Websites Hacked through Coppermine 1.4.19 Websites Hacked through Coppermine 1.4.19
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

Websites Hacked through Coppermine 1.4.19

Started by timepilot, January 17, 2009, 10:30:56 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

timepilot

I've used Coppermine for years now and have never had a problem until 1/11/09. I have 3 sites hosted @EasyCpanelhost but only two of them have a Coppermine Gallery. My site has been online since 2003 and I've always had a Coppermine Gallery on it.  :)

But until recently both websites have had directories unloaded to them and the hackers place a link on another website and link it to the directory uploaded by the hacker.  The 1st attack consisted of directory unloaded to the site and linked to a UK Bank. When I tried to delete the directory I couldn't and got a "550" error. So I contacted my friendly hosting company about the problem and days went by and they did nothing about the problem. Finally I told them if they didn't fix the problem I was going to contact the UK Bank and tell them to explain to them why they weren't allowing me to delete it. Right after I emailed them the problem was solved. There wasn't any new registration in the Gallery.

On 1/11/09 I got flooded with emails stating I'm running a phishing scam on the IRS website. I contacted EasyCpanelhost and got no reply that day but did get one the following day. They said "What's been hacked ?". I can tell you the hacker uploaded a directory to my site and placed a link on the IRS website to the directory on my site and I got one new registration in my gallery. I talked to some support tech @EasyCpanelhost and they said there is no way of determining whos doing this. But at my domain registar she said that's bologna, they could tell by reading their FTP logs. I deleted the directory that day and I thought the problem was gone.

The next day 1/12/09 I got flooded with emails stating the directory is back to the IRS website.
I went online and I noticed all three of the sites I've have hosted from this company have been suspended even though I paid for hosting for one year until Sept09. There was a new registration in the gallery. I contacted them and George there told me he would move my account to more secure server. I was told my sites were suspended because of the phishing scam of which they knew it wasn't my fault along with all of my data I have no access to. Well days went by and they did nothing and didn't move my site to any new server.

So I started posting on a forum, imagine that, about what a good hosting company they were.
I got somebody who agreed and stated they need to learn how to secure their server that not matter what php scripts a customer used nobody could access unless they have root access.

Finally Easy Cpanelhost got back to me and told me since I was running a Coppermine Gallery version 1.4.19 with unsecure scripts that I voilated their TOS and would be charged $40 to get my service restored. I told them they must be smokin something if they thought I was gonna pay that when it was because their servers are unsecure.  They blamed all hacking on the Coppermine Gallery because of it's unsecure scripts. All directories in Coppermine gallery were set to "711" except for albums and userpics were set to "777". I don't believe for a minute that Coppermine was at fault for any hacking, the company didn't know how to secure their servers so they blamed the customer and Coppermine. Am I still gonna use this Gallery, Yes!  ;)



Hein Traag

Cpg 1.4.19 is the current stable and thus secure version of cpg so it is perfectly safe to use. I do wonder what your host means by "unsecure scripts". Did you happen to ask them to explain? And post a link to your gallery also  ;)

phill104

I would be interested to see what evidence they have for calling cpg insecure. How else can they justify charging you?

If, as you state in your mail that they are unable to check the logs then they are just assuming that coppermine is the cause.

Do you have any other php apps installed in the same space?
It is a mistake to think you can solve any major problems just with potatoes.

timepilot

The other php app is my blog. But since 2003 my sites been online and I haven't a problem.  :)

QuoteHere's what "EasyCpanelhost said:
Our Servers are secure .

The problem is your Un-Secure Gallery Script. This is the 2nd time Email Pinching scams have come from your account.

Not only will we not refund your your service, But account that violates our TOS agreement for a 2nd time will result in fine of $40 if you want account re-setup on our network and given another chance.

If you're wondering if I actually paid the $40 since I paid $31.90 for a years hosting, the answer is "No".  ;D

I'm sorry but I don't know how to hack into a gov website twice in two days. The hacking wasn't my fault and I believe Coppermine Gallery had nothing to do with the hacking.

When I talked to the Tech on the phone he said, "he could hack into any site that uses php scripts". I wondered what he meant by that comment but I did wonder something else that I wouldn't post.  :-\

Hein Traag

Here's one advice, try to find a more competent host that does give answers you can do work with.

phill104

Sounds like they are providing PHP but if you use it then you are liable to pay $40 whenever they decide because they consider it insecure.

I would agree with Hein.
It is a mistake to think you can solve any major problems just with potatoes.

timepilot

Here's an update I thought people might like to know. When I was processing the backups on all three of my sites, two of them had Coppermine installed. Both of these sites had a directory uploaded to them that was labled "stimulus.refund" and my url was linked from the IRS website to the directory they installed. The one that didn't have Coppermine was hacked the same way the other sites were. :o   

They uploaded a directory and linked it to a European Bank. And I thought they just hacked two sites, I guess I was wrong. On my site the hacker was able to hack into a link on my blog and redirect it to a chatroom. If someone could tell me the correct permissions for a .php file maybe that would help? I had all of my directories set to "711" except for albums and user pics was set to "777". Is there something I could of done to prevent this or do you believe as I do it was because their servers weren't secure? I'd like to hear some opinions on this. 

All I can say is I've had the website since 2003 and since I switched to EasyCpanelhost I had nothing but grief from this hosting company. I had 3 websites hosted on their non-secure servers and since then it's been all down hill. They still are insisting that it's my fault because I had insecure scripts because of Coppermine.  ???

I've done some research on them and this is how they operate. If a customers site gets hacked they just suspend their account and blame it on them by saying they are running a phishing scam from their servers which of course is in violation of their TOS. This way they eliminate the problem since they don't know how to fix it. Not a good way to do business but it works for them!  ::)