Someone tried to hack myserver by uploading php.rar file

marion · March 12, 2006, 04:01:58 PM

Hi,

I have cpg1.4.4 and some could upload a script file with extension name: php.rar, using this file he could get all necessary information from my server including /etc/passwd file. How can we prevent users from uploading such file with extension (RAR) and why disabling users from uploading files is not active?

This the script file that was uploaded to my server:

http://rst.void.ru/download/r57shell.txt

Nibbler · March 12, 2006, 09:26:28 PM

If you don't need .rar files uploaded then disallow them in config or with the filetypes plugin. If you do need to allow them then you need to ensure your server is setup to handle them.

http://forum.coppermine-gallery.net/index.php?topic=28079.msg129981#msg129981

DoctorMason · November 19, 2007, 10:22:58 PM

Quote from: Nibbler on March 12, 2006, 09:26:28 PM
If you don't need .rar files uploaded then disallow them in config or with the filetypes plugin. If you do need to allow them then you need to ensure your server is setup to handle them.

http://forum.coppermine-gallery.net/index.php?topic=28079.msg129981#msg129981

I got a notice today, 19-Nov-07 from my hosting company of the same "http://nst.void.ru/" happening to my site. I (hopefully) found all of their files, deleted them, posted the warning here, and will ask my host to re-open my subdirectory.

P.S., When visiting that website you can see the hack there, and others available.

Nibbler · November 19, 2007, 10:43:49 PM

You must keep your gallery up to date.

Joachim Müller · November 20, 2007, 08:15:58 AM

Locking.

coppermine-gallery.com/forum

News:

Someone tried to hack myserver by uploading php.rar file

marion

Nibbler

DoctorMason

Nibbler

Joachim Müller