I get "Gallery is currently offline - check back soon" even as admin ? I get "Gallery is currently offline - check back soon" even as admin ?
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

I get "Gallery is currently offline - check back soon" even as admin ?

Started by Xlars_dk, February 02, 2008, 11:06:34 PM

Previous topic - Next topic

0 Members and 2 Guests are viewing this topic.

Xlars_dk

I noticed that my site had suddenly changed .. theme was different, language was different and no picures showing etc. TOTALLY changed. I suspect a hacker attack since I did not change anything on the site for a while. I then upgraded to the latest PHP version.

But I have the problem that even as me (which should be with admin rights) I only get "Gallery is currently offline - check back soon".

Is there any way I can initialize my password in the database (going directly to the SQL database where I have the DB adminstrative rights) ?

Nibbler

Yes. Alternatively just disable offline mode instead of messing with your password.

Xlars_dk

Quote from: Nibbler on February 02, 2008, 11:22:38 PM
Yes. Alternatively just disable offline mode instead of messing with your password.

Thank you for a quick reply. I probably already messed things up.. because I just before seeing your response changed my password to blank (erased the encrypted password there). And now I am not able to log in with blank. My bad :-(

Is it possible to somehow set the password?

I am looking for offline mode, do you have a hint to what table this setting could be in?

Nibbler

It's in the config table, named 'offline'. Set it to 0. Coppermine passwords are md5 hashes, so if you set yourself a password manually you need to enter it as an md5 hash (phpmyadmin makes this easy).

Xlars_dk

Exclellent. Thank you so much for your help. I will do as you suggest :)

Xlars_dk

Sorry, to come back already .. looking in the admin table I see different strange things:
Language set to welsh and a strange email for gallery admin ..

Is it just me .. but I can not seem to find the offline column name !?

Copy of contents here:

      albums_per_page 25
      album_list_cols 1234
      display_pic_info 1
      alb_list_thumb_size 1234
      allowed_file_extensions GIF/PNG/JPG/JPEG/TIF/TIFF
      allowed_img_types ALL
      allow_private_albums 1
      allow_user_registration 1
      allow_duplicate_emails_addr 1
      caption_in_thumbview 1
      charset iso-8859-1
      cookie_name   
      cookie_path 1234
      debug_mode 1
      default_dir_mode 1234
      default_file_mode 1234
      default_sort_order pd
      ecards_more_pic_target 1234/
      enable_smilies 1
      filter_bad_words 1
      forbiden_fname_char $/\\:*?"'<>|` &
      fullpath 1234
      gallery_admin_email abc123@acme-hackme.com
      gallery_description 1234
      gallery_name   
      im_options 1234
      impath 1234
      jpeg_qual 1234
      keep_votes_time 30
      lang welsh

Any idea if I am looking the right place (this should be the config table as far as I can see) ?

Xlars_dk

.. Sorry there were much more columns than these .. I will look for the offline.

Thanks

Nibbler

Sounds like you were using Coppermine 1.3. You really must make an effort to keep up to date to avoid being hacked.

Xlars_dk

Quote from: Nibbler on February 03, 2008, 12:14:09 AM
Sounds like you were using Coppermine 1.3. You really must make an effort to keep up to date to avoid being hacked.

Thank you I will keep more up to date in the future.

My gallery is very corrupted and I can not see pictures throught the homepage .. (I think mostly because of strange values like 1234 set into almost every field that an admin can set)... I wonder if there perhaps is some way to get all these fields set back to "default" values in the database, without erasing my images and descriptions that I can se when looking directly in the database is still there (at least for a number of my images).

Or am I in a situation where you would recommend a total new installation of a clean database?

Nibbler

Update to latest 1.4 and then use the 'reset to factory defaults' feature on the config page.

Xlars_dk

Quote from: Nibbler on February 03, 2008, 01:00:27 AM
Update to latest 1.4 and then use the 'reset to factory defaults' feature on the config page.

Thanks for the suggestion. I have upgraded to the letest version (1.4) earlier this evening, and also now based on your suggestions gotten the site online, and changed my password so I am in. BUT I can not get to any admin config page .. the only page showing me something is the search page. Everything else i blank. I wonder if it can be all the strange values set into the database (that I can see directly in the SQL database.

Can I somehow call the "reset to default" function directly using an url when I am logged in ?



Xlars_dk

Btw. I think I know the reason for the "hacking" .. some time back I had a test of my website where an automatic web application scanner program crawled my site to show possible exploits. I faintly remember giving this application my password, so I think that it is this app who has filled in all these default numbers in all fields, and also deleted most of my images because I did not exclude anyting from the scan of my site.

Just to say that I do not think it is Coppermines fault that this happend .. but my own stupidity. I am quite sure this is what must have happened. Why would anyone want to hack my private site anyway.

I appreciate your help very much.