Advanced search  

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Pages: [1]   Go Down

Author Topic: Hacked or hijacked?  (Read 6477 times)

0 Members and 1 Guest are viewing this topic.

chuck6478

  • Coppermine newbie
  • Offline Offline
  • Posts: 10
Hacked or hijacked?
« on: February 17, 2010, 04:00:55 am »


Example: http://www.threedogsportinggoods.com/gallery/displayimage.php?album=8&pos=1

The caption below the filmstrip now contains an ad for some sort of Rolex knockoff watches.  :-\   Trust me, I didn't put it there and I have no idea how to get rid of it.

Every file in my gallery (php and images) is now dated 1/17/2010. I've not uploaded any photos since 2009.

How can I remove the trash?  ???

How can I prevent this happening again?

Thanks
Logged

Jeff Bailey

  • Dev Team member
  • Coppermine addict
  • ****
  • Country: us
  • Offline Offline
  • Gender: Male
  • Posts: 1322
  • Fishing relaxes me.
    • Bailey Family Co.
Re: Hacked or hijacked?
« Reply #1 on: February 17, 2010, 04:30:24 am »

Try what is suggested here: Yikes, I've been hacked! Now what?
Logged
Thinking is the hardest work there is, which is probably the reason why so few engage in it. - Henry Ford

phill104

  • Administrator
  • Coppermine addict
  • *****
  • Country: gb
  • Offline Offline
  • Gender: Male
  • Posts: 4885
    • Windsurf.me
Re: Hacked or hijacked?
« Reply #2 on: February 17, 2010, 08:16:34 am »

Please render the Powered by Coppermine footer visible if you want further support.
Logged
It is a mistake to think you can solve any major problems just with potatoes.

chuck6478

  • Coppermine newbie
  • Offline Offline
  • Posts: 10
Re: Hacked or hijacked?
« Reply #3 on: February 17, 2010, 01:24:37 pm »

The footer used to be there. That's just one more thing I guess. Is there a setting to turn it on/off?

Thanks
Logged

AntonLargiader

  • Coppermine novice
  • *
  • Country: 00
  • Offline Offline
  • Posts: 31
    • My Coppermine Album
Re: Hacked or hijacked?
« Reply #4 on: February 17, 2010, 02:52:42 pm »

You were advised last fall to update away from 1.4.24. Now CPG is at 1.4.26.
Logged
My album:  www dot largiader dot com slash album

AntonLargiader

  • Coppermine novice
  • *
  • Country: 00
  • Offline Offline
  • Posts: 31
    • My Coppermine Album
Re: Hacked or hijacked?
« Reply #5 on: February 17, 2010, 04:41:29 pm »

The footer used to be there. ..

It's there, but your stylesheet specifically/deliberately makes it the same color as the background.
Logged
My album:  www dot largiader dot com slash album

phill104

  • Administrator
  • Coppermine addict
  • *****
  • Country: gb
  • Offline Offline
  • Gender: Male
  • Posts: 4885
    • Windsurf.me
Re: Hacked or hijacked?
« Reply #6 on: February 17, 2010, 05:58:26 pm »

Yep, I doubt a hacker would deliberately go to the extent of changing a bit of css to match your background and specifically with your footer. What would be their motiv? Please restore the footer.
Logged
It is a mistake to think you can solve any major problems just with potatoes.

phill104

  • Administrator
  • Coppermine addict
  • *****
  • Country: gb
  • Offline Offline
  • Gender: Male
  • Posts: 4885
    • Windsurf.me
Re: Hacked or hijacked?
« Reply #7 on: February 17, 2010, 06:07:11 pm »

Looking further into your problem it appears you used your hosts installer. They might have modified the footer, they might be injecting the adverts. If you are still using your hosts install package and just replaced the missing filed from the download you got here then that could very well be the problem.

Upgrade to the latest version using a copy from this site. Then install a test copy from your host. If you see adverts on the copy your host provides then you will know exactly where they came from. If you do not see the adverts on the test install then read the yikes thread suggested above.
Logged
It is a mistake to think you can solve any major problems just with potatoes.

AntonLargiader

  • Coppermine novice
  • *
  • Country: 00
  • Offline Offline
  • Posts: 31
    • My Coppermine Album
Re: Hacked or hijacked?
« Reply #8 on: February 17, 2010, 06:09:43 pm »

SiteGround has nine free templates on their site; that one is the only one where the CPG credit is so hard to see. Of course they made their own credit very easy to see, but in the other eight you can easily read the CGP credit although it has different styling than SiteGround's credit.

I suppose under their terms of use, you could change the the CSS classes around and make theirs hard to read instead...

Anyway, if SG is doing the hosting and is providing the installation...  they should get involved. They're running out-of-date software and you got hacked. The need to stay up to date is all over these boards and was pointed out specifically in your previous thread.

It's pretty typical for installers like Fantastico to have old software, too.
Logged
My album:  www dot largiader dot com slash album

chuck6478

  • Coppermine newbie
  • Offline Offline
  • Posts: 10
Re: Hacked or hijacked?
« Reply #9 on: February 17, 2010, 06:29:25 pm »

Too all who have replied, thank you.

1) It was never my intention to not give Coppermine credit. I understand how open source software works and why.
2) I must have missed any notification of a new version because I usually do update to the latest release as soon as it is stable.

Thanks Anton for investigating the missing footer. I never noticed.

I'll take care of it this evening.

