Exploit/Hacked? Exploit/Hacked?
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

Exploit/Hacked?

Started by pftq, August 12, 2006, 01:10:08 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

pftq

I was viewing what my visitors were doin on my site and I saw one viewing the admin panel of the gallery.  I know for sure I am the ONLY admin of the gallery - heck I'm the only member.  I thought it might have been that my tracker was wrong - but when I refreshed, the visitor was viewing the usermanager of the admin panel.

I changed my password to see if it helps - it sent the guy out to a logout screen - where he then went to log in page and made it back in.  I tried banning his IP.  Sent him out (saw him on Logout page) but he just went to the log in page and I next saw him on the album manager page.

I closed my gallery down for now just in case.

Is it possible my gallery got hacked?

I have latest 1.4.8 installed.

Sorry if it is really nothing - there's just been a few sites that have gotten hacked recently - and it just looks suspicious, especially since there are no other members on the gallery (and by the fact he kept getting sent to logout page, back to login etc).

Joachim Müller

How did you find out? What miracle tool do you use to find out what people do on your coppermine-driven gallery?

pftq

I was watching thru a visitor tracker (tells you what page the visitor is on).  It doesn't seem like anythin's happened to my gallery tho (opened it for now).  Guess it was nothing - sorry bout that.  Just a bit paranoid atm :(

Joachim Müller

Such a tracker can only tell you what page the visitor is browsing, but not if he can only do anything on that page. Test for yourself: log out, then go to a page only the admin can use (e.g. http://yoursite.tld/your_coppermine_folder/admin.php) and then check your "tracker": it appears as if someone was accessing an admin page.
This tells you something about the usefullness of your "tracker" software.

pftq

Ok yes - but it just seems weird someone would have a link to those pages in the first place.

Joachim Müller

Someone could have typed the name in; everybody who knows coppermine a little bit can come up with the file names.
There are people around on the internet who are up to evil things. Make sure your passwords are not trivial and that all your software is up-to-date.

pftq

Alright got your point.  Thanks for the tip. :)  Sorry for the false alarm.