[Solved]: Aportworm - displayimage.php [Solved]: Aportworm - displayimage.php
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

[Solved]: Aportworm - displayimage.php

Started by tcartr, January 19, 2010, 07:55:25 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages1
User actions

tcartr

January 19, 2010, 07:55:25 AM Last Edit: January 19, 2010, 07:04:35 PM by Joachim Müller
Hi, my web host has disabled my entire site because of numerous queries coming from displayimage.php.

My gallery is not viewable because the site has been disabled

http://www.teenstarsonline.com/tsoimages

I have no idea what to do and the support at host simply say clean up the file and we restore the service here is the email from them.

QuoteOur monitoring tools have investigated these files that were overloading server by creating too many requests, It was impacting other customers on our shared hosting platform. Customer script has created 894 connections in less than 40 minutes to

tsoimages/displayimage.php pow.tcartr 1263880054 2498 593 194.67.18.218 - - [19/Jan/2010:00:47:34 -0500] "GET /tsoimages/displayimage.php?album=topn&cat=-95&pos=20 HTTP/1.0" 404 593 "-" "Mozilla/5.0 (compatible; AportWorm/3.2; +http://www.aport.ru/help)"

Any help is appreciated.

phill104

#1
January 19, 2010, 10:24:21 AM
What version of coppermine were you using? I'm guessing you didn't upgrade for a while.

Read the following thread.

http://forum.coppermine-gallery.net/index.php/topic,51927.0.html
It is a mistake to think you can solve any major problems just with potatoes.

Joachim Müller

#2
January 19, 2010, 10:24:46 AM
If your webhost has suspended your site then you have to ask your webhost what you need to do to get your site back online. How could we possibly help?
Just make sure that your gallery is up-to-date and that it hasn't been hacked. If it was hacked, read Yikes, I've been hacked! Now what?

Googling for the term "Aportworm" shows that this seems to be the user agent string of some crawler or bot. Maybe your site was hammered. Anyway, we can't answer that. Please ask your webhost what you should do. The Aportworm seems to be related to the Russion site http://www.aport.ru/. Can't tell you what it is about, as I don't speak Russian, but according to the translation performed by Google it seems to be a regular portal and search site.

tcartr

#3
January 19, 2010, 04:03:49 PM
Thank you for the replies, I have spoken now to a second level person at the server who said the IP listed in the report out of Moscow was making the repeated connections and now the IP has simplay been blocked from accessing the site.

Again thank you the original support person made it seem the problem was the copermine files. I have the current version I upgraded 3 weeks ago.

Joachim Müller

#4
January 19, 2010, 07:07:16 PM
I suggest reviewing your hosting contract though: getting spidered is something you usually want to happen (although you probably don't care if you're indexed by a Russian site or not). Approximately 900 hits from a spider in 40 minutes should not be too much for the webserver imo. Sounds like you're on budget webhosting...
Print
Go Up Pages1
User actions