hacked - Page 2 hacked - Page 2
 

News:

CPG Release 1.6.26
Correct PHP8.2 issues with user and language managers.
Additional fixes for PHP 8.2
Correct PHP8 error with SMF 2.0 bridge.
Correct IPTC supplimental category parsing.
Download and info HERE

Main Menu

hacked

Started by ksxj, March 29, 2009, 09:32:08 AM

Previous topic - Next topic

0 Members and 3 Guests are viewing this topic.

ksxj

Nibbler - would you be willing to ftp into my account and confirm that I sanatized so I can stop getting that question? 
Thanks

Nibbler


ksxj


ksxj

Quote from: Joachim Müller on April 10, 2009, 10:30:11 AM
@ksxj: stop butting in - I have already replied to another thread where you told people to visit your thread. To make this clear: you have not understood the concept behind cleaning and sanitizing as suggested in the Yikes thread. You insist that there is something else people need to do, which is not the case.

@thread starter: ignore ksxj. Do as suggested in the Yikes thread.

wow, just trying to help and see if there are others with the same issue. 

I agree that yikes thread is very helpfull and great start.  I am just using this forum what it is for.  Joining people with the same interestes and to help each other if our paths cross. How are we supposed to know if we are not allowed to discuss such things? 

And you say I did not sanatize my site.  Woudln't deleting all files and reinstalling from scratch count as sanatizing?

Joachim Müller

If you really delete all files (even the ones outside the path of coppermine) and if you don't forget to clean the database as well, then yes: this would count as extreme sanitization, or rather an extermination. But that's not what you said you did in "your" thread. The things you did or did not perform should however not be discussed in this thread, but inside your thread. In other words: please stay out of this thread with your issues.

ksxj

I am really needing help and you want me to stay out of my own thread.  I undestand you want me out of other people thread but by my own?


Well it hasn't even been a day since I completly deleted all my files except the .jpg's and reloaded my gallery and forum from scratch.  I didn't even have time to reinstall my my gallery theme or any of the mods I have done in the past.  Can someone please help me?!?!?!?!?!?!?!?!?

phill104

I think you missunderstood. I believe Joachim wants you to keep out of the other threads and keep your questions to your own.

Did you delete all of your other files such a phpbb etc?
It is a mistake to think you can solve any major problems just with potatoes.

Joachim Müller

Quote from: ksxj on April 11, 2009, 06:21:29 PM
deleted all my files except the .jpg's
Are you sure the jpeg files are clean?

Quote from: Phill Luckhurst on April 11, 2009, 08:16:43 PM
I believe Joachim wants you to keep out of the other threads and keep your questions to your own.
Exactly. Thanks for the clarification. Sorry if have haven't expressed clearly enough what I meant.

ksxj

Quote from: Joachim Müller on April 11, 2009, 08:56:41 PM
Are you sure the jpeg files are clean?

How do I check that?  They open ok when you go to them.  Is there another way to check?

ksxj

Quote from: Phill Luckhurst on April 11, 2009, 08:16:43 PM
Did you delete all of your other files such a phpbb etc?


I deleted everything.  Even my myphpadmin console files and reinstalled everything. 

Joachim Müller

A possible reason for re-infection are entire servers on shared webhsoting, where the individual accounts are not shielded properly one against the other. I suggest you talk to your webhost as well. Maybe they can shed some light as well on the attack pattern by reviewing their access logs.
As far as I can see, you haven't posted a link to your gallery so far. Would be a good idea to do so now.

ksxj

Ok, so I was hacked again this week.  I have been running to sites.  One was just phpbb3 without coppermine for 3 weeks without coppermine.  The other just coppermine. One week after I added coppermine it happened and now it has gotten my just coppermine site.  So I know it is coppermine. 

But now I think it has a name cause my work is comes up blocking "gumblar.cn" when I go to my websites.

Joachim Müller

Re-infections can happen as well if the webspace hasn't been sanitized properly or if outdated software was used. Since you haven't elaborated, there's no saying if it's really the case that coppermine is to blame. Anyway, with so little detail, it's just crying "thief". Not a bright idea. If you want help, post details. If you just came here to blame others, then please stop it.

ksxj

wow, I am posting my findings as I go, so maybe someone else can read this or stumble accross it if they are having the same issue.  Isn't this what the forum is for???  I am not mad or upset with anyone on this site or blaming anyone on this site. 

It looks like it is not just coppermine but other php based forums/scripts as well.  Looks like they can affect your personal computer and then use your ftp program to find out usernames and passwords for your sites.  But again this is my findings so far, so if you know anything else please share with me and others so we can maybe get a handle on it.




Joachim Müller

Well, you blamed coppermine:
Quote from: ksxj on May 08, 2009, 04:09:18 PM
So I know it is coppermine. 
and I replied that you can't be sure.
What else do you expect.