Spam Message Spam Message
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

Spam Message

Started by puretalk, September 26, 2006, 04:17:10 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages1
User actions

puretalk

September 26, 2006, 04:17:10 PM Last Edit: September 26, 2006, 04:30:01 PM by puretalk
My site was bombered with messages and generate huge number of spam message. Below is the message from my host, need someone to help how to solve the problems. Thanks a lot.

One of the scripts on uglycars.info domain was compromised and used to
generate huge number of spam messages and to run network scans. This
activity was immediately detected and stopped. To stop this form
happening we had to disable any access to the
/home/uglycars/public_html/albums/userpics directory. Please urgently check software that is responsible
for content located in the /home/uglycars/public_html/albums/userpics
directory and update to the latest available version to make sure that
any current security holes are resolved. Do _NOT_ re-enable access to
the /home/uglycars/public_html/albums/userpics directory until you're
absolutely sure that security hole was closed.
After closing the security hole make sure to remove content of the
following directories (might be others but these were used to send spam
emails and run scans):

/home/uglycars/public_html/albums/userpics/10009
/home/uglycars/public_html/albums/userpics/10002

The attack was launched from the 86.34.120.236 IP, below please find
complete access log (except requests for .gif files) registered today
from this IP. Apparently your scrpts allowed to upload and execute custom
php scripts


86.34.120.236 - - [25/Sep/2006:20:01:40 -0400] "GET /favicon.ico
HTTP/1.0" 200 894 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
86.34.120.236 - - [25/Sep/2006:20:01:40 -0400] "GET
/themes/eyeball/style.css HTTP/1.0" 200 11276
"http://www.uglycars.info/displayimage.php?album=lastup&cat=0&pos=6"
"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
86.34.120.236 - - [25/Sep/2006:20:01:40 -0400] "GET /scripts.js
HTTP/1.0" 200 2715
"http://www.uglycars.info/displayimage.php?album=lastup&cat=0&pos=6"
"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"

Nibbler

#1
September 26, 2006, 04:51:15 PM
You are using 1.3.4. Update !

Joachim Müller

#2
October 01, 2006, 09:53:16 AM
As suggested various times, this is what you need to do (mandatory):
- Update (cpg1.3.x support has run out)

Using cpg1.4.x, this is what you might want to do:
- disable anonymous comments
- use the captcha mod
- use the akismet mod.
Print
Go Up Pages1
User actions