News:

CPG Release 1.6.29
During HTML5 upload, keep pseudo blank code 200 messages from triggering error condition
added Russian language
correct failure to use theme menu icons in album manager
minor vulnerabilities mitigation

Main Menu

Secure the upload?

Started by Mansour, January 19, 2007, 12:29:48 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages1
User actions

Mansour

January 19, 2007, 12:29:48 PM
Hi

I was used  cpg1.4.9, and my web site was hacked and all DBs was deleted. They used a vulnerability on cpg1.4.9 to upload a php file and take a full control on my DBs.

I would like to know, how can I secure the upload ? can I use "Password Protect Directories" to add addition authentication on upload files on the server ? I have only one user who allowed uploading to the gallery.

Also, how can I disable the upload at all? I just want to open the gallery without uploading any file. Is deleting the upload.php enough ?


Thanks

Nibbler

#1
January 19, 2007, 12:52:58 PM
To disable uploading just set permissions on the groups page.

Mansour

#2
January 19, 2007, 01:04:58 PM
Hi,

thanks for this response,

I don't want to do it with cpg, I would like to make sure nobody can upload any file on the server using cpg even if the upload allowed for some user.

I mean add password on the folders, or change the folder permissions


Joachim Müller

#3
January 20, 2007, 11:07:45 AM
CHMOD then if you think that this is the proper method (which it is not). Not related to coppermine, but webserver setup. As suggested, disabling uploads is all that it takes unless you have backdoors on your server.
Print
Go Up Pages1
User actions