hacked? or something else? hacked? or something else?
 

News:

CPG Release 1.6.26
Correct PHP8.2 issues with user and language managers.
Additional fixes for PHP 8.2
Correct PHP8 error with SMF 2.0 bridge.
Correct IPTC supplimental category parsing.
Download and info HERE

Main Menu

hacked? or something else?

Started by Absoblogginlutely, March 28, 2007, 02:09:10 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages1
User actions

Absoblogginlutely

March 28, 2007, 02:09:10 AM
Google alerts showed me a link to my site at which has a link I didn't recognise.
Basically there was a whole load of buy_this_drug.htm in /gallery/include/misc/1/, misc/2 misc/3 etc
As far as I am aware I was up to date on all the security patches with gallery, picmgr was the latest patch that I applied.
Now when I go to the /gallery site I just get "Fatal Error :<br />"

Any ideas if this is a known hacking breach/attack and where to start looking for a repair? I'm now looking through my backups to see if I can see how long ago it happened.

Absoblogginlutely

#1
March 28, 2007, 03:29:57 AM
i've tracked what looks like the hack down to about 80 lines in the log file. I've narrowed it down to these lines as the first line misc/1 returns a 404, the last lines, misc/1 returns the file they've somehow uploaded.
The only files that look like they could possibly invoke xss is a line like the following as phpsessid seems strange
66.249.72.197 - - [18/Feb/2007:08:35:13 -0500] "GET /gallery/addfav.php?pid=1113&ref=displayimage.php%3Falbum%3Dtopn%26cat%3D-45%26pos%3D11%26PHPSESSID%3Dcc423731d739a1ce566daa4c2376e542&PHPSESSID=cc423731d739a1ce566daa4c2376e542 HTTP/1.1" 302 5 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"

Any ideas? I can paste the lines in here if that would help.

Joachim Müller

#2
March 28, 2007, 08:04:47 AM
Posting a link to your gallery might be helpfull.
Print
Go Up Pages1
User actions