[Closed]: upgading from 1.4.14 [Closed]: upgading from 1.4.14
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

[Closed]: upgading from 1.4.14

Started by amberracing, August 10, 2009, 08:56:45 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

amberracing

I seem to be running an older version. 1.4.14   can I upload 1.4.25 or is there a certain download I need to use.

phill104

Why have you asked this same question on multiple threads?

Your site has been hacked and you need to do as nibbler suggested in one of your other 2 threads.

http://forum.coppermine-gallery.net/index.php/topic,61013.msg303192.html#msg303192

http://forum.coppermine-gallery.net/index.php/topic,61134.msg303196.html#new

Additionally, you are asking about password retrieval.

http://forum.coppermine-gallery.net/index.php/topic,61136.0.html

Apart from the fact that you have been hacked and need to sort that out first.

Please read the board rules. You are causing a lot of unnessecary moderation effort.

Do not hijack other peoples threads, do not ask the same question on multiple threads and read the docs and search the forum before posting.

When you have sanitised your site as nibbler suggested in your other thread and still have problems come back and post. Do not post again until you have done that.

Continue to ignore the rules and not play the game and you will be banned.
It is a mistake to think you can solve any major problems just with potatoes.

amberracing

Ifollowed the instructions on the thread that was given to me yesterday. When I uploaded to the server I had to put in th MYSQL data. after doing so I get the following error

Coppermine critical error:
Unable to connect to database !

MySQL said: Access denied for user 'amberracing'@'208.109.181.192' (using password: YES)

Was told by godaddy that the password was wrong in the coppermine config string and would have to be corrected. I have no idea as to where or how to find that string.

Joe Carver

The file is in the directory include. It is named config.inc.php.

Make sure that you know what your actual database name and password are.

Make sure that you are careful when editing and re-uploading.


amberracing


Joe Carver

Sorry, this forum is not the place to instruct on how to open and edit php files.

Do some searching on your own. Learn a little while you are at it.

Check this link for tools recommended by the Devs.


Remember - you are a webmaster and responsible for more than just being able to upload pictures.

amberracing

There was  no need for your rude response.  I am a father trying to do what I can for my daughter.....not that you care. Fact is this IS a SUPPORT forum and I am looking for support on coppermine

phill104

#7
If you don't know how to open and edit the file then you cannot have sanitised your site yet.

I know how stressfull it can be when you get hacked and some moron has destroyed your work. Some people react by trying to learn, others panic and start posting without thinking. In your case it feels like you are doing the latter (please do not take offence to that).

What is your level of ability? By the fact that you bo not know how to download, edit in a text editor and re-upload a file I am guessing not very high. I am also guessing that you installed your gallery using your hosts built in installer. If I am correct in my assumption then you really need to find someone with the required skills to sit down with you and help you. Not only to fix your problem but to help you maintain your site in future.

You got hacked because you fell behind in your upgrades. Once you have sanitised your site you will need to learn how to upgrade it in future. You will need to learn how to backup and restore your site. You will need to learn how to edit files and some basic html/css skills.

All this is easy but sanitising your site is not so easy so I really think you need to get help with that part even if you ave to pay for it. One other option would be to see if your host have backups from before you were hacked that they could restore for you (you may get charged for that service). Once your site is restored then you could upgrade.

Don't pay for an upgrade though, rather pay someone to teach you how to do it or take the time to sit down and teach yourself.

Good luck with your problems.
It is a mistake to think you can solve any major problems just with potatoes.

phill104

Quote from: amberracing on August 11, 2009, 07:38:29 PM
There was  no need for your rude response.  I am a father trying to do what I can for my daughter.....not that you care. Fact is this IS a SUPPORT forum and I am looking for support on coppermine


I've just read your response after I posted. This is not the attitude. i-imagine is trying to help you as he has done with many other users. He cannot teach you basic skills. He is offering his support on Coppermine in his spare time for free. He does not have to do this nor does he have to put up with your obtuse response. Editing a file is not a coppermine skill.

