i done dos'd myself i done dos'd myself
 

News:

CPG Release 1.6.26
Correct PHP8.2 issues with user and language managers.
Additional fixes for PHP 8.2
Correct PHP8 error with SMF 2.0 bridge.
Correct IPTC supplimental category parsing.
Download and info HERE

Main Menu

i done dos'd myself

Started by fishkill, February 01, 2007, 01:30:47 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

fishkill

Not really sure on how to approach this problem. I was testing a commercial web application vulnerability testing tool against my server and now i cant log into coppermine at all (all galleries are private). Apache is working normally (other pages are served) , as is mysql ( can log in to mysql on the server itsself) but i cant seem to authenticate at all via the web interface - when i do attempt to login , no errors are generated i just get presented with the login screen. Additionally I had a friend register an account on the site, but she was unable to proceed past the disclaimer.

any suggestions would be greatly appreciated

P.S. I would have posted debug info, but i cant access any pages that would have it.

Thanks in advance

-Fish

eruss

Quote from: fishkill on February 01, 2007, 01:30:47 AM
Not really sure on how to approach this problem. I was testing a commercial web application vulnerability testing tool against my server and now i cant log into coppermine at all (all galleries are private). Apache is working normally (other pages are served) , as is mysql ( can log in to mysql on the server itsself) but i cant seem to authenticate at all via the web interface - when i do attempt to login , no errors are generated i just get presented with the login screen. Additionally I had a friend register an account on the site, but she was unable to proceed past the disclaimer.

any suggestions would be greatly appreciated

P.S. I would have posted debug info, but i cant access any pages that would have it.

Thanks in advance

-Fish

Interesting.  A few questions to clarify...

Did you have a working installation of the most current version of Coppermine?  If yes, how long was it running?
Were you able to previously log in, upload, view, etc?
Then you ran the tool and it caused you to lose access?

When your friend went to register, did the account get created in the MySQL database?  (Can you see the account using phpMyAdmin?)

Joachim Müller

Quote from: fishkill on February 01, 2007, 01:30:47 AM
I was testing a commercial web application vulnerability testing tool against my server
Ask the people who created that tool. They probably ran a brute force attack against the site which resulted in your logon being banned (which is a feature against brute force attacks). Use phpMyAdmin or similar to remove the temporary ban.

fishkill

Quote from: GauGau on February 01, 2007, 07:13:10 AM
Ask the people who created that tool. They probably ran a brute force attack against the site which resulted in your logon being banned (which is a feature against brute force attacks). Use phpMyAdmin or similar to remove the temporary ban.


there was most certainly a bruteforce attack in play, ive installed pma but there is nothing listed in the bans. unfortunately the only time i can work on this is when the kid is asleep and i think i zigged when i should have zagged and dropped a table... now all i get is this - "Critical error There was an error while processing a database query"

am i hosed?

also this PMA tool isnt very intuitive, what would i be looking for really?

sorry for being so troublesome
-Fish

Joachim Müller

Dropping a table without knowing what it actually does is not a bright idea. Restore the table from your backup. Enable debug_mode manually to see what the actual error message is (do not post the debug_output, but only the error message). To find out how to manually enable debug_mode, check the tutorial http://coppermine-gallery.net/tutorial/debug_mode.php

fishkill

duly noted ... thanks for the direction

-Fish