HELP PLEASE-Security type stuff. HELP PLEASE-Security type stuff.
 

News:

CPG Release 1.6.26
Correct PHP8.2 issues with user and language managers.
Additional fixes for PHP 8.2
Correct PHP8 error with SMF 2.0 bridge.
Correct IPTC supplimental category parsing.
Download and info HERE

Main Menu

HELP PLEASE-Security type stuff.

Started by DDT, September 25, 2007, 05:16:32 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

DDT

I have a friend I let run a Coppermine on my server and I am sure it hasn't been updated in a while. He had some problems I could never fix for him like his SMF bridge broke & such and at that time I upgraded a new Coppermine because I thought that might help, that was maybe 6 months ago + or -...

Anyhow here's the deal. I also set some debug stuff and all I don't remember while trying to fix it but finally gave up and set it where he had to approve all uploads so he would know who they were from.
Today somebody was having trouble with a picture and to help him I took a look.
In one of the galleries there was a win.rar. I have no idea how long it was there or how many people clicked it.

I wondered what that was doing there so I clicked on it and it opened up a lot of stuff with loads of PHP and comments about passwords - new passwords and similar.  I should have printed a copy so it could be analyzed or saved it but I didn't; I deleted it. 

Now I am wondering how I got there and if it could have compromised security not just on his small account but on the entire server?
Since every photo had to be approved manually I was thinking this might be something that was generated and inserted while I was doing all the troubleshooting the bridge like a debug file and I never noticed. 

Or perhaps he approved a win.rar file without knowing any better thinking it was a video clip.

My main concern is security so I have closed his photo gallery and told him I would wait until I could obtain an answer or some advice from someone.
If anyone here could help me or else moved this post to the correct forum I would certainly appreciate it a great deal.


As long as passwords could not have been compromised outside his forums or his Coppermine installation then there is no problem.  Since they are not bridged I doubt it could have affected even his forums.  But the bad guys are sneaky these days and very good at what they do if they find and can upload something into a hole.

I thought someone here might know of some rogue script that someone was them planting using a win.rar type file.

Or (sigh of relief if anyone knew) it's very likely since I was in quite a hurry that I created that file somehow when trying to debug the photo gallery for him before and that all those references to usernames and passwords were just something in my attempts to reestablish the bridge between his photo galleries and SMF.  If you think that might be the case I would appreciate that also.

Basically I'm just a little bit of a panic here because this is an account I let a friend have on a box which has other things on it that I cannot risk being compromised. 

::) ::) ::)So I would appreciate even just your opinions on what this might have been or if you think it could have caused some problems and then I will decide whether or not turn his Coppermine installation back on.  He had not been getting very much use for a minute since the bridging with SMF broke anyway.



I appreciate any and all opinions help or advice more than you would know.
  Thank you very much in advance.

Nibbler

Make sure you are running the latest version of Coppermine. If you saw the PHP code then it didn't run so no harm done.

DDT

Just to be sure I understand you; since I saw all the lines of what might have been php code (looked like it to me) it didn't "run" anything or it would have erased itself or "covered it's tracks" if it was a password stealer or virus or such, I guess.

Since I saw all the lines of stuff no harm done and I can just upload the newest version of Coppermine (I noticed a new one just came out a few days ago) and then he will be OK to turn back on again.

Did I understand you correctly?

PS: Don't mean to sound stupid, just overly-cautious. I have never figured out why his "bridge broke" I have the same setup on one of my sites and it has always bridged and upgraded just fine, but when he did an upgrade to one or the other last year about this time the bridge broke and I don't have the skill to fix it or know what he did that "broke" it. All the debug info was over my head  ???

Joachim Müller

See http://forum.coppermine-gallery.net/index.php?topic=47023.msg224288#msg224288

As Nibbler suggested: if you're running cpg1.4.13, you're safe. If not: post a link to the gallery you refer to.