[Solved]: Think my site has been hacked... [Solved]: Think my site has been hacked...
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

[Solved]: Think my site has been hacked...

Started by WildWayz, March 17, 2008, 01:02:15 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

WildWayz

Yesterday my site was working fine... this morning I tried and now all I get is a prompt to install a missing language pack (which I ignore) and now the entire site has Arabic text and the theme has changed.

I have checked the files and re-uploaded them - no change.
I have checked the MySQL database - all the information is there still.
I have checked my Albums - all info is there.

I am running the latest version of Coppermine.

My setup never forced a Login before - so that has been implemented.

The url is http://www.moose-shack.com/photos/index.php

Can anyone help?

Thanks

James

Nibbler

Switch to english (http://www.moose-shack.com/photos/login.php?lang=english) then login and see what happened. Check for admin accounts that shouldn't be there and change your pass. Disable the login requirement in config too.

WildWayz

Thanks - just managed to fix this...
I deleted all language packs other than English (it's a personal site, so no need for multilanguage stuff).
I used phpMyAdmin and searched for qw33nkilla@hotmail.com (that is what the person changed the admin email to) - and changed it back to what it should have been.

I reset the admin password to another one - no other users were created.

I am going to change the MySQL password now....

Thanks for your help!

James

Joachim Müller

That's the proper method to clean your site. Make sure to scan for potential backdoors that the attacker might have left. To do so, download the entire content of the gallery by FTP, then make sure that only the expected files (images) reside within the albums folder. Compare the script files (PHP files) against a vanilla copy of the coppermine package (using a diff-viewer like WinMerge).
Also make sure that your passwords are non-trivial.