Hello,
For some specific reason, I'm running on an outdated version 1.2.3 [3427].
In the past, while I wanted to upgrade to a newer version, it happened that I lost all the comments associated with the photos. Maybe it has improved now and this kind of issue doesn't appear any more ??
Today I checked my site and thought that I've been hacked by some russian people. I can read the following error : Warning: Unexpected character in input: ' in /var/www/zp-core/template-functions.php on line 3699
Through FTP I can see that some files have been modified a few days ago and some today.
Now, I blocked all the access to the website temporarily except for me. I would need some help to restore the damaged files for this version. How should I proceed ? Only restoring the files which have been modified recently ? Or anything special to do before ?
It seems that the DB and the admin zone has been touched by the hackers. The plugin ZenPage is also installed.
Thank you in advance for your help,
Zenphoto
Comments
In sotware as old as you are running there are often multiple security holes that have been discovered and exploited by hackers. It really is not a good idea to host a public site without the current secuity fixes.
But if you need to reinatall 1.2.3 you can find clean copies of the release here: http://www.zenphoto.org/pages/older-versions-archive
I found some topics but none related to the reinstall of that version. Maybe I searched wrong... Any topic ?
I know this is not a good idea to host a public website with a release which contains security issues. I'm the first to update my software generally speaking. In that case, as said, the last time I wanted to update to a newer release I lost all the content of the DB. Maybe this has been fixed with the latest release ? Do you think I can upgrade to most recent version without any worries ? If yes, for sure I do it right now :-)
In the case this is not possible, I'll have to reinstall my actual version. Is there any process to follow ? May I simply replace the corrupted files manually ? Do I need to launch any specific script ?
Thanks,
We can provide you with no specific instructions for repairing a compromised site as there is no way for us to know what the compromise is. We can make no guarentee on an upgrade preserving your data, specially if it has been compromised.
Upgrades have been done to the current release from installations as old as 1.0.8, but that is not something we can test as our servers do not have PHP version 4 which is required to run these old releases.
If the install process hasn't changed, I'm worried about upgrading to the latest version. For me, that would mean I'll loose again all the data of the database. Has this been fixed since my old version or not ?
Even before my site was hacked, when I tried to upgrade, I lost data. Preserving data has always been the most important.
During the whole life of an installation, which data are modified ? Are they only modified into the database ? Or some PHP scripts are modified as well ? That would help me a lot in order to go back to a clean site :-)
What would the best to do in my case knowing that my current installation is corrupted ? Simply upload the compromised files of the running version ? Or directly upgrading to the latest version ?
Thanks,
To get your current site back with the same version you will have to upload all files again since neitehr we or you know which are compromised. Of course don't repeace the /albums folder as that is where the albums and images are. Please see the install page for upgrade information as well.
I could find a backup of the whole site. So I did a restore of all the files except the DB as I assume it hasn't been corrupted. Should I do it ?
Now, to go further, I'd like to upgrade to the last possible version. I correctly followed that link : http://www.zenphoto.org/news/how-to-move-my-installation-to-a-new-server-
I'm trying to do an upgrade on a copy running on a VM. Then I'll be able to be sure everything works fine.
Unfortunately there seems to be a problem with the ZenPage plugin. I correctly copied the folder which is located under plugins. But during the restore of the databse it says that the zenpage table doesn't exist. I assume that these tables are not created during the setup process.
Any idea on how to fix that to be sure I've a perfect 1:1 copy working ?
Thanks,
Setup on the more recent versions of Zenphoto does create the database tables regardless of if zenpage is activated.
If I understand well, I should run the setup of this old version as usually, enable the ZenPage pluging and then restore the complete DB ?
Thanks,