My coppermine 148 has been taken over by a virus -any help appreciated My coppermine 148 has been taken over by a virus -any help appreciated
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

My coppermine 148 has been taken over by a virus -any help appreciated

Started by NoviceScotty, April 12, 2008, 01:44:48 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

NoviceScotty

Hi everyone -

I have been using cpg148 (which I assume is version 1.48?) for some years now, without any problems.

However last week (9th April or so) the formatting went wrong - instead of 12 thumbnails on a page and a link to the next page, I had only one per page, but could only access pages 1 or 13.

Then I noticed that the site was trying to execute a php page on an external web site, and when I looked at the files,  an extra line had been appended to about 66 files. This line contained php echo iframe executing a php script on an external web site.

So, my questions:
Is this known a php /sql hack, or has someone got access to my passwords?
(I've changed them all anyway, but I'm worried that someone has hacked the computer I use to manage the web page)
It does appear (see below) that someone uploaded a jpg with malicious code

What can I do to stop this happening again? Is there some sort of security patch that I need?

I'd appreciate any help anyone can give me

Thanks

In case anyone else has the same problem, the files affected are mainly the php files, with index.html files in each directory that might be new, but one jpg in my first album is actually a php file that looks as if it does nasty stuff.
If any one is interested, I can send this file for analysis - it is full of stuff like
path = $_SERVER DOCUMENT_ROOT array_push dirs path

Also, I can give you the address of the site that its rediected to, if anyone knows how to find out who's behind it!










steveeh131047

There's a long thread dealing with this problem:
http://forum.coppermine-gallery.net/index.php/topic,51671.0.html
Don't fall so far behind with your upgrades next time - before the recent problem the up to date version was 1.4.16!