Gallery Attack? Gallery Attack?
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

Gallery Attack?

Started by wildwalker, April 12, 2008, 12:38:49 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

wildwalker

Hello all,

I am using Coppermine 1.4.8 (stable) and everything has been fine for ages, I have 4 websites running, but one of them keeps getting messed up.

In the Config page of my site the following values keep getting changed:

Number of levels of categories to display - Gets set to '1' and I normally use '2'
Number of albums to display - Gets set to '1' and I normally use '50'
Number of columns for the album list - Gets set to '1' and I normally use '2'

Number of columns on thumbnail page - Gets set to '1' and I normally use '4'
Number of rows on thumbnail page - Gets set to '1' and I normally use '3'
Number of items in film strip - Gets set to '1' and I normally use '5'

Max width or height of an intermediate picture/video ** - Gets set to '1' and I normally use '10000' (the default)

My website is www.cameraangle.co.uk

The other sites are all unaffected.

So, is someone messing me around? I realise this could be done via SQL and not through the coppermine interface. I am the only one with any admin rights, or is my server somehow doing this?

I am going to upgrade today to whatever the latest coppermine build is, and maybe that will help.

Thanks in advance for any replies.

Alan Walker.


François Keller

your site was hacked There is a long thread who deals with this problem. http://forum.coppermine-gallery.net/index.php/topic,51671.0.html
clean up your install and upgrade to the latest version (1.4.17 who fix the vulnerability)
Avez vous lu la DOC ? la FAQ ? et cherché sur le forum avant de poster ?
Did you read the DOC ? the FAQ ? and search the board before posting ?
Mon Blog

steveeh131047

And better not fall so far behind on upgrades next time!

wildwalker

Quote from: François Keller on April 12, 2008, 01:04:00 PM
your site was hacked There is a long thread who deals with this problem. http://forum.coppermine-gallery.net/index.php/topic,51671.0.html
clean up your install and upgrade to the latest version (1.4.17 who fix the vulnerability)

Thank you for the reply Francois, I am doing the upgrade right now and will have a long read of the link you posted.

Many thanks for the swift reply.

All the best,
Alan Walker.


NoviceScotty

Hi - sorry, I only read this after posting my problem.

My cpg148 has been hacked big time - I think it downloads a virus to anyone who looks at it.

All the php and html files have an extra line appended that executes a php file on a remote computer.

The hack seems to have been an uploaded jpg containing php code instead of a picture in my first album.


wildwalker

Okay,

So I have upgraded to 1.4.17. I will keep an eye out to see if this stops my issue :)

Thanks again for the help.

Best regards,
Alan Walker.

girlstyle

Looks like we've just been hacked too :-(

I've tried to upgrade, but the install is calling for this domain:

(https://coppermine-gallery.com/forum/proxy.php?request=http%3A%2F%2Fwww.girlstyle.co.uk%2Fhack.jpg&hash=58edc8ef34856500164cee0c0ffba42b75e59b7d)

The installer also wants to launch my outlook.exe. Looks like doing the upgrade isn't erradiacting the problem.

I think I'm pumped :-( Any way to do a fresh install? Looks like there is something lurking in the gallery. I don't want to put users at risk, can anyone suggest a sure fire course of action to clean out this hack? I know, late with upgrades, but no one notifies us?


Llama8668

There are a few threads around on this (the big one is here). Basically you clean up by doing an upgraded (as all files are overwritten when you do this). You need to be careful to remove all malicious files (which will typically be  .zip's or .jpg's with the filename 142739_298w3). Files such as custom theme and config files will not be overwritten so you need to manually remove the code from those.

wildwalker

Just an update.

I applied the update (1.4.17) as advised and have been trouble free for a couple of days now, so it looks like a simple upgrade to the latest version has fixed my problem.

Thanks to all that helped, much appreciated.

All the best,
Alan Walker.

François Keller

update to the latest version (1.4.18 was released today) to fix an other security hole (see the announcment thread here http://forum.coppermine-gallery.net/index.php/topic,51882.0.html)
Avez vous lu la DOC ? la FAQ ? et cherché sur le forum avant de poster ?
Did you read the DOC ? the FAQ ? and search the board before posting ?
Mon Blog

wildwalker

Quote from: François Keller on April 14, 2008, 06:39:44 PM
update to the latest version (1.4.18 was released today) to fix an other security hole (see the announcment thread here http://forum.coppermine-gallery.net/index.php/topic,51882.0.html)

Lol, I was just feeling all smug after upgrading to 1.4.17, then I read this...

Upgrading to 1.4.18 as we speak :)

I did just change the coppermine.inc.php, but of course the version is still shown as 1.4.17 as only one file has changed, so I decided to just do the whole thing.

Thanks for your help,
Alan Walker.