Advanced search  

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Pages: [1]   Go Down

Author Topic: 777 folders hacked  (Read 15287 times)

0 Members and 1 Guest are viewing this topic.

help_james

  • Coppermine newbie
  • Offline Offline
  • Posts: 4
777 folders hacked
« on: February 05, 2006, 06:35:55 pm »

I recently found all folders with 777 permissions have been hacked (such as /include and /albums) and usually injected with 3 files. ".htaccess file and two .php files something like include.php, base.php, create.php or coding.php etc."
I must have some of the folders on this site set to 777 as software such as coppermine requires it.
I have managed to go through and remove the damage in order to get the site operational again but still have a load of infected folders which need cleaning.
Can you advise how to stop this happening in the future and do you have an idea of how this occured?
Logged

Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47843
  • aka "GauGau"
    • gaugau.de
Re: 777 folders hacked
« Reply #1 on: February 06, 2006, 01:37:55 am »

can only happen on webservers where the virtual hosting accounts aren't properly shielded against each other. If one webspace hosted on your server got hacked one way or the other, the attacker can get access to all other virtual webspaces on the same server if the server itself isn't configured properly.
Usually, 777 is not a security risk, unless your webhost doesn't know his way around (or doesn't care).

Bottom line: complain at your webhost!
Logged

help_james

  • Coppermine newbie
  • Offline Offline
  • Posts: 4
Re: 777 folders hacked
« Reply #2 on: February 11, 2006, 02:16:21 pm »

they are responding with the point that 777 folders are world readable and writeable. surely this must be a security issue in coppermine as wouldn't it be better if no folders were writable by anonymous users. how can the hosting provider protect folders that have been given permission to be altered by anyone.
Logged

Nibbler

  • Guest
Re: 777 folders hacked
« Reply #3 on: February 11, 2006, 04:24:52 pm »

To be able to accept uploads, Coppermine must be able to write to the 'albums' folder in order to store the files that are uploaded. If the permissions have to be 777 for that to be possible then it is a server setup issue. 'include' only requires write access during installation.
Logged

kegobeer

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 4637
  • Beer - it does a body good!
    • The Kazebeer Family Website
Re: 777 folders hacked
« Reply #4 on: February 11, 2006, 06:22:22 pm »

they are responding with the point that 777 folders are world readable and writeable. surely this must be a security issue in coppermine as wouldn't it be better if no folders were writable by anonymous users. how can the hosting provider protect folders that have been given permission to be altered by anyone.

The only way someone can take advantage of 777 is if they can somehow upload a malicious script to your site.  If your host is hacked, then your site will be vulnerable, period.  If you don't allow non-image files, you are not vulnerable.  Besides, you should review all files uploaded to your site before the general public can see them.

As Nibbler stated, if you don't have writable folders, Coppermine won't work.
Logged
Do not send me a private message unless I ask for one.  Make your post public so everyone can benefit.

There are no stupid questions
But there are a LOT of inquisitive idiots

testpig

  • Coppermine newbie
  • Offline Offline
  • Posts: 1
Re: 777 folders hacked
« Reply #5 on: September 16, 2006, 04:24:49 am »

I have the same issue. 777 folders were exploited to hack my Coppermine gallery and create half a days work for me restoring it.
 
I understand the software needs to write to the server - catch is that users can also if the folders are set to 777. In my opinion this is a major risk and unfortunately I'll be reviewing which platform I use for my gallery going forward.
 
Dont get me wrong - great software...... but I'm concerned about 777 folders.
Logged

Tranz

  • Dev Team member
  • Coppermine addict
  • ****
  • Country: 00
  • Offline Offline
  • Gender: Female
  • Posts: 6149
Re: 777 folders hacked
« Reply #6 on: September 16, 2006, 06:21:35 am »

As GauGau said, the problem is with an improper server setting. We use Coppermine ourselves so we wouldn't want our galleries nor our users' galleries to be hacked. If having writable directories were a problem, we wouldn't suggest allowing it.

So either complain to your host or get another one. You're bound to get hacked again sooner or later. The problem is not with the gallery.
Logged

Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47843
  • aka "GauGau"
    • gaugau.de
Re: 777 folders hacked
« Reply #7 on: September 16, 2006, 07:50:22 am »

Recommended reading: Why chmod 777 is NOT a security risk by Unknown W. Brackets (Simple Machines Community Forum)
Logged
Pages: [1]   Go Up
 

Page created in 0.019 seconds with 22 queries.