I'm locked out of my site I'm locked out of my site
 

News:

CPG Release 1.6.26
Correct PHP8.2 issues with user and language managers.
Additional fixes for PHP 8.2
Correct PHP8 error with SMF 2.0 bridge.
Correct IPTC supplimental category parsing.
Download and info HERE

Main Menu

I'm locked out of my site

Started by erika_conn, September 10, 2009, 05:37:00 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

erika_conn

http://ceconn.com/photo_gallery

I am pretty sure I've been hacked.  I can't get in no matter how often I specify that I need a new password.  They send my new password and still it won't take.  I've been to phpmyadmin.  I got as far as clicking the edit button.  A window pops up. Run SQL query/queries on database cecon46_gallery: SELECT * FROM `cpg148_users``user_password`. 

Now what?  Where do I put in my new password?  How can I fix this so I can get back into my site?

onthepike

Go here: http://md5.gromweb.com/
Enter new password in "String to convert to MD5".
Click OK.
Copy the information and save.
Close and exit.

Open: phpMyAdmin --> cecon46_gallery --> cpg148_users -->

Click the Browse icon alongside cpg users.
Click the Edit (pencil) icon for the admin.
Locate user_password field and delete entry.
Enter the returned value from the MD5 site into the password field in phpMyAdmin and click Go.

You should now be able to log in as admin.

erika_conn

I did just as you said.  I still can't log in.  What else could it be?

phill104

You almost certainly have been hacked. You are using version 1.4.18 and should have upgraded ages ago. The current version is 1.4.25.

Sorry to be the bearer of bad news.

If you have access to the server logs look through them to see what might have happened. Look for .htaccess files and do everything outlined in the following thread.

http://forum.coppermine-gallery.net/index.php/topic,51927.0.html
It is a mistake to think you can solve any major problems just with potatoes.

erika_conn

Quote from: Phill Luckhurst on September 10, 2009, 10:18:53 PM
You almost certainly have been hacked. You are using version 1.4.18 and should have upgraded ages ago. The current version is 1.4.25.

Sorry to be the bearer of bad news.

If you have access to the server logs look through them to see what might have happened. Look for .htaccess files and do everything outlined in the following thread.

http://forum.coppermine-gallery.net/index.php/topic,51927.0.html
Can I do a fresh installation calling the folder "fotosbyerikanew", then transfer the albums etc. into this new folder then delete the old?  Wouldn't that be easier? 

papukaija

Quote from: erika_conn on September 12, 2009, 09:18:06 PM
Can I do a fresh installation calling the folder "fotosbyerikanew", then transfer the albums etc. into this new folder then delete the old?  Wouldn't that be easier? 

You can do a fresh install, but you have to batch add your files again. The easiest way is to upgrade your gallery.

onthepike

Download a full backup of your current gallery folder. Download a copy of your database. Verify that these are not corrupt.

Completely purge your current gallery directory. Leave nothing behind.

Download the current version of CPG (currently 1.4.25) and unzip locally. FTP the contents to your old, empty gallery directory. DO NOT USE ANY AUTO-INSTALLERS.

Analyze your /albums folder for suspicious files and sanitize as necessary. Re-upload your cleansed /albums folder. Re-upload your /include/config.inc.php and /anycontent.php (after verifying contents) and install.lock (should be empty) files.

Inspect and cleanse (as necessary) any custom themes and re-upload.

Point your browser to /yourgallery/update.php

phill104

Please read the thread I linked to. Simply upgrading will not guarentee that you have sanitized yuor site. There may be files left by the hackers or there may be admin accounts created in the database. You really need to read through that thread carefully and do everything outlined there, Joachim made that extensive help guide for a reason.

If you do not understand how to do all those steps then you may have to pay someone to help you. If you do not do it properly you are risking all your hard work as you may end up going through the same routine a few days down the line.
It is a mistake to think you can solve any major problems just with potatoes.

onthepike

I agree. However I have learned by trying to help folks here that most do not follow the steps (ALL of the steps, anyway) in the thread. Partly because many folks just don't understand a lot of the information contained there. In these cases, my main objective is to allow the admin to admin as soon as possible and follow-up with the rest of the cleansing afterwards. Though (sigh) and granted, most do not.

Anyway, I would do the upgrade for nothing. I'm by no means an expert, but I've updated this application since 1.3.2, moved two different galleries to two different servers and am currently tinkering with 1.5.2 via WAMP. If I can lend a hand, I'll do it free of charge. And if I can't, I'll defer to those with more experience and knowledge.

erika_conn

Quote from: onthepike on September 12, 2009, 11:11:48 PM
Download a full backup of your current gallery folder. Download a copy of your database. Verify that these are not corrupt.

Completely purge your current gallery directory. Leave nothing behind.

