Need Help - My site keep getting hacked

mealex · April 18, 2007, 09:09:51 AM

Hi
We have an Adult paid site www.arabsexcity.com [edit GauGau] Warning: link not worksafe [/edit]
Its using coppermine 1.34
I would like to upgrade but its edited alot and could be hard. I am happy with the current version.
But i keep finding usernames and passwords to my site in forums.
What should i do?
Alex

Vee · April 18, 2007, 09:19:35 AM

I think you should upgrade.
I can help you for that.

Hein Traag · April 18, 2007, 01:08:09 PM

version 1.34 is stoneage. Upgrading is mandatory!

Even if you edited it a lot you should still upgrade at 1.4.10 is the current stable (and safe) version.

mealex · July 10, 2007, 04:39:44 PM

Hello

So can somebody help me upgrading my site.
The site is fully operational with alot of members.
The site has been edited alot

Please reply to mealexxx@gmail.com
Alex

mealex · July 10, 2007, 05:07:58 PM

Hi

My name is Alex.
I own an Adult pay site.
I am using coppermine 1.3.4

I found out more than once anymous people loging into my members area. After investigating i found my site's passwords and usernames in forums. I deactivated those members but after that i found new members info on forums which means that my site is vulnerable for hackers and password sniffers.

I would like to fix this by upgrading and installing any security addons if available.

The only thing is my site is heavily edited. I like it to be the same exactly with no changes but upgraded. The site is heavily traffiked and have alot of members that i dont want to disturb.

I will pay generousily for whom is upto this challenge.

I need it done Yesterday

Thanks
Alex

mealex · July 10, 2007, 05:14:49 PM

Hi

Yes its me again.
My email is mealexxx@gmail.com

Alex

Hein Traag · July 10, 2007, 07:21:51 PM

Try not to double post and be patiened.

Joachim Müller · July 11, 2007, 05:35:28 PM

Quote from: GauGau on November 15, 2006, 11:02:34 PM
It is not advisable to post your email address in your thread - this will only make email harvesters store your email address, resulting in even more spam. Just enable notifictions for the thread you start instead. You'll be emailed then if potential job takers reply to your thread.

Quote from: GauGau on July 22, 2004, 10:32:01 AM
It's advisable to post the budget you're ready to spend, the time schedule you have in mind

Joachim Müller · July 11, 2007, 05:47:47 PM

Merging thread "Site getting hacked - Upgrade needed and security issues - WILL PAY" with your other thread "Need Help - My site keep getting hacked". In the future, don't start two identical requests.

Why don't you perform the upgrade yourself?

mealex · July 12, 2007, 02:12:21 PM

Hello

OOOps, sorry for the dulpications. Actually one was old and the other 1 was new.

Well i am not a developer myself.

Besides the gallery is heavily edited from some developers in the forum. And the site is heavily trafficked. Members should not feel the process and the coding must be to the highest standards without holes.
B. Mossavari contact me to upgrade my site and fix the security issues and cleanup all the unnessarly files.

The budget is $400

Any recommendations

Alex

carefree · July 12, 2007, 04:11:14 PM

Generally i find hacks on our site through "cross site scripting" . Read this article and download a security tool from downloads.com relating to this term.

http://en.wikipedia.org/wiki/Cross-site_scripting

Its easy to overlook even large well known sites experience this.

You should also add a discliamer to you signup page stating that you will try to prevent it, but you are not resposible for hacking attempts.

Hope this helps

Joachim Müller · July 12, 2007, 07:08:43 PM

Quote from: carefree on July 12, 2007, 04:11:14 PMRead this article and download a security tool from downloads.com relating to this term.

Such a tool to download does only make sense if you have no idea why you're under attack. Alex knows pretty well why he's under attack: because he's using an outdated (ancient) version of the script that has known security issues. The attackers know those issues just as well. The only way to fix those issues is to upgrade. I understand that you're trying to be helpfull, but in this case your advice won't help.

Quote from: carefree on July 12, 2007, 04:11:14 PMYou should also add a discliamer to you signup page stating that you will try to prevent it, but you are not resposible for hacking attempts.

What's the benefit of such a disclaimer? If you're aware that your site has security vulnerabilities and you still don't act accordingly, you can be held liable for possible damage, no matter wether you have such a disclaimer or not.

Quote from: mealex on July 12, 2007, 02:12:21 PMWell i am not a developer myself.

You don't have to be one.

I suggest upgrading as suggested in the docs: doing exactly as suggested there will give you a backup both of your files and your database. This way you can savely go back if the upgrade process should go wrong. The apply the actual update, replacing all customized pages with fresh files of the cpg1.4.12 package. This way, you'll lose your customization for a short period of time, but don't worry: you can apply them carefully, step-by-step after having upgraded.

Quote from: mealex on July 12, 2007, 02:12:21 PMThe budget is $400

Sounds like a fair budget to me. I think you should be able to find a good freelancer to do the job for you.

Joachim

foulu · July 13, 2007, 05:01:13 AM

i can hand this work just because i'm the one who modify mealex cpg before. I think i will take place in about 3 - 4 days. Pm or email if you want to hire me.

Joachim Müller · November 04, 2007, 11:52:11 AM

Issue solved? Job done?

coppermine-gallery.com/forum

News:

Need Help - My site keep getting hacked

mealex

Vee

Hein Traag

mealex

mealex

mealex

Hein Traag

Joachim Müller

Joachim Müller

mealex

carefree

Joachim Müller

foulu

Joachim Müller