Advanced search  

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Pages: [1] 2   Go Down

Author Topic: I'm locked out of my site  (Read 6687 times)

0 Members and 1 Guest are viewing this topic.

erika_conn

  • Coppermine regular visitor
  • **
  • Offline Offline
  • Posts: 91
I'm locked out of my site
« on: September 10, 2009, 05:37:00 pm »

http://ceconn.com/photo_gallery

I am pretty sure I've been hacked.  I can't get in no matter how often I specify that I need a new password.  They send my new password and still it won't take.  I've been to phpmyadmin.  I got as far as clicking the edit button.  A window pops up. Run SQL query/queries on database cecon46_gallery: SELECT * FROM `cpg148_users``user_password`. 

Now what?  Where do I put in my new password?  How can I fix this so I can get back into my site?
Logged

onthepike

  • Guest
Re: I'm locked out of my site
« Reply #1 on: September 10, 2009, 08:35:49 pm »

Go here: http://md5.gromweb.com/
Enter new password in "String to convert to MD5".
Click OK.
Copy the information and save.
Close and exit.

Open: phpMyAdmin --> cecon46_gallery --> cpg148_users -->

Click the Browse icon alongside cpg users.
Click the Edit (pencil) icon for the admin.
Locate user_password field and delete entry.
Enter the returned value from the MD5 site into the password field in phpMyAdmin and click Go.

You should now be able to log in as admin.
Logged

erika_conn

  • Coppermine regular visitor
  • **
  • Offline Offline
  • Posts: 91
Re: I'm locked out of my site
« Reply #2 on: September 10, 2009, 09:37:59 pm »

I did just as you said.  I still can't log in.  What else could it be?
Logged

Phill Luckhurst

  • Administrator
  • Coppermine addict
  • *****
  • Country: gb
  • Offline Offline
  • Gender: Male
  • Posts: 4822
    • Windsurf.me
Re: I'm locked out of my site
« Reply #3 on: September 10, 2009, 10:18:53 pm »

You almost certainly have been hacked. You are using version 1.4.18 and should have upgraded ages ago. The current version is 1.4.25.

Sorry to be the bearer of bad news.

If you have access to the server logs look through them to see what might have happened. Look for .htaccess files and do everything outlined in the following thread.

http://forum.coppermine-gallery.net/index.php/topic,51927.0.html
Logged
It is a mistake to think you can solve any major problems just with potatoes.

erika_conn

  • Coppermine regular visitor
  • **
  • Offline Offline
  • Posts: 91
Re: I'm locked out of my site
« Reply #4 on: September 12, 2009, 09:18:06 pm »

You almost certainly have been hacked. You are using version 1.4.18 and should have upgraded ages ago. The current version is 1.4.25.

Sorry to be the bearer of bad news.

If you have access to the server logs look through them to see what might have happened. Look for .htaccess files and do everything outlined in the following thread.

http://forum.coppermine-gallery.net/index.php/topic,51927.0.html
Can I do a fresh installation calling the folder "fotosbyerikanew", then transfer the albums etc. into this new folder then delete the old?  Wouldn't that be easier? 
Logged

papukaija

  • Contributor
  • Coppermine frequent poster
  • ***
  • Country: 00
  • Offline Offline
  • Posts: 333
Re: I'm locked out of my site
« Reply #5 on: September 12, 2009, 10:50:22 pm »

Can I do a fresh installation calling the folder "fotosbyerikanew", then transfer the albums etc. into this new folder then delete the old?  Wouldn't that be easier? 

You can do a fresh install, but you have to batch add your files again. The easiest way is to upgrade your gallery.
Logged

onthepike

  • Guest
Re: I'm locked out of my site
« Reply #6 on: September 12, 2009, 11:11:48 pm »

Download a full backup of your current gallery folder. Download a copy of your database. Verify that these are not corrupt.

Completely purge your current gallery directory. Leave nothing behind.

Download the current version of CPG (currently 1.4.25) and unzip locally. FTP the contents to your old, empty gallery directory. DO NOT USE ANY AUTO-INSTALLERS.

Analyze your /albums folder for suspicious files and sanitize as necessary. Re-upload your cleansed /albums folder. Re-upload your /include/config.inc.php and /anycontent.php (after verifying contents) and install.lock (should be empty) files.

Inspect and cleanse (as necessary) any custom themes and re-upload.

