where I can see all the files that should be on the FTP?
Just download a vanilla package and then perform a comparison. You probably have been hacked. Do as suggested in Yikes, I've been hacked! Now what?
Logged

isajade

  • Coppermine regular visitor
  • **
  • Offline Offline
  • Gender: Female
  • Posts: 67
Re: Weird code in security.log.php
« Reply #3 on: February 25, 2009, 10:36:51 am »

Thank you. By vanilla package you mean a new one?

Some files are generated by the gallery itself, like security.log.php. so If I delete a file that is not in a new package, it's ok? I have deleted the .DS_Store file when I updated, as this one wasn't in the new package. I've checked the board before, and read in a message that it wasn't a problem to delete it.
Logged

Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47843
  • aka "GauGau"
    • gaugau.de
Re: Weird code in security.log.php
« Reply #4 on: February 25, 2009, 05:36:14 pm »

Thank you. By vanilla package you mean a new one?
Yes.

Some files are generated by the gallery itself, like security.log.php. so If I delete a file that is not in a new package, it's ok?
Yes
I have deleted the .DS_Store file when I updated, as this one wasn't in the new package.
That's fine - this is a Mac file that doesn't have any impact on a webserver.
Logged

isajade

  • Coppermine regular visitor
  • **
  • Offline Offline
  • Gender: Female
  • Posts: 67
Re: Weird code in security.log.php
« Reply #5 on: February 25, 2009, 06:07:39 pm »

Thank you.
Logged
Pages: [1]   Go Up
 

Page created in 0.026 seconds with 20 queries.