This is your last warning, review your attitude or you will get banned.
It is a mistake to think you can solve any major problems just with potatoes.

onthepike

I responded to your plea of phone support privately, but my response went ignored. Perhaps it wasn't the answer you were hoping for, or you do not receive PM messages, but it was a response that offered help nonetheless.

I remember what it was like for me 10 years ago trying to learn what I needed to know to support my CPG installation. We have all been there. But learning how to run and maintain a website is beyond the scope of this forum. And believe it or not, your latest question IS answered in the FAQ's and documentation. Matter of fact, just about all your questions have already been answered.

Sorry I couldn't have been of more help to you.

amberracing

Phil, I-imagine offered no help. Just a rude response that invited me to shut up and go somewhere else. He even said this was not a site to ask for help on.

As for my response to being hacked...I am trying to learn, otherwise I wouldn't be asking questions. I don't know anyone here that can help me. The guy that installed coppermine for me is in Florida and I am in Texas. I am doing all that I know to do.

As for not being able to open and edit the file. I don't seem to have anything that will open it....it is a php file. config.inc.php

On the pike... I did not get your response.

amberracing

as for your threat to ban me....Where else can I get support for the coppermine softwear? I am simply trying to get my daughter's website back up and running as she needs it to get sponsorship for her racing.

onthepike

If you click the "My Messages" link at the top of the page, you'll be directed to your "PM inbox".

Regarding a text editor, as a matter of preference (with far superior abilities than notepad), I prefer Meta Pad: http://liquidninja.com/metapad/download.html

If you are hosted on a site that offers/includes cpanel, you may simply access their online file manager and select "Legacy File Manager" and edit the file online using the "Code Editor" option. This will be a "live" modification, however. As soon as you save the file, it will be instantly modified to reflect whatever changes you have made. Use caution, as live editing without a working backup can be dangerous.

And speaking of a working backup, do you not have a copy of your /include/config.inc.php file? You should! And if you do, merely copy the information contained therein to the online file. Or better, simply FTP and overwrite what's already there.

Once you regain access to your database, the process of cleansing may begin.

phill104

Quote from: amberracing on August 11, 2009, 08:21:51 PM
Phil, I-imagine offered no help. Just a rude response that invited me to shut up and go somewhere else. He even said this was not a site to ask for help on.


You are reading what you want into that response. We will give advice on Coppermine issues. You are unable to edit a standard file, we cannot teach you the basics of editing files. I-imagine did not send you somewhere else but to a thread elsewhere on this site. If you had taken the time to read through it you would have seen mention of text editors that would have enabled you to edit your files and you might have learnt some other skills along the way.

Any .php file can be edited in a plain text editor such as notepad. As you do not know how to do that you do not have the required skills to fix your site and it is beyond the scope of this board to teach you those skills. You could have even Google'd "how do I edit a .php file"

It also says in the "yikes, I've been hacked" thread that you have been pointed to in another thread what tools and skills are required and what tools to use. Had you taken the time to read that you would have not wasted your time and ours.

It is a mistake to think you can solve any major problems just with potatoes.

amberracing

Then that was all anyone had to say..."open it with html editor"

As it is I have managed to figure that out with pike's help.

Now.....I have changes the password and it still does not fix the issue. I did notice that there seems to be two coppermine files on the site instead of one. One is in the theother. Could this be part of the problem?

amberracing

#15
ok, I got the password issue figgured out and am back online with the gallery. However I still cannot see the pics. Here id the debug info that is shown.

USER:
------------------
Array
(
   [ID] => 0a4269d13910130a692b71a3d0cd2cd1
   [am] => 1
   [lang] => english
)

==========================
USER DATA:
------------------
Array
(
   [user_id] => 1
   [user_name] => amberracing
   [groups] => Array
       (
           [0] => 1
       )

   [disk_max] => 0
   [disk_min] => 0
   [can_rate_pictures] => 0
   [can_send_ecards] => 0
   [ufc_max] => 3
   [ufc_min] => 3
   [custom_user_upload] => 0
   [num_file_upload] => 5
   [num_URI_upload] => 3
   [can_post_comments] => 1
   [can_upload_pictures] => 1
   [can_create_albums] => 1
   [has_admin_access] => 1
   [pub_upl_need_approval] => 0
   [priv_upl_need_approval] => 0
   [group_name] => Administrators
   [upload_form_config] => 3
   [group_quota] => 0
   [can_see_all_albums] => 1
   [group_id] => 1
)

