Authenticate? - Page 2 Authenticate? - Page 2
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

Authenticate?

Started by sandramichelle, November 27, 2008, 02:27:17 AM

Previous topic - Next topic

0 Members and 2 Guests are viewing this topic.

lumo

Ok. I wonder what threadopener sandramichelle found out - btw. sorry for kind of hijacking your thread!  ;)

Hein Traag

As Joachim said that is not important. The more important is given in the threads on how to deal with a hack.

Joachim Müller

Hack forensics (i.e. analyzing the payload of a hack and drawing conclusions from that) is something that only very skilled people can accomplish who have a security background. In fact you need to be a hacker to understand a hacker. It doesn't make sense for you as website owner to waste time and energy to find out what a malicious script has done unless you're skilled enough to read the malicious script and understand where to look into especially. However, this approach has got a flaw: analyzing that one payload file you found to figure out what the attacker did might make you ignore other backdoors or payload files. For a thorough sanitization, you can not just review the payload file: you need to sanitize your entire webspace. If you're really concerned, ask your webhost for support. The reason for that: in the past, malicious attacks have been run against entire webserver with hundreds of shared webhosting accounts on it. If the webhost had a flaw in his mechanisms that are suppossed to shield the separate accounts against each other, one infected account was enough to infect the entire server, including areas that you as user on that shared webhosting server can't even access (root-only areas). Therefor, it's always a good idea to contact your webhost and confess that you have been hacked, even it was you who is to blame because of reluctance to update your apps. The webhost should be informed anyway - a good webhost will take this seriously and at least perform some sort of security scan or audit just to make sure his entire webserver wasn't hacked along as well.

I can understand that you are concerned and exited and want to use all resources available (including this board) that will help you bring your webspace back to normal level. However, as in previous incidents, there's no use in ranting: as far as we concerned, we can only provide the most recent fixes in a timely manner - the rest is up to you. Think of the Yikes-thread as a courtesy that actually is beyond of what you can expect from regular support boards. You definitely can't expect an analysis of the payload that was uploaded to your webserver because of your reluctance to upgrade in a timely manner. It's quite natural to try to blame others for mistakes, but you have to face the truth: it's your task to keep your website clean and up to date.

Joachim