Album shut down by Provider

Our provider shut down our entire web site today and sent us this message:

"your account in was exploited and support is currently in the process of eliminating files which had been maliciously uploaded. Until we can ensure that no further script vulnerabilities exist, we must keep the account offline. We will update you as soon as we can restore access to the account. Thank you for your patience."

File upload to the album never worked so I don't know how someone was able to upload anything.

I found the following text files in the directory just before we were shut down.

The files phpdatabase.php 22426
had been uploaded by : IP:
Time: 13.05.2008|16:07:52
This message had been generated by
On abuse issues, please contact

The file main.php had been edited by :
IP: Time: 15.02.2008|09:14:47
This message had been generated by
On abuse issues, please contact

The file index.html contained "scoobydoo just like our mummy!!!"

The Album was originally set up using the installer on your web site about September 2008.

The provider has since brought our site back up and has given us access to everything except the PHP album directory which they state:

"The account has been re-enabled and the directories previously locked have been restored. The only application that remains inaccessible is phpAlbum, This application was responsible for the attack on the account. You will need to find a new Photo application as we cannot restore access to insecure software." Please do not place the software back online. Doing so will result in the account being disabled."

Any ideas as to what could have happened and what I can do to prevent it?
The provider is still not allowing me access to the directory to do any further checking.


Hi, sorry but I am afraid I

Hi, sorry but I am afraid I can not help you. It would be great to get more info from your provider, i.e. zipped album directory and apache logs where exploits should be done or at least the URLs. I'm sure they have this and it would really help to prevent this if it was caused by

I am sorry about what happened to you, and just can't believe it is because of phpAlbum. But on the other side, I know, software without bugs don't really exists in this world :)


I'll try and see if I can

I'll try and see if I can get the logs of what happened.

Is there a way to be sure that nobody can replace web pages or upload malicious software to the directory that PHP album is in?

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.