==========================
Queries:
------------------
Array
(
   [0] => SELECT extension, mime, content, player FROM cpg14x_filetypes; (0.001s)
   [1] => select * from cpg14x_plugins order by priority asc; (0.002s)
   [2] => delete from `amberracing`.cpg14x_sessions where time<1250017379 and remember=0; (0.001s)
   [3] => delete from `amberracing`.cpg14x_sessions where time<1248811379; (0.001s)
   [4] => select user_id from `amberracing`.cpg14x_sessions where session_id = 'a960c915c18f83ab620c9dd3c48ee695' (0s)
   [5] => select user_id as id, user_password as password from `amberracing`.cpg14x_users where user_id=1 (0s)
   [6] => SELECT u.user_id AS id, u.user_name AS username, u.user_password AS password, u.user_group+100 AS group_id FROM `amberracing`.cpg14x_users AS u INNER JOIN `amberracing`.cpg14x_usergroups AS g ON u.user_group=g.group_id WHERE u.user_id='1' (0.001s)
   [7] => SELECT user_group_list FROM `amberracing`.cpg14x_users AS u WHERE user_id='1' and user_group_list <> ''; (0.001s)
   [8] => SELECT MAX(group_quota) as disk_max, MIN(group_quota) as disk_min, MAX(can_rate_pictures) as can_rate_pictures, MAX(can_send_ecards) as can_send_ecards, MAX(upload_form_config) as ufc_max, MIN(upload_form_config) as ufc_min, MAX(custom_user_upload) as custom_user_upload, MAX(num_file_upload) as num_file_upload, MAX(num_URI_upload) as num_URI_upload, MAX(can_post_comments) as can_post_comments, MAX(can_upload_pictures) as can_upload_pictures, MAX(can_create_albums) as can_create_albums, MAX(has_admin_access) as has_admin_access, MIN(pub_upl_need_approval) as pub_upl_need_approval, MIN( priv_upl_need_approval) as  priv_upl_need_approval FROM cpg14x_usergroups WHERE group_id in (1) (0.001s)
   [9] => SELECT group_name FROM  cpg14x_usergroups WHERE group_id= 1 (0.001s)
   [10] => update `amberracing`.cpg14x_sessions set time='1250020979' where session_id = 'a960c915c18f83ab620c9dd3c48ee695' (0.001s)
   [11] => SELECT user_favpics FROM cpg14x_favpics WHERE user_id = 1 (0s)
   [12] => SELECT * FROM cpg14x_final_extract_config (0s)
   [13] => DELETE FROM cpg14x_banned WHERE expiry < '2009-08-11 13:02:59' (0s)
   [14] => SELECT * FROM cpg14x_banned WHERE (ip_addr='96.13.1.200' OR ip_addr='96.13.1.200' OR user_id=1) AND brute_force=0 (0s)
   [15] => SELECT cid, name, description, thumb FROM cpg14x_categories WHERE parent = ''  ORDER BY pos (0s)
   [16] => SELECT aid FROM cpg14x_albums as a WHERE category>=10000 (0s)
   [17] => SELECT count(*) FROM cpg14x_pictures as p, cpg14x_albums as a WHERE p.aid = a.aid AND approved='YES' AND category >= 10000 (0s)
   [18] => SELECT cid, name, description, thumb FROM cpg14x_categories WHERE parent = '1'  ORDER BY pos (0s)
   [19] => SELECT aid FROM cpg14x_albums as a WHERE category = '0' (0s)
   [20] => SELECT count(*) FROM cpg14x_albums as a WHERE 1 (0s)
   [21] => SELECT count(*) FROM cpg14x_pictures as p LEFT JOIN cpg14x_albums as a ON a.aid=p.aid WHERE 1 AND approved='YES' (0s)
   [22] => SELECT count(*) FROM cpg14x_comments as c LEFT JOIN cpg14x_pictures as p ON c.pid=p.pid LEFT JOIN cpg14x_albums as a ON a.aid=p.aid WHERE 1 (0s)
