Gallery constantly being hacked

[whyte]

Hello Jan and anyone who can help me
I am useing the latest version of 4images on my site
www.andrewwhyte.com/photography/gallery

I have been hacked twice in the last few weeks with the culprits leaving the usual and deleting my media files. My hosting company say it is an issue with the software?
I have 2500 images in my gallery which has taken me years to work on and I don't want to have to remove my site. What do I do? Change servers, what? anyone know?

Andrew
NZ

[thunderstrike]

Step 1-2-3 of my signature.

[whyte]

So I need to use phpv5.2? and what sql version?
Would this be the problem with the constant hacking?

Andrew

[thunderstrike]

So I need to use phpv5.2? and what sql version?
Would this be the problem with the constant hacking?

Nothing to do with PHP v5.2 for step I say ... 1-2-3 is PHP, mySQL and 4images version you have.

[whyte]

Hi,
I have the new version of 4images and PHP 5.1.4, I am not sure about the Misql. Sorry miss-understood

It seems we may be on to it. My host provider has told me my writer permissions are to high. I had many of my directories set to CHMD 777 and he says they are modifying my site because I am giving them permissions that are easy to hack. I have removed the writer permissions to public and users and retained only the owner. 'Setting 755 I beleive. I changed it to 777 because I could not move images on the fly. My host says change it over when I need to and then remove the permissions again.
Hopefully this works.
I also read somewhere not to have my site listed on the examples on this website because it may be hacker trail.
See how it goes.
Does anyone agree with my host provider on his ideas? Also does anyone know where I can get that slideshow mod from for 1.7.4.
The usual suppliers link does not seem to work?

Cheers
whyte

[DR4296]

Hi,
I have the new version of 4images and PHP 5.1.4, I am not sure about the Misql. Sorry miss-understood

It seems we may be on to it. My host provider has told me my writer permissions are to high. I had many of my directories set to CHMD 777 and he says they are modifying my site because I am giving them permissions that are easy to hack. I have removed the writer permissions to public and users and retained only the owner. 'Setting 755 I beleive. I changed it to 777 because I could not move images on the fly. My host says change it over when I need to and then remove the permissions again.
Hopefully this works.
I also read somewhere not to have my site listed on the examples on this website because it may be hacker trail.
See how it goes.
Does anyone agree with my host provider on his ideas? Also does anyone know where I can get that slideshow mod from for 1.7.4.
The usual suppliers link does not seem to work?

Cheers
whyte

I had my host tell me the same thing:   That permissions on those directories were all 777 and should not be.   

But if you look at the docs/installation.txt file, the authors of 4images clearly tell us to make the various data and media (and upload) directories all 777.   Isn't this a huge security risk?

I believe that my site was hacked when they uploaded files that clearly were not images.  They were PHP scripts and some other files.  I altered my 4images settings so that it only allows the uploading of files with three file extensions that are only used by images.   I'm not sure if this is good enough.

Now, just yesterday, some folks who own a new site I'm managing want to start uploading images into 4 images.  I was investigating why they couldn't and realized that I had set those folder permissions down to 755.   I reset them back to 777, but I'm seriously considering telling them to declare one or two people to be Administrators and let them do all the uploading... and then I'll just set the board's upload settings to only allow Administrators to upload.

Thanks!

-= Dave =-

[Nicky]

dave, you didn't wrote us which 4images version you used when your site was hacked..

I altered my 4images settings so that it only allows the uploading of files with three file extensions that are only used by images.

that would be enough

[DR4296]

dave, you didn't wrote us which 4images version you used when your site was hacked..

I altered my 4images settings so that it only allows the uploading of files with three file extensions that are only used by images.

that would be enough

Well, it's not the current one, because right after it was hacked, I checked and saw it wasn't up-to-date.     I think it was version 1.7.1 ??
I'm pretty sure the reason I went with 4images was that it just started showing up in Cpanel at some point.   So I installed it on a bunch of sites.  I was glad to see that recent upgrades to CPanel added functionality where we now get emailed whenever an upgrade to such a script is available.

Yeah, I wish the whole event was fresher in my memory.  I think this happened last September or October.  And I keep trying to remember whether that actual field for allowed file extensions ITSELF had been hacked.  I mean, I'm trying to remember if I saw ".htaccess" in there or ".php" or anything else funky.   Can't remember.

