Prenting File Types

keith10456 · March 19, 2006, 12:52:49 AM

Someone uploaded a file titled "img.php.rar".

I'm not exactly what they were trying to accomplish by doing this but I would like to prevent files of this type from being uploaded. Kindly let me know how to prevent this.

Nibbler · March 19, 2006, 01:14:50 AM

http://forum.coppermine-gallery.net/index.php?topic=28079

keith10456 · March 19, 2006, 03:16:43 AM

Thanks!

keith10456 · March 20, 2006, 07:03:45 PM

I noticed in the latest version of the Gallery that there is a titled "no ftp in this directory" or something of that nature, should I place a copy of this file in all of my gallery directories?

Nibbler · March 20, 2006, 07:18:55 PM

No, it's just there to remind you.

keith10456 · March 20, 2006, 10:26:26 PM

I don't know how but my gallery keeps getting hacked. Apparently someone is able to upload an ".userpics" folder into the gallery's directory. They then used it to send spam e-mails via the gallery.

Any ideas on how to prevent this? I suspect it had something to do with the rar file.

from /home/sitename/public_html/website/coppermine_dir/albums/userpics/.userpics 1141581PLNT

Joachim Müller · March 21, 2006, 07:37:14 AM

disable the upload of rar files in coppermine, scan your webspace for leftover backdoors the attacker might have left there. To accomplish this, download all files from your webspace to your client and look for files that aren't meant to be there. Ask your webhost to fix the Apache vulnerability asap.

keith10456 · March 21, 2006, 07:01:38 PM

How do I prevent them from creating a "folder" in the directory - maybe it was uploaded (not sure)?

Joachim Müller · March 21, 2006, 10:52:16 PM

huh?

keith10456 · March 22, 2006, 02:54:39 AM

Attached is zip of the directory that the person either uploaded to my directory or created with the .rar file. Hopefully you can use it this to prevent things of this nature from happening again (a security patch).

keith10456 · March 22, 2006, 03:00:02 AM

This zip file contains the rar file and a ".index.php" file that I found they added.

Joachim Müller · March 22, 2006, 07:12:27 AM

delete all of those files and change all your passwords.

keith10456 · March 22, 2006, 03:17:21 PM

Thanks for getting back to me... Big problem though.

In the "Files and thumbnails advanced settings", I the following settings:

Allowed image types: jpg/bmp/tif/png/gif/jpeg
Allowed movie types: wmv/avi/mov

However, as a test, I created a text file with the file name "img.php.rar" - which is the same name of the file the hacker used - and was able to upload the file to the gallery (I wasn't logged-in as an admin).

On another note, once you have a copy of the attachments I added to my previous posts, please delete them. We don't want the wrong people to get their hands on it.

kegobeer · March 22, 2006, 03:33:30 PM

Have you changed your allowed document types?

keith10456 · March 22, 2006, 06:11:40 PM

Yes... In my previous post (before this one) I listed what my settings are.

kegobeer · March 22, 2006, 08:29:12 PM

Quote from: keith10456 on March 22, 2006, 06:11:40 PM
Yes... In my previous post (before this one) I listed what my settings are.

No, you changed the allowed image and movie types. You did not change the allowed document or audio types.

keith10456 · March 22, 2006, 09:29:42 PM

You're right!

What do I put to set it so no document types can be added?

kegobeer · March 22, 2006, 09:30:22 PM

Remove "ALL".

keith10456 · March 22, 2006, 09:32:17 PM

I got it... Leave it blank! I tested it and it blocked the file.

Thanks!

keith10456 · March 22, 2006, 09:40:10 PM

Any word on those files the hacker used (what files were doing, how to block them form executing, etc.)?

coppermine-gallery.com/forum

News:

Prenting File Types

keith10456

Nibbler

keith10456

keith10456

Nibbler

keith10456

Joachim Müller

keith10456

Joachim Müller

keith10456

keith10456

Joachim Müller

keith10456

kegobeer

keith10456

kegobeer

keith10456

kegobeer

keith10456

keith10456