Site Hacked!

[mobile]

I am running the latest version (1.4.4) and my site was hacked today. Here´s some info and I hope you take it as a lesson and please help me out also!

1) Yesterday a user uploaded a rar file, but I deleted that. Could this have something to do with the hacking?

2 ) I found a php page in my userpics folder that was named Haxplorer. I will nopt post the file here, but if you are interested I can send it to you.

Haxplorer is a server side file browser wich (ab)uses the directory object to list the files and directories stored on a webserver. This handy tools allows you to manage files and directories on a unsecure server with php support.

This entire script is coded for unsecure servers, if your server is secured the script will hide commands or will even return errors to your browser...

3) What should I do to protect myself? How is my server unsecure? When I run the coppermine version check it says:

The folder "sql" is writable. This is an unnecessary risk, coppermine only needs read/execute access.

The folder is 755. What should I change it to?

4) Anything else I should do know? What usernames and passwords should be changed after this?

[Joachim Müller]

http://forum.coppermine-gallery.net/index.php?action=search2;search=rar

[mobile]

Yes thanks I read those.

What about the proper CHMOD settings for albums. Is it 777, 755 or something else?

Thanks!

[Nibbler]

That depends on your server setup, it needs to be writable for whatever user your webserver runs php scripts as.

[Aeronautic]

http://forum.coppermine-gallery.net/index.php?action=search2;search=rar

When I run that search by clicking that link I get this:

Set Search Parameters
Your query was not specific enough. Try using larger words, or less common phrases.

Is there a credible, detailed thread? Thanks!

[Joachim Müller]

http://forum.coppermine-gallery.net/index.php?topic=31312.0

[Aeronautic]

Thanks GauGau