Getting red X's on Coppermine Photo Gallery Getting red X's on Coppermine Photo Gallery
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

Getting red X's on Coppermine Photo Gallery

Started by capntawful, June 17, 2009, 07:07:22 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

capntawful

My customers Coppermine Photo Gallery was working just fine until today, now she's getting re x's on all of photos.  I updated the database and did a repair in cpanel.  But this did not work to fix the problem.  You can see the problem at http://countryclublabradoodles.com/gallery/

I'm also attacking a copy of the debug info.  Amy help to reslove this issue would be appricatd.

USER:
------------------
Array
(
    [ID] => c19750921edff3bd58b61079b81486ae
    [am] => 1
    [lang] => english
)

==========================
USER DATA:
------------------
Array
(
    [user_id] => 1
    [user_name] => shelly
    [groups] => Array
        (
           
  • => 1
            )

        [disk_max] => 0
        [disk_min] => 0
        [can_rate_pictures] => 1
        [can_send_ecards] => 1
        [ufc_max] => 3
        [ufc_min] => 3
        [custom_user_upload] => 0
        [num_file_upload] => 5
        [num_URI_upload] => 3
        [can_post_comments] => 1
        [can_upload_pictures] => 1
        [can_create_albums] => 1
        [has_admin_access] => 1
        [pub_upl_need_approval] => 0
        [priv_upl_need_approval] => 0
        [group_name] => Administrators
        [upload_form_config] => 3
        [group_quota] => 0
        [can_see_all_albums] => 1
        [group_id] => 1
    )

    ==========================
    Queries:
    ------------------
    Array
    (
       
  • => SELECT extension, mime, content, player FROM cpg_filetypes; (0s)
        [1] => select * from cpg_plugins order by priority asc; (0s)
        [2] => delete from `countryc_copp1`.cpg_sessions where time<1245254229 and remember=0; (0s)
        [3] => delete from `countryc_copp1`.cpg_sessions where time<1244048229; (0s)
        [4] => select user_id from `countryc_copp1`.cpg_sessions where session_id = '995abbb4bd1cb9750945243c2d81e1b2' (0s)
        [5] => select user_id as id, user_password as password from `countryc_copp1`.cpg_users where user_id=1 (0s)
        [6] => SELECT u.user_id AS id, u.user_name AS username, u.user_password AS password, u.user_group+100 AS group_id FROM `countryc_copp1`.cpg_users AS u INNER JOIN `countryc_copp1`.cpg_usergroups AS g ON u.user_group=g.group_id WHERE u.user_id='1' (0s)
        [7] => SELECT user_group_list FROM `countryc_copp1`.cpg_users AS u WHERE user_id='1' and user_group_list <> ''; (0s)
        [8] => SELECT MAX(group_quota) as disk_max, MIN(group_quota) as disk_min, MAX(can_rate_pictures) as can_rate_pictures, MAX(can_send_ecards) as can_send_ecards, MAX(upload_form_config) as ufc_max, MIN(upload_form_config) as ufc_min, MAX(custom_user_upload) as custom_user_upload, MAX(num_file_upload) as num_file_upload, MAX(num_URI_upload) as num_URI_upload, MAX(can_post_comments) as can_post_comments, MAX(can_upload_pictures) as can_upload_pictures, MAX(can_create_albums) as can_create_albums, MAX(has_admin_access) as has_admin_access, MIN(pub_upl_need_approval) as pub_upl_need_approval, MIN( priv_upl_need_approval) as  priv_upl_need_approval FROM cpg_usergroups WHERE group_id in (1) (0s)
        [9] => SELECT group_name FROM  cpg_usergroups WHERE group_id= 1 (0s)
        [10] => update `countryc_copp1`.cpg_sessions set time='1245257829' where session_id = '995abbb4bd1cb9750945243c2d81e1b2' (0s)
        [11] => SELECT user_favpics FROM cpg_favpics WHERE user_id = 1 (0s)
        [12] => DELETE FROM cpg_banned WHERE expiry < '2009-06-17 12:57:09' (0s)
        [13] => SELECT * FROM cpg_banned WHERE (ip_addr='12.175.230.58' OR ip_addr='12.175.230.58' OR user_id=1) AND brute_force=0 (0s)
        [14] => SELECT cid, name, description, thumb FROM cpg_categories WHERE parent = ''  ORDER BY pos (0s)
        [15] => SELECT aid FROM cpg_albums as a WHERE category>=10000 (0s)
        [16] => SELECT count(*) FROM cpg_pictures as p, cpg_albums as a WHERE p.aid = a.aid AND approved='YES' AND category >= 10000 (0s)
        [17] => SELECT cid, name, description, thumb FROM cpg_categories WHERE parent = '1'  ORDER BY pos (0s)
        [18] => SELECT aid FROM cpg_albums WHERE category = 2 (0s)
        [19] => SELECT count(*) FROM cpg_pictures as p, cpg_albums as a WHERE p.aid = a.aid AND approved='YES' AND category = 2 (0s)
        [20] => SELECT count(*) FROM cpg_albums as a WHERE category = '2' (0s)
        [21] => SELECT a.aid, a.title, a.description, visibility, filepath, filename, url_prefix, pwidth, pheight FROM cpg_albums as a LEFT JOIN cpg_pictures as p ON a.thumb=p.pid WHERE category=2 ORDER BY a.pos LIMIT 0,1 (0s)
        [22] => SELECT a.aid, count( p.pid )  AS pic_count, max( p.pid )  AS last_pid, max( p.ctime )  AS last_upload, a.keyword FROM cpg_albums AS a  LEFT JOIN cpg_pictures AS p ON a.aid = p.aid AND p.approved =  'YES' WHERE a.aid IN (2)GROUP BY a.aid (0s)
        [23] => SELECT filepath, filename, url_prefix, pwidth, pheight FROM cpg_pictures WHERE pid='217' (0s)
        [24] => SELECT cid, name, description, thumb FROM cpg_categories WHERE parent = '2'  ORDER BY pos (0s)
        [25] => SELECT aid FROM cpg_albums as a WHERE category = '0' (0s)
        [26] => SELECT count(*) FROM cpg_albums as a WHERE 1 (0s)
        [27] => SELECT count(*) FROM cpg_pictures as p LEFT JOIN cpg_albums as a ON a.aid=p.aid WHERE 1 AND approved='YES' (0s)
        [28] => SELECT count(*) FROM cpg_comments as c LEFT JOIN cpg_pictures as p ON c.pid=p.pid LEFT JOIN cpg_albums as a ON a.aid=p.aid WHERE 1 (0s)
        [29] => SELECT count(*) FROM cpg_categories WHERE 1 (0s)
        [30] => SELECT sum(hits) FROM cpg_pictures as p LEFT JOIN cpg_albums as a ON p.aid=a.aid WHERE 1 (0s)
        [31] => SELECT COUNT(*) FROM cpg_pictures WHERE approved = 'NO' (0s)
        [32] => SELECT count(*) FROM cpg_albums as a WHERE category = '0' (0s)
        [33] => SELECT * FROM cpg_pictures WHERE approved = 'YES'  ORDER BY RAND() LIMIT 8 (0.004s)
        [34] => SELECT COUNT(*) from cpg_pictures WHERE approved = 'YES'  (0s)
        [35] => SELECT * FROM cpg_pictures WHERE approved = 'YES'  ORDER BY pid DESC  LIMIT 0 ,8 (0s)
    )

