Dnag still got in :(

Posted: Tue Jun 01, 2004 6:01 pm

Quote:

r00t_System owns you - Não somos responsáveis apenas pelo que fazemos, mas também pelo que deixamos de fazer. Greetz: Pra td a galera do IRC - r00t_System - AFROM4N - Spofs - kieger - MC_KiNNeY - SmartBoy_ - Walucyg Contact - kieger@hush.com

And I have all three parts Sentenal, chat's updates & the hack attemp warning.

Oh well back to the drawing board.

Posted: Tue Jun 01, 2004 6:10 pm

Try the http authentification addon Raven posted. It might be just the thing. But also be sure to save access logs also check the error logs for any clues. There are many things not fully covered by Sentinel like gallery addons ect...

Posted: Tue Jun 01, 2004 6:13 pm

I missed reading about that one ... and here I thought I was complete ... lol. All they did was replace my index.php with the above quoted phrases and added a p.php that said r00t_System owns you. I can't see anything else that was changed.

Are there any other one I may have missed?

Posted: Tue Jun 01, 2004 6:26 pm

Well from what you describe they got file upload permissions. Unless they are really freakin slick there should be some clue in the logs.

Posted: Tue Jun 01, 2004 6:40 pm

Check your modules folder for vulnerable ones like webmail or MyeGallery or any upload script.

Posted: Wed Jun 02, 2004 7:09 pm

I deleted the webmail module .. read somewhere that it wasn't suppose to be ported and some one got in a tizzy over it.

I don't have MyeGallery, but I do have CPG ... but I have all the setting to have to have authorization to upload. But after typing that I just had a blonde moment ... even if the upload of photos has to by authorized it whatever is still uploaded to the server waiting to be authorized. D!oh. I'll have to do some work on that one (even though I'm clueless as to what to look for) Smile

I've disabled the uploading of avatars, but allowed remote avatars in the forum .. is that ok?

Nothing else has any uploading that I can think of.

Another stupid thing ... I can't find the "http authentification addon Raven posted" I've been all through the download section. Is it called something else? or is it in the forum?

Thanks for all your help!!!! Mucho Kisses (for the guys)!!!

Posted: Wed Jun 02, 2004 7:23 pm

Make sure you are using the latest version of CPG, one or more of the previous versions had vulnerabilities which i believe have been corrected.

Posted: Wed Jun 02, 2004 8:15 pm

Yep the same guy got me 2 times on my site till someone told me HELLO its CPG. LOL Laughing

Posted: Thu Jun 03, 2004 10:33 am

I figured they are getting in through CPG ... it's my only add on module Smile

But I love the photo Gallery!!! If there was a safer one I'd use it, but I don't know of one. I do have the latest CPG, so I guess I go bug them and let them know people are still getting in. Wink

Posted: Fri Jun 04, 2004 4:34 am

Woo woo wait a min here.. you have the latest version 1.3 and they still got in!!! Question

Posted: Fri Jun 04, 2004 11:44 am

Ya 1.3.0(beta4) .. is there a newer one then this?!?

Regular Joined: Aug 23, 2003 Posts: 77

i feel that need to patch up, to avoid getting hack.

Posted: Fri Jun 04, 2004 3:29 pm

The hacks don't bother me anymore ... they bother my users. For me it's just a few clicks to fix .. but for my users it the wait until I fix them Rolling Eyes

I try to keep up on the patches as much as I can. CPG has a little dot that lets you know if you are out of date, if everyone did that then it would be easy to tell Smile

Hangin' Around Joined: May 30, 2004 Posts: 46

Here is a photo gallery I've been using for a number of years.

Only registered users can see links on this board! Get registered or login!

Check it out Only registered users can see links on this board! Get registered or login!

Posted: Fri Jun 04, 2004 8:14 pm

Captain_Computer wrote:

Here is a photo gallery I've been using for a number of years.

Only registered users can see links on this board! Get registered or login!

Check it out Only registered users can see links on this board! Get registered or login!

Someone using 4nAlbum (version unknown) recently got hacked. Only registered users can see links on this board! Get registered or login!.

Posted: Fri Jun 04, 2004 8:26 pm

If it was me I'd use Menalto Gallery. They have a first class team there to maintain and address security issues. Coppermine was based on a weak base code to begin with though its been enriched immensely its still built on a very simple code base.

Thats my opinion and I'm stickin to it.

Posted: Sun Jun 20, 2004 12:58 pm

I think I'll try Menalto. Yesterday with all the newest everything on CPG (the only add on to phpnuke I have, other then chatserv & raven scripts; I removed everything else) a hacker was able to get to the server level. My hoster was not happy!!

New Member Joined: Jun 22, 2004 Posts: 6

You are using the standalone version in phpnuke? coppermine for CMS does not have a version 1.3.0(beta4)
http://nukephotogallery.com/
http://cpgnuke.com/

Posted: Wed Jun 23, 2004 10:19 am

It was on a different site, I miss typed for this post .... that site with the stand alone has never been hacked.

On the site that has been hacked several times is plain ol' 1.3. What we finally determined that with my configuration it allowed the hack through the CPG. That 1.3 in the right environment is ok. But with all the scripts I had they did not work well with each other. My hoster emailed CPG with all the details.

Posted: Wed Jun 23, 2004 1:42 pm

I have not received anything Sad