New flurry of attacks using Coppermine and My_eGallery

Posted on Monday, August 23, 2004 @ 11:45:03 UTC in PHP-Nuke
by Raven

For all those using these 2 applications, and ESPECIALLY those of you who are Raven Web Hosting customers, there have been a flurry of attempts made to break into your sites. You will see

/modules/My_eGallery/public/displayCategory.php
and
coppermine/themes/default/theme.php

as the files being used. I will be researching bugtraq soon but you need to upgrade to a safe release of disable those applications. These attacks are severe as they allow the dropping of files into a server, not just your site. For my customers, get it fixed or I will have to disable your accounts. Not a threat just the reality.
 
 
click Related        click Share
 
 
Associated Topics

Security
 
 

Re: New flurry of attacks using Coppermine and My_eGallery (Score: 1)
by oprime2001 on Monday, August 23, 2004 @ 14:06:14 UTC

(User Info | Send a Message)

Do you know which version of coppermine is being exploited? This sounds similar to an old exploit described at http://cpgnuke.com/index.php?name=Forums&file=viewtopic&t=341

 
 

Re: New flurry of attacks using Coppermine and My_eGallery (Score: 1)
by Dauthus on Monday, August 23, 2004 @ 19:43:08 UTC

(User Info | Send a Message) http://www.bootleghollow.com

Ok, how about those of us who don't have the default theme anymore? I use a custom theme.

Re: New flurry of attacks using Coppermine and My_eGallery (Score: 1)
by oprime2001
on Tuesday, August 24, 2004 @ 07:42:05 UTC
(User Info | Send a Message)

You just have to be careful that ALL your coppermine themes have been patched -- not just the active one. They were able to use the exploit I linked above on coppermine themes that I was NOT using but had forgetten to patch. My recommendation is to patch your active coppermine theme and to remove coppermine themes that you are not using.

 
 

Re: New flurry of attacks using Coppermine and My_eGallery (Score: 1)
by sting on Monday, August 23, 2004 @ 21:58:45 UTC

(User Info | Send a Message) http://www.nukehaven.com

Any chance of adding consequences for attempts of these exploits to sentinel?

-sting

Re: New flurry of attacks using Coppermine and My_eGallery (Score: 1)
by Raven
on Tuesday, August 24, 2004 @ 06:21:30 UTC
(User Info | Send a Message)

See this [ravenphpscripts.com] post for a suggestion.

 
 

Re: New flurry of attacks using Coppermine and My_eGallery (Score: 1)
by sixonetonoffun on Tuesday, August 24, 2004 @ 20:24:20 UTC

(User Info | Send a Message)

I think the general consensus is that MeG has no safe phpnuke version. At least thats what I got out of earlier discussions here.

 
 

Re: New flurry of attacks using Coppermine and My_eGallery (Score: 1)
by HauntedWebby on Wednesday, August 25, 2004 @ 18:10:58 UTC

(User Info | Send a Message)

Hey Raven ... I have coppermine, but I'm the only one that can upload. Everyone else is blocked. Will I still have a problem? Since you are my hoster I want to make sure nothing happens :)

 
News ©

Site Info

Last SeenLast Seen
  • NellBui955
  • nextgen
Server TrafficServer Traffic
  • Total: 481,399,154
  • Today: 4,066
Server InfoServer Info
  • Mar 19, 2024
  • 06:14 am UTC