help I've been hacked!

[vogel.je]

Hello, 

My Coppermine Gallery was hacked so I upgraded from version 1.4 to 1.5 successfully.  But the hack didn't go away.  For instance if I go to just about any page and view the source I find this code embedded in the php page:

<div style="position:/**/absolute; overflow:/**/hidden;/**/width:/**/0 "><h2><a href="http://www.prosoftwarestore.com/" alt="Software Store Microsoft Software Adobe Software" title="Software Store Microsoft Software (this goes on and on and on)

What can I do to eliminate this hack?  Is it a matter of simply going in there and deleting this embedded code?  If I do that won't these lines just come back? What should I do?

Thanks - John Vogel

[lurkalot]

Please follow the rules when asking for support.  It will help us help you.

Just a quick question.  As you upgraded from one major version to another, did you also upgrade your themes?  What happens when you view your gallery using the default theme "Curve"?

[Joe Carver]

Please follow the rules when asking for support.  It will help us help you.

Specifically, posting the link to your Coppermine is what you and most people are missing in your support requests.

Upgrading alone will not fix a hacked gallery / site. If you have other software on your site, it should also be cleaned and updated.

See Yikes, I've been hacked! Now what? .
It was written in the era of cpg 1.4.x but it still applies today. It is an unsupported thread, so please read it completely, follow all of the steps, make your backups first. Some hosting companies do help their customers with hacking issues - if you are in too deep, ask for help from your hosting company.