Gallery Hacked

Gallery URL (optional but very useful):http://www.northerncountrymorels.com/pgallery
Gallery version: 1.5.2
Apache version:
PHP version 4.3.11
Graphics Toolkit: imageMagick
Operating system: Windows XP Home
Web browser/version Firefox

Hello,

I hope someone here can help me out. First of all I know this is my fault for not updating to the latest version.

My gallery seems to have been hacked. There are hundreds of comments related to porn and spam in every gallery. It will take forever to delete them all and I know it probably will keep occurring. Now I don't know if there is a way to remove all these comments all at once. I hope so. Also, if I am able to remove them all will updating to the latest version prevent this from happening again or is thee maybe a back door.

Thanks for any help,
Mike

Hi Jens,

Thanks for your response But what do you mean by adding key words in the black? Also how do I prevent this from happening again? Thanks, Mike

Change the permissions on your public galleries so nobody can add without a login.
i.e. remove "all access" for "everybody" and assign add permissions only to those who you want to be able to upload. I have a public gallery and I know it's only a matter of time before they find it and do the same and at 3000 kbps inbound they can upload a lot of crap while I'm sleeping. It's a risk we all take in having a public gallery. I keep one gallery for public stuff so worse case I just ix nae the entire album. You can always move interesting stuff from the public album to a more suitable place after it's uploaded. I'm a bit nervous having an add-via-email thing. It's not published anywhere but it's still only a matter of time. They are like a drug addict snooping in your bathroom; stealing the toilet paper. Why ask why? There is no reason to stupidity; as if I'm going to purchase Viagra, or even CLICK on one of those email links!! Yea, RIGHT! My privates are just fine, thanks. But I do need an "EXPENSIVE" watch...maybe...it's almost Christmas...

While you can't make choices for them. meaning you can't stop them from trying, you can stop them from uploading and eventually they'll remove you from their spam script. I get dozens of email like that every day. I also have had to restrict posting and comments in my weblog to logged in users so I don't get comment-spammed. Some of their scripts act like a bot so you can check your logs. If you get really pissed there is a third option but it only works for a while. Add the ip(s) to your webserver reject list and they won't be able to even connect Now that's P.O.W.E.R. *chuckle* that is why you have a web site, isn't it?
-Tom

Do you actually want any user comments?

On my gallery I have uninstalled the comment module plugin.

site admin > plugins > extra data > comments
then de-activate and uninstall

edit: just noticed you were useing gallery1, not gallery2, so my reply may not be of any use, feel free to ignore it

Dave
--
http://www.morgad.co.uk/gallery2/main.php

See: http://codex.gallery2.org/Gallery1:Users_and_Permissions
-Tom

Hello,

there is currently no possibility to remove comments in bulk from G1.
Except the way you already find.

I don't understand what you mean with:

The page is *exactly* for that purpose.
And a blacklist (which can handle regular expressions) is in my opinion not that bad to find spam comments.

I am open for suggestions.

Jens
--
Last Gallery v1 Developer.
Tryout the TEST-Version of Gallery 1.6

Ok. I managed to fix this problem. My blacklist of 3000+ items was too big for Apache's security module. I temporarily adjusted the allowed size of the response body to 4MB and deleted my blacklist.dat file and started again with just a basic blacklist with the key offenders in it. Then I was able to clear out the spam.