Announcement

#1 2013-01-31 08:37:27

Joergen
Translation Team
Germany
2011-09-30
114

How to make Piwigo saver for attacks

Hi,

after an Malware attack, I ask my self how to make Piwigo saver for attacks.

Some on told me, one problem could be that Piwigo is using smarty 2.6.26 with on problem for attacks.

Are there any other measurements I can do?

Rgs.
Joergen

Offline

 

#2 2013-01-31 12:01:12

flop25
Piwigo Team
2006-07-06
7037

Re: How to make Piwigo saver for attacks

Hello
more detail about the attack, and what script you had (piwigo extensions, other php files...) etc would help much more


To get a better help : Politeness like Hello-A link-Your past actions precisely described
Check my extensions : more than 30 available
who I am and what I do : http://fr.gravatar.com/flop25
My gallery : an illustration of how to integrate Piwigo in your website

Offline

 

#3 2013-02-01 19:50:08

Joergen
Translation Team
Germany
2011-09-30
114

Re: How to make Piwigo saver for attacks

Hi,

first of all the question is more general, what can you do to make it more secure or prevent attack/hacks etc.

The question is based on my experience, described here.

http://piwigo.org/forum/viewtopic.php?id=21209

http://jeffreysambells.com/2012/12/12/anatomy-of-a-hack


Actually I had the following Malware in Piwigo and on my Private Homepage: js/exploit-blacole.ht
And it looks like it was distributed by the known FTP password. :-(

See also attachment pic.

Last edited by Joergen (2013-02-01 19:52:04)

Offline

 

#4 2013-02-01 20:03:41

flop25
Piwigo Team
2006-07-06
7037

Re: How to make Piwigo saver for attacks

Most of hacks comes from the interception of the FTP passwords or it's a PEAK issue
Use Sftp, use specific password or better use SSH, use differents passwords for each (MySQL , piwigo, facebook etc)
Nothing related to Piwigo


To get a better help : Politeness like Hello-A link-Your past actions precisely described
Check my extensions : more than 30 available
who I am and what I do : http://fr.gravatar.com/flop25
My gallery : an illustration of how to integrate Piwigo in your website

Offline

 

Board footer

Powered by FluxBB

github twitter newsletter Donate Piwigo.org © 2002-2024 · Contact