Hi and Happy New Year. I have a question of security related to an installation of g1 which I have since upgraded. I very rarely watch my logs but after doing so the other day I discovered lots of hits to urls on my gallery which don't exist. After following and also searching I discovered most of these links went to a search site. The cracker (or whatever you call this sort of thing) had somehow gained access to the gallery and, well I don't know? This is a couple of examples of links which were created which were virtually invisible to my self:
Quote:
/public_html/gallery/albums/Rene/intex.mm.keyboard.shtml
/public_html/gallery/albums/Rene/cd.key.for.multiplayer.call.of.duty.shtml
/gallery/albums/Rene/downlaod-s3-inc-Trio-3d.phtml
gallery/albums/Eltham-Skate-Park/poser-3-serial-3dworld.phtml
gallery/albums/Rene/download.crack.fx.media.joiner.shtml
gallery/albums/Rene/6.0.msn.dowland.shtml
gallery/albums/Rene/password.xxx.dawnload.shtml
gallery/albums/Rene/mobil.k300i..ru.warez.shtml
The albums exist, but the rest of the crap I have no idea about.
Can anybody explain what is going on please?
Posts: 2258
It is hard to tell with that little information, but typically Gallery 1 installs that have been hacked like that have been from other compromised applications on the server. What all are you running on that server and do you keep up to date with security patches?
Posts: 5
With regards to the server; I do not know what else is on it because it is a shared hosting account, I only know my little space on which, apart from the g1 install, I have b2evolution. I discovered ,after searching google, a few other applications with the same scripts running, eg:4images gallery. The problem seems to be fixed now, I am just interested to know what these scripts are known as and how they get in.