Point your browser to /yourgallery/update.php
Logged

Phill Luckhurst

  • Administrator
  • Coppermine addict
  • *****
  • Country: gb
  • Offline Offline
  • Gender: Male
  • Posts: 4822
    • Windsurf.me
Re: I'm locked out of my site
« Reply #7 on: September 13, 2009, 12:03:06 am »

Please read the thread I linked to. Simply upgrading will not guarentee that you have sanitized yuor site. There may be files left by the hackers or there may be admin accounts created in the database. You really need to read through that thread carefully and do everything outlined there, Joachim made that extensive help guide for a reason.

If you do not understand how to do all those steps then you may have to pay someone to help you. If you do not do it properly you are risking all your hard work as you may end up going through the same routine a few days down the line.
Logged
It is a mistake to think you can solve any major problems just with potatoes.

onthepike

  • Guest
Re: I'm locked out of my site
« Reply #8 on: September 13, 2009, 02:07:51 am »

I agree. However I have learned by trying to help folks here that most do not follow the steps (ALL of the steps, anyway) in the thread. Partly because many folks just don't understand a lot of the information contained there. In these cases, my main objective is to allow the admin to admin as soon as possible and follow-up with the rest of the cleansing afterwards. Though (sigh) and granted, most do not.

Anyway, I would do the upgrade for nothing. I'm by no means an expert, but I've updated this application since 1.3.2, moved two different galleries to two different servers and am currently tinkering with 1.5.2 via WAMP. If I can lend a hand, I'll do it free of charge. And if I can't, I'll defer to those with more experience and knowledge.
Logged

erika_conn

  • Coppermine regular visitor
  • **
  • Offline Offline
  • Posts: 91
Re: I'm locked out of my site
« Reply #9 on: September 13, 2009, 07:34:23 pm »

Download a full backup of your current gallery folder. Download a copy of your database. Verify that these are not corrupt.

Completely purge your current gallery directory. Leave nothing behind.

Download the current version of CPG (currently 1.4.25) and unzip locally. FTP the contents to your old, empty gallery directory. DO NOT USE ANY AUTO-INSTALLERS.

Analyze your /albums folder for suspicious files and sanitize as necessary. Re-upload your cleansed /albums folder. Re-upload your /include/config.inc.php and /anycontent.php (after verifying contents) and install.lock (should be empty) files.

Inspect and cleanse (as necessary) any custom themes and re-upload.

Point your browser to /yourgallery/update.php
Thank you a million for walking me through this.  It worked - at least on one site, namely fotosbyerika.com.  Now, let's see if I can make it work on ceconn.com/photo_gallery.  Thank you again.  You guys are amazing.
Logged

Phill Luckhurst

  • Administrator
  • Coppermine addict
  • *****
  • Country: gb
  • Offline Offline
  • Gender: Male
  • Posts: 4822
    • Windsurf.me
Re: I'm locked out of my site
« Reply #10 on: September 13, 2009, 10:17:16 pm »

Have you checked your database for users with admin rights? Please make sure you do so.
Logged
It is a mistake to think you can solve any major problems just with potatoes.

erika_conn

  • Coppermine regular visitor
  • **
  • Offline Offline
  • Posts: 91
Re: I'm locked out of my site
« Reply #11 on: September 14, 2009, 05:27:48 pm »

Download a full backup of your current gallery folder. Download a copy of your database. Verify that these are not corrupt.

Completely purge your current gallery directory. Leave nothing behind.

Download the current version of CPG (currently 1.4.25) and unzip locally. FTP the contents to your old, empty gallery directory. DO NOT USE ANY AUTO-INSTALLERS.

Analyze your /albums folder for suspicious files and sanitize as necessary. Re-upload your cleansed /albums folder. Re-upload your /include/config.inc.php and /anycontent.php (after verifying contents) and install.lock (should be empty) files.

Inspect and cleanse (as necessary) any custom themes and re-upload.

Point your browser to /yourgallery/update.php
Well, I knew the second time would probably not work.  It is a big site with many photos and FileZilla kept crashing when trying to download to desktop.  I had to reboot many times.  So, it's not surprising that I ran into a snag.

When updating, everything seemed fine until the last two entries as you see in the attached jpg file.  Then, when typing the address into the address bar I get error 2 as in the attached jpg file. 

