Hi
I was used cpg1.4.9, and my web site was hacked and all DBs was deleted. They used a vulnerability on cpg1.4.9 to upload a php file and take a full control on my DBs.
I would like to know, how can I secure the upload ? can I use "Password Protect Directories" to add addition authentication on upload files on the server ? I have only one user who allowed uploading to the gallery.
Also, how can I disable the upload at all? I just want to open the gallery without uploading any file. Is deleting the upload.php enough ?
Thanks
To disable uploading just set permissions on the groups page.
Hi,
thanks for this response,
I don't want to do it with cpg, I would like to make sure nobody can upload any file on the server using cpg even if the upload allowed for some user.
I mean add password on the folders, or change the folder permissions
CHMOD then if you think that this is the proper method (which it is not). Not related to coppermine, but webserver setup. As suggested, disabling uploads is all that it takes unless you have backdoors on your server.