Major site rebuild questions

gomangodave

Joined: 2012-12-29
Posts: 1
Posted: Sat, 2012-12-29 06:39

Gallery version = 2.2.2 core 1.2.0.4
PHP version = 5.2.17 cgi-fcgi
Webserver = Apache
Database = mysqlt 5.5.28-29.1, lock.system=flock
Toolkits = ArchiveUpload, Exif, Getid3, LinkItemToolkit, Thumbnail, Gd, SquareThumb
Acceleration = none/3600, none/900
Operating system = Linux sv4.byethost4.org 2.6.32-279.14.1.el6.bl0.9.5_1.x86_64 #1 SMP Thu Nov 8 14:33:47 MST 2012 x86_64
Default theme = siriux
gettext = enabled
Locale = en_US
Browser = Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.11 (KHTML, like Gecko) Chrome/23.0.1271.97 Safari/537.11
Rows in GalleryAccessMap table = 407
Rows in GalleryAccessSubscriberMap table = 2358
Rows in GalleryUser table = 961
Rows in GalleryItem table = 2334
Rows in GalleryAlbumItem table = 153
Rows in GalleryCacheMap table = 0

I have an integrated install using an unsupported bridge to an old version of Joomla. The problem now is that an old script in joomla was hacked and the entire site is now compromised. The big plan now is to rebuild from scratch without loosing all the photos.

I have zipped everything up and downloaded the entire website as well as the database. I will have the host do a complete wipe of my account and set me up fresh like I was a new customer. I will then upload new scripts and hopefully restore the gallery to its former glory.

When I upload the gallery, I will not want to use the original backup files for fear that they may be compromised. I need to know what my best route is at this point. Should I kill all the plugins, custom theme and upgrade to the latest version to create my backup with? After that can I upload a fresh copy of gallery2 with my g2data and config file? I worry that there may be compromised files in the g2data directory. What is the minimum that I can get away with uploading out of the g2data dir?

This is a bit nerve racking for fear of loosing years of albums. My life away from the internet has not allowed me enough time to preform the required maintenance in the past. Custom script mods made it difficult to keep up with updates, and now I am paying the price. From here out I will endeavor to keep the scripts unmolested and I plan on staying away from bridges.

Thanks in advance.
Dave

 
suprsidr
suprsidr's picture

Joined: 2005-04-17
Posts: 8339
Posted: Sat, 2012-12-29 07:46

you can safely leave your gallery intact.
At any time you can run the gallery upgrade script /yoursite.com/gallery2/upgrade and it will let you know if any files are compromised.
All you would need to do is replace those w/ fresh copies.
There is a new G2<->Joomla script http://gallery.menalto.com/node/102306

-s
________________________________
All New jQuery Minislideshow for G2/G3

 
Dayo

Joined: 2005-11-04
Posts: 1642
Posted: Sat, 2012-12-29 08:45

Sorry to be so direct given what you have gone through but saying you will avoid bridges as a consequence is just plain silly.

The issue is not one of bridges or otherwise but of using an insecure script for which warnings have been posted for a long time.

The Vulnerable Extensions List published by Joomla has over 200 different scripts on it as at December 2012 and only one is a bridge. If you add the archived items from before Jan 2011, the list grows to about 300 scripts and the number of bridges? Still just one.

Clearly, avoiding installing a bridge by itself is not an issue. Not doing due diligence is the issue at hand a bit like this guy here: http://gallery.menalto.com/node/104282 (only a matter of time before he gets hacked as well)

As you may have guessed, I have written one or two bridges for G2 :)

Anyway, to recover your site, you must delete all the files (the only things salvageable are the images in your g2data/albums folder) More things can be if you know exactly what you are doing. If not, deletion is the only safe way forward. The install script can help check for modified files as noted above by suprsidr and you have to investigate every one flagged

Note that this does not only apply to the G2 part of the site. The hacker would have traversed through once they got in so this means the joomla and everything else.
Also, if you have other domains on the account, these have to go as well.

Then, follow this step by step guide to recovering a hacked server: http://25yearsofprogramming.com/blog/20070705.htm. There are no short cuts.

--> Start Section if deleting G2 files
To shut down your sites, deactivate and uninstall the rewrite module in G2 if installed.
Make a note of all the modules you have installed. You can find them in the "modules" folder.
After that, take backups of the databases for G2, Joomla etc.
After you clean up, you can download a fresh copy of Gallery 2.2.2, restore the gallery and upgrade to v2.3.2
--> End Section if deleting G2 files

Other scripts such as joomla will need similar treatment.

You may need to hire a server admin to do all of this for you if you want to recover as closely as possible to what you had.

Alternative with G2 is to just wipe everything except the images and import those back into a new installation.

--
dakanji.com