My one of my clients gallery's has been hacked, eBay phishing site uploaded.

[totallyyourzone]

Hello everyone.

I am a sole trader that runs a small web design company.

My one of my clients gallery's has been hacked, eBay phishing site uploaded.
I  had an older version of Coppermine gallery on there hosting account and I have recently updated there script to most recent Coppermine gallery version. (1.4.10)
But last night my gallery was hacked by someone who uploaded a eBay phishing site in the photo gallery.
I was informed by EBay.
I have contacted my hosting providers and they said that the hackers got through the Coppermine gallery script again.
and to see if there are any more security updates available?

Client gallery:
http://letscreate.com.au/Photo_gallery/index.php

If some one could help i would be much appriciated


Regards

Totallyyourzone
--------------------------------------------------------------------------------------------------------------------------------------------------------------
Email from Ebay


Hello.

It has come to our attention that an eBay/PayPal spoof site has been
set up at
66.40.66.97 -
http://www.letscreate.com.au/Photo_gallery/albums/userpics/10007/ws2/
eBayISAPI.php?
cmd=SignIn&co_partnerId=2&pUserId=&siteid=0&pageType=&pa1=&i1=&bshowgif
=&UsingSSL=&ru=&pp=&pa2=&errmsg=&runame=.
We believe that your website has been compromised.

We recommend that you change your password for your web hosting
accounts as soon as possible, and then remove the offending material.

If you have any logs or data files that could help us track down the
perpetrator of this crime, we would appreciate it if you could forward

that on to us.

If you have any questions or need further assistance, please do not
hesitate to ask.

Thank you.

[totallyyourzone]

hi, can any one tell me if i am i posting my issues in right section?

also dose anyone know if there are more security mods or patches avalible for version 1.4.10?

[Nibbler]

1.4.10 is the latest available version, and has no known vulnerability to malicious uploads. Did you clean up properly after the first incident? Updating won't remove anything uploaded under a previous version.

[totallyyourzone]

Yes i thought i had.
i deleted the offenceive files and took a looked in mysql dump file i didnt see any thing suss so then l updated script and  changed all passwords.
but the next day i was hacked again running 1.4.10

The hosting providers say that There is no need for database password update , because they are restricting remote connections to the databases due to security reasons , so they recon sql is not in danger.

i can show you sql db dump if you wish.

thank you for your reply

[totallyyourzone]

what files should i be looking at for sercurity flaws and hackers mods?

[Nibbler]

Look through the albums directory and subfolders for anything recently uploaded. Be sure to check for hidden files too.

[totallyyourzone]

these files are the only two files i keept out of old version

"albums"
"include/config.inc.php"


i was running 1.3.x and upgraded smoothly to 1.4.10, doing all steeps required in upgrade documentation.

[totallyyourzone]

i have deeted all suss files,changed passwords and updated my anycontent.php to 1.4.10 hopefully now it is sercure.
i will keep you guys posted.
thank you all your help so far