webadmin.php upload hack

nautis · June 26, 2006, 05:21:41 PM

Someone has been uploading a .rar file to my photo album (public permissions all to post). Inside the rar is a file called webadmin.php which looks like a web file manager. Does this mean someone is trying to hack my photo album? if so, are there security messures in place to block this sort of activity? Thanks.

- Matthew

Justttt · June 26, 2006, 05:24:35 PM

i dont think they would be able to hack uploading a file in a .rar why dont you download the .rar nd paste the code in here maybe someone can tell you what the file is

Tranz · June 26, 2006, 05:25:49 PM

Quote from: nautis on June 26, 2006, 05:21:41 PM
Someone has been uploading a .rar file to my photo album (public permissions all to post). Inside the rar is a file called webadmin.php which looks like a web file manager. Does this mean someone is trying to hack my photo album? if so, are there security messures in place to block this sort of activity? Thanks.

- Matthew

Yes. Please upgrade to 1.4.8. Search for any other backdoor files and remove them. Change your admin password.

Tranz · June 26, 2006, 05:26:57 PM

Quote from: Justttt on June 26, 2006, 05:24:35 PM
i dont think they would be able to hack uploading a file in a .rar why dont you download the .rar nd paste the code in here maybe someone can tell you what the file is

Yes, they could. http://forum.coppermine-gallery.net/index.php?topic=31671.0

nautis · June 27, 2006, 06:35:00 PM

i had already upgraded to the latest version. i deleted the file, but you find out more about it here: http://wacker-welt.de/webadmin/. is there a way i can turn off uploading archives?

Nibbler · June 27, 2006, 06:56:25 PM

Set the allowed filetypes to whatever you like in config.

coppermine-gallery.com/forum

News:

webadmin.php upload hack

nautis

Justttt

Tranz

Tranz

nautis

Nibbler