I think my site was hacked through coppermine I think my site was hacked through coppermine
 

News:

CPG Release 1.6.26
Correct PHP8.2 issues with user and language managers.
Additional fixes for PHP 8.2
Correct PHP8 error with SMF 2.0 bridge.
Correct IPTC supplimental category parsing.
Download and info HERE

Main Menu

I think my site was hacked through coppermine

Started by beddows, June 18, 2008, 08:17:19 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages1
User actions

beddows

June 18, 2008, 08:17:19 AM Last Edit: June 18, 2008, 08:20:40 AM by Hein Traag
All the index.htm's, etc on all the websites on my server (there are a lot) had malicious javascript inserted which re-routed them to Russian & Turkish sites. I found this index.php sitting in my albums directory in coppermine: (1.4.17). I am currently deleting coppermine in its entirety & uploading 1.4.18 instead. I changed all my FTP & database passwords just in case & uploaded files from my PC to overwrite the infected ones. A big pain. Here is the code I found in coppermine:



Code Select
<html>
<head>
<title>Hacked by TheWayEnd 1923Turk DaDaSLaR</title>

</head>
<style>
<!--
body { scrollbar-face-color: #000000; scrollbar-shadow-color: #CC0000; scrollbar-highlight-color: #CC0000; scrollbar-3dlight-color: #000000; scrollbar-darkshadow-color: #000000; scrollbar-track-color: #000000; scrollbar-arrow-color: #ffffff }
-->
</style>
<body background="http://i5.piczo.com/view/1/j/9/q/4/k/0/0/y/t/k/9/img/i83784551_80817.gif">
</body>

<!--

if (document.all&&!window.print){
leftright.style.width=document.body.clientWidth-2
topdown.style.height=document.body.clientHeight-2
}
else if (document.layers){
document.leftright.clip.width=window.innerWidth
document.leftright.clip.height=1
document.topdown.clip.width=1
document.topdown.clip.height=window.innerHeight
}

function followmouse1(){
leftright.style.pixelTop=document.body.scrollTop+event.clientY+1
topdown.style.pixelTop=document.body.scrollTop
if (event.clientX<document.body.clientWidth-2)
topdown.style.pixelLeft=document.body.scrollLeft+event.clientX+1
else
topdown.style.pixelLeft=document.body.clientWidth-2
}

function followmouse2(e){
//move cross engine for NS 4+
document.leftright.top=e.y+1
document.topdown.top=pageYOffset
document.topdown.left=e.x+1
}

if (document.all)
document.onmousemove=followmouse1
else if (document.layers){
window.captureEvents(Event.MOUSEMOVE)
window.onmousemove=followmouse2
}

function regenerate(){
window.location.reload()
}
function regenerate2(){
setTimeout("window.onresize=regenerate",400)
}
if ((document.all&&!window.print)||document.layers)

window.onload=regenerate2

//-->
</script>
<script language="JavaScript">
function ambos(e) {
if (navigator.appName == 'Netscape' && (e.which == 1 || e.which == 3 || e.which == 2)){
alert('Los botones del mouse han sido inhabilitados')
return false;
}
else if (navigator.appName == 'Microsoft Internet Explorer' && (event.button == 2 ||
event.button == 2)){
alert('[! By_AD!GE !]')
}
}
document.onmousedown=ambos</script>

<bgsound src=dht.mid loop=infinite>
<body bgcolor=black>
<script language="Javascript1.2">
<!--
var mymessage = "1923TURK-GRUP";
function rtclickcheck(keyp){
if (navigator.appName == "Netscape" && keyp.which == 3) {
alert(mymessage);
return false;
}

if (navigator.appVersion.indexOf("MSIE") != -1 && event.button == 2) {
alert(mymessage);
return false;
}
}

document.onmousedown = rtclickcheck
//-->
</script>
<center><b><br>
<img src="http://adiqe.funpic.org/resimler/hack.png"><br>

<font face="Courier New" size="5px" color="#d50000">BiZ OSMANLI Torunu TURKIYE Cumhuriyeti Evladiyiz</font><br>
<img border="0" src="http://img100.imageshack.us/img100/6844/turaas3.gif" width="500" height="422"><br>

<font face="Courier New" size="6px" color="#d50000">NE MUTLU TURK'UM DiYENE</font><br><br>

<P>


<FONT color=white>
</FONT></FONT><P>
<P>



<FONT color=white>
</FONT></FONT><P>
<P>




<p>


<p>





<script language="javascript" src="/mynet_sistem/hostingad.js"></script><script language="javascript" src="http://mysite.mynet.com/common/hostingad_1.js"></script>

<br><br>

<center><EMBED
style="BORDER-RIGHT: #0b78ff 1px solid; BORDER-TOP: #0b78ff 1px solid; FILTER: xray; BORDER-LEFT: #0b78ff 1px solid; BORDER-BOTTOM: #0b78ff 1px solid; BACKGROUND-COLOR: #0b78ff"
src=http://www.elnino.gen.tr/depo/ELNINO&JETAYDIN-KALBINI-KIRARIM.mp3 width=0 height=0 type=audio/x-ms-wma>
</TD></TR></center>


<div id="leftright" style="width:expression(document.body.clientWidth-2)"></div>
<div id="topdown" style="height:expression(document.body.clientHeight-2)"></div>

Hein Traag

#1
June 18, 2008, 08:26:22 AM
Read this: http://forum.coppermine-gallery.net/index.php/topic,51927.0.html

1.4.17 did have a security flaw in it but that does not automaticly mean your site got hacked through cpg. Could just as easily have been through a dodgy server setup etc etc. Read that thread and indeed upgrade to 1.4.18.
Print
Go Up Pages1
User actions