Bug?! (help) Bug?! (help)
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

Bug?! (help)

Started by monstar, May 19, 2006, 01:58:19 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

monstar

I've got a notification from my web server saying that a vulnerability in the coppermine script had been used to send massive emails which is why they temporarly took down my site.
The affected file is: coppermine/include/.htaccess/sendlist2.php

I'm a bit worried... Any ideas on what I should do??

By the way, how do I edit/remove files on an .htaccess folder?

Thanks :)

Abbas Ali

Remove the folder include/.htaccess along with its contents (take a backup of .htaccess folder on your local disk first) and upgrade to the latest stable version of cpg.
Chief Geek at Ranium Systems

Joachim Müller


monstar

How are .htaccess folders created? Is this folder supposed to be there?

I'm finding a lot of suspicious files (4 of which I can't even open/copy: x.php, fromemail.txt, fromname.txt, subject.txt) but I can't delete neither the htaccess folder nor the include folder, permision denied because the htaccess folder is inside.

I couldn't find any rar files... there's a zip file that I can't open either but it's not php.zip...  ??? Oh wait, I *can* open and it does in fact contain all the files that have been copied into the .htaccess folder. Still, no way to delete it...

As far as coppermine is concerned. How can I prevent users from uploading *anything* into my space? (not even their own galleries)

Joachim Müller

Quote from: monstar on May 19, 2006, 07:38:18 PM
I'm finding a lot of suspicious files (4 of which I can't even open/copy: x.php, fromemail.txt, fromname.txt, subject.txt) but I can't delete neither the htaccess folder nor the include folder, permision denied because the htaccess folder is inside.
Ask your webhost for support.

Quote from: monstar on May 19, 2006, 07:38:18 PMAs far as coppermine is concerned. How can I prevent users from uploading *anything* into my space? (not even their own galleries)
In the groups page set upload permissions to "no" both for public as well as for personal albums for all groups but the admin group.