Website with 1.5.12 ecard hack by .RU 188.143.232.* Website with 1.5.12 ecard hack by .RU 188.143.232.*
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

Website with 1.5.12 ecard hack by .RU 188.143.232.*

Started by dreimer, February 03, 2017, 11:32:58 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

dreimer

My site running 1.5.12 has experienced an ecard hack by .RU 188.143.232.*

Initially there were 100-200 bogus emails sent via ecards sent daily
I was able to delete them and ban the individual IP address

Then the hacker / spammer was able to disable adding new files and new albums

Has this been the reason for any of the security upgrades?
Or is this a new breach via mysql?

phill104

We cannot tell without extensive investigation exactly how the hacker gained access. It could be the very old version of coppermine you are running which is why we work hard to keep the package up to date. It could be some other vulnerability on your system but like I say, without doinf extensive investigations we could not tell. Having said that the version you are running has a number of issues that have since been fixed. As is often the case, when a security issue arises, it is usually published on numerous online resources. The hackers then see these and begin searching for vulnerable sites. Running an old version of any server side software increases substantially your risk of attack.
It is a mistake to think you can solve any major problems just with potatoes.

dreimer

My site is 5 GB, 363 albums and 78,000 files

5 years ago the site was about 10% the current size and I had to migrate each album manually, which took a month
There was no way I was going to do upgrades 2 or 3 times a year

Your advice about easy migrations is completely unrealistic for large sites like mine.
I have a website developer background using HTML and not PHP and not mysql.

Surely the exposure of organized Russian hacking of Coppermine should have been identified by now?

phill104

Upgrading does not require moving any albums. It is a simple and relatively fast process. Only the core coppermine files need replacing and a small script running.

Many hacks have been identified hence the later releases of CPG. CPG 1.5.12 was release in Jan 2011, 6 years ago. A lot has changed since then and many hacks have been identified and fixed.
It is a mistake to think you can solve any major problems just with potatoes.

dreimer

More analysis of the ecard log shows there were two different Russian hackers involved in submitting bogus emails

My site running 1.5.12 has experienced another ecard hack by .RU 46.161.9.*
This one submitted adverts for legal drugs: 200 - 300 emails per day

The ecard hack by .RU 188.143.232.* submitted emails to random users: ~5000 per day
This has resulted in the site being shutdown for spamming!  :'( :'(  :'(

phill104

I am sure Gmc can help you fix it. Hopefully once it  is fixed you can keep your instal up to date. Take a look at th docs and feel free to ask questions about upgrading when you need to. A basic cpg install no matter how many albums and images should only take a few minutes to update.
It is a mistake to think you can solve any major problems just with potatoes.

dreimer

#6
My site Thai-NL.com/gallery/ has been updated  ;D. (NSFW)
We'll see if the .ru guys can get back in  :-[

Joe Carver

The previous post was edited to mark your site as NSFW = Not Safe For Work.

Without any captcha or other protection, it will be easy for someone to abuse the ecard feature...

dreimer

It turns out that my few remaining Coppermine sites are still running 1.4.xx
They too were hacked via the ecard facility from Russian websites 10 years ago

I have deleted all the bogus emails, which required mods to Coppermine db_ecard.php and wasted a lot of my time  >:(
I have now removed ecards from my sites via Groups disable, which I should have done a long time ago  :'(


phill104

Hopefully you can upgrade those sites too, there are some other entry points which could be used if you do not.
It is a mistake to think you can solve any major problems just with potatoes.