Secure the upload? Secure the upload?
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

Secure the upload?

Started by Mansour, January 19, 2007, 12:29:48 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages1
User actions

Mansour

January 19, 2007, 12:29:48 PM
Hi

I was used  cpg1.4.9, and my web site was hacked and all DBs was deleted. They used a vulnerability on cpg1.4.9 to upload a php file and take a full control on my DBs.

I would like to know, how can I secure the upload ? can I use "Password Protect Directories" to add addition authentication on upload files on the server ? I have only one user who allowed uploading to the gallery.

Also, how can I disable the upload at all? I just want to open the gallery without uploading any file. Is deleting the upload.php enough ?


Thanks

Nibbler

#1
January 19, 2007, 12:52:58 PM
To disable uploading just set permissions on the groups page.

Mansour

#2
January 19, 2007, 01:04:58 PM
Hi,

thanks for this response,

I don't want to do it with cpg, I would like to make sure nobody can upload any file on the server using cpg even if the upload allowed for some user.

I mean add password on the folders, or change the folder permissions


Joachim Müller

#3
January 20, 2007, 11:07:45 AM
CHMOD then if you think that this is the proper method (which it is not). Not related to coppermine, but webserver setup. As suggested, disabling uploads is all that it takes unless you have backdoors on your server.
Print
Go Up Pages1
User actions