Album shut down by Provider

Our provider shut down our entire web site today and sent us this message:

"your account in was exploited and support is currently in the process of eliminating files which had been maliciously uploaded. Until we can ensure that no further script vulnerabilities exist, we must keep the account offline. We will update you as soon as we can restore access to the account. Thank you for your patience."

File upload to the album never worked so I don't know how someone was able to upload anything.

I found the following text files in the directory just before we were shut down.

_web2ftp_com_IP_82_210_242_241.txt
The files phpdatabase.php 22426
had been uploaded by : IP: 82.210.242.241
Time: 13.05.2008|16:07:52
This message had been generated by http://www.web2ftp.com
On abuse issues, please contact abuse@web2ftp.com

_web2ftp_com_IP_82_210_242_242.txt
The file main.php had been edited by :
IP: 82.210.242.242 Time: 15.02.2008|09:14:47
This message had been generated by http://www.web2ftp.com
On abuse issues, please contact abuse@web2ftp.com

The file index.html contained "scoobydoo just like our mummy!!!"

The Album was originally set up using the installer on your web site about September 2008.

The provider has since brought our site back up and has given us access to everything except the PHP album directory which they state:

"The account has been re-enabled and the directories previously locked have been restored. The only application that remains inaccessible is phpAlbum, This application was responsible for the attack on the account. You will need to find a new Photo application as we cannot restore access to insecure software." Please do not place the software back online. Doing so will result in the account being disabled."

Any ideas as to what could have happened and what I can do to prevent it?
The provider is still not allowing me access to the directory to do any further checking.

Marc

Hi, sorry but I am afraid I

Hi, sorry but I am afraid I can not help you. It would be great to get more info from your provider, i.e. zipped album directory and apache logs where exploits should be done or at least the URLs. I'm sure they have this and it would really help to prevent this if it was caused by phpAlbum.net

I am sorry about what happened to you, and just can't believe it is because of phpAlbum. But on the other side, I know, software without bugs don't really exists in this world :)

Patrik

I'll try and see if I can

I'll try and see if I can get the logs of what happened.

Is there a way to be sure that nobody can replace web pages or upload malicious software to the directory that PHP album is in?
Marc

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.


style="display:inline-block;width:468px;height:60px"
data-ad-client="ca-pub-8698264690166658"
data-ad-slot="4417389723">