New flurry of attacks using Coppermine and My_eGallery

Posted on Monday, August 23, 2004 @ 12:45:03 CDT in PHP-Nuke
by Raven

For all those using these 2 applications, and ESPECIALLY those of you who are Raven Web Hosting customers, there have been a flurry of attempts made to break into your sites. You will see

/modules/My_eGallery/public/displayCategory.php
and
coppermine/themes/default/theme.php

as the files being used. I will be researching bugtraq soon but you need to upgrade to a safe release of disable those applications. These attacks are severe as they allow the dropping of files into a server, not just your site. For my customers, get it fixed or I will have to disable your accounts. Not a threat just the reality.
 
 
click Related        click Share
 
 
Associated Topics

Security
 
 

Re: New flurry of attacks using Coppermine and My_eGallery (Score: 1)
by oprime2001 on Monday, August 23, 2004 @ 15:06:14 CDT

(User Info | Send a Message)

Do you know which version of coppermine is being exploited? This sounds similar to an old exploit described at http://cpgnuke.com/index.php?name=Forums&file=viewtopic&t=341
 
 

Re: New flurry of attacks using Coppermine and My_eGallery (Score: 1)
by Dauthus on Monday, August 23, 2004 @ 20:43:08 CDT

(User Info | Send a Message) http://www.bootleghollow.com

Ok, how about those of us who don't have the default theme anymore? I use a custom theme.
Re: New flurry of attacks using Coppermine and My_eGallery (Score: 1)
by oprime2001 on Tuesday, August 24, 2004 @ 08:42:05 CDT
(User Info | Send a Message)

You just have to be careful that ALL your coppermine themes have been patched -- not just the active one. They were able to use the exploit I linked above on coppermine themes that I was NOT using but had forgetten to patch. My recommendation is to patch your active coppermine theme and to remove coppermine themes that you are not using.

 
 

Re: New flurry of attacks using Coppermine and My_eGallery (Score: 1)
by sting on Monday, August 23, 2004 @ 22:58:45 CDT

(User Info | Send a Message) http://www.nukehaven.com

Any chance of adding consequences for attempts of these exploits to sentinel?

-sting
Re: New flurry of attacks using Coppermine and My_eGallery (Score: 1)
by Raven on Tuesday, August 24, 2004 @ 07:21:30 CDT
(User Info | Send a Message)

See this [ravenphpscripts.com] post for a suggestion.

 
 

Re: New flurry of attacks using Coppermine and My_eGallery (Score: 1)
by sixonetonoffun on Tuesday, August 24, 2004 @ 21:24:20 CDT

(User Info | Send a Message)

I think the general consensus is that MeG has no safe phpnuke version. At least thats what I got out of earlier discussions here.
 
 

Re: New flurry of attacks using Coppermine and My_eGallery (Score: 1)
by HauntedWebby on Wednesday, August 25, 2004 @ 19:10:58 CDT

(User Info | Send a Message)

Hey Raven ... I have coppermine, but I'm the only one that can upload. Everyone else is blocked. Will I still have a problem? Since you are my hoster I want to make sure nothing happens :)
 
News ©

Site Info

Last SeenLast Seen
  • nextgen
  • neralex
Server TrafficServer Traffic
  • Total: 500,495,603
  • Today: 69,514
Server InfoServer Info
  • Feb 25, 2025
  • 02:51 pm CST
 
 

Site Navigation