Tweak

InsaneJournal

Tweak says, "Muggle, not muggle."

Username: 
Password:    
Remember Me
  • Create Account
  • IJ Login
  • OpenID Login
Search by : 
  • View
    • Create Account
    • IJ Login
    • OpenID Login
  • Journal
    • Post
    • Edit Entries
    • Customize Journal
    • Comment Settings
    • Recent Comments
    • Manage Tags
  • Account
    • Manage Account
    • Viewing Options
    • Manage Profile
    • Manage Notifications
    • Manage Pictures
    • Manage Schools
    • Account Status
  • Friends
    • Edit Friends
    • Edit Custom Groups
    • Friends Filter
    • Nudge Friends
    • Invite
    • Create RSS Feed
  • Asylums
    • Post
    • Asylum Invitations
    • Manage Asylums
    • Create Asylum
  • Site
    • Support
    • Upgrade Account
    • FAQs
    • Search By Location
    • Search By Interest
    • Search Randomly
_jems_ ([info]_jems_) wrote,
@ 2008-04-11 19:14:00
Previous Entry  Add to memories!  Tell a Friend!  Next Entry
Current mood:pissed the fuck off!!!

See Barney? That's how I feel right now.
Well, I now know what I'm doing instead of having that relaxing weekend I've been dreaming about: Restoring my web site, which got HACKED. (Fuck!)

Just as a public service, since I've spent all day dealing with this shit, here's some tips:

Coppermine seems to be the culprit, even though I know some other applications were targeted. I'm just not running any of those, so in my case, it's pretty clear.

To protect yourself, you can do the following:


  • Use a script-blocker like NoScript!

  • Update to the latest version of Coppermine (doesn't help this issue, but you're not going to get support in the forum unless you do).

  • There is apparently a vulnerability in the upload feature. Log in as Admin, go to Groups and under "Upload Method", set the "URI upload boxes" to 0 for all groups.

  • The hack is apparently targeted at two php files - upload.php and pluginmgr.php. You can delete these via ftp without it affecting the performance of the gallery, so do. I've done just that after I've restored a gallery (and after backing up the files).


If you've already been hacked, read this forum thread. If you still have questions, I might be able to answer them.

[info]winter_baby and [info]bellanut, I've checked your galleries and so far I haven't seen any signs of them being hacked (hacked galleries have a row of black characters at the top and bottom. Also, my script blocker pops up), but you might want to take the preventative measures I listed under the cut. Also, [info]winter_baby, the original FNL gallery has been compromised, so I'm just going to delete it entirely (I only say this because I noticed you hadn't uploaded the caps for episode 2 yet, so you might want to do that).

Right now, the galleries that are affected are offline or the directories renamed (another side-effect seems to be that I can't log into some of them to take them offline). So far, I've only restored some of the smaller galleries, like Eureka, The Black Donnellys and [spooks], but I hope to get vm-caps and the movie gallery up and running tonight.

Wow, this sure is FUN. /sarcasm

(Read comments)

Post a comment in response:

From:
( )Anonymous- this user has disabled anonymous posting.
( )OpenID
Username:
Password:
Don't have an account? Create one now.
Subject:
No HTML allowed in subject
  
Message:
 

Home | Site Map | Manage Account | TOS | Privacy | Support | FAQs