    ==========================
    GET :
    ------------------
    Array
    (
    )

    ==========================
    POST :
    ------------------
    Array
    (
    )

    ==========================
    VERSION INFO :
    ------------------
    PHP version: 5.2.9 - OK
    ------------------
    mySQL version: 5.0.77-community-log
    ------------------
    Coppermine version: 1.4.20(stable)
    ==========================
    Module: GD
    ------------------
    GD Version: bundled (2.0.34 compatible)
    FreeType Support: 1
    FreeType Linkage: with freetype
    T1Lib Support:
    GIF Read Support: 1
    GIF Create Support: 1
    JPG Support: 1
    PNG Support: 1
    WBMP Support: 1
    XPM Support: 1
    XBM Support: 1
    JIS-mapped Japanese Font Support:

    ==========================
    Module: mysql
    ------------------
    MySQL Supportenabled
    Active Persistent Links 0
    Active Links 1
    Client API version 5.0.77
    MYSQL_MODULE_TYPE external
    MYSQL_SOCKET /var/lib/mysql/mysql.sock
    MYSQL_INCLUDE -I/usr/include/mysql
    MYSQL_LIBS -L/usr/lib -lmysqlclient 
    ==========================
    Module: zlib
    ------------------
    ZLib Support enabled
    Stream Wrapper support compress.zlib://
    Stream Filter support zlib.inflate, zlib.deflate
    Compiled Version 1.2.1.2
    Linked Version 1.2.3
    ==========================
    Server restrictions (safe mode)?
    ------------------
    Directive | Local Value | Master Value
    safe_mode | Off | Off
    safe_mode_exec_dir | no value | no value
    safe_mode_gid | Off | Off
    safe_mode_include_dir | no value | no value
    safe_mode_exec_dir | no value | no value
    sql.safe_mode | Off | Off
    disable_functions | no value | no value
    file_uploads | On | On
    include_path | .:/usr/lib/php:/usr/local/lib/php | .:/usr/lib/php:/usr/local/lib/php
    open_basedir | no value | no value
    ==========================
    email
    ------------------
    Directive | Local Value | Master Value
    sendmail_from | no value | no value
    sendmail_path | /usr/sbin/sendmail -t -i  | /usr/sbin/sendmail -t -i
    SMTP | localhost | localhost
    smtp_port | 25 | 25
    ==========================
    Size and Time
    ------------------
    Directive | Local Value | Master Value
    max_execution_time | 30 | 30
    max_input_time | 60 | 60
    upload_max_filesize | 200M | 200M
    post_max_size | 200M | 200M
    ==========================
    Page generated in 0.046 seconds - 36 queries in 0.004 seconds - Album set : ; Meta set: ;

Joachim Müller

Congrats - your site has been hacked. Search the board to find out how to sanitize it. Hint: there is a .htaccess file that redirects to google

capntawful

Mr. Muller,

Thank you for the info.  I seach CPG fourm and could not find any help on fixing this problem.  Please help.

Thank you

Fabricio Ferrero

Weird, I found tons of threads with the word "hacked". And even a sticky post named "Yikes, I've been hacked! Now what?" that seems to be what you're looking for.
Read Docs and Search the Forum before posting. - Soporte en español
--*--
Fabricio Ferrero's Website

Catching up! :)

capntawful

I found them too, none of the make any since to me.... sorry for being a newbie at this.

Joachim Müller

Read the Yikes-thread ("Yikes, I've been hacked! Now what?") and do as suggested there. It doesn't get any easier than that, nor can you expect more from free support. I already told you what you need to do - if that is not enough information, then I suggest hiring a pro or reviewing the idea to run a website of your own.
You broke several rules already. Please do some reading now. Reading the board rules won't hurt neither.

Some threads that are very similar to yours: