Prenting File Types Prenting File Types
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

Prenting File Types

Started by keith10456, March 19, 2006, 12:52:49 AM

Previous topic - Next topic

0 Members and 2 Guests are viewing this topic.

keith10456

Someone uploaded a file titled "img.php.rar".

I'm not exactly what they were trying to accomplish by doing this but I would like to prevent files of this type from being uploaded.  Kindly let me know how to prevent this.


keith10456


keith10456

I noticed in the latest version of the Gallery that there is a titled "no ftp in this directory" or something of that nature, should I place a copy of this file in all of my gallery directories?

Nibbler

No, it's just there to remind you.

keith10456

I don't know how but my gallery keeps getting hacked.  Apparently someone is able to upload an ".userpics" folder into the gallery's directory.  They then used it to send spam e-mails via the gallery.

Any ideas on how to prevent this?  I suspect it had something to do with the rar file.

from /home/sitename/public_html/website/coppermine_dir/albums/userpics/.userpics 1141581PLNT


Joachim Müller

disable the upload of rar files in coppermine, scan your webspace for leftover backdoors the attacker might have left there. To accomplish this, download all files from your webspace to your client and look for files that aren't meant to be there. Ask your webhost to fix the Apache vulnerability asap.

keith10456

How do I prevent them from creating a "folder" in the directory - maybe it was uploaded (not sure)?

Joachim Müller


keith10456

#9
Attached is zip of the directory that the person either uploaded to my directory or created with the .rar file.  Hopefully you can use it this to prevent things of this nature from happening again (a security patch).

keith10456

This zip file contains the rar file and a ".index.php" file that I found they added.

Joachim Müller

delete all of those files and change all your passwords.

keith10456

Thanks for getting back to me... Big problem though.

In the "Files and thumbnails advanced settings", I the following settings:


Allowed image types:  jpg/bmp/tif/png/gif/jpeg
Allowed movie types: wmv/avi/mov


However, as a test, I created a text file with the file name "img.php.rar" - which is the same name of the file the hacker used - and was able to upload the file to the gallery (I wasn't logged-in as an admin).

On another note, once you have a copy of the attachments I added to my previous posts, please delete them.  We don't want the wrong people to get their hands on it.

kegobeer

Have you changed your allowed document types?
Do not send me a private message unless I ask for one.  Make your post public so everyone can benefit.

There are no stupid questions
But there are a LOT of inquisitive idiots

keith10456

Yes...  In my previous post (before this one) I listed what my settings are.

kegobeer

Quote from: keith10456 on March 22, 2006, 06:11:40 PM
Yes...  In my previous post (before this one) I listed what my settings are.

No, you changed the allowed image and movie types.  You did not change the allowed document or audio types.
Do not send me a private message unless I ask for one.  Make your post public so everyone can benefit.

There are no stupid questions
But there are a LOT of inquisitive idiots

keith10456

You're right!

What do I put to set it so no document types can be added?

kegobeer

Do not send me a private message unless I ask for one.  Make your post public so everyone can benefit.

There are no stupid questions
But there are a LOT of inquisitive idiots

keith10456

I got it... Leave it blank!  I tested it and it blocked the file.

Thanks!

keith10456

Any word on those files the hacker used (what files were doing, how to block them form executing, etc.)?