2008-02-12 coppermine webpage down 2008-02-12 coppermine webpage down
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

2008-02-12 coppermine webpage down

Started by Joachim Müller, February 14, 2008, 07:31:23 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Joachim Müller

On 2008-02-12, the coppermine webpage went down because it was hacked. The attacker appears to have exploited the vulnerability of the Linux kernel discussed in the news article "Root exploit for Linux kernel in circulation" on heise online.
After 36 hours of downtime (with a preliminary web page set up on our backup webspace at sourceforge.net that explained what happened) the original page was restored.
We apologize for the downtime - hopefully, the site will now stay up and the issue has been fixed for good.
In an attempt to make sure that the attacker has not left behind a backdoor on our webspace, the site has not yet been restored fully (but only step-by-step after performing scans and tests). If you encounter broken links within coppermine-gallery.net, please try again later.

Joachim Müller

AndrewC


cgc0202

Quote from: Joachim Müller on February 14, 2008, 07:31:23 PM
On 2008-02-12, the coppermine webpage went down because it was hacked. The attacker appears to have exploited the vulnerability of the Linux kernel discussed in the news article ...

I am glad  you are back.  But, this is a great concern for me, also. During the past year, I had a number of the servers of the softwares I used hacked -- Joomla, CPG, etc. As far as I know, this has happened several times to CPG already, i.e., being down for a long time -- not just hiccups, or scheduled maintenance.

Had this happened to my website, I would not know what happened and how to deal with the issue.  This is onee of the reasons why I am still with a shared server hosting service.  Many of the dedicated server hosting services I contacted do not offer technical help, such as dealing with a hack.  If you require their services, it would cost a fortune.

Are there precautions that could be taken to minimize this?

Cornelio

Joachim Müller

#3
Quote from: cgc0202 on February 14, 2008, 09:12:28 PMAs far as I know, this has happened several times to CPG already, i.e., being down for a long time -- not just hiccups, or scheduled maintenance.
That's wrong. The site has been down some times because our webhost shut it down due to resources consumption (a lot of traffic). It has never been down due to hacks. Don't post such assumptions if you have no idea what you're talking about >:(.

Quote from: cgc0202 on February 14, 2008, 09:12:28 PMAre there precautions that could be taken to minimize this?
This is an announcement thread! It's not a thread where you can request help. The reasons for the hack has been explained in my initial posting already: there used to be a flaw in the kernel of the operating system of the server that has been exploited. This is not related to an application on the webspace being hacked, but a hack on an entirely different level. There are many sites on the www that are dedicated to server setup, where you can ask such questions. Coppermine is not among those sites. Don't expect an explanation here what a kernel is or how the attack was carried out.
I remind everyone to stay on topic, especially in this thread. Don't force us to lock down every thread...
Possible precautions that we can recommend: keep your apps up-to-date. Perform backups frequently. That's all the advice that I'm ready to give here. Now back to the topic please.

Joachim

nointerest

That explains why "suddenly" there was nothing there. I had thought that you where doing maintenance or something thought - I tend to not expect the worst *gg*.

Its good you were able to deal with it and now back thought. Hope that this stays this way.

François Keller

Avez vous lu la DOC ? la FAQ ? et cherché sur le forum avant de poster ?
Did you read the DOC ? the FAQ ? and search the board before posting ?
Mon Blog

Makc666

There are two problems:

Joachim Müller

Quote from: Joachim Müller on February 14, 2008, 07:31:23 PMthe site has not yet been restored fully
I haven't bothered about additional languages yet. Not sure I will. See
Quote from: Joachim Müller on February 14, 2008, 09:23:08 PMAllowing additional languages means additional maintenance works. That's why the additional languages have been removed - this thread is no longer valid.

François Keller

and do you mean the "new" icons can come back ? It's a usefull feature and on this time it's difficult to see new posts on the différents boards.
(i don't know if it's a lot of work to enable this or not, so i appologize if it is)
Avez vous lu la DOC ? la FAQ ? et cherché sur le forum avant de poster ?
Did you read the DOC ? the FAQ ? and search the board before posting ?
Mon Blog

SaWey

I also noted that the topic icons are not available anymore ('Done', 'Solved', ...)

Joachim Müller

*Clearing throat*
Gentlemen, I have already said
Quote from: Joachim Müller on February 14, 2008, 07:31:23 PMthe site has not yet been restored fully
. In other words: some features may be missing. The forum currently runs with SMF standard features. No mods applied. Please give me some time. I have spent many hours, restoring the site to be operational. Don't expect the icing on the cake yet - I'll do that when I have the time.

SaWey

Yes offcource, just posting as a reminder :)

PS: You're doing a fantastic job!!!

François Keller

QuoteI have spent many hours, restoring the site to be operational. Don't expect the icing on the cake yet - I'll do that when I have the time.
No problem, It was not a reproach. I know you spend a lot of your free time for the coppermine project. sorry for this silly question
Avez vous lu la DOC ? la FAQ ? et cherché sur le forum avant de poster ?
Did you read the DOC ? the FAQ ? and search the board before posting ?
Mon Blog

phill104

Hope the hard work comes together.

We have over 1000 servers at one place I work so I know how hard it can be when a problem such as this arrises. We are lucky in that if one server goes down we can restore from a backup in minutes due to some custom software and backup hard disks/tape library. The basic build is on tha backup hard drives (which have to be swapped in manually) then the data is restored from tape. Various sites get hacked on a regular basis but the users rarely see too much of an impact. I wish I could run my sites on that system.

Good luck with the restore and keep up the good work.
It is a mistake to think you can solve any major problems just with potatoes.

Hein Traag

As it was just an announcement and no further usefull posts can be made for this thread it's now closed.