Advanced search  

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Pages: [1]   Go Down

Author Topic: Advance security with login page  (Read 13075 times)

0 Members and 1 Guest are viewing this topic.

Hanna.

  • Coppermine frequent poster
  • ***
  • Country: us
  • Offline Offline
  • Gender: Female
  • Posts: 227
  • webstar
Advance security with login page
« on: March 13, 2019, 05:20:15 pm »

Hi all. I am sorry to tell but my server had to suspend my uptime with multiple pages that run with Coppermine. Massive attacks and attempts on login.php/admin.php.

I am seeking support for this issue in order to get my web sites back up. What are the options of masking/moving/renaming the login.php or something like that to avoid these massive attacks? It is not about the username/passwords, it is simply about running the login.php/admin.php and abusing them.

I have blocked about 100 IPs, but it won't solve this. Please help.
Logged

phill104

  • Administrator
  • Coppermine addict
  • *****
  • Country: gb
  • Offline Offline
  • Gender: Male
  • Posts: 4885
    • Windsurf.me
Re: Advance security with login page
« Reply #1 on: March 13, 2019, 10:35:56 pm »

Was a hacking attempt successful or is there just a huge load being placed on your server due to attempt?
Logged
It is a mistake to think you can solve any major problems just with potatoes.

Hanna.

  • Coppermine frequent poster
  • ***
  • Country: us
  • Offline Offline
  • Gender: Female
  • Posts: 227
  • webstar
Re: Advance security with login page
« Reply #2 on: March 14, 2019, 11:49:00 am »

Was a hacking attempt successful or is there just a huge load being placed on your server due to attempt?

Thankfully not successfull! I got 10+ coppermines on my cloud. However my provider totally suspended me because the abuse was outrageous (huge amounts of attacks, fake traffic etc.) and if this happens again I will be put in court to answer for this because of the choice of scripts I am using. (Coppermine is one of them.) - Not safe because the way to attack is always their attempts on login.php/admin.php even though I deleted the menu off my theme for now, and blocked a bunch of IPs.
Logged

phill104

  • Administrator
  • Coppermine addict
  • *****
  • Country: gb
  • Offline Offline
  • Gender: Male
  • Posts: 4885
    • Windsurf.me
Re: Advance security with login page
« Reply #3 on: March 14, 2019, 01:55:29 pm »

Without knowing exactly what the attack it is very hard for us to comment. Generally Coppermine is a very secure package. While there have been breaches over the years the team have been very quick to patch them. All vendors are the same whether free or paid. So as long as your installs are up to date you should not have a problem.


If at some point your system have been compromised it is important to identify the leak and to remove all traces of the attack (the payload) from your system. This can be very time consuming and requires a certain level of skill. If your sites have been compromised then this is a route you should go down, and by the sounds of it you will need to find someone to help you with the task. If your sites are secure and your host is blaming you because external forces are trying, and failing to attack you, then no court will hold you responsible.
Logged
It is a mistake to think you can solve any major problems just with potatoes.

ron4mac

  • Administrator
  • Coppermine addict
  • *****
  • Country: us
  • Offline Offline
  • Posts: 2026
Re: Advance security with login page
« Reply #4 on: March 14, 2019, 04:16:34 pm »

For guarding my sites (mostly Joomla) I use a small script that informs me of any added or changed files. I can fire it off with a cron job and it emails me daily with a status. It works well for sites where files seldom get changed (such as CPG or Joomla sites). If there is a folder that regularly gets changes (like CPG albums), it can be marked for exclusion from the scan. If anyone is interested, I can post the script here.


Here's that script.
I wrote it with an md5 file check option but I only ever use file size.
« Last Edit: March 14, 2019, 08:34:08 pm by ron4mac »
Logged

phill104

  • Administrator
  • Coppermine addict
  • *****
  • Country: gb
  • Offline Offline
  • Gender: Male
  • Posts: 4885
    • Windsurf.me
Re: Advance security with login page
« Reply #5 on: March 14, 2019, 06:07:12 pm »

I am interested. Always good to see new options.

Logged
It is a mistake to think you can solve any major problems just with potatoes.

gmc

  • Dev Team member
  • Coppermine addict
  • ****
  • Country: us
  • Offline Offline
  • Gender: Male
  • Posts: 785
    • GMC Design Photo Gallery
Re: Advance security with login page
« Reply #6 on: March 14, 2019, 06:21:58 pm »

Sounds like this is more of a 'denial of service' type attack - flooding the server with requests... rather than a hack that altered files...

Certainly login.php can be renamed... but if others need to login - you would be updating your menu with the path to the new login page. 

(And even though I don't think this was a case of files being altered - always interested in seeing scripts we can use to monitor...)
Logged
Thanks!
Greg
My Coppermine Gallery
Need a web hosting account? See my gallery for an offer for CPG Forum users.
Send me money

ron4mac

  • Administrator
  • Coppermine addict
  • *****
  • Country: us
  • Offline Offline
  • Posts: 2026
Re: Advance security with login page
« Reply #7 on: March 14, 2019, 08:35:01 pm »

I am interested. Always good to see new options.

See above...
Logged

Hanna.

  • Coppermine frequent poster
  • ***
  • Country: us
  • Offline Offline
  • Gender: Female
  • Posts: 227
  • webstar
Re: Advance security with login page
« Reply #8 on: April 18, 2019, 10:07:40 pm »

Certainly login.php can be renamed... but if others need to login - you would be updating your menu with the path to the new login page. 

How can I do this? I am the only user and I need to block/deny people from admin.php entirely.
Logged

phill104

  • Administrator
  • Coppermine addict
  • *****
  • Country: gb
  • Offline Offline
  • Gender: Male
  • Posts: 4885
    • Windsurf.me
Re: Advance security with login page
« Reply #9 on: April 19, 2019, 03:36:37 am »

In your case maybe adding some rules to .htaccess will do what you want.

<Files admin.php>
order deny,allow
deny from all
allow from <YOUR_IP_ADDRESS>
</Files>


For example will completely block access to admin.php

You would then need to modify the rule to allow just your ip access. You can use google to lookup other options and how to use htaccess files. Server setup is best explored via websites dedicated to whatever platform your host is running rather than here.
« Last Edit: April 19, 2019, 03:41:57 am by Phill Luckhurst »
Logged
It is a mistake to think you can solve any major problems just with potatoes.

Αndré

  • Administrator
  • Coppermine addict
  • *****
  • Country: de
  • Offline Offline
  • Gender: Male
  • Posts: 15764
Advance security with login page
« Reply #10 on: May 10, 2019, 04:29:30 pm »

What are the options of masking/moving/renaming the login.php

You can rename login.php to something like mylogin.php. Then you need to open mylogin.php and replace all occurrences of login.php to mylogin.php. Maybe the same can be done with admin.php, but I haven't tested this yet.
Logged
Pages: [1]   Go Up
 

Page created in 0.031 seconds with 20 queries.