Someone tried to hack myserver by uploading php.rar file Someone tried to hack myserver by uploading php.rar file
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

Someone tried to hack myserver by uploading php.rar file

Started by marion, March 12, 2006, 04:01:58 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

marion

Hi,

I have cpg1.4.4 and some could upload a script file with extension name: php.rar, using this file he could get all necessary information from my server including /etc/passwd file. How can we prevent users from uploading such file with extension (RAR) and why disabling users from uploading files is not active?

This the script file that was uploaded to my server:

http://rst.void.ru/download/r57shell.txt

Nibbler

If you don't need .rar files uploaded then disallow them in config or with the filetypes plugin. If you do need to allow them then you need to ensure your server is setup to handle them.

http://forum.coppermine-gallery.net/index.php?topic=28079.msg129981#msg129981

DoctorMason

Quote from: Nibbler on March 12, 2006, 09:26:28 PM
If you don't need .rar files uploaded then disallow them in config or with the filetypes plugin. If you do need to allow them then you need to ensure your server is setup to handle them.

http://forum.coppermine-gallery.net/index.php?topic=28079.msg129981#msg129981
I got a notice today, 19-Nov-07 from my hosting company of the same "http://nst.void.ru/" happening to my site. I (hopefully) found all of their files, deleted them, posted the warning here, and will ask my host to re-open my subdirectory.

P.S., When visiting that website you can see the hack there, and others available.

Nibbler


Joachim Müller