My Gallery Is Hacked My Gallery Is Hacked
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

My Gallery Is Hacked

Started by Naotaro, August 09, 2009, 10:50:26 PM

Previous topic - Next topic

0 Members and 5 Guests are viewing this topic.

Naotaro

well my gallerie's url is pics.katy-la.com today my gallery got hacked and well now i can log in also something happened to the css and the worst is that each time someone enters to my gallery threre is an advertisement that saysvthat its an atacking web now what i need to know is what to do fo fixing my gallery ? please tell me i need to know how to do it without erasing anything



onthepike

Yikes, I've been hacked! Now what?

QuoteThere have been efforts of users who have fallen victim of hacking attacks to share their insight with others. However, you need to understand in the first place that not all hacking attacks are the same: once an attacker has managed to break your site's security, he can do virtually anything. Some hackers may just deface your site (i.e. display an unwanted message or ads on your page), others may abuse to store your site to store content (malware, warez, porn etc.).

There is no saying what the hacker may have done to your page, so I suggest you don't believe in simple recipes from a cooking book that say "delete file X and Y and you will be good". Instead, believe me: there's no saying what the attacker may have done, so you better clean your site thoroughly.

Naotaro

but the thing is it just hacked my gallery nothing else .. but i mean is there any way to back up all the albums and images  i mean i have over 10,000 images and over 500 albums

Pascal YAP

@Naotaro,

Sanitize your Gallery. It's absolutly mandatory.
For a deep help, you should follow the link send by OnThePike in his previous Post.

And read that from Google "Safe Browsing. Diagnostic page for pics.katy-la.com???
=> http://safebrowsing.clients.google.com/safebrowsing/diagnostic?client=Firefox&hl=en&site=http://pics.katy-la.com/

Joachim Müller

Quote from: Naotaro on August 10, 2009, 12:25:16 AM
but i mean is there any way to back up all the albums and images
Sure, if you have a backup you can restore that. Then upgrade and you'll be done. Hoewever, if you don't have a clean beackup, you can't go back to a previous, safe version. This should teach you the importance of frequent backups as well as frequent upgrades. Do as suggested in the Yikes thread - there's no other recommednation we could give, like it or not.

Naotaro

but if i make a file backup i have to back up also the albums

Joachim Müller

You can't perform a backup of an already-hacked gallery. Not sure what you're trying to say.

Naotaro

so if i cant make that asically what i have to do is delete everything ?
QuoteYikes, I've been hacked! Now what?

i already read that and thats what i understood

Joachim Müller

Quote from: Naotaro on August 10, 2009, 01:47:05 AM
so if i cant make that asically what i have to do is delete everything ?
No, you don't have to delete everything. That's not what the Yikes thread says. That thread is very long and takes care of all possible aspects of the hacking attempt. It doesn't just say: delete everything and install from scratch. I'm sorry, but there is no easier answer than "read the Yikes thread", no matter how often you ask and no matter how you try to re-phrease your question. Ask a real question if you have one.

Naotaro

QuoteSo what do you have to do?
First of all: don't panic! You may be tempted to delete everything that looks funny or causes issues, but this might result in losing precious data. So here's what we'll do: first, create a backup of all files (including the infected ones). Then, create a backup of your database. Next, we'll close the hole the attacker used to get control over your site. Finally, we'll clean all files and unwanted database entries.

all files means even the files that are in the albums folder (i.e all the iamges) ?

onthepike

Unless you want to intentionally take the chance that you MIGHT have to start from scratch, peace of mind, disaster recovery, common sense and everyone else here will tell you yes, download a full and complete copy of your gallery. And if you're unsure how deep this attack is, a full copy of your entire web space.

Users who have CPanel or similar installed may generate a "full system backup" or "Home Directory" download with the click of a button. It will take a day or so for that to complete, and another day or two to FTP that package to your desktop, so for the time being, it's best to remove access to (at least) your gallery so you don't infect visitors.

If you don't go that route, you can FTP your gallery directory to your PC. You can also FTP your entire web space to your PC. These are decisions only you can make.

But you REALLY need to fully read the Yikes thread and pay very close attention to what it's saying. As someone who's gallery was also hacked, I know from experience what it takes to restore it to full, safe and up-to-date functionality. That thread helped, though I didn't need to follow most of the guidance. That will depend upon how deep you're infected and your knowledge/skills in the necessary restoration procedures and applications.


Naotaro

i have a question... the thing is  i have another gallery meabe if i upload the files from that gallery to mine could it work ?

other thing i did what appeared in the Yikes article but anythign happened so what do i do

onthepike

What about the rest of your web space? Is your public_html directory clean, aside from the gallery directory? Have you made file comparisons? Have you a decent online file manager to verify if and when files and directories were modified? Have you done anything at all?

It seems to me you're looking for the easy way out and/or taking a very lazy approach. At this point, your questions are not legitimate, as all info you need to cleanse your site has been clearly outlined and detailed as referenced above. If you are having translation issues, translation services are available online free of charge.

I don't know how else to help you, aside from doing it myself.

Naotaro

Quote from: onthepike on August 10, 2009, 04:49:35 AM
What about the rest of your web space? Is your public_html directory clean, aside from the gallery directory? Have you made file comparisons? Have you a decent online file manager to verify if and when files and directories were modified? Have you done anything at all?

It seems to me you're looking for the easy way out and/or taking a very lazy approach. At this point, your questions are not legitimate, as all info you need to cleanse your site has been clearly outlined and detailed as referenced above. If you are having translation issues, translation services are available online free of charge.

I don't know how else to help you, aside from doing it myself.


1.yes i already checked
2. yes its clean i checked twice
3.yes , none of the files seems to be supicious
4yes i use filezilla

as you can see  i had to make tons of things for my gallery to work and it isnt working i have checked files from all my webspace my folders everything  chcekd files with the software that apears there i mean i have no clue in what to do

onthepike

Running site check on pics.katy-la.com....

This page seems to be <suspicious>
References to 1 suspicious domain found. Moreover, Google currently lists this page as suspicious.

Title: Katy Pics • HQ and Exclusive Pics of Katy Perry • Part of Katy-LA.com - Offline
URL: http://pics.katy-la.com
Google: listed as suspicious* (details
Last checked: 1 minute ago (results are cached for 2 hours)
This Report: http://www.UnmaskParasites.com/security-report/?page=pics.katy-la.com

jl.chura.TLD suspicious - displaying 1 of 1
<IFrame> link - (REMOVED)


Your website is not cleaned. It is infected as of 11:12 PM EDT. You need to go back to the Yikes thread and apply the techniques detailed there before coming back here for any more help.

http://forum.coppermine-gallery.net/index.php/topic,51927.0.html

Naotaro

well i think that meabe i did something wrong ... the thing is i re-uploaded everything (the files) before i did the backup so my gallery has now a new cpg ... so now what how do i fix that  ?


Joachim Müller

Let's end the story here: onthepike did his best to patiently explain to you what you need to do, yet all you do is replying with nonsense. Your site is not clean. Do as suggested in the Yikes thread.
Quote from: Naotaro on August 10, 2009, 05:31:36 AM
the thing is i re-uploaded everything (the files) before i did the backup so my gallery has now a new cpg
That was silly, but doesn't matter at all. You do as suggested in the Yikes thread, end of story.
Locking thread. If you can't figure out on your own, ask your webhost for support or hire a professional who will clean your site for you. What you're doing is far beyond the scope of support on this board. We told you what to do. Enough said.