Check your Images folder for Edu.exe!

Posted: Mon Apr 11, 2005 11:32 am

Hello everybody,

Just in case this was something new in the works, I figured I would pass the word and make it known. I was browsing through my folders the other day and I came across 2 files in my images/topics folder named:

Edu.exe
Edu.html

I couldn't remember if this was something I could have uploaded wrong or not. I downloaded the exe file to my desktop and it was flagged right away as a virus. I deleted both of the above files from the directory and checked all the other folders to see if it was in any others. It was not.

Today when I got home and looked at my "HTTP Referers", sure enough there was a hit for the following URL:

http://www.pcsympathy.com/images/topics/Edu.exe

This may be another type of exploit that's in the works. I have no idea, but wanted to pass the word.

What would allow somebody to write files to those directories? Is this a code exploit?

Site Admin/Owner Joined: Aug 27, 2002 Posts: 17088

Coppermine, My_eGallery - any third party application that is known for upolad exploits.

Posted: Mon Apr 11, 2005 2:23 pm

Thanks. Coppermine has been turned off for a while now. Only me, the Admin, can upload pictures.

The only other thing I know is the Forums Avatar Upload feature. That's the only one I can think of that still allows uploads.

Posted: Mon Apr 11, 2005 2:45 pm

If I am not mistaken, it doesn't matter if you only allow admins to upload or not, coppermine is still exploitable regardless. My understanding was the only way to prevent the exploit was to remove the module.

Posted: Mon Apr 11, 2005 3:04 pm

Well if you are right, then that is something I did not know. I figured I would be safe if I just didn't allow anybody but me to upload.

Thanks for the info. How can we find out for sure?

Posted: Mon Apr 11, 2005 3:06 pm

Let's ask Raven. Raven? Am I correct?

Theme Guru Joined: Nov 01, 2003 Posts: 1006

yes, once it is in your system it can be exploited even if you turn it off completely. You MUST remove all the parts of coppermine including the admin directories. If you use this program or my egallery you are just waiting to be hacked. We have all learned this through experience. Find a more secure gallery like
gallery.menalto.com

Good Luck!

Posted: Mon Apr 11, 2005 3:09 pm

I learned alot today. Thank you all very much! Smile

Posted: Mon Apr 11, 2005 3:42 pm

Get menalto and save yourself some grief.

Posted: Mon Apr 11, 2005 3:45 pm

indeed!

Posted: Mon Apr 11, 2005 3:50 pm

Will check into it. Thanks again. Smile

Posted: Mon Apr 11, 2005 6:21 pm

Another good option, at least for me was the ported phpbb album mod from smartor. I like it really well

Posted: Wed Apr 13, 2005 2:50 pm

Confused about menalto....is there already a version for Nuke? I just want it as a Module, not a stand-alone program. Which one do I download?

Posted: Wed Apr 13, 2005 3:03 pm

I use mine as a standalone but it is fully linked into my site as a module. I believe that they have one that is for nuke but I have not tried it myself.

Posted: Wed Apr 13, 2005 7:10 pm

The 1.4 and 1.5 tree's work as a module. I haven't tried or seen install instructions for G2 yet but believe its on the way soon at nukedgallery.net

Worker Joined: Apr 14, 2004 Posts: 193

It can work either way depending on the installation you choose during the install process. I worked with coppergallery until nuke support vanished and I wish I had gone to menalto sooner. I actually use the gallery as standalone and integrated as a module in my nuke at one of my sites.

Posted: Fri Apr 15, 2005 3:42 pm

Do members still have to register with the Menalto module to create albums or have they made it like coppermine, allowing existing members to create albums without having to register with nuke and the gallery?

registered · Posted: Fri Apr 15, 2005 5:54 pm

As far as I know in the 1.x series you have to still add users to albums separately. Although, I can see my nuke users in the list for adding permissions. I thought that I had read somewhere that better user integration was coming in 2.x, but that was long back that I read that.

Posted: Fri Apr 15, 2005 8:15 pm

Will be interesting to see. Too many users stumble on stuff that is even slightly complicated... integration is needed for it to work well for my site.

Right now I am using the smartor album (forum mod) and it seems to work really well. Mind you it isn't as feature rich as coppermine was, but it does seem to get the job done, plus as an added bonus you have the ability to add the album right to the user's forum profile. Pretty sweet. *LOL*

I'll be watching the Gallery to see how it develops.

Posted: Sat Apr 16, 2005 8:26 am

My needs are much simpler than others I guess. I love Gallery. Been a great tool. I only have a handful of admins and everyone who is logged in to Nuke is allowed to see the albums. So, for me, Menalto's Gallery, even without the use of nuke's groups or phpBB groups within Nuke, is a full-featured, excellent tool

montego