   [23] => SELECT count(*) FROM cpg14x_categories WHERE 1 (0s)
   [24] => SELECT sum(hits) FROM cpg14x_pictures as p LEFT JOIN cpg14x_albums as a ON p.aid=a.aid WHERE 1 (0s)
   [25] => SELECT COUNT(*) FROM cpg14x_pictures WHERE approved = 'NO' (0s)
   [26] => SELECT count(*) FROM cpg14x_albums as a WHERE category = '0' (0s)
   [27] => SELECT * FROM cpg14x_pictures WHERE approved = 'YES'  ORDER BY RAND() LIMIT 16 (0.008s)
   [28] => SELECT count(*) from cpg14x_comments where pid=16 and msg_id!=0 (0s)
   [29] => SELECT count(*) from cpg14x_comments where pid=12 and msg_id!=0 (0s)
   [30] => SELECT count(*) from cpg14x_comments where pid=47 and msg_id!=0 (0s)
   [31] => SELECT count(*) from cpg14x_comments where pid=13 and msg_id!=0 (0.001s)
   [32] => SELECT count(*) from cpg14x_comments where pid=59 and msg_id!=0 (0s)
   [33] => SELECT count(*) from cpg14x_comments where pid=14 and msg_id!=0 (0s)
   [34] => SELECT count(*) from cpg14x_comments where pid=52 and msg_id!=0 (0s)
   [35] => SELECT count(*) from cpg14x_comments where pid=9 and msg_id!=0 (0s)
   [36] => SELECT count(*) from cpg14x_comments where pid=20 and msg_id!=0 (0s)
   [37] => SELECT count(*) from cpg14x_comments where pid=56 and msg_id!=0 (0s)
   [38] => SELECT count(*) from cpg14x_comments where pid=36 and msg_id!=0 (0s)
   [39] => SELECT count(*) from cpg14x_comments where pid=19 and msg_id!=0 (0.006s)
   [40] => SELECT count(*) from cpg14x_comments where pid=30 and msg_id!=0 (0s)
   [41] => SELECT count(*) from cpg14x_comments where pid=49 and msg_id!=0 (0s)
   [42] => SELECT count(*) from cpg14x_comments where pid=17 and msg_id!=0 (0s)
   [43] => SELECT count(*) from cpg14x_comments where pid=26 and msg_id!=0 (0s)
   [44] => SELECT COUNT(*) from cpg14x_pictures WHERE approved = 'YES'  (0s)
   [45] => SELECT * FROM cpg14x_pictures WHERE approved = 'YES'  ORDER BY pid DESC  LIMIT 0 ,16 (0.002s)
   [46] => SELECT count(*) from cpg14x_comments where pid=61 and msg_id!=0 (0s)
   [47] => SELECT count(*) from cpg14x_comments where pid=60 and msg_id!=0 (0s)
   [48] => SELECT count(*) from cpg14x_comments where pid=59 and msg_id!=0 (0s)
   [49] => SELECT count(*) from cpg14x_comments where pid=58 and msg_id!=0 (0.002s)
   [50] => SELECT count(*) from cpg14x_comments where pid=57 and msg_id!=0 (0s)
   [51] => SELECT count(*) from cpg14x_comments where pid=56 and msg_id!=0 (0s)
   [52] => SELECT count(*) from cpg14x_comments where pid=55 and msg_id!=0 (0s)
   [53] => SELECT count(*) from cpg14x_comments where pid=54 and msg_id!=0 (0s)
   [54] => SELECT count(*) from cpg14x_comments where pid=53 and msg_id!=0 (0s)
   [55] => SELECT count(*) from cpg14x_comments where pid=52 and msg_id!=0 (0s)
   [56] => SELECT count(*) from cpg14x_comments where pid=51 and msg_id!=0 (0s)
   [57] => SELECT count(*) from cpg14x_comments where pid=50 and msg_id!=0 (0s)
   [58] => SELECT count(*) from cpg14x_comments where pid=49 and msg_id!=0 (0s)
   [59] => SELECT count(*) from cpg14x_comments where pid=48 and msg_id!=0 (0s)
   [60] => SELECT count(*) from cpg14x_comments where pid=47 and msg_id!=0 (0s)
   [61] => SELECT count(*) from cpg14x_comments where pid=46 and msg_id!=0 (0s)
)

