I found a file in my userpics directory that most av vendors are calling a 'hacktool'. Should there be a script in that directory called up_php.rar? If not, I wonder how it got there...?
Make sure you are running an up-to-date version of Coppermine. That file should be treated as a rar (compressed archive) file by your server and is therefore harmless.
I happened to find that file as I was backing up my pics to do the update. Avira freaked. Apparently it is a script for running shell commands.
My question is, is this part of a normal install, or did someone drop this on me?
It's an exploit for previous versions of Coppermine, uploaded by a malicious visitor/bot. You are running a more-up-date version of Coppermine so there is no risk from this.
Actually I'm having trouble getting the upgrade to take. I'm still using 1.4.10. Is that vulnerable?
The file is named up_php.rar so there is no problem. If it were named up.php.rar then then there may be a problem. If you have problems updating use the update support section of the forum.
Well, since the file isn't yours I deleted it anyway, so it can't be a problem.
I'll go over to the update support section when I have a little more time. Thanks.