photos.dat files hacked

ndd

Joined: 2009-08-03
Posts: 2

Posted: Mon, 2009-08-03 16:51

The following information is required to get an answer:
Get this information from the PHP diagnostic (in the configuration wizard).
Gallery URL (optional but very useful):
http://aiki.bme.duke.edu/eel/eelGallery
Gallery version: 1.5.3
Apache version: 2.2.4 (Unix)
PHP version (don't just say PHP 4, please): v5.2.1
Graphics Toolkit: netpbm
Operating system: unix
Web browser/version (if applicable):

I just noticed that someone has added a bunch of links to my photos.dat files. I can't see them from gallery, but looking at the dat files I see a bunch of links like:

<a href="http://682.zzautomotivo30.345.pl">mitsubishi lancer 2008 fondo</a>

any idea how that happened and how I can keep it from happening? is it safe to just edit the photos.dat files to remove the offending entries?

nivekiam

Joined: 2002-12-10
Posts: 16504

Posted: Mon, 2009-08-03 17:41

Make sure you're using the latest version of Gallery. G1 has hit EOL (end of life) and if you want to continue with G1, www.jallery.com is where that work is being taken up with. I don't believe customizations of themes will carry over though.

Also make sure that other software running on that site (WordPress maybe) is up to date.
____________________________________________
Like Gallery? Like the support? Donate now!!! See G2 live here

ndd

Joined: 2009-08-03
Posts: 2

Posted: Mon, 2009-08-03 18:10

just upgraded to 1.5.10, and found the comment spam stuff. I think I'm good to go now; thanks!

bharat

Joined: 2002-05-21
Posts: 7994

Posted: Mon, 2009-08-03 21:42

OMG, it's been a long time since I was in the G1 forums! The .dat files are writeable by the webserver, so typically when some attacker finds a way into your site (usually by exploiting some other out-of-date open source app) they write a little script to trawl over any writeable files in your document root and scrawl all over them with bad stuff. There are no known vulnerabilities in the latest versions of G1 and G2, so if you're using those then you should be safe. Scrutinize the other apps on your server!
---
Problems? Check gallery3/var/logs
bugs/feature req's | upgrade to the latest code | use git | help! vote!

ndd Joined: 2009-08-03 Posts: 2	Posted: Mon, 2009-08-03 16:51
	The following information is required to get an answer: Get this information from the PHP diagnostic (in the configuration wizard). Gallery URL (optional but very useful): http://aiki.bme.duke.edu/eel/eelGallery Gallery version: 1.5.3 Apache version: 2.2.4 (Unix) PHP version (don't just say PHP 4, please): v5.2.1 Graphics Toolkit: netpbm Operating system: unix Web browser/version (if applicable): I just noticed that someone has added a bunch of links to my photos.dat files. I can't see them from gallery, but looking at the dat files I see a bunch of links like: <a href="http://682.zzautomotivo30.345.pl">mitsubishi lancer 2008 fondo</a> any idea how that happened and how I can keep it from happening? is it safe to just edit the photos.dat files to remove the offending entries?
	XUser login Username: * Password: * Create new account Request new password
nivekiam Joined: 2002-12-10 Posts: 16504	Posted: Mon, 2009-08-03 17:41
	Make sure you're using the latest version of Gallery. G1 has hit EOL (end of life) and if you want to continue with G1, www.jallery.com is where that work is being taken up with. I don't believe customizations of themes will carry over though. Also make sure that other software running on that site (WordPress maybe) is up to date. ____________________________________________ Like Gallery? Like the support? Donate now!!! See G2 live here

ndd Joined: 2009-08-03 Posts: 2	Posted: Mon, 2009-08-03 18:10
	just upgraded to 1.5.10, and found the comment spam stuff. I think I'm good to go now; thanks!

bharat Joined: 2002-05-21 Posts: 7994	Posted: Mon, 2009-08-03 21:42
	OMG, it's been a long time since I was in the G1 forums! The .dat files are writeable by the webserver, so typically when some attacker finds a way into your site (usually by exploiting some other out-of-date open source app) they write a little script to trawl over any writeable files in your document root and scrawl all over them with bad stuff. There are no known vulnerabilities in the latest versions of G1 and G2, so if you're using those then you should be safe. Scrutinize the other apps on your server! --- Problems? Check gallery3/var/logs bugs/feature req's \| upgrade to the latest code \| use git \| help! vote!

photos.dat files hacked

XUser login