Somebody manages to hack my site through gallery

[paul863]

I am really really new into coppermine, and I'm really sorry to be nuisance but somebody for a really long time managed to hack my site and change it into viagra circus few times, I cleared it systematically but now I decided to look for the reason. I figured it may be because of not upgraded gallery, so I would like to ask if somebody of you could check my version and then post a link to tutorial how to upgrade to the newest and safest version My gallery is galeria.intoxication.pl

Thank you very much in advance!

[Αndré]

As I wasn't successful to connect to your gallery, here the link to the upgrade docs: http://documentation.coppermine-gallery.net/en/upgrading.htm

[paul863]

Thank you very much for the answer! I ran the versioncheck file, and it says:  1.4.21. I read the document you gave me but the only thing I could find where the steps I should proceed while upgrading generally, not specifically from 1.4.x to 1.5.x

[Αndré]

http://documentation.coppermine-gallery.net/en/upgrading.htm#upgrade_14

[paul863]

Okay, thank you very much, what I would like to ask you now is read the steps I wrote below, and check if it's alright because I dont wanna mess anything up...

1st: download the new version, 2nd: disable old plugins and then remove the content of folder plugins, 3rd: upgrade the theme, 4th: remove everything from lang folder, 5th: upload everything from new version folder apart from config, anycontent and albums, and run the upgrade file 6th: run versioncheck to see if anything needs to be removed manually 7th: configure new features, and enable new plugins one by one

[Αndré]

You can find the step-by-step instruction here: http://documentation.coppermine-gallery.net/en/upgrading.htm#upgrade_any

You missed the most important part, the backup! I suggest to read the whole document about upgrading, not just a few parts. It seems that you just read the passage I refer to, but ignore the rest.

[paul863]

Hehe.

I read every part. The proof:

Points from here: http://documentation.coppermine-gallery.net/en/upgrading.htm#upgrade_any

1st: download the new version, 2nd: disable old plugins and then remove the content of folder plugins, 3rd: upgrade the theme, 4th: remove everything from lang folder, 5th: upload everything from new version folder apart from config, anycontent and albums, and run the upgrade file 6th: run versioncheck to see if anything needs to be removed manually 7th: configure new features, and enable new plugins one by one.

Making a backup goes without saying

I would be delighted if You could answer my question above, thank You very much in advance!

[Αndré]

Looks okay. If anything goes wrong you still have a backup.

[paul863]

I can not find config file in cpg15.x rar file... it should be in include, but there's only sample, then I ran search, and there was no results for it... Did you not include it at all? Dont want to mess my gallery up, so I ask to make sure

Second question: what are plugins? More to the point, does everybody have it? From what I've read on Coppermine docs it's like an addition to gallery, like an improvement, and not everybody has it, it's something you have to have installed/added yourself, like modification... If it's not, then correct me and just tell me how to disable them so I could run upgrade

Thank you very much!

[Joe Carver]

I can not find config file in cpg15.x rar file... it should be in include, but there's only sample, then I ran search, and there was no results for it... Did you not include it at all? Dont want to mess my gallery up, so I ask to make sure

From the document package:

A fresh Coppermine package doesn't contain a config file anyway (that file has being created during install on your server)

Please re-review here:
http://documentation.coppermine-gallery.net/en/upgrading.htm#upgrade_any

... it's something you have to have installed/added yourself, like modification...

Yes, you as the gallery admin are the person who installs plugins. See your Plugin Manager menu.
Also, see the docs:
http://documentation.coppermine-gallery.net/en/plugins.htm

...... but somebody for a really long time managed to hack my site.....

You should be fixing that problem first.
See Yikes, I've been hacked! Now what? .
It was written in the era of cpg 1.4.x but it still applies today. It is an unsupported thread, so please read it completely, follow all of the steps, make your backups first. Some hosting companies do help their customers with hacking issues - if you are in too deep, ask for help from your hosting company.

Upgrading alone will not fix a hacked gallery / site. If you have other software on your site, it should also be cleaned and updated.

[paul863]

I ran the update file, and I see:

Fatal error: Cannot redeclare cpg_get_type() (previously declared in /home/tatusho/intoxication.pl/galeria/include/functions.inc.php:5793) in /home/tatusho/intoxication.pl/galeria/include/media.functions.inc.php on line 59

Funny thing is that media.functions file doesn't exist in cpg 1.5, so I don't know why there's this mistake... Please, help

[Joe Carver]

Funny thing is that media.functions file doesn't exist in cpg 1.5

You are correct. See this link where the same question has been asked before. (searching will provide you these answers too...)
http://forum.coppermine-gallery.net/index.php/topic,65831.msg327507.html#msg327507

Make certain that you have no cpg 1.4.x files remaining - follow the instructions in your document package.

[paul863]

I thought that I should remove remaining cpg 1.4.x files AFTER upgrading... That's what is written in documents, to run versioncheck and see what files are remaining and need to be removed manually...

So, I removed it manually and here we go again Something's still wrong

Fatal error: require() [function.require]: Failed opening required 'include/media.functions.inc.php' (include_path='.:/usr/local/lib/php:/usr/local/php5/lib/pear') in /home/tatusho/intoxication.pl/galeria/include/init.inc.php on line 223

[Αndré]

Obviously you haven't replaced all files successfully, as line 223 of include/init.inc.php in cpg1.5.x reads

Code Select Expand

$CONFIG['GIF_support'] = 0;

To be absolutely sure that there are no cpg1.4.x files on your server, delete all Coppermine files and folders except the albums directory, the include/config.inc.php file and the anycontent.php file (if you've used it). Then, upload all cpg1.5.x files and run versioncheck.php.

[paul863]

Okay, thank you very very much for the help! Coppermine 1.5 looks great, I like the improvements You made Great job!

I ran versioncheck after upgrading but I don't know what I should pay attention to... It seems like everything is fine, but the list is sooo long and I do not understand everything in it... Can I just leave it as it is or should I compulsory do something about... something?

And second thing: I am sure it has been asked before, but I couldn't find it, and I am still new into cpg 1.5 (the interface is really different than what I was used to) and I would like to allow guests to see all pictures So simply, so there would be no login form.

[Αndré]

You can set that option both in the group manager and in the config.

Please

tag your answer as "solved" by clicking on the "Topic Solved" button on the bar at the left hand side at the bottom of your thread.

Before your next post, please read our board rules and the docs, as you obviously haven't done that.

[paul863]

Ohh I'm so sorry about this Done!