Are they trying to HACK my gallery ? Are they trying to HACK my gallery ?
 

News:

CPG Release 1.6.26
Correct PHP8.2 issues with user and language managers.
Additional fixes for PHP 8.2
Correct PHP8 error with SMF 2.0 bridge.
Correct IPTC supplimental category parsing.
Download and info HERE

Main Menu

Are they trying to HACK my gallery ?

Started by ExElite, February 23, 2008, 09:06:19 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

ExElite

I have cpg1414 installed and it runs well, It's setup as Private and only for my Clients.

I had someone join about 3 weeks ago and I emailed them to see who they are so on ... NO info back, so I deleted them, 2 days later the same nick and email someone joined, No reply, Delete for the 2nd time, now they keep joining as a new nick and or email Are they trying to HACK my gallery ?


All looks ok, I can't see any deleted files or added so may be if I keep deleteing them they will get the s**** in the end and go away.

Thanks for any feedback.
Ex

Joachim Müller

Possible reasons:
  • Someone is actually trying to hack you
  • Some bot is trying to register to be able to post spam comments. Bots usually don't get tired, so don't expect that this will stop.
  • Some silly person is trying to register, but doesn't read your emails in which you ask for legitimation. Maybe your leigitimation emails get caught by a spam filter
Just the fact that you're getting registration attempt emails doesn't mean anything - you can't tell if it's a hacking attempt or not. However: if you're really concerned/afraid of getting hacked, then why do you run an outdated version (cpg1.4.14) that contains known security flaws? Upgrading is mandatory in terms of security. Most recent stable release currently is cpg1.4.16!

ExElite

outdated by 3 weeks or so.
Thx


Quote from: Joachim Müller on February 23, 2008, 12:15:20 PM
Possible reasons:
  • Someone is actually trying to hack you
  • Some bot is trying to register to be able to post spam comments. Bots usually don't get tired, so don't expect that this will stop.
  • Some silly person is trying to register, but doesn't read your emails in which you ask for legitimation. Maybe your leigitimation emails get caught by a spam filter
Just the fact that you're getting registration attempt emails doesn't mean anything - you can't tell if it's a hacking attempt or not. However: if you're really concerned/afraid of getting hacked, then why do you run an outdated version (cpg1.4.14) that contains known security flaws? Upgrading is mandatory in terms of security. Most recent stable release currently is cpg1.4.16!

Joachim Müller

Don't you think that your reply is a bit silly? Do you think that hackers will care how long a maintenance release has been out or since how long your release is known to have flaws? You have to understand what hackers do: they monitor releases, compare the old release to the new one, find out what changed and then figure out a method to exploit the vulnerability that existed in the old release. Then they start their attack on unpatched, outdated releases like yours. Like it or not, that's what the bad guys do. This is not only the case for coppermine, but all kinds of apps. Happens for Windows as well ;)

kokkus

Maybe this won't help you but I had the same problem with phpbb for a long time ago.
The first thing I did was to find out if the idiot was a human or a bot. I did some changes in the registration file like duplicate the code thing so the bot won't recognize it and the registration won't be done.
If this works it's just a bot so DO NOT BAN THAIR IP's.
If this guy is a human, ban hes IP and if he comes back with another IP, unban the last one coz he's using a proxy (perhaps).
So now there is nothing to to. Maybe you can ban hes nick if it's the same nick everythime he registeres.
But good luck, and sorry about my dyslexia.