Spam sent via my script

hannacharlotte

Yesterday I got an Email from my Host (udmedia.de):

"Dear ...
we had to block your used script

/ html / zenphoto / (ZenPhoto)

with immediate effect.
It allows attackers to send multiple e-mails to any recipient.
In the Interest of other customers you cant reactivate the script without improvement (update or deletion). If you use a freely available web software (CMS, news, etc. ..) we strongly recommend to update or switch to an alternative. In addition, we recommend that you change all your passwords."

I updated Zenphoto about six weeks ago...
What shall i do? Will an update solve the problem?

Thank you for support

acrylian

If you are not running 1.4.1.6 you may have been hacked. In November several sites had been as a third party script we used had a serious security hole. Please see and also the lengthly forum posts linked within these articles:
http://www.zenphoto.org/news/alert-security-hole-in-zenphoto-1.4.1.4
http://www.zenphoto.org/news/security-alert-part-2
http://www.zenphoto.org/news/zenphoto-1.4.1.6

hannacharlotte

thank you so much!
i updated and hope everything will work out now.
I also followed all instructions in the links above.

Is there anything more i can do?
Because when i want to run the setup i get the message
Access denied for user "@'localhost' (using password: NO)

I reported to my host, maybe its because he blocked my Zenphoto...

have a nice afternoon,

hanna

acrylian

Check the credentials for the MySQL database. On some hosts "localhost" as the database servers works but on most it requires a proper server name (you should have gotten that info from your host).

hannacharlotte

i fixed it, thanks to your idea regarding the 'localhost':
In the zp-config.php I had to adjust the variables to my MySQL-database login details. Just forgot...