Author Topic: Upgrade and hacked questions  (Read 4896 times)

0 Members and 1 Guest are viewing this topic.

Offline Gwydion

  • Full Member
  • ***
  • Posts: 126
    • View Profile
Upgrade and hacked questions
« on: December 03, 2007, 02:54:25 PM »
I have questions about upgrading and hacker protection/repair.

I am quite sure my gallery has been hacked because it is calling a spammer's site and tries to open popups

I thought of upgrading to a new version but I want to do a complete sweep while keeping the categories/images/thumbs as they are.
Is this possible and how do I do it best (remove all files and upload new version files/folders manually?)
Is there a chance to get rid of the hacker's script by doing so?
I have read that the template folders should be cmod to 644, is that correct?


Offline thunderstrike

  • 4images Guru
  • *******
  • Posts: 2.327
    • View Profile
Re: Upgrade and hacked questions
« Reply #1 on: December 03, 2007, 02:58:21 PM »
Quote
I am quite sure my gallery has been hacked because it is calling a spammer's site and tries to open popups

If check web logs - what is say for hack status ?

Quote
I have read that the template folders should be cmod to 644, is that correct?

Hum ... is PHP_EXEC_CODE 1 or 0 in includes/constants.php file ?

1 - If set 1 - I say for set 0. In template - no use PHP code if security problem. Use quote tag.
2 - Install all bug fixes from forum: http://www.4homepages.de/forum/index.php?board=17.0 - is no problem for core files (is affect some install MOD only).
8 steps need when ask question -

- PHP version (ACP - > phpinfo())
- mySQL version (ACP - > phpinfo())
- 4images version
- Post screenshot / URL
- Post code in BB Code (no need full file for code) or post attach file
- It doesn't work. What is say - what is do for no work
- Install MOD ? If so - please say (troubleshooting)
- Read FAQ ? Install Bug fixes ?

Offline Gwydion

  • Full Member
  • ***
  • Posts: 126
    • View Profile
Re: Upgrade and hacked questions
« Reply #2 on: December 03, 2007, 06:20:36 PM »
Thanks.
In my constants.php file there is no such code or line as PHP_EXEC_CODE.

I tried to upgrade to 1.7.4 but had troubles so I think removing all and each file and upload the new version would be the best solution but this will only work (or rather I will only do that now) if categories and images are not affected.

ETA: The hacker changed the index.php file to its own. My ISP php version is 4.4.7 if this is of importance.

« Last Edit: December 03, 2007, 07:07:53 PM by Gwydion »

Offline thunderstrike

  • 4images Guru
  • *******
  • Posts: 2.327
    • View Profile
Re: Upgrade and hacked questions
« Reply #3 on: December 03, 2007, 07:05:29 PM »
Quote
In my constants.php file there is no such code or line as PHP_EXEC_CODE.

Code: [Select]
// Allow execution of PHP code in templates
define('EXEC_PHP_CODE', 1);

Quote
I tried to upgrade to 1.7.4 but had troubles so I think removing all and each file and upload the new version would be the best solution but this will only work (or rather I will only do that now) if categories and images are not affected.

Is possible for say problem is do if upgrade ? (Error message)
8 steps need when ask question -

- PHP version (ACP - > phpinfo())
- mySQL version (ACP - > phpinfo())
- 4images version
- Post screenshot / URL
- Post code in BB Code (no need full file for code) or post attach file
- It doesn't work. What is say - what is do for no work
- Install MOD ? If so - please say (troubleshooting)
- Read FAQ ? Install Bug fixes ?

Offline Gwydion

  • Full Member
  • ***
  • Posts: 126
    • View Profile
Re: Upgrade and hacked questions
« Reply #4 on: December 04, 2007, 11:18:05 PM »
Ok, found the code in the constants.php and changed to 0 - thank you.

Quote
Is possible for say problem is do if upgrade ? (Error message)

Sorry, I don't get this .. if you ask which error message(s) I got .. I don't have them anymore.

I have realised that I get an error message when I try to download the database backup but that is just a minor problem right now.
I noticed that after the upgrade the hackers script still was active somewhere (and about two weeks later it changed files like the index.php in the main folder) so simply uploading the upgrade files did not help.
That's why I am asking about deleting everything except the media folders and database.



Offline kai

  • Administrator
  • Addicted member
  • *****
  • Posts: 1.412
    • View Profile
    • 4images - Image Gallery Management System
Re: Upgrade and hacked questions
« Reply #5 on: December 05, 2007, 12:55:21 AM »
That's why I am asking about deleting everything except the media folders and database.

Yes. That's the way to do it. But don't forget to make a backup of your database.
After this install the latest version of 4images:
http://www.4homepages.de/4images/download.php
and import the sql dump.

But ALSO look through the media folders for suspicious files!


And have a look at thes 4images security tips:
http://www.4homepages.de/forum/index.php?topic=14982.0
Your first three "must do" before you ask a question:
1. Forum rules
2. FAQ
3. Search