Pages (2): 1 2   
Member
Member
Soleil   2011-12-19, 12:50
#1

I tried to upgrade to 1.4.2 but get always the information

"Forbidden

You don't have permission to access /albums/zp-core/setup.php on this server".

N.B. ZenPhoto has been installed in "albums".

I reinstalled ZenPhoto three times now, but get always the same information.

Administrator
Administrator
acrylian   2011-12-19, 12:52
#2

Well, the file/folder permissions are not set correctly. Please see the troubleshooting on this.

Member
Member
Soleil   2011-12-19, 13:11
#3

Thanks acrylian.

I put the permissions on 777 for "albums" and for ".htaccess", but keep getting the same error message. Should I change permissions anywhere else ? On all forders and files?

Administrator
Administrator
acrylian   2011-12-19, 13:47
#4

You need to fix the permissions on "/zp-core" as the error indicates. 777 is pretty insecure though. So if you really need to do that on setup set them to more secure settings afterwards (see the troubleshooting already referred to).

Member
Member
Soleil   2011-12-19, 14:23
#5

Thanks again acrylian.

In the meantome I put the permissions to 644 for files and to 755 for directories as you suggest in the troubleshooting. I managed to run the setup.

I found my albums again. But the images do not display. I see only their names. What to do?

Administrator
Administrator
acrylian   2011-12-19, 14:26
#6

Please see your server's error log.

Member
Member
Soleil   2011-12-19, 14:58
#7

Through my host, I can get only yesterday's error logs and I do not know how to get error logs through MySql. Is there another way in (ZenPhoto)to see the error logs?

Administrator
Administrator
acrylian   2011-12-19, 15:04
#8

There is no way to get the server error logs through Zenphoto. You have to ask your provider.

Member
Member
Soleil   2011-12-19, 17:10
#9

In the meantime, I managed to display the picture. For some reason, the permissions on my "albums" in the zenpage were set 755 instead of 755.

But CATASTROPHE! I got hacked again. And again my pages point to

Administrator
Administrator
acrylian   2011-12-19, 17:20
#10

Quote:permissions on my "albums" in the zenpage were set 755 instead of 755.
A typo maybe?

Sorry about the new hack - we don't know if it is the same - but this can happen if the file/folder permissions are set to lax or because of numerous other things. Best contact you host as well.

Member
Member
Soleil   2011-12-19, 17:28
#11

I meant "...750 instead of 755".

I have pages (Zenpage) introducing each album and on these pages there is a link like the following. Do you think it is dangerous ?

???

Administrator
Administrator
acrylian   2011-12-19, 17:41
#12

That link is a normal non-modrewrite link to an image name BBBB.jpg in album AAA. Unless the site referred is not yours that is surely not dangerous.

Member
Member
Soleil   2011-12-19, 18:01
#13

I am very thankful to you for answering so quickly. I'll write to the server host again, but last time, a few weeks ago, the answer was that is a known ZenPhoto problem.

The hacker manages to modify the .htaccess and to write into it the following (several times):

                            `ErrorDocument 400                  

The same happens in the .htaccess in the folder "albums"

Member
Member
sbillard   2011-12-19, 18:47
#14

I your site was hacked by the original attack it is necessary to remove all the script and htaccess files as they may have been conpromised. If you have not done that, the hacker still has access to your site.

As to the 0750 permissions--that will cause any direct link to fail since the final digit prohibits access by the public.

Administrator
Administrator
acrylian   2011-12-19, 19:01
#15

I removed the link again. We don't want to send them traffic or have our ranking hurt by linking to them.

Member
Member
Soleil   2011-12-19, 19:28
#16

Thanks acrylian and sbillard !

Yes of course, I had cleaned my site thoroughly and I will clean it again. Let's hope I'll get rid of this nuisance. I'll let you know.

Member
Member
saltmine   2011-12-19, 20:25
#17

Hey just had this happen to my site and thought I would contribute. In my case the hacker also uploaded two php files in various directories (same files each time). They seemed to be added to my sites root directory and the root of the zenphoto directory along with the first directory (alphabetically) in each zenphoto subdirectory.

I have gone through and removed all .htaccess files except for the one in the zenphoto directory - is there any way to generate a new one through zenphoto?

However, my site is still being redirected to site mentioned when access through a search engine. Is this something that google / bing is caching?

Member
Member
sbillard   2011-12-20, 02:26
#18

If you just remove it and run setup you will be given an option to have setup create a new one.

Member
Member
Soleil   2011-12-20, 05:48
#19

Maybe some know about it, but as for me I just found out that FileZilla has a search feature for remote files. Very useful, especially because it shows also the modification date and the file size and you can delete the files from the search window.

I found 12 htaccess files modified by the hacker on my server !!!!

Good to search also above www

I go on with my cleaning.....

Administrator
Administrator
acrylian   2011-12-20, 11:28
#20

That is surely a good idea. Zenphoto has only a root htaccess file by default.

Pages (2): 1 2   
  
Powered By MyBB, © 2002-2026 MyBB Group.
Made with by Curves UI.