Announcement

#1 2013-06-26 20:06:21

kozmob
Member
2012-01-14
45

How do I prevent malware injections into my Piwigo site

My site (kozpics.com) has been hacked three times in two months. Google warns me of script injections. I've cleaned it, reinstalled it, upgraded passwords, etc. I am now waiting for Google review the site to confirm it's clean.

I want to know how this happens and what can I to prevent it.

Google webmaster tools tells me there was malicious content on 93 pages on the site. They are script injections (such as <script src="http://stigat67ionsfor.rr.nu/nl.php?p=d">). The injections are all different but they all from rr.nu. The injections are into picture pages (http://www.kozpics.com/picture.php?/2501/categories) and (http://www.kozpics.com/picture.php?/229).

I'm totally naive about web site structure. Any leads would be appreciated.

On a side note, I entered the infected pages regardless of the warning. Then I scanned my machine with several malware screeners. They found nothing.

Thanks / Kozmo

Offline

 

#2 2013-06-26 20:25:45

mistic100
Former Piwigo Team
Lyon (FR)
2008-09-27
3271

Re: How do I prevent malware injections into my Piwigo site

for me the only entry point is your FTP, if somehow the hacker managed to get access to it (weak password, etc) he modified your files and added its javascript

There is no known security breach in Piwigo itself, as well in plugins

Offline

 

#3 2013-06-27 11:01:20

aardbei
Member
2012-12-22
2

Re: How do I prevent malware injections into my Piwigo site

hmmm, I do think the above depends on the piwigo version topicstarter is using and if he/she has deleted install.php  ...

see list of vulnerabilities
http://www.cvedetails.com/vulnerability … iwigo.html

Offline

 

#4 2013-06-27 11:09:36

flop25
Piwigo Team
2006-07-06
6920

Re: How do I prevent malware injections into my Piwigo site

we do know the cve related to piwigo, and the worst were related to a windows environment
But unfortunately the cause is usually a steal of ftp credentials

to prevent any hacking, the basic rules are to keep your softwares updated (for piwigo register to the newsletter) and use strong and unique ftp password


To get a better help : Politeness like Hello-A link-Your past actions precisely described
Check my extensions : more than 30 available
who I am and what I do : http://fr.gravatar.com/flop25
My gallery : an illustration of how to integrate Piwigo in your website

Offline

 

#5 2013-06-27 20:01:30

kozmob
Member
2012-01-14
45

Re: How do I prevent malware injections into my Piwigo site

thanks all. I thought I had this cleaned up but google tells me it's still infected. I'll start a new thread for advice on getting it clean. Version loaded is 2.5.1. I've deleted all FTP accounts. I have a strong and unique password.

aardbei wonders if I've deleted install.php. I don't understand the table of CVE details but I see there's access through this file in ver 2.4.7. Should I do something with the install.php using ver 2.5.1?

Offline

 

#6 2013-06-27 20:07:51

flop25
Piwigo Team
2006-07-06
6920

Re: How do I prevent malware injections into my Piwigo site

that bug as been corrected in 2.4.7 : it appears only if you were running windows on your server


To get a better help : Politeness like Hello-A link-Your past actions precisely described
Check my extensions : more than 30 available
who I am and what I do : http://fr.gravatar.com/flop25
My gallery : an illustration of how to integrate Piwigo in your website

Offline

 

#7 2013-06-27 20:48:44

flop25
Piwigo Team
2006-07-06
6920

Re: How do I prevent malware injections into my Piwigo site

Your website is clean
You might speed up things if you have a google for webmaster account


To get a better help : Politeness like Hello-A link-Your past actions precisely described
Check my extensions : more than 30 available
who I am and what I do : http://fr.gravatar.com/flop25
My gallery : an illustration of how to integrate Piwigo in your website

Offline

 

#8 2013-06-27 20:55:23

kozmob
Member
2012-01-14
45

Re: How do I prevent malware injections into my Piwigo site

thanks flop25

You say the website is clean. I still get the google warning when I go to the site (kozpics.com) and their most recent review of the site tells me it's infected. How do you think it's clean?

Offline

 

#9 2013-06-27 20:57:12

kozmob
Member
2012-01-14
45

Re: How do I prevent malware injections into my Piwigo site

oh, and I do have a google webmaster acct

Offline

 

#10 2013-06-27 20:58:40

flop25
Piwigo Team
2006-07-06
6920

Re: How do I prevent malware injections into my Piwigo site

Google is a heavy system with a lot of inertia! I say it's safe, because I checked the source and there is only Google Analytics as "foreign" script


To get a better help : Politeness like Hello-A link-Your past actions precisely described
Check my extensions : more than 30 available
who I am and what I do : http://fr.gravatar.com/flop25
My gallery : an illustration of how to integrate Piwigo in your website

Offline

 

#11 2013-06-27 21:06:15

kozmob
Member
2012-01-14
45

Re: How do I prevent malware injections into my Piwigo site

ok, thanks. I guess the next thing to do is to ask google to review it again. Will do that.

Offline

 

Board footer

Powered by FluxBB

github twitter facebook google+ newsletter Donate Piwigo.org © 2002-2019 · Contact