==========================
GET :
------------------
Array
(
)

==========================
POST :
------------------
Array
(
)

==========================
VERSION INFO :
------------------
PHP version: 4.3.11 - OK
------------------
mySQL version: 5.0.67.d7-ourdelta-log
------------------
Coppermine version: 1.4.25(stable)
==========================
Module: GD
------------------
GD Version: bundled (2.0.28 compatible)
FreeType Support: 1
FreeType Linkage: with freetype
T1Lib Support:
GIF Read Support: 1
GIF Create Support: 1
JPG Support: 1
PNG Support: 1
WBMP Support: 1
XBM Support: 1
JIS-mapped Japanese Font Support:

==========================
Module: mysql
------------------
MySQL Supportenabled
Active Persistent Links 0
Active Links 1
Client API version 5.0.18
MYSQL_MODULE_TYPE external
MYSQL_SOCKET /usr/local/mysql-5.0/data/mysql.sock
MYSQL_INCLUDE -I/usr/local/mysql-5.0/include/mysql
MYSQL_LIBS -L/usr/local/mysql-5.0/lib/mysql -lmysqlclient  
==========================
Module: zlib
------------------
ZLib Support enabled
Compiled Version 1.1.4
Linked Version 1.2.3
==========================
Server restrictions (safe mode)?
------------------
Directive | Local Value | Master Value
safe_mode | Off | Off
safe_mode_exec_dir | no value | no value
safe_mode_gid | Off | Off
safe_mode_include_dir | ~ | ~
safe_mode_exec_dir | no value | no value
sql.safe_mode | Off | Off
disable_functions | no value | no value
file_uploads | On | On
include_path | .:/usr/local/lib/php | .:/usr/local/lib/php
open_basedir | no value | no value
==========================
email
------------------
Directive | Local Value | Master Value
sendmail_from | me@localhost.com | me@localhost.com
sendmail_path | /usr/sbin/sendmail -t -i  | /usr/sbin/sendmail -t -i
SMTP | relay-hosting.secureserver.net | relay-hosting.secureserver.net
smtp_port | 25 | 25
==========================
Size and Time
------------------
Directive | Local Value | Master Value
max_execution_time | 30 | 30
max_input_time | 60 | 60
upload_max_filesize | 8M | 8M
post_max_size | 8M | 8M
==========================
Page generated in 0.65 seconds - 62 queries in 0.029 seconds - Album set : ; Meta set: ;

amberracing

Does this help to diagnose the existing problem?

onthepike

We didn't need the output.

I sent you an email at Gmail explaining what to do next. I guess if you're going to continue to ignore my attempts to reply to your initial plea, and get you back to a "Coppermine specific" issue where posting here is more appropriate, I'll gracefully bow out of these discussions and leave you in the very capable hands of the Dev Team.

Best of luck to you.

amberracing

wasn't signed into my email and therefore did not receive it yet.

The problem at this point seems to be coppermine specific and the message at the bottom of the page said to include this query...so I did.

phill104

The reason you cannot see your pics is that you have not sanitized your site. The links to the images are in fact pointing to the wrong place because of the hack. You seem to completely ignore all the advice given.

Then once again you completely ignore the board rules and the message in my profile by sending me an unrequested PM

QuoteYou have just been sent a personal message by amberracing on forum.coppermine-gallery.net.

IMPORTANT: Remember, this is just a notification. Please do not reply to this email.

The message they sent you was:

I have followed the instruction given me to the best of my ability and have posted the debug script that is now showing. I did get the password issue taken care of but am still not able to view pics. Does the debug string tell you anything specific?

Myself and others have been patient and tried to help you but this ends now with a 3 day ban.

Locking.
It is a mistake to think you can solve any major problems just with potatoes.