ly.php.rar fkn HACKED!!! ly.php.rar fkn HACKED!!!
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

ly.php.rar fkn HACKED!!!

Started by Dead J. Dona, May 15, 2006, 09:01:34 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Dead J. Dona

ly.php.rar  >:(   >:( >:(

try to search by this file. Is this CG or PHP hole??  ???
wbr, Me. Dead J. Dona

Abbas Ali

neither cpg nor php....its apahce (web server).

Search the board. This issue has been discussed many times.
Chief Geek at Ranium Systems

Dead J. Dona

oops, i can't find anything here
i mean THIS filename never used in forum.
please give me a link or two....
wbr, Me. Dead J. Dona

Joachim Müller


Dead J. Dona

thank you!!!

but there's some kind of problem.

when using /aaa.php.lalala filename it also run as php script. PHP Version 4.4.2
maybe theres some PHP or apache guru can help me???
wbr, Me. Dead J. Dona

Tranz

Something Nibbler suggested was to put the following in .htaccess:
AddHandler application/x-rar .rar

But I dunno about your particular case...

Joachim Müller

ask your webhost to fix their webserver setup, as suggested here: Coppermine-driven galleries hit by RAR exploit

Abbas Ali

Quote from: Dead J. Dona on May 15, 2006, 09:30:35 AM
when using /aaa.php.lalala filename it also run as php script. PHP Version 4.4.2

Then your web server is badly configured.
Chief Geek at Ranium Systems

Dead J. Dona

Allowed document types
"ALL" will result in all allowable document file types to be uploaded. If you want to restrict the allowable file types to certain extensions only, enter a slash-separated list of extensions, e.g. txt/pdf.

Note that being able to browse a document file requires the cpg-user to have a compatible software installed and configured properly on their computer that is capable of displaying the type of document in question, e.g. if you allow the file type xls, users who wish to browse the file will need to have an application installed on their computer that can display MS-Excel sheets. Be extremely careful with document that are known to be vulnerable to virus contamination, embedded or as macros. This is especially true if you plan to allow users the capability of uploading documents without admin approval.

Warning: if your webserver is not hardened against an exploit of a vulnerability in the apache webserver setup, then it might be a security risk to allow the upload of rar-files. If you're not sure, do not allow this file type.

What should I put here to disable ALL documents upload? NONE, NIL, NOTHING, or just left blank?
wbr, Me. Dead J. Dona

Dead J. Dona

Quote from: Abbas Ali on May 15, 2006, 10:45:01 AM
Then your web server is badly configured.

Can you tell me what must be changed?
wbr, Me. Dead J. Dona

Nibbler

Any of those will work, but blank is probably the best option.

Joachim Müller

did you read the thread I refered to earlier:
Quote from: GauGau on May 15, 2006, 10:32:13 AM
ask your webhost to fix their webserver setup, as suggested here: Coppermine-driven galleries hit by RAR exploit

You're just doing what you're not suppossed to: you're doctoring the symptoms (fiddling with Coppermine settings). Instead, do as suggested and cure the reason for all of your troubles: make your webhost fix their webserver setup asap. Coppermine is not the reason for the issues you have, it's silly webserver setup.