More info on:
http://www.zenphoto.org/news/zenphoto-1.4.1.6
No, the 1.4.1.6 release (as noted on the post) just incorporates the changes mentioned on the 2nd security post. Otherwise it is just 1.4.1.5. Btw, that is mentioned in the release post's first sentence..;-)
Again, note that the svn trunk is NOT 1.4.1.6 but already 1.4.2 beta (the dev svn stream as well) as the 1.4.1.x line was actually considered complete. This has been announced a week or so ago.
A slightly different question: I have downloaded and installed the 1.4.3 DEV (8385) version and done the corrections you suggested in the "Security alert - Part 2 update 2". Am I OK?
P.S. One site was hacked, the other was not, but I cleaned and updated both anyways.
Yes, as far as we know. But I recommend to use the TRUNK svn as that wil become the next version 1.4.2. That is beta and will not get new features until the scheduled release (see roadmap on the bugtracker. Using this will help us find bugs we missed.
The DEV svn is for 1.4.3 somewhere in the future. Currently both are still the same but soon this one might get experimental. So we can't recommend to use this on a live site currently.
After being affected by this loophole and clearing out the old install when I come to upload (cPanel) the install package my hosts system is rejecting the 1.4.1.6.zip saying it contains a virus (scanner is probably ClamAV).
I can not get any details as to which file it objects to.
Has this been an issue for anyone else?
Maybe we are missing something here. Without the "ajax file manager" we cannot use the "Files" tab under "Upload".
Which seems to mean the only way to add photos is via the web page upload.
Is there some other way to get Zenphoto to process files we already have copied to the server? That has always been our preferred method to load pictures.
Any help is appreciated.
The "Files" tab did never provide a way to add photos to your gallery. it is just a way to upload files to your "uploaded" folder which you can then place as you wish on your pages through HTML.
It is the "Images" tab that provided the means for uploading photos. It is still present and operational.
Besides, there is always FTP to upload to your site. Zenphoto always processes images it finds in your albums folders.
Hi all,
my site was hacked and i lost a lot of informations :'( But I was able to find some information in the Apache logs.
The hacker succeeded to download the [link removed by moderator] file and execute it. It has mostly to remove all files owned by apache.
I hope this will help someone !
Hi,
i'm ok for this. So the zip contain no virus but a php,perl and sql files. The php file is similar to ajaxterm. I think that my issue could help someone.
If you want i post the php file screenshot : http://tinypic.com/r/301ev89/5
My site (fotofill.net) was hacked too. We rescanned the site, had the host do the same. I traced the IP and blocked any IP from Russia-Ukraine.It appears the hacker used tiny_mce to get access. I am pretty new to all this. Here is the message from my host:
After further investigation, it appears that a hacker was able to inject malicious code into most (if not all) your php files by using the tiny_mce editor function from your Zenphoto installation.
They suggested this:
1). Update all scripts and plugins to remove vulnerabilities inherent in older versions.
2). Scan the local system used to access this account for malware using the following software: MalwareBytes ( http://www.malwarebytes.org/ ) and ComboFix ( http://www.bleepingcomputer.com/combofix/how-to-use-combofix ). Many instances of compromised login details are due to local malware intercepting login details.
We did that. We asked Google to scan the site also. Still waiting...
My problem now is that my logins and passwords were wiped out at ZP and I cannot get in.
Anything wth fotofill.net in it is being blocked ny browsers. Can someone help me get to my zp-core? Thanks
If the whole fotofill.net is blocked it is probably by your hosting company. That is a pretty standard response to this kind of attack. For instance my hoster did this. I had to use FTP to cleanse the site and then contact the hoster to have it unblocked.
There is another thread with details on how to cleanse your site, but basically it involves removing all the site files and reloading from backup. Always, of course, do not restore the zenphoto files but obtain the fixed version and install that.
THe blocking of the site is not by the hosting company. It is blocked in the browser by using a warning database Google & Co provide that most browser vendors use.
Sorry, you will have to wait until your site is rescanned and removed from that. On Google that might take a few days. You can of course ignore that warning and proceed. How to reset Zenphoto passwords is explained on our troubleshooting.
Hello! I have 2 zenphoto galleries on my site and both of them got hit by the ajax bug so now I am trying to fix it (really annoying because I am in the middle of two large class projects). Based on what I have read on this post and the other couple related posts, this is what I have gathered the solution to fix it is:
- Delete ajax upload manager folder inside of zenphoto
- Install latest zenphoto release
- Go through all php and .htaccess files on the website to ensure they are clean
Does that sound right? I am still new to zenphoto/website management in general and I want to be sure I don't do something stupid while trying to clean it up and lose the 7000+ images between my two galleries, lol.
Thank you for your help!