Can you help?
Logged

Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47843
  • aka "GauGau"
    • gaugau.de
Re: I'm locked out of my site
« Reply #12 on: September 14, 2009, 05:43:21 pm »

Just updating is not enough and will not clean your gallery. It's bad advise to recommend just to perform the upgrade if you suspect that the site was hacked. Performing a fresh install and then moving stuff over won't help neither. If there was an alternative to the sanitization that I have described in the Yikes thread, I would have told about the alternative. But there is none. You need to sanitize your site as suggested in the Yikes thread.
Logged

erika_conn

  • Coppermine regular visitor
  • **
  • Offline Offline
  • Posts: 91
Re: I'm locked out of my site
« Reply #13 on: September 17, 2009, 04:39:27 pm »

Just to let you know that Yikes is out of date and most links don't work.  Thought you'd like to know.

I noticed that on StatCounter there is one IP address that seems to forever be on my http://ceconn.com/photo_gallery site, although I can't find him on the other photo site, so maybe I'm wrong.  It's also the first time I saw the strange letters listed.  Could this be the culprit that hacked my sites?  If so, how do I report him or how can I prove it?  Seems to me, messing with someone else's property should be against the law.

I've attached a partial list for you to see.  Aug. 20 seems to be when it all started.

Also, when you say back up the entire site, I guess you mean whatever I have with that particular host.  If so, that's almost impossible to do as FileZilla constantly crashes and besides, not all files get backed up.  Besides, my host does that so why do I have to do it too?
Logged

Joe Carver

  • Dev Team member
  • Coppermine addict
  • ****
  • Country: us
  • Offline Offline
  • Gender: Male
  • Posts: 1504
  • aka 'i-imagine'
    • Home Page
Re: I'm locked out of my site
« Reply #14 on: September 17, 2009, 05:07:26 pm »

It looks like you and I use the same hosting company (beginning with "M").

If yes, then use the "Backup Wizard" in your cPanel to back up your site. It will compress the site
and download a .gz to your computer. It can take a while, but works well for me.

If you are concerned about a certain IP address then use your "IP Deny Manager".

I have just had a try at your site - it looks like you need to fix your config.inc.php file.

erika_conn

  • Coppermine regular visitor
  • **
  • Offline Offline
  • Posts: 91
Re: I'm locked out of my site
« Reply #15 on: September 17, 2009, 06:03:30 pm »

It looks like you and I use the same hosting company (beginning with "M").

If yes, then use the "Backup Wizard" in your cPanel to back up your site. It will compress the site
and download a .gz to your computer. It can take a while, but works well for me.

If you are concerned about a certain IP address then use your "IP Deny Manager".

I have just had a try at your site - it looks like you need to fix your config.inc.php file.

Yes, we do use the same host.  Gee I've checked the config.inc.php file.  Everything looks good to me. Thanks for the IP Deny Manager.  I looked in PHPMyADMIN and there really is no cpg141x_config file.  Well, for now I'm backing up using the wizard, as you suggested.  Thanks for helping.
Logged

Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47843
  • aka "GauGau"
    • gaugau.de
Re: I'm locked out of my site
« Reply #16 on: September 17, 2009, 06:15:21 pm »

Just to let you know that Yikes is out of date and most links don't work.  Thought you'd like to know.
No, it's not. Everything that is mentioned there still applies - I just went through all the links in that thread: all of them work exactly as expected except the example links like http://your_site.tld/coppermine/albums/userpics/100023/picture.jpg (that's an example URL that of course doesn't work since there is no top level domain named "tld"). Please let us know why you think that it's outdated.
Logged

crazy_girl

  • Coppermine newbie
  • Offline Offline
  • Gender: Female
  • Posts: 9
  • I am mad for Facu and Natalia!
    • Cumpliendo Suenos Grecia
Re: I'm locked out of my site
« Reply #17 on: September 20, 2009, 05:13:39 pm »

Guys, I'm also locked out of my gallery. I enter the password and it says me error. What must I do?
Logged

Joe Carver

  • Dev Team member
  • Coppermine addict
  • ****
  • Country: us
  • Offline Offline
  • Gender: Male
  • Posts: 1504
  • aka 'i-imagine'
    • Home Page
Re: I'm locked out of my site
« Reply #18 on: September 20, 2009, 05:41:32 pm »

crazy_girl

  • Coppermine newbie
  • Offline Offline
  • Gender: Female
  • Posts: 9
  • I am mad for Facu and Natalia!
    • Cumpliendo Suenos Grecia
Re: I'm locked out of my site
« Reply #19 on: September 20, 2009, 06:16:28 pm »

If I make upgrade, the problem will be solved? I have upload many photos in the gallery and I dont want to loose them. I"m not good in coding!
Logged
Pages: [1] 2   Go Up
 

Page created in 0.031 seconds with 19 queries.