+- ZenphotoCMS Forum (https://forum.zenphoto.org)
+-- Forum: Support (https://forum.zenphoto.org/forum-1.html)
+--- Forum: General support (https://forum.zenphoto.org/forum-4.html)
+--- Thread: setup scripts missing (/thread-9219.html)
setup scripts missing - acrylian - 09-11-2011
If it got in via tinymce it might have been the ajax file manager security hole as that is also used as a tinymce plugin. It would help if you have some proof how and where they got in. I have not seen that yet. If it was not the file manager the tinymce developers might also be interessted in that (note 1.4.1.5 does not use the latest, the 1.4.2 beta does).
As said on another thread several security sites had posted (and copied from each other as usual) this security site so maybe someone exploited that since naturally many people don't upgrade regulary.
Of course you can remove tinymce, it is just a plugin you should disable before doing so. You will then of course loose the texteditor and have to add everything manually via plain html code.
setup scripts missing - darkufo - 09-11-2011
Thanks, I'm working with my provider to get to the bottom of it.
I've deleted tinymce (didn't use it anyway )
I'll keep an eye on the server to make sure we don't get hit again.
setup scripts missing - acrylian - 09-11-2011
For albums and images TinyMCE is not necessary if you or your users are confident using html. For the lazy ones..;-) But for articles and pages it provides some convenient tools (tinyZenpage to include images for example).
setup scripts missing - darkufo - 09-11-2011
Cool. Yep, we only use it for images
setup scripts missing - ajkphoto - 09-11-2011
Thanks darkufo, luckily this is actually a site I manage for an organisation and I don't have any of my own sites on that host.
When I reinstalled this site and brought up to date with 1.4.1.5 zenphoto found the following files which it suggested I remove but I don't know whether that's normal:
zp-core/tmp_2087833521026081.php
zp-core/zp-extensions/tiny_mce/plugins/ajaxfilemanager/inc/data.php
zp-core/zp-extensions/tiny_mce/plugins/ajaxfilemanager/inc/error_log
zp-core/zp-extensions/tiny_mce/plugins/ajaxfilemanager/inc/tmpphp.php
zp-core/zp-extensions/tiny_mce/plugins/ajaxfilemanager/inc/index.php
zp-core/zp-extensions/tiny_mce/plugins/ajaxfilemanager/inc/class.images.php
zp-core/error_log
setup scripts missing - darkufo - 09-11-2011
Thanks, I've removed all the TINYMCE ones already.
setup scripts missing - acrylian - 09-11-2011
@ajkphoto:
All files are correct except:
- "zp-core/tmp_2087833521026081.php" one, which is not generated by Zenphoto, might be a from your server.
- "zp-core/error_log" Don't know what that is, might be genrated by your server. Zenphoto stores its log with a suffix .txt within zp-data.
- "zp-core/zp-extensions/tiny_mce/plugins/ajaxfilemanager/inc/tmpphp.php" - is actually not a file that should be there.
Setup probably complains about the other because of the time stamp and "suggest" they might not be okay. It is not file compare.
setup scripts missing - ajkphoto - 09-11-2011
Yeah I know I just posted that for reference if anyone else experiences this.
Presumably with comments now disabled and me the only one accessing the site the TINYMCE issue shouldn't be a problem if I keep it enabled for my convenience.
setup scripts missing - ajkphoto - 09-11-2011
I just noticed that if I visit http://www.gjr-web.com/ where the zpgallerific theme comes from it's also down with the "setup scripts missing" message being displayed. Is this a coincidence?
setup scripts missing - acrylian - 09-11-2011
gjr surely will tell us soon.
setup scripts missing - darkufo - 09-11-2011
Ouch, I wonder how many other Zen installs are going to fall foul of these nasty hackers
setup scripts missing - acrylian - 09-11-2011
Well, it is not that Zenphoto is the first and surely not hte last CMS this happens. And it is actually not our fault if it is the file manager only - we surely cannot check every 3rd party tool we use...
setup scripts missing - darkufo - 09-11-2011
Oh I quite understand that Acrylian.
But it seems that Zen is currently on the spammers/hackers radar.
It there anyway you could make an announcement etc to warn people to upgrade to 1.4.1.5 or warn them in some other way.
Do you have a Newsletter or Twitter account etc that you could post to?
setup scripts missing - acrylian - 09-11-2011
I just published on our news section (and automatically on twitter).
setup scripts missing - darkufo - 09-11-2011
Awesome, if it just helps one person it would have been worth it
setup scripts missing - ajkphoto - 09-11-2011
I agree with darkufo.
I love the simplicity and elegance of Zenphoto but if something goes wrong, whether directly due to Zenphoto or not as in this case, it's great to see prompt support and the news being put out there
setup scripts missing - acrylian - 09-11-2011
Thanks, not always that easy with "prompt" support if you are a very small team and then partly in different time zones.
setup scripts missing - bic - 09-11-2011
Same problem here, today!
I didn't know about this vulnerability, my version was 1.4 (6467)
setup scripts missing - binoyte - 23-11-2011
I've been hacked too. Exactly as described above. Only php files in the zenphoto folder (phpmyadmin an piwik weren't concerned).
Thanks to backup tools I restored easily my web sites.
Permissions were loose. Now they are strict on every folder. Less convenient but safer.
setup scripts missing - formulae - 23-11-2011
I've been hacked too
Thanks to my ISP I have cleared the .htaccess files , they were present in the zp-core , zpextensions and the tinymce folders.
The .htaccess files created files called thumbsdata.php
Here is the code inside one of the htaccess files:
RewriteRule !thumbsdata.php