index.htlm in userpics index.htlm in userpics
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

index.htlm in userpics

Started by gragossen, October 04, 2009, 09:35:23 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

gragossen

I have all my "index.html"-files in albums and userpics - folders polluted with iframe nonsens from an iframe-attack. Can I just delete these corrupted files (or do I have to/can I exchange them with new and fresh dito from the original file)

Goran
gragosse     

phill104

It is a mistake to think you can solve any major problems just with potatoes.

gragossen

Thankyou for answer.

I have allready exchanged importent and working index-files in the gallery throu uppgrading. (from 1.4.19 to 1.4.25) The coppermine gallery is obviously now working just fine. No problem as far as I can judge. My question is about index.html-files in userpics-folders in general. What are they for? Do they have a task??? Can I delete them?

Goran
gragossen     

Joachim Müller

Just upgrading is not enough. The thread you have been told to read by Phill contains all answers there are to your case, and all possible instructions. Like it or not, those are the only valid instructions that exist. Anything else you do is up to you.

Quote from: gragossen on October 04, 2009, 05:33:20 PM
What are they for? Do they have a task??? Can I delete them?
Find it out by navigating to one of them: they are there to make sure that nobody can browse the content of the folders if you are allowing indexes on your webserver. You can delete them if you know your way around and if you have set indexes to off. We can't tell you if that is the case, as you failed to do as suggested per board rules: you haven't posted a link to your gallery although that is mandatory to do in each support thread.

Instead of posting such questions and wondering if you can delete files that come with coppermine I suggest you do as suggested and perform the sanitization properly.

Quote from: gragossen on October 04, 2009, 05:33:20 PMThe coppermine gallery is obviously now working just fine. No problem as far as I can judge.
That's the tricky thing with getting actually hacked: there are some hackers who are just defacing your site, while others try to use your server for their own purposes without you being aware of it. So if there doesn't seem to be anything wrong that might just be because the hacker doesn't want you to notice.

gragossen

http://www.vulcanriders-sweden.org/cpgbilder/index.php

At the moment I am in the "WinMerge"-phase in the "Yes I´ve been hacked" restore program . I will be back.

Goran


Joachim Müller

Don't use iso8859-1. Use utf-8. Don't change the encoding unless you understand the impact!