Download the current version of CPG (currently 1.4.25) and unzip locally. FTP the contents to your old, empty gallery directory. DO NOT USE ANY AUTO-INSTALLERS.

Analyze your /albums folder for suspicious files and sanitize as necessary. Re-upload your cleansed /albums folder. Re-upload your /include/config.inc.php and /anycontent.php (after verifying contents) and install.lock (should be empty) files.

Inspect and cleanse (as necessary) any custom themes and re-upload.

Point your browser to /yourgallery/update.php
Thank you a million for walking me through this.  It worked - at least on one site, namely fotosbyerika.com.  Now, let's see if I can make it work on ceconn.com/photo_gallery.  Thank you again.  You guys are amazing.

phill104

Have you checked your database for users with admin rights? Please make sure you do so.
It is a mistake to think you can solve any major problems just with potatoes.

erika_conn

Quote from: onthepike on September 12, 2009, 11:11:48 PM
Download a full backup of your current gallery folder. Download a copy of your database. Verify that these are not corrupt.

Completely purge your current gallery directory. Leave nothing behind.

Download the current version of CPG (currently 1.4.25) and unzip locally. FTP the contents to your old, empty gallery directory. DO NOT USE ANY AUTO-INSTALLERS.

Analyze your /albums folder for suspicious files and sanitize as necessary. Re-upload your cleansed /albums folder. Re-upload your /include/config.inc.php and /anycontent.php (after verifying contents) and install.lock (should be empty) files.

Inspect and cleanse (as necessary) any custom themes and re-upload.

Point your browser to /yourgallery/update.php
Well, I knew the second time would probably not work.  It is a big site with many photos and FileZilla kept crashing when trying to download to desktop.  I had to reboot many times.  So, it's not surprising that I ran into a snag.

When updating, everything seemed fine until the last two entries as you see in the attached jpg file.  Then, when typing the address into the address bar I get error 2 as in the attached jpg file. 

Can you help?

Joachim Müller

Just updating is not enough and will not clean your gallery. It's bad advise to recommend just to perform the upgrade if you suspect that the site was hacked. Performing a fresh install and then moving stuff over won't help neither. If there was an alternative to the sanitization that I have described in the Yikes thread, I would have told about the alternative. But there is none. You need to sanitize your site as suggested in the Yikes thread.

erika_conn

Just to let you know that Yikes is out of date and most links don't work.  Thought you'd like to know.

I noticed that on StatCounter there is one IP address that seems to forever be on my http://ceconn.com/photo_gallery site, although I can't find him on the other photo site, so maybe I'm wrong.  It's also the first time I saw the strange letters listed.  Could this be the culprit that hacked my sites?  If so, how do I report him or how can I prove it?  Seems to me, messing with someone else's property should be against the law.

I've attached a partial list for you to see.  Aug. 20 seems to be when it all started.

Also, when you say back up the entire site, I guess you mean whatever I have with that particular host.  If so, that's almost impossible to do as FileZilla constantly crashes and besides, not all files get backed up.  Besides, my host does that so why do I have to do it too?

Joe Carver

It looks like you and I use the same hosting company (beginning with "M").

If yes, then use the "Backup Wizard" in your cPanel to back up your site. It will compress the site
and download a .gz to your computer. It can take a while, but works well for me.

If you are concerned about a certain IP address then use your "IP Deny Manager".

I have just had a try at your site - it looks like you need to fix your config.inc.php file.

erika_conn

Quote from: i-imagine on September 17, 2009, 05:07:26 PM
It looks like you and I use the same hosting company (beginning with "M").

If yes, then use the "Backup Wizard" in your cPanel to back up your site. It will compress the site
and download a .gz to your computer. It can take a while, but works well for me.

If you are concerned about a certain IP address then use your "IP Deny Manager".

I have just had a try at your site - it looks like you need to fix your config.inc.php file.

Yes, we do use the same host.  Gee I've checked the config.inc.php file.  Everything looks good to me. Thanks for the IP Deny Manager.  I looked in PHPMyADMIN and there really is no cpg141x_config file.  Well, for now I'm backing up using the wizard, as you suggested.  Thanks for helping.

Joachim Müller

Quote from: erika_conn on September 17, 2009, 04:39:27 PM
Just to let you know that Yikes is out of date and most links don't work.  Thought you'd like to know.
No, it's not. Everything that is mentioned there still applies - I just went through all the links in that thread: all of them work exactly as expected except the example links like http://your_site.tld/coppermine/albums/userpics/100023/picture.jpg (that's an example URL that of course doesn't work since there is no top level domain named "tld"). Please let us know why you think that it's outdated.

crazy_girl

Guys, I'm also locked out of my gallery. I enter the password and it says me error. What must I do?


crazy_girl

If I make upgrade, the problem will be solved? I have upload many photos in the gallery and I dont want to loose them. I"m not good in coding!