I noticed that my site had suddenly changed .. theme was different, language was different and no picures showing etc. TOTALLY changed. I suspect a hacker attack since I did not change anything on the site for a while. I then upgraded to the latest PHP version.
But I have the problem that even as me (which should be with admin rights) I only get "Gallery is currently offline - check back soon".
Is there any way I can initialize my password in the database (going directly to the SQL database where I have the DB adminstrative rights) ?
Yes. Alternatively just disable offline mode instead of messing with your password.
Quote from: Nibbler on February 02, 2008, 11:22:38 PM
Yes. Alternatively just disable offline mode instead of messing with your password.
Thank you for a quick reply. I probably already messed things up.. because I just before seeing your response changed my password to blank (erased the encrypted password there). And now I am not able to log in with blank. My bad :-(
Is it possible to somehow set the password?
I am looking for offline mode, do you have a hint to what table this setting could be in?
It's in the config table, named 'offline'. Set it to 0. Coppermine passwords are md5 hashes, so if you set yourself a password manually you need to enter it as an md5 hash (phpmyadmin makes this easy).
Exclellent. Thank you so much for your help. I will do as you suggest :)
Sorry, to come back already .. looking in the admin table I see different strange things:
Language set to welsh and a strange email for gallery admin ..
Is it just me .. but I can not seem to find the offline column name !?
Copy of contents here:
albums_per_page 25
album_list_cols 1234
display_pic_info 1
alb_list_thumb_size 1234
allowed_file_extensions GIF/PNG/JPG/JPEG/TIF/TIFF
allowed_img_types ALL
allow_private_albums 1
allow_user_registration 1
allow_duplicate_emails_addr 1
caption_in_thumbview 1
charset iso-8859-1
cookie_name
cookie_path 1234
debug_mode 1
default_dir_mode 1234
default_file_mode 1234
default_sort_order pd
ecards_more_pic_target 1234/
enable_smilies 1
filter_bad_words 1
forbiden_fname_char $/\\:*?"'<>|` &
fullpath 1234
gallery_admin_email abc123@acme-hackme.com
gallery_description 1234
gallery_name
im_options 1234
impath 1234
jpeg_qual 1234
keep_votes_time 30
lang welsh
Any idea if I am looking the right place (this should be the config table as far as I can see) ?
.. Sorry there were much more columns than these .. I will look for the offline.
Thanks
Sounds like you were using Coppermine 1.3. You really must make an effort to keep up to date to avoid being hacked.
Quote from: Nibbler on February 03, 2008, 12:14:09 AM
Sounds like you were using Coppermine 1.3. You really must make an effort to keep up to date to avoid being hacked.
Thank you I will keep more up to date in the future.
My gallery is very corrupted and I can not see pictures throught the homepage .. (I think mostly because of strange values like 1234 set into almost every field that an admin can set)... I wonder if there perhaps is some way to get all these fields set back to "default" values in the database, without erasing my images and descriptions that I can se when looking directly in the database is still there (at least for a number of my images).
Or am I in a situation where you would recommend a total new installation of a clean database?
Update to latest 1.4 and then use the 'reset to factory defaults' feature on the config page.
Quote from: Nibbler on February 03, 2008, 01:00:27 AM
Update to latest 1.4 and then use the 'reset to factory defaults' feature on the config page.
Thanks for the suggestion. I have upgraded to the letest version (1.4) earlier this evening, and also now based on your suggestions gotten the site online, and changed my password so I am in. BUT I can not get to any admin config page .. the only page showing me something is the search page. Everything else i blank. I wonder if it can be all the strange values set into the database (that I can see directly in the SQL database.
Can I somehow call the "reset to default" function directly using an url when I am logged in ?
Btw. my site is www.xlars.dk
that is http://www.xlars.dk/gallery/
Btw. I think I know the reason for the "hacking" .. some time back I had a test of my website where an automatic web application scanner program crawled my site to show possible exploits. I faintly remember giving this application my password, so I think that it is this app who has filled in all these default numbers in all fields, and also deleted most of my images because I did not exclude anyting from the scan of my site.
Just to say that I do not think it is Coppermines fault that this happend .. but my own stupidity. I am quite sure this is what must have happened. Why would anyone want to hack my private site anyway.
I appreciate your help very much.