Security question

Rob Log

Joined: 2005-12-30
Posts: 5

Posted: Sun, 2006-01-01 12:07

Hi and Happy New Year. I have a question of security related to an installation of g1 which I have since upgraded. I very rarely watch my logs but after doing so the other day I discovered lots of hits to urls on my gallery which don't exist. After following and also searching I discovered most of these links went to a search site. The cracker (or whatever you call this sort of thing) had somehow gained access to the gallery and, well I don't know? This is a couple of examples of links which were created which were virtually invisible to my self:

Quote:

/public_html/gallery/albums/Rene/intex.mm.keyboard.shtml
/public_html/gallery/albums/Rene/cd.key.for.multiplayer.call.of.duty.shtml
/gallery/albums/Rene/downlaod-s3-inc-Trio-3d.phtml
gallery/albums/Eltham-Skate-Park/poser-3-serial-3dworld.phtml
gallery/albums/Rene/download.crack.fx.media.joiner.shtml
gallery/albums/Rene/6.0.msn.dowland.shtml
gallery/albums/Rene/password.xxx.dawnload.shtml
gallery/albums/Rene/mobil.k300i..ru.warez.shtml

The albums exist, but the rest of the crap I have no idea about.
Can anybody explain what is going on please?

ckdake

Joined: 2004-02-18
Posts: 2258

Posted: Sun, 2006-01-01 17:55

It is hard to tell with that little information, but typically Gallery 1 installs that have been hacked like that have been from other compromised applications on the server. What all are you running on that server and do you keep up to date with security patches?

Rob Log

Joined: 2005-12-30
Posts: 5

Posted: Tue, 2006-01-03 01:50

With regards to the server; I do not know what else is on it because it is a shared hosting account, I only know my little space on which, apart from the g1 install, I have b2evolution. I discovered ,after searching google, a few other applications with the same scripts running, eg:4images gallery. The problem seems to be fixed now, I am just interested to know what these scripts are known as and how they get in.

Rob Log Joined: 2005-12-30 Posts: 5	Posted: Sun, 2006-01-01 12:07
	Hi and Happy New Year. I have a question of security related to an installation of g1 which I have since upgraded. I very rarely watch my logs but after doing so the other day I discovered lots of hits to urls on my gallery which don't exist. After following and also searching I discovered most of these links went to a search site. The cracker (or whatever you call this sort of thing) had somehow gained access to the gallery and, well I don't know? This is a couple of examples of links which were created which were virtually invisible to my self: Quote: /public_html/gallery/albums/Rene/intex.mm.keyboard.shtml /public_html/gallery/albums/Rene/cd.key.for.multiplayer.call.of.duty.shtml /gallery/albums/Rene/downlaod-s3-inc-Trio-3d.phtml gallery/albums/Eltham-Skate-Park/poser-3-serial-3dworld.phtml gallery/albums/Rene/download.crack.fx.media.joiner.shtml gallery/albums/Rene/6.0.msn.dowland.shtml gallery/albums/Rene/password.xxx.dawnload.shtml gallery/albums/Rene/mobil.k300i..ru.warez.shtml The albums exist, but the rest of the crap I have no idea about. Can anybody explain what is going on please?
	XUser login Username: * Password: * Create new account Request new password
ckdake Joined: 2004-02-18 Posts: 2258	Posted: Sun, 2006-01-01 17:55
	It is hard to tell with that little information, but typically Gallery 1 installs that have been hacked like that have been from other compromised applications on the server. What all are you running on that server and do you keep up to date with security patches?

Rob Log Joined: 2005-12-30 Posts: 5	Posted: Tue, 2006-01-03 01:50
	With regards to the server; I do not know what else is on it because it is a shared hosting account, I only know my little space on which, apart from the g1 install, I have b2evolution. I discovered ,after searching google, a few other applications with the same scripts running, eg:4images gallery. The problem seems to be fixed now, I am just interested to know what these scripts are known as and how they get in.

Security question

XUser login