Our gallery is getting HACKED.. need help.. will pay Our gallery is getting HACKED.. need help.. will pay
 

News:

CPG Release 1.6.26
Correct PHP8.2 issues with user and language managers.
Additional fixes for PHP 8.2
Correct PHP8 error with SMF 2.0 bridge.
Correct IPTC supplimental category parsing.
Download and info HERE

Main Menu

Our gallery is getting HACKED.. need help.. will pay

Started by Happiness, May 26, 2005, 06:18:33 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Happiness

Grrr... our site has been hacked by "The Kind Hacker" who has seemed to found a way to hack into coppermine software on not just my site but a few others that have Coppermine.  I really need to get this fixed and SOON... he has hacked us every day for the last week and all he is doing is changing the INDEX files but it is such a pain and I need to get this fixed.  Can someone please help us.  I dont know how he has done it but now he is also on our VB forum doing the same thing.

Please contact me at:

devotedfansnetwork@hotmail.com and let me know how much this might cost us.

Thanks.

Nibbler

The problem is more likely to be in vb than in coppermine. Are you running coppermine 1.3.3 ?

kegobeer

A Google for "The Kind Hacker" turns up vBulletin hacks, but nothing on Coppermine.  If this guy exploits a VB weakness to gain access to the file system, he can mess with anything until the weakness is plugged.  Nothing leads me to believe this is a Coppermine weakness.

Just one example of it's work (note the vBulletin statement in it's ransom email):
http://www.usj.com.my/usjXpress/details.php3?table=usjXpress&ID=385
Do not send me a private message unless I ask for one.  Make your post public so everyone can benefit.

There are no stupid questions
But there are a LOT of inquisitive idiots

kegobeer

I looked at vBulletin's site - only one post about this jackass, and no resolution.  I'm only guessing here, but the latest version may plug the hole, but then again it may not.  You should contact vBulletin directly  about this hacker.  If I were you I'd change all my passwords (Coppermine, vBulletin, any other app on your site, MySQL, your control panel, FTP, etc), take the forum off-line, and wait until you know that your bbs is secure.
Do not send me a private message unless I ask for one.  Make your post public so everyone can benefit.

There are no stupid questions
But there are a LOT of inquisitive idiots

kegobeer

No further posts, so I'm marking this as invalid.
Do not send me a private message unless I ask for one.  Make your post public so everyone can benefit.

There are no stupid questions
But there are a LOT of inquisitive idiots