My Coppermine Site Sent out Spamming Email. How? My Coppermine Site Sent out Spamming Email. How?
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

My Coppermine Site Sent out Spamming Email. How?

Started by puretalk, May 13, 2006, 06:12:38 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

puretalk

The followings are the message from my host, can someone help. I need to know which file should I change in order this to happen again.

"There are files on your site that are allowing the spam to be sent. Just this morning the server was trying to send over 2500 emails, this caused the server to become overloaded and none of the sites on our server were working. We have been able to find the files that are spamming from within the file manager.

One of the files that was sending spam is located at: / public_html / albums / userpics / 10008 / Allah.php"

Thanks

Joachim Müller

Allah.php is not part of the coppermine package, but a file that just resides within a sub-folder of your coppermine install. It has probably been uploaded by a malicious user as a subsequent hacking attempt (they try to disguise their trojan horses by putting them into sub-folders that look innocently). Delete the file in question (after having made a backup of it for forensic reasons) and scan your whole webserver for similar backdoors. Make sure to have the most recent coppermine version (as you have started your thread on the outdated cpg1.3.x board, you probably are not up-to-date). Make sure that you have not fallen vistim to the rar vulnerability (a webserver vulnerabilty, not a coppermine one, so you should ask your webhost) that has been discussed frequently on this board.
To summarize: this is probably not a coppermine issue. Ask your webhost for support. Search the board to find out what similar issues others had and what they did to solve it.

puretalk