[Solved]: I can't upload after attack [Solved]: I can't upload after attack
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

[Solved]: I can't upload after attack

Started by skyone, April 19, 2008, 10:47:11 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

skyone

my gallery was compromised after the latest attack. It seems to be working now after I udgraded and cleaned the comprimised files. However when I try to upload a picture, it does upload but after I try to select an album it says " The previous file could not be placed. You have succesfully placed all the files"

I'm guessing this is something to do with permissions. This is what I have at the moment: Default mode for directories : 0777 Default mode for files : 0666. what do I need to change them to?  I read the docs but I'm not sure what applies to my problem ???

Abbas Ali

Make sure that albums, albums/edit and albums/userpics folder are writable by web server.
Chief Geek at Ranium Systems

skyone

Quote from: Abbas Ali on April 19, 2008, 11:17:14 AM
Make sure that albums, albums/edit and albums/userpics folder are writable by web server.

where do I check this please?

and are my 0777 and 0666 modes ok or are they a security risk?

Abbas Ali

You can check the folder permissions using a ftp client. The permissions are usually seen in the "Properties" of the folder (right click and select properties) but it really differs from client to client.

As far as modes go - ask you webhost what should be the mode of folders and files so that they are writable by web server. It generally is 0777 or 0755.
Chief Geek at Ranium Systems

skyone

thanks for your replies Abba Ali

Actually I found what the problem was, during he attack, on my configuration the Max width or height of an intermediate picture/video was changed to 1, hence the error mesage when uploading, I put it back to 400 and now I can upload.

Regarding the permissions, I opened my ftp client, right clicked on userpics album and the numeric value is 755, then Owner: Read, write, execute. World and Group read and excute.
I'm just concerned if my permissions/mode could've been changed as well since I don't understand what all these things mean.
I contacted my webhost when I found out about the attack and since I couldn't even open my gallery at that time, she said she had change the permissions so I could see the gallery and so I could  fix it.
But I don't know what she changed. I just want to make sure that my gallery is not at risk anymore

Joachim Müller

Don't trust the properties your FTP app shows - usually, they are not correct due to limitations imposed by your webhost and the FTP protocol. You need to apply the needed permissions, not only check them.

skyone

Quote from: Joachim Müller on April 19, 2008, 11:57:47 AM
You need to apply the needed permissions, not only check them.

how do I apply them? I'm sorry if it is a dumb question but all this is new to me

Joachim Müller


skyone