I was so overworked and stressed-out at the time.  The hacking event came at a pretty bad time for me.  So, once I thought I'd "found the hole and plugged it", I basically went on to dealing with other fall-out.

Thanks!

-= Dave =-

[whyte]

I am pleased to say my hacked days seem to be over and my site has been running well for a long time. However the nature of my site is that I am the only user and administrator. As I said above the removal of the 777 was a key issue but this still did not stop the hacks. The most important thing is to make a separate password on the admin directories so I have to log at this point in my administration tasks. After I did this my hack went away. This creates an .htaccess on the entire folder.  I was using the latest version of 4 images. A seccurity checklist I found in the forums was helpful.

I would like to be able to get the slideshow working. I can't find the script I used in the old one? Also the ability to go through a payment server like paypal before downloading medium res files would be nice. Any ideas?

[Nicky]

guys,

it does not have anything with chmod's.. they found a security holes in your old 4images version and used them for shxx things.. look to delete everything from gallery which not belongs to or let someone to your ftp to look on it.
most issue is a PHP file in your /data folders
and sometimes a php.html file

in admin CP search for pics with file extension php and delete them.

for 1.7.4 you can use this slideshow > http://www.4homepages.de/forum/index.php?topic=18291.0

[kai]

A seccurity checklist I found in the forums was helpful.

Yes, here's the link once again:
http://www.4homepages.de/forum/index.php?topic=14982.0

[whyte]

In my case php files were planted in the data folders and then they would change my admin settings and remove jpgs and replace it to view only php files. It was the write permissions in the folders ie 777 that allowed the files to be planted there. Image files were also randomly deleted which was a real pain.

Nicky I see where you are coming from as I did simply overright my files when I upgraded to 1.7.4 and any bad files would still remain, I would be keen to know what they might be? I feel that the problems went away when I put htaccess only on my admin folders. Either that or my hack found a more pleasurable form of masturbation.

In the last few months I have had no bogus files planted or any of my settings changed. I have writepermissions denied and htaccess on my admin directory.

Thanks for all your input. Still remains a very good system. i will try that slideshow link.  Cheers

Andy
NZ

[diane]

To start I have to say I am not at all proficient with 4images. I have version 1.7 and have been hacked twice in the past week. (template is 4waters). Here's what appears at the top of my gallery intro page


DB Error: Bad SQL Query: SELECT i.image_id, i.cat_id, i.user_id, i.image_name, i.image_description, i.image_keywords, i.image_date, i.image_active, i.image_media_file, i.image_thumb_file, i.image_download_url, i.image_allow_comments, i.image_comments, i.image_downloads, i.image_votes, i.image_rating, i.image_hits, c.cat_name, u.user_name FROM 4images_images i, 4images_categories c LEFT JOIN 4images_users u ON (u.user_id = i.user_id) WHERE i.image_active = 1 AND i.cat_id NOT IN (0) AND c.cat_id = i.cat_id LIMIT 15653, 1
Unknown column 'i.user_id' in 'on clause'

DB Error: Bad SQL Query: SELECT i.image_id, i.cat_id, i.user_id, i.image_name, i.image_description, i.image_keywords, i.image_date, i.image_active, i.image_media_file, i.image_thumb_file, i.image_download_url, i.image_allow_comments, i.image_comments, i.image_downloads, i.image_votes, i.image_rating, i.image_hits, c.cat_name, u.user_name FROM 4images_images i, 4images_categories c LEFT JOIN 4images_users u ON (u.user_id = i.user_id) WHERE i.image_active = 1 AND c.cat_id = i.cat_id AND i.cat_id NOT IN (0) ORDER BY i.image_date DESC LIMIT 5
Unknown column 'i.user_id' in 'on clause'

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/firthess/public_html/JustColin/includes/db_mysql.php on line 116


Now, what this has done has made it so that no images show on any page and none can be accessed, though the files are all still there.


I tried the database backup and also FTPing a very recent copy of the db_sql file

I know nothing of the technical aspects of these files. I'm not that good at it.

Will loading 1.7.4. heplpor is there an easy fix to the, obviously, altered lines in this file?

Would 1.7.4 wipe out any of my info? I assume it would alter my color settings.

Any help would be appreciated.

Please be gentle and explain it so a 4 year old can understand.

My URL  for my Gallery is:

http://www.firthessence.net/JustColin

[thunderstrike]

Fix:

http://www.4homepages.de/forum/index.php?topic=10184.15