CPG has been hacked (?) CPG has been hacked (?)
 

News:

CPG Release 1.6.26
Correct PHP8.2 issues with user and language managers.
Additional fixes for PHP 8.2
Correct PHP8 error with SMF 2.0 bridge.
Correct IPTC supplimental category parsing.
Download and info HERE

Main Menu

CPG has been hacked (?)

Started by André Müller, January 06, 2014, 09:24:26 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

André Müller

Dear all,

I am not sure if this is related to CPG, but cannot exclude as well.
My Gallery (www.fotowald.de CPG 1.5.24) was hacked yesterday (5.1.2014) morning, i.e. code was placed in at least three core php files (index.php, login.php, and footer.php). The result was a server error when I tried to call one of the files. After replacing all files with a fresh upgrade procedure everything seems to work fine again. As a precaution I changed all passwords that are somewhat related to the CPG admin / webhost.
As I cannot exclude that the files were changed via FTP or in any other different way, this is not necessarily CPG related, but I am unable to tell if it might. If needed, I have made local copies of the changed files.

Cheers,
André


phill104

Take a look at this article from Joachim. It was written for CPG1.4.x but is still valid - http://forum.coppermine-gallery.net/index.php/topic,51927.0.html
It is a mistake to think you can solve any major problems just with potatoes.

Αndré

We're not aware of any zero-day exploits. Without any further information we cannot tell you what happened.