Security email from server and now can not Login Security email from server and now can not Login
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

Security email from server and now can not Login

Started by global, December 03, 2012, 12:43:22 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

global

I was recently trying to upload some pics to my gallery. I was able to create a category and album and upload one test pic. Later I tried batch uploading number of pics (file sizes reduced about 10 to 25kb max). For some reason the pics would not upload. I thought that since I had been getting number of emails from my server that some security issue was present and to upgrade which I did number of items as the emails kept coming in, therefore thought that to try to restore to factory default. Once I did that, I can not access the gallery since the link www.globalaviationconsulting.com/gallery goes to http://www.globalaviationconsulting.com/gallery/login.php?referer=index.php and my login here does not work. I checked phpmyadmin where the db table is still intact and the admin password is there which I had reset to 21232f297a57a5a743894a0e4a801fc3 to keep it easy and therefore admin / admin does not allow me to login any more.

The emails received from my server provider stated the following; XX placed to hide personal info

Server: host23.XXXX.com
Account: XXXXX

In order to protect the security of your website, we recommend that you upgrade
the following scripts that were installed via the "Scripts Library" in your
cPanel interface:

- Coppermine.0 v1.4.24
   Location:  at http://globalaviationconsulting.com/gallery/
   Latest: v1.5.20
   Upgrade here: https://globalaviationconsulting.com:2083/frontend/x3/addoncgi/cpaddons.html?addon=cPanel::Gallery::Coppermine&action=upgrade&workinginstall=cPanel::Gallery::Coppermine.0.yaml

I followed these instructions several times and it does some form of upgrade and the cpanel shows the last one as ...Starting upgrade from 1.4.24 to 1.4.25... which was completed with a list of patching .... numerous files, but states the following at the bottom;

This Addon has been modified (or the upgrade test failed) and is no longer updatable via this function.  If you really want to force the upgrade please type the following in to the form below:

I fully understand what I am doing and take full responsibility for my actions. I have backed up all my data so I can remove the installation, reinstall fresh and import my old info into the new install if necessary. I understand that anything that breaks by forcing this upgrade is 100% my responsibility.

QUESTION:

1/ I was logged in today earlier but immediately after restore to factory default action, I could not login anymore.

2/ If I go ahead with the upgrade by typing the remark posted above, how do I backup my DB. It is currently named _cpm1. Where would I find this folder and what is the proper procedure to do a backup. or should I mirror the entire site via FTP and will that cover the DB tables. I do not want to loose the DB and its structure.

3/ Was the uploading of pics issue related to a mandatory upgrade. I was able to upload one pic but not anymore.

Will appreciate if you can XX out my site name after reading the details of the post.

Thanks in advance.

phill104

Well, we cannot really support upgrades done via a cpanel script. The problem with these scripts is that the hosts modify them and we just do not kmow what they modify. I suggest you read the guides on this site and upgrade using the methoug outlined here.

http://documentation.coppermine-gallery.net/en/upgrading.htm

Once you have upgraded hopefully your host will allow your gallery to function.
It is a mistake to think you can solve any major problems just with potatoes.

global

My host reports the following;

The error message below seems to be related to your codes which needs to be investigated by Coopermine support.

While executing query "SELECT a.aid, count( p.pid ) AS pic_count, max( p.pid ) AS last_pid, max( p.ctime ) AS last_upload, a.keyword FROM cp_albums AS a LEFT JOIN cp_pictures AS p ON a.aid = p.aid AND p.approved = 'YES' WHERE a.aid IN ()GROUP BY a.aid" on 0

mySQL error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ')GROUP BY a.aid' at line 1

What does this mean. My login was working until I clicked restore to factory default settings. Perhaps there should be a caution there that the DB may not work and to proceed at your risk. Just a thought. Any help would be appreciated

phill104

Yes, there is such a warning in the restore to factory defaults button in the back end. Search the forum for details on fixing this. Did you upgrade with the method we outlined in the docs? Looks like you are still using 1.4.26 to me.
It is a mistake to think you can solve any major problems just with potatoes.

