[Solved]: Can't save new configuration

ullielfan · February 07, 2009, 05:58:06 PM

Everytime I click on "save new configuration", it just leads me to a strange page and doesn't save any changes. Here is the source codes of that page.

Code Select



<form action='/pix/admin.php' method='POST'><input type='text' name='login'><br/><input name='pass' type='password'><br /><input type='submit' value='authenticate'></form>

Coppermine version is 1.4.19 , gallery url is http://www.j-marsden.com/pix

Nibbler · February 07, 2009, 06:38:09 PM

You need to update to 1.4.20. That will probably fix this issue also.

ullielfan · February 07, 2009, 06:58:07 PM

Upgraded to 1.4.20 with modpack 1.4.19, but the problem still remains.

czyrkr · February 08, 2009, 03:09:40 AM

I have the same problem.

Few days ago I realized that my web site was hacked. I found some hidden files and hidden text in my cpg. I was running version 1.4.14 . I couldn't save new configuration. Now I updated to version 1.4.20 and I still cannot save configuration. It just sends me to Authentication page where I enter my Login info and.... Noting happens I get blank page admin.php. When I refresh it takes me back to admin.php which is that same configuration file but with the same configuration as before. Any help or suggestions will be appreciated.

Aeronautic · February 08, 2009, 04:48:04 AM

Quote from: ullielfan on February 07, 2009, 06:58:07 PM
Upgraded to 1.4.20 with modpack 1.4.19, but the problem still remains.

I may be completely wrong here but I think modpack is version specific. By adding modpack 1.4.19 after you upgraded to cpg 1.4.20 you overwrote some of those upgraded files with files of the same name but earlier version.

Devs?

ullielfan · February 08, 2009, 06:46:33 AM

I noticed something like

Code Select

<?php /**/eval(base64_decode(...... has been written into my config.inc.php file. Just deleted it, and my gallery seems to work fine now.

czyrkr · February 08, 2009, 12:58:07 PM

Code Select

<?php /**/eval(base64_decode(......
Yes that was the case with my gallery as well. It works now. Thank you.

Joachim Müller · February 13, 2009, 09:15:25 AM

Means that you have been subject of a hacking attempt. Clear your gallery thoroughly - just cleaning include/config.inc.php might not be enough, the attacker might have left other payload or backdoors behind!

czyrkr · February 15, 2009, 01:15:14 AM

Quote from: Joachim Müller on February 13, 2009, 09:15:25 AM
Means that you have been subject of a hacking attempt. Clear your gallery thoroughly - just cleaning include/config.inc.php might not be enough, the attacker might have left other payload or backdoors behind!

What is your suggestion? Should I delete all files and reinstall the whole gallery?

Fabricio Ferrero · February 15, 2009, 11:26:19 AM

Quote from: czyrkr on February 15, 2009, 01:15:14 AM

What is your suggestion?

Read: Yikes, I've been hacked! Now what?

Joachim Müller · February 17, 2009, 12:24:54 PM

Quote from: czyrkr on February 15, 2009, 01:15:14 AMShould I delete all files and reinstall the whole gallery?

No.

Quote from: Fabricio Ferrero on February 15, 2009, 11:26:19 AM
Read: Yikes, I've been hacked! Now what?

Exactly! The only recommended solution is being explained in that thread.

thehau · April 30, 2009, 07:40:32 PM

I decoded the string and it came up with something from joomla, which I did install.

thehau · April 30, 2009, 07:43:15 PM

Sorry hit Post too early.

Good news is that my site hasn't been compromised, a good online base64 decoder is here:

http://www.motobit.com/util/base64-decoder-encoder.asp

On the safe side, I did upgrade to the latest version of coppermine.

Joachim Müller · May 01, 2009, 11:59:46 PM

Locking

coppermine-gallery.com/forum

News:

[Solved]: Can't save new configuration

ullielfan

Nibbler

ullielfan

czyrkr

Aeronautic

ullielfan

czyrkr

Joachim Müller

czyrkr

Fabricio Ferrero

Joachim Müller

thehau

thehau

Joachim Müller