| G JONES |
 |
NetHosted Customer
Joined: 24 May 2006
Posts: 57
|
 Posted: Fri Apr 18, 2008 11:01 am Post subject: COPPERMINE 1.4.17 Security release |
| |
IMPORTANT (I THINK)
I hope this information may be useful to anyone with a Coppermine Gallery installed.
I noticed only last night that one of my Galleries was a little "strange" - some settings had been altered etc...so I did a search and came up with the following thread on the Coppermine forum.
I must also admit to not having kept my Galleries up to date - I guess I thought it would never happen to me - but it has...
http://forum.coppermine-gallery.net/index.php/topic,51671.0.html 
This is a long thread - and they seem to have now released a patch - but if your Gallery has been hacked - it seems you need to do a lot of work to clean it up as well.
The patches are linked off this page.
http://coppermine-gallery.net/
I now guess the safest way to get back to a clean system is to delete the Gallery - and start over....
My only worry is whether this could have affected any of the other PHP / MySql parts of the domains...
If you have been affected - you will likely find some fraudulent files in the album directories - zip and jpg - but they are not zip and jpg - they are actually PHP scripts.
I have the fraudulent files saved here if anyone wants to take a look at them - my knowledge is very limited on PHP
The Coppermine on Cpanel is only up to 1.4.16 - so I hope Cpanel are aware of this and bring this up to date ASAP...
EDIT
I've just taken a further look - and it seems to have affected a second gallery I hoped it had not...
The biggest worry as I said before - is whether anything else has been affected...
Ah well - there goes the weekend...
Last edited by G JONES on Fri Apr 18, 2008 11:11 am; edited 1 time in total |
|
| Back to top |
|
| NetHosted - Andrew |
|
NetHosted Staff
Joined: 22 Mar 2004
Posts: 5684
|
| Posted: Fri Apr 18, 2008 11:05 am Post subject: |
| |
Hi,
Thanks for the message! Very useful for all.
Andrew
_________________
| Andrew Bassett
| Managing Director, NetHosted Ltd.
| Resellers, take a look at overselling !
| Members, tell us what you think of NetHosted! |
|
| Back to top |
|
| G JONES |
|
NetHosted Customer
Joined: 24 May 2006
Posts: 57
|
| Posted: Fri Apr 18, 2008 11:35 am Post subject: |
| |
| NetHosted - Andrew wrote: | Hi,
Thanks for the message! Very useful for all.
Andrew |
Hi Andrew - do you know of any way to scan for a text string over the whole site - to try and pin down what's been affected ?
Many Thanks... |
|
| Back to top |
|
| NetHosted - Darryl |
|
NetHosted Staff
Joined: 24 Jun 2005
Posts: 296
|
| Posted: Fri Apr 18, 2008 11:44 am Post subject: |
| |
Hi,
We should be able to do this for you from our end, just let us know what you want to search for, you can send this via PM if it's sensitive information.
Regards,
Darryl
_________________
| Darryl Taylor
| Technical Support & Sales Manager, NetHosted Ltd.
| Resellers, take a look at overselling !
| Members, tell us what you think of NetHosted! |
|
| Back to top |
|
User Permissions |
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
| |
Client Support
