777 folders hacked 777 folders hacked
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

777 folders hacked

Started by help_james, February 05, 2006, 06:35:55 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

help_james

I recently found all folders with 777 permissions have been hacked (such as /include and /albums) and usually injected with 3 files. ".htaccess file and two .php files something like include.php, base.php, create.php or coding.php etc."
I must have some of the folders on this site set to 777 as software such as coppermine requires it.
I have managed to go through and remove the damage in order to get the site operational again but still have a load of infected folders which need cleaning.
Can you advise how to stop this happening in the future and do you have an idea of how this occured?

Joachim Müller

can only happen on webservers where the virtual hosting accounts aren't properly shielded against each other. If one webspace hosted on your server got hacked one way or the other, the attacker can get access to all other virtual webspaces on the same server if the server itself isn't configured properly.
Usually, 777 is not a security risk, unless your webhost doesn't know his way around (or doesn't care).

Bottom line: complain at your webhost!

help_james

they are responding with the point that 777 folders are world readable and writeable. surely this must be a security issue in coppermine as wouldn't it be better if no folders were writable by anonymous users. how can the hosting provider protect folders that have been given permission to be altered by anyone.

Nibbler

To be able to accept uploads, Coppermine must be able to write to the 'albums' folder in order to store the files that are uploaded. If the permissions have to be 777 for that to be possible then it is a server setup issue. 'include' only requires write access during installation.

kegobeer

Quote from: help_james on February 11, 2006, 02:16:21 PM
they are responding with the point that 777 folders are world readable and writeable. surely this must be a security issue in coppermine as wouldn't it be better if no folders were writable by anonymous users. how can the hosting provider protect folders that have been given permission to be altered by anyone.

The only way someone can take advantage of 777 is if they can somehow upload a malicious script to your site.  If your host is hacked, then your site will be vulnerable, period.  If you don't allow non-image files, you are not vulnerable.  Besides, you should review all files uploaded to your site before the general public can see them.

As Nibbler stated, if you don't have writable folders, Coppermine won't work.
Do not send me a private message unless I ask for one.  Make your post public so everyone can benefit.

There are no stupid questions
But there are a LOT of inquisitive idiots

testpig

I have the same issue. 777 folders were exploited to hack my Coppermine gallery and create half a days work for me restoring it.

I understand the software needs to write to the server - catch is that users can also if the folders are set to 777. In my opinion this is a major risk and unfortunately I'll be reviewing which platform I use for my gallery going forward.

Dont get me wrong - great software...... but I'm concerned about 777 folders.

Tranz

As GauGau said, the problem is with an improper server setting. We use Coppermine ourselves so we wouldn't want our galleries nor our users' galleries to be hacked. If having writable directories were a problem, we wouldn't suggest allowing it.

So either complain to your host or get another one. You're bound to get hacked again sooner or later. The problem is not with the gallery.

Joachim Müller

Recommended reading: Why chmod 777 is NOT a security risk by Unknown W. Brackets (Simple Machines Community Forum)