Upgrade and hacked questions

[Gwydion]

I have questions about upgrading and hacker protection/repair.

I am quite sure my gallery has been hacked because it is calling a spammer's site and tries to open popups

I thought of upgrading to a new version but I want to do a complete sweep while keeping the categories/images/thumbs as they are.
Is this possible and how do I do it best (remove all files and upload new version files/folders manually?)
Is there a chance to get rid of the hacker's script by doing so?
I have read that the template folders should be cmod to 644, is that correct?

[thunderstrike]

I am quite sure my gallery has been hacked because it is calling a spammer's site and tries to open popups

If check web logs - what is say for hack status ?

I have read that the template folders should be cmod to 644, is that correct?

Hum ... is PHP_EXEC_CODE 1 or 0 in includes/constants.php file ?

1 - If set 1 - I say for set 0. In template - no use PHP code if security problem. Use quote tag.
2 - Install all bug fixes from forum: http://www.4homepages.de/forum/index.php?board=17.0 - is no problem for core files (is affect some install MOD only).

[Gwydion]

Thanks.
In my constants.php file there is no such code or line as PHP_EXEC_CODE.

I tried to upgrade to 1.7.4 but had troubles so I think removing all and each file and upload the new version would be the best solution but this will only work (or rather I will only do that now) if categories and images are not affected.

ETA: The hacker changed the index.php file to its own. My ISP php version is 4.4.7 if this is of importance.

[thunderstrike]

In my constants.php file there is no such code or line as PHP_EXEC_CODE.

Code: [Select]

// Allow execution of PHP code in templates
define('EXEC_PHP_CODE', 1);


I tried to upgrade to 1.7.4 but had troubles so I think removing all and each file and upload the new version would be the best solution but this will only work (or rather I will only do that now) if categories and images are not affected.

Is possible for say problem is do if upgrade ? (Error message)

[Gwydion]

Ok, found the code in the constants.php and changed to 0 - thank you.

Is possible for say problem is do if upgrade ? (Error message)

Sorry, I don't get this .. if you ask which error message(s) I got .. I don't have them anymore.

I have realised that I get an error message when I try to download the database backup but that is just a minor problem right now.
I noticed that after the upgrade the hackers script still was active somewhere (and about two weeks later it changed files like the index.php in the main folder) so simply uploading the upgrade files did not help.
That's why I am asking about deleting everything except the media folders and database.

[kai]

That's why I am asking about deleting everything except the media folders and database.

Yes. That's the way to do it. But don't forget to make a backup of your database.
After this install the latest version of 4images:
http://www.4homepages.de/4images/download.php
and import the sql dump.

But ALSO look through the media folders for suspicious files!


And have a look at thes 4images security tips:
http://www.4homepages.de/forum/index.php?topic=14982.0