global

Once I upgrade then will my DB table stay intact or will I loose all previously loaded pics. Thx

phill104

Please read the instructions, they detail exactly what you should do. One of those steps is to backup your database and files just in case things go wrong.
It is a mistake to think you can solve any major problems just with potatoes.

global

I managed to upgrade the gallery and i was able to login with the newly set password. 10 mins later I noted my site files were missing from public_html and the site crashed. The gallery files are also gone. There is a email forwarder to wellsfargobank that was never set by me. Strange things are going on. After upgrading a message appeared the if you have 1.5.18 then upgrade to 1.5.20 and if 1.5.16 then upgrade to 1.5.16 and each one referred to security issues. Well now I have a bigger issue. :'( :'( :'( :'( :'( :'( :'( :'(

phill104

It is a mistake to think you can solve any major problems just with potatoes.

global

I had a backup of entire site done from /cpanel xxxxxxx.tar.gz.

also did a backup of DB.

Never had to restore and trying to do that and also asked Host to help out.

global

Installed coppermine latest version. I keep getting an error when uploading pics

Error: Unable to create thumbnail or reduced size image.

Have read the forums extensively. MY host runs GD2 which is higher than 2.0.28. During the install I left the imagemagik path blank. I read now that a / should have been placed there if GD is opted. The instructions said to leave it blank if not sure imagemagik is installed.

D Support   enabled
GD Version   bundled (2.0.34 compatible)
FreeType Support   enabled
FreeType Linkage   with freetype
FreeType Version   2.3.11
GIF Read Support   enabled
GIF Create Support   enabled
JPEG Support   enabled
libJPEG Version   6b
PNG Support   enabled
libPNG Version   1.2.49
WBMP Support   enabled
XPM Support   enabled
XBM Support   enabled

I have reduced the pic sizes to 800 and further some to 400 pixels using photo resizer. The albums folder public_html/gallery/albums/userpics/10001 shows the pics uploaded but do not appear on site. Also changed setting in admin tools for All albums -- Update thumbs and/or resized photos to Everything: full-sized, resized and thumbs. I understand that max pic size can be 2048 and recommended 1024, but the test pics are set for 800 or 400 pixels so not very big files.

Albums folder and all files are set to 777. Include folder set to 777 and config.inc.php also set to 777, other files left as they were under includes folder.

I can upload the pics via FTP if it makes it any easier. I used to start an album with a very older version of coppermine and then upload the rest of pics via FTP, which then would be installed via batch file upload recognizing the existing files under each folder. PLEASE HELP as I think it is a matter of setting the path for GD2 which was left blank during install.

phill104

There is no path for GD2 as that it is not how it works.

Please start a new thread with your new problem Whilst doing so please follow all the instructions on exactly how to setup your gallery and all the details we require to help you fix this kind of problem - http://documentation.coppermine-gallery.net/en/upload_troubleshooting.htm#upload_trouble

I am convinced it is either and ownership or file perms problem though.
It is a mistake to think you can solve any major problems just with potatoes.

global

I was trying to find the Config settings. I went to config.inc.php but nothing there. I clicked CONFIG on the MENU bar and got four options, Keyword, plugin, bridge Managers and update database. Finally I tried double clicking the config, which opened the config settings what I was looking for.. I remembered this page in older 1.44 version.

Under File settings there is ....Method for resizing images, which can be selected to Imagemagic or GD1 or GD2. This is the path setting done thru config settings. As soon as I set it to GD2 things started to work, as I knew there is no imagemagic on my host and that GD2 was running.       

Allowed document types       
Method for resizing images       
Path to ImageMagick 'convert' utility       

phill104

Quote from: Phill Luckhurst on January 18, 2013, 11:56:56 PM
Please start a new thread with your new problem Whilst doing so please follow all the instructions on exactly how to setup your gallery and all the details we require to help you fix this kind of problem - http://documentation.coppermine-gallery.net/en/upload_troubleshooting.htm#upload_trouble


Once again.
It is a mistake to think you can solve any major problems just with potatoes.