Dragonfly CMS v9 ⇒ Coppermine ⇒ My coppermine album is empty ⇒ Community Forums ⇒ CPG Dragonfly™ CMS
Forum Index Modules & Blocks Coppermine

My coppermine album is empty Reply to topic


Hello everyone, i have a problem here and i hope someone out there will help me. Thank you in advance.

Well, It was somewhere last week that i got a mail from my webhost that some files on my coppermine album is infected with Malware. I upgarded my dragonfly cms to 9.3.3. while upgrading i could not delete nor replace my "Album" folder under coppermine. I could not even open the folder. So i renamed the folder "album" to "album1" and uploaded the folder "album" from the newly downloaded dragonflycms 9.3.3.

now my problem is i could not delete my older categories and albums, nor can i see any pictures inside my albums. My older categories and albums are still there but there are no pictures inside since i renamed it to album1. I renamed back the older folder to album but nothing is showing up. I checked the folder properties of the older album folder and it show as [000]. i cannot do anything with this folder. what do i do now. Is there anyway that i can delete my older categories and albums? Please help.

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):
Apache 2.0 /MYSQL 5.0.92-community-log/PHP 5.2.17/Dragonfly 9.3.3.0


You need to discuss this with your host.

Given the circumstances, it is quite possible that they set permissions to 000.

DonationsPro for DragonflyCMS & SMF

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):


thank you very much for your quick reply Phoenix. One more question. Is there any other ready made album module that i can install in dragonfly? So that i can disable coppermine and install the other alternative for my pictures. If so please let me know the link. Thank you.

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):
Apache 2.0 /MYSQL 5.0.92-community-log/PHP 5.2.17/Dragonfly 9.3.3.0


First of all you should find out where the malware come from and how is sent to clients, a different photo gallery wont help you if the attack started within the server it self.

.:: I met php the 03 December 2003 :: Unforgettable day! ::.

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):
CloudLinux / Apache 2.4 LSAPI / MySQLi 5.6 / PHP 5.6 / DCVS


This is what my webhost says...

Your account was suspended due to Malware issue at following locations :
modules/coppermine/albums/time.php
modules/coppermine/albums/date.php
modules/coppermine/albums/userpics/10004/includes.php
modules/coppermine/albums/userpics/10004/configs.php
modules/coppermine/albums/userpics/10036/messages.php
modules/coppermine/albums/userpics/10036/guest.php
modules/coppermine/albums/userpics/10000/create.php
modules/coppermine/albums/userpics/10000/base.php
modules/coppermine/albums/userpics/00006/download.php
modules/coppermine/albums/userpics/00006/remote.php
modules/coppermine/albums/userpics/00007/links.php
modules/coppermine/albums/userpics/00007/package.php
modules/coppermine/albums/userpics/10040/tests.php
modules/coppermine/albums/userpics/10040/finfo.php
modules/coppermine/albums/userpics/10093/contacts.php
modules/coppermine/albums/userpics/10093/common.php
modules/coppermine/albums/userpics/10144/options.php
modules/coppermine/albums/userpics/10144/commands.php
modules/coppermine/albums/userpics/10003/layout.php
modules/coppermine/albums/userpics/10003/properties.php
modules/coppermine/albums/userpics/10057/system.php
modules/coppermine/albums/userpics/10057/time.php
modules/coppermine/albums/userpics/00002/date.php
modules/coppermine/albums/userpics/00002/report.php
modules/coppermine/albums/userpics/00005/includes.php
modules/coppermine/albums/userpics/00005/include.php
modules/coppermine/albums/userpics/00001/configs.php
modules/coppermine/albums/userpics/00001/messages.php
modules/coppermine/albums/userpics/10042/create.php
modules/coppermine/albums/userpics/10042/guest.php
modules/coppermine/albums/userpics/10098/base.php
modules/coppermine/albums/userpics/10098/download.php
modules/coppermine/albums/userpics/10006/package.php
modules/coppermine/albums/userpics/10006/remote.php
modules/coppermine/albums/userpics/report.php
modules/coppermine/albums/userpics/include.php
cache/tests.php
support/icons/69285.php
support/icons/contacts.php
support/compile/commands.php
support/cache/layout.php
uploads/avatars/properties.php
uploads/avatars/system.php
uploads/forums/thumbs/report.php
uploads/forums/thumbs/include.php
uploads/forums/time.php
uploads/forums/date.php

