I've been hacked........again I've been hacked........again
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

I've been hacked........again

Started by banthes, September 27, 2007, 12:31:12 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

banthes

For the second time this year my Coppermine gallery has been hacked and used for internet phishing. I am upgrading to 1.4.13 from 1.4.12 right now.
Link to my gallery:
www.countryluau.com/Photos
Message from one of several email informing me of the phishing:


QuoteSee the link below that's from you website:

http://www.countryluau.com/Photos/albums/Autos/images/www.irs.gov/pas.php?certegy_vm=trueportlet_change_1_actionOverrideFchaseonlineFchangeFsigninDetails_windowLabel_portlet_signin_pageLabel_page_signin

I'll bet most DA's could nail you on several felony counts with this.

Have fun!!

I've tried to delete the Auto folder without any success. Any suggestions?

banthes

I managed to force delete the offending file. Is there any other files I need to remove?

Joachim Müller

The attacker left a backdoor. Upgrading alone will not close those backdoors. You need to make sure that no more backdoors exist. Has been explained in detail, e.g.
Quote from: GauGau on September 08, 2007, 10:04:15 AM
The only thing we can provide help with is how to secure your coppermine gallery against known vulnerabilities. We can not help you with cleaning up your gallery if the attack has already happened. After all, once your gallery has been hacked, there can be a myriad of things that the attacker could have done. Usually, the attackers leave a backdoor behind so they can re-enter your coppermine install with admin privileges even after you have upgraded. So once you have been attacked, there are two things you have to do: first, upgrade coppermine. Second: scan your entire webserver for potential backdoors. This second task can be time-consuming and hard to perform for newbies who don't know potential attacking schemes - after all you have to be a hacker to know what evil hackers can do. Most coppermine users are not hackers, nor do they know their way around good enough in closing backdoors and figuring out what the attacker actually did.
Bottom line: best practise is to keep your gallery up-to-date, make frequent backups both of your files as well as the database. This should keep attackers away. If you have still fallen victim to an attack, seek professional help.