Yesterday I got an Email from my Host (udmedia.de):
"Dear ...
we had to block your used script
/ html / zenphoto / (ZenPhoto)
with immediate effect.
It allows attackers to send multiple e-mails to any recipient.
In the Interest of other customers you cant reactivate the script without improvement (update or deletion). If you use a freely available web software (CMS, news, etc. ..) we strongly recommend to update or switch to an alternative. In addition, we recommend that you change all your passwords."
I updated Zenphoto about six weeks ago...
What shall i do? Will an update solve the problem?
Thank you for support
If you are not running 1.4.1.6 you may have been hacked. In November several sites had been as a third party script we used had a serious security hole. Please see and also the lengthly forum posts linked within these articles:
http://www.zenphoto.org/news/alert-security-hole-in-zenphoto-1.4.1.4
http://www.zenphoto.org/news/security-alert-part-2
http://www.zenphoto.org/news/zenphoto-1.4.1.6
thank you so much!
i updated and hope everything will work out now.
I also followed all instructions in the links above.
Is there anything more i can do?
Because when i want to run the setup i get the message
Access denied for user "@'localhost' (using password: NO)
I reported to my host, maybe its because he blocked my Zenphoto...
have a nice afternoon,
hanna
i fixed it, thanks to your idea regarding the 'localhost':
In the zp-config.php I had to adjust the variables to my MySQL-database login details. Just forgot...