Protecting yourself from being hacked Protecting yourself from being hacked
 

News:

CPG Release 1.6.26
Correct PHP8.2 issues with user and language managers.
Additional fixes for PHP 8.2
Correct PHP8 error with SMF 2.0 bridge.
Correct IPTC supplimental category parsing.
Download and info HERE

Main Menu

Protecting yourself from being hacked

Started by bart5986, January 25, 2005, 09:49:01 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

bart5986

I got hacked earlier after my forum got hacked, and I was wondering what I can do to protect my gallery. I have already changed my password to a 20 character one.

Joachim Müller

If you use bridging with a forum, all an attacker will need is the forum's admin account. Once he was able to get it (or hack the forum in any other way), he will have access to everything on the server, including coppermine.
20 character passwords are not necessarily needed, make sure it's a password that can not be guessed nor found out using a brute force/dictionary attack. A good password should contain upper and lower case letters and numbers, e.g. "fG8Rpd5T".
Make sure you have secured every app on your webserver, as gaining access to one app usually means your whole site is vulnerable. Post details what exactly happened: has your site been defaced, did the attacker store warez on your server, did he manipulate or delete files/database tables etc. Are you self-hosted or webhosted? Are all components (OS, server, PHP, mySQL up-to-date).
When webhosted: ask your webhost for the log of the time the attack happened. When self-hosted: re-consider self-hosting; running your own webserver is not a job for a part-time newbie, you should leave this job to pros, i.e. consider switching to webhosting (maybe a dedicated server that is being looked after by a pro, housed at your webhost).

Joachim

bart5986

i'm hosted by gamespy, and all I've had on there is the gallery. I didn't bridge the forum and gallery but I did have the same password for the two.

he deleted almost all of my categorys and albums and demoted my account to a normal user from what I saw.

So whats the process of someone hacking me? my password would take a very long time to crack so what else would be a problem?

my password is a mixture of numbers and letters and doesn't have any dictionary words

Joachim Müller

I can't give you detailed instructions on "how to hack a coppermine site in 5 minutes" ;).  Make sure your ftp account password can not be guessed easily, nor the password that protects your phpMyAdmin pages or cpanel.
In other words: I can only give generic advice, you might google for this issue. All I can say: there are no known security issues with coppermine, but there are several with various bbs apps (phpbb being the highest "candidate" on the list), so I suggest checking to have the most recent releases and bug fixes applied for those apps.

Joachim

bart5986

well just as long as coppermine is mostly bug free there shouldn't be a problem