Announcement

#1 2015-04-09 23:11:25

Earth Island Matthew
Guest

locked out by a hack, then the authentication

Hello,
I'm helping a colleague who found the install message instead of her fully populated gallery. I traced the problem to what appeared to be a ham-handed attack, changing the /local/config/ directory's permissions to 200 and inserting some strange obfuscated javascript and php.

I changed the permissions and deleted the anomalous files, and the gallery reappeared. 1st hurdle cleared! Afterward, however, I wanted to update the version, in case there's still vulnerabilities there... and none of the login credentials are accepted as valid. We tried the reset-password for the account, which proceeded just fine; but the new password is likewise rejected.

Could the use of 755 for the /local permissions be problematic? Is there something else I am missing? Thanks for any help or insights you can offer,
Matthew

Piwigo version: 2.5.2
PHP version: 5
MySQL version: 5
Piwigo URL: http://sponsor.eii.org/photo

 

#2 2015-04-10 10:08:28

flop25
Piwigo Team
2006-07-06
6932

Re: locked out by a hack, then the authentication

Hello
what is problematic is that you're running a vulnerable version of Piwigo [Forum, topic 25016] Piwigo 2.7.3, 2.6.5 and 2.5.6, security bug fixed very old ! Be sure you update any of your softwares (server, your computer, your smartphone ...)


To get a better help : Politeness like Hello-A link-Your past actions precisely described
Check my extensions : more than 30 available
who I am and what I do : http://fr.gravatar.com/flop25
My gallery : an illustration of how to integrate Piwigo in your website

Offline

 

#3 2015-04-14 21:17:16

Earth Island Matthew
Guest

Re: locked out by a hack, then the authentication

Hi,
Thanks for your response. I hadn't been the maintainer of this gallery, and I agree that updating is important -- but I'm currently unable to log in and so I can't update it now. Any suggestions? Thanks again,
Matthew

 

Board footer

Powered by FluxBB

github twitter facebook google+ newsletter Donate Piwigo.org © 2002-2019 · Contact