Thank you.
Logged

François Keller

  • Dev Team member
  • Coppermine addict
  • ****
  • Country: fr
  • Offline Offline
  • Gender: Male
  • Posts: 9094
  • aka Frantz
    • Ma galerie
Re: Hacked or hijacked?
« Reply #10 on: February 17, 2010, 10:03:51 pm »

just my though. It seems that the advertise are in comments who where posted on each pictures (see the lateste comment meta album...).
Logged
Avez vous lu la DOC ? la FAQ ? et cherché sur le forum avant de poster ?
Did you read the DOC ? the FAQ ? and search the board before posting ?
Mon Blog

phill104

  • Administrator
  • Coppermine addict
  • *****
  • Country: gb
  • Offline Offline
  • Gender: Male
  • Posts: 4885
    • Windsurf.me
Re: Hacked or hijacked?
« Reply #11 on: February 17, 2010, 10:21:18 pm »

Too all who have replied, thank you.

1) It was never my intention to not give Coppermine credit. I understand how open source software works and why.
2) I must have missed any notification of a new version because I usually do update to the latest release as soon as it is stable.

Thanks Anton for investigating the missing footer. I never noticed.

I'll take care of it this evening.

Thank you.

I have contacted Siteground re the footer. Thanks to those who made us aware of it. Siteground have provided some templates where they have always kept the footer in-tact so I am sure it is an oversight on their part.

Your second point about notification. Well that really needs you to keep a check on this site for release announcements. The forthcoming cpg1.5 now gives the admin of the site a warning in the back end making it far easier for admins to keep up to date. We realise that not everyone can regularly check here so as long as people upgrade when they are requested to do so in a support thread then that is great for both you and us. CPG1.5 will make that even easier.
Logged
It is a mistake to think you can solve any major problems just with potatoes.

Joe Carver

  • Dev Team member
  • Coppermine addict
  • ****
  • Country: us
  • Offline Offline
  • Gender: Male
  • Posts: 1545
  • aka 'i-imagine'
    • Home Page
Re: Hacked or hijacked?
« Reply #12 on: February 17, 2010, 11:22:51 pm »

The caption below the filmstrip now contains an ad for some sort of Rolex knockoff watches.

Francois is correct - what you have is called "Forum Spam"

How can I remove the trash?  ???

Delete the Comments for each or all. (your Coppermine docs will tell you how (as admin))

How can I prevent this happening again?

Disable Comments for unregistered users OR search around the plugins and the Support forum for Captcha - reCaptcha or just plain old spam.

chuck6478

  • Coppermine newbie
  • Offline Offline
  • Posts: 10
Re: Hacked or hijacked?
« Reply #13 on: February 18, 2010, 12:36:25 am »

Thank you all.

I'm glad to find out it is something as simple as mass unwanted comments. I will clean them up after I update the site and fix the footer.
Logged

phill104

  • Administrator
  • Coppermine addict
  • *****
  • Country: gb
  • Offline Offline
  • Gender: Male
  • Posts: 4885
    • Windsurf.me
Re: Hacked or hijacked?
« Reply #14 on: February 18, 2010, 01:36:57 am »

The footer is simple. Just edit the templates css file.

Open the templates css file (style.css) and around line 272 you will find 3 entries - .footer, .footer a and .footer a:hover

Simply change the colours for each of those to something visible.

so

Code: [Select]
.footer {
color: 444c5b;
text-decoration: none;
}

would become something like

Code: [Select]
.footer {
color: BBBBBB;
text-decoration: none;
}

Do the same for the other 2 classes and you will be once again a happy bunny.

As mentioned above, the capcha plugins will reduce your comment spame to next to nothing.
Logged
It is a mistake to think you can solve any major problems just with potatoes.

chuck6478

  • Coppermine newbie
  • Offline Offline
  • Posts: 10
Re: Hacked or hijacked?
« Reply #15 on: February 18, 2010, 02:53:27 am »

Thanks fellows.

Updated, comments removed, and footer fixed.

Logged

François Keller

  • Dev Team member
  • Coppermine addict
  • ****
  • Country: fr
  • Offline Offline
  • Gender: Male
  • Posts: 9094
  • aka Frantz
    • Ma galerie
Re: Hacked or hijacked?
« Reply #16 on: February 18, 2010, 07:30:55 am »

yes it seems to be ok now.
Please resolve your thread as explained here http://forum.coppermine-gallery.net/index.php/topic,55415.msg270631.html#msg270631
Logged
Avez vous lu la DOC ? la FAQ ? et cherché sur le forum avant de poster ?
Did you read the DOC ? the FAQ ? and search the board before posting ?
Mon Blog

chuck6478

  • Coppermine newbie
  • Offline Offline
  • Posts: 10
Re: Hacked or hijacked?
« Reply #17 on: February 18, 2010, 01:50:10 pm »

Resolved:  ;D
  • Unwanted comments removed using the Admin management tools. If there had been more, they could have have also been removed using MySql's Query Browser to execute a query in the form of DELETE FROM cp_comments WHERE msg_author = .....
  • Intallation upgraded to v1.4.26
  • Captcha plugin installed and configured for use when a user is registering or adding comments
  • Registration now requires not only a confirmation email but Admin approval
  • Footer was fixed by changing the color value in style.css as follows:<br>
      .footer and .footer a was changed to #ffffff<br>
      .footer a:hover was changed to #0088ff
Logged
Pages: [1]   Go Up
 

Page created in 0.025 seconds with 20 queries.