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):
Apache 2.0 /MYSQL 5.0.92-community-log/PHP 5.2.17/Dragonfly 9.3.3.0


Thats a serious one, we need logs.

Also look for teh date and time when those files were created, it will give us a reference point.

.:: I met php the 03 December 2003 :: Unforgettable day! ::.

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):
CloudLinux / Apache 2.4 LSAPI / MySQLi 5.6 / PHP 5.6 / DCVS


Dear Sir, am a newpie with dragonfly here. Please tell me how to get the dates and logs. I tried to download the infected files to send it to you but i could not download it. I just can't do anything with the files listed above.

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):
Apache 2.0 /MYSQL 5.0.92-community-log/PHP 5.2.17/Dragonfly 9.3.3.0


Your host shold provide you both 'http access' and 'http error' logs, they both should be inside a directory called 'logs'. If they dont provide you logs, ask for both.
If none avail, they are not serious.

Changing permissions to ther folder, is not a fix since the problem is still there.
Disallow you access to your own files, is also wrong.

What we want to know is if they got in from Dragonfly CMS or if the attack was coming internally from the server.

.:: I met php the 03 December 2003 :: Unforgettable day! ::.

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):
CloudLinux / Apache 2.4 LSAPI / MySQLi 5.6 / PHP 5.6 / DCVS


Will it be under this folder?

access-logs -> /usr/local/apache/domlogs/nagasonl

If this is the one... i have two files under it.
1. ftp.nagasonline.com-ftp_log
2. nagasonline.com ( but this one is 0 byte)

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):
Apache 2.0 /MYSQL 5.0.92-community-log/PHP 5.2.17/Dragonfly 9.3.3.0


One is ftp, the otherone is empty.

Change host if you can, I think they are playing with you.

The empty log: what is the last modified date?

.:: I met php the 03 December 2003 :: Unforgettable day! ::.

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):
CloudLinux / Apache 2.4 LSAPI / MySQLi 5.6 / PHP 5.6 / DCVS


date written next to nagasonline is 2-25-2012

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):
Apache 2.0 /MYSQL 5.0.92-community-log/PHP 5.2.17/Dragonfly 9.3.3.0


If the last modified date is the 25th, logs was cleaned, and then disabled.

The system admin is trying to hide the fact that the server was hacked.

I'll suggest you to look for another host.

.:: I met php the 03 December 2003 :: Unforgettable day! ::.

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):
CloudLinux / Apache 2.4 LSAPI / MySQLi 5.6 / PHP 5.6 / DCVS


darn... what will i tell them before i change hosts. i wanna let them know tat i know what happened. i have a reseller account with them and damn now i have to transfer about 10 sites to a new server and set everything up again from scratch.

btw thank u soo very much nano.

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):
Apache 2.0 /MYSQL 5.0.92-community-log/PHP 5.2.17/Dragonfly 9.3.3.0


yanger wrote
i wanna let them know tat i know what happened

What do you mean by that sorry.

.:: I met php the 03 December 2003 :: Unforgettable day! ::.

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):
CloudLinux / Apache 2.4 LSAPI / MySQLi 5.6 / PHP 5.6 / DCVS


that its not fair. that their server have been hacked and they are trying to blame it on the cms, in a more technical term.

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):
Apache 2.0 /MYSQL 5.0.92-community-log/PHP 5.2.17/Dragonfly 9.3.3.0

All times are UTC


Jump to: