Advanced search  

News:

CPG Release 1.6.26
Correct PHP8.2 issues with user and language managers.
Additional fixes for PHP 8.2
Correct PHP8 error with SMF 2.0 bridge.
Correct IPTC supplimental category parsing.
Download and info HERE

Pages: [1]   Go Down

Author Topic: CPG has been hacked (?)  (Read 1996 times)

0 Members and 1 Guest are viewing this topic.

André Müller

  • Coppermine novice
  • *
  • Offline Offline
  • Gender: Male
  • Posts: 26
CPG has been hacked (?)
« on: January 06, 2014, 09:24:26 am »

Dear all,

I am not sure if this is related to CPG, but cannot exclude as well.
My Gallery (www.fotowald.de CPG 1.5.24) was hacked yesterday (5.1.2014) morning, i.e. code was placed in at least three core php files (index.php, login.php, and footer.php). The result was a server error when I tried to call one of the files. After replacing all files with a fresh upgrade procedure everything seems to work fine again. As a precaution I changed all passwords that are somewhat related to the CPG admin / webhost.
As I cannot exclude that the files were changed via FTP or in any other different way, this is not necessarily CPG related, but I am unable to tell if it might. If needed, I have made local copies of the changed files.

Cheers,
André

Logged

phill104

  • Administrator
  • Coppermine addict
  • *****
  • Country: gb
  • Offline Offline
  • Gender: Male
  • Posts: 4886
    • Windsurf.me
Re: CPG has been hacked (?)
« Reply #1 on: January 06, 2014, 12:24:02 pm »

Take a look at this article from Joachim. It was written for CPG1.4.x but is still valid - http://forum.coppermine-gallery.net/index.php/topic,51927.0.html
Logged
It is a mistake to think you can solve any major problems just with potatoes.

Αndré

  • Administrator
  • Coppermine addict
  • *****
  • Country: de
  • Offline Offline
  • Gender: Male
  • Posts: 15764
Re: CPG has been hacked (?)
« Reply #2 on: January 06, 2014, 04:58:44 pm »

We're not aware of any zero-day exploits. Without any further information we cannot tell you what happened.
Logged
Pages: [1]   Go Up
 

Page created in 0.017 seconds with 19 queries.