#1 2015-04-09 23:11:25

Earth Island Matthew

locked out by a hack, then the authentication

I'm helping a colleague who found the install message instead of her fully populated gallery. I traced the problem to what appeared to be a ham-handed attack, changing the /local/config/ directory's permissions to 200 and inserting some strange obfuscated javascript and php.

I changed the permissions and deleted the anomalous files, and the gallery reappeared. 1st hurdle cleared! Afterward, however, I wanted to update the version, in case there's still vulnerabilities there... and none of the login credentials are accepted as valid. We tried the reset-password for the account, which proceeded just fine; but the new password is likewise rejected.

Could the use of 755 for the /local permissions be problematic? Is there something else I am missing? Thanks for any help or insights you can offer,

Piwigo version: 2.5.2
PHP version: 5
MySQL version: 5
Piwigo URL:


#2 2015-04-10 10:08:28

Piwigo Team

Re: locked out by a hack, then the authentication

what is problematic is that you're running a vulnerable version of Piwigo [Forum, topic 25016] Piwigo 2.7.3, 2.6.5 and 2.5.6, security bug fixed very old ! Be sure you update any of your softwares (server, your computer, your smartphone ...)

To get a better help : Politeness like Hello-A link-Your past actions precisely described
Check my extensions : more than 30 available
who I am and what I do :
My gallery : an illustration of how to integrate Piwigo in your website



#3 2015-04-14 21:17:16

Earth Island Matthew

Re: locked out by a hack, then the authentication

Thanks for your response. I hadn't been the maintainer of this gallery, and I agree that updating is important -- but I'm currently unable to log in and so I can't update it now. Any suggestions? Thanks again,


Board footer

Powered by FluxBB

github twitter newsletter Donate © 2002-2023 · Contact