Zenphoto
The simpler media website CMS
ZenphotoThe simpler media website CMS
Forum search only. You might also want to search on the main site's user guide.
Your support helps pay for this server, and helps development of zenphoto. Thank you!
Visit the donations page
Comments
- Zenphoto websites are targeted by an exploit found in the TinyMCE plugin that was being used (a 3rd party platform that the Zenphoto team did not create).
- Zenphoto team is made aware of the hacks happening and work quickly with the community to find the problem, and then work with the author of the plugin to correct the security flaw.
- Somewhere during this timeframe, baddco installs Zenphoto. He later admits amid his rant and accusation that the Zenphoto team did an Inside Job because his HOST installed an out-dated and vulnerable script.
What do we learn from this boys and girls? Don't use script-installers from hosts, do the work yourself.What did baddco learn from this endeavor? His 7 years of page rankings went down the tube because he was too lazy to install Zenphoto on his own...
Sorry, I just get tired of seeing people bash Zenphoto's developers, especially when it's not something that should be at their feet for fault.
@baddco If you're goint to sensationalize the scenario, at least do so truthfully. You didn't download the ZENPHOTO script. You clicked "install now" through your host's script install (my guess is either Fantastico or Scriptaculous). HAD you downloaded and installed the Zenphoto scripts from the site, you'd have downloaded the proper versions and not been subjected to a known exploit.
I was at StopBadware earlier, and dropped off a good word for ya too. Too bad the staff here rips on the posters, I noticed others in threads... even though I don't read them that is. I'm pretty certain there would be others that would spill their guts if they didn't need to be concerned about a public flogging.
to say its an inside job is almost as laughable as coming on here and saying "I have many friends too" as some kind of veiled threat.....
On this forum you get often much more and more detailed help than on other projects. Considering that we are only volunteers in a quite small team we acted pretty fast and well on this. Software is and can never be flawless as the humans creating it are not. Yes, we do make mistakes or miss things. Guess what, we don't release new versions for no reason.
That said, it is not needed to "worship" us for doing Zenphoto but a little more respect for our voluntary and quite idealistic work we don't even need to do would be really polite. I guess some people are too used to get everything for free and granted...
It is really not our repsonibility to take care of security on your install. If using a open source script like ours it is your or your service provider's repsonsibility to stay up to date regarding issues. Hacks could and did happen with much bigger CMS projects in the past as well. And this was the first big hack occurance on Zenphoto within over 5 years of existence (as far as I know).
(I won't refer to the "no warranty" section of the GPL v2 licences btw, no I won't...)
As Acrylian said, this is the first major exploit/security hole there has been with zenphoto in 5 years, and it was in a plugin (from a different 3rd party source) that was being distributed.
Everybody can understand that you're upset, most of those affected were frustrated too, myself included. The reason your reception was handled the way it was, and is being treated laughably right now is because you seem not to be aware of how open source works. First you come in expecting the world to be handed to you on a plate, then you throw threats around.. Not really conducive to a helpful response. And that's going just by your posts, I have no idea what you emailed to the team.
He was a little insulting in tone about his loss of rank and "our script bringing him in this position" so I could not resist to reply in a similar tone. I probably should have just ignored that but I am just a human, too... But regardless I provided links to the news and this topic. And referred to the installation page so he can learn what to remove to uninstall Zenphoto. Next he does is posting the same complaint on the forum apparently without reading the links I sent him.
Btw, the security hole technically was even a plugin within a plugin.
You are always installing open source software on your own risk. If you don't want that use commercial software and pay the big bucks. But even then it will not be always flawless.
Again, it is not that anyone cannot understand that you have been hacked. As micheall said anyone would be. We are the first to admit mistakes we make.
So let's get it straiht: You have been because your provider installed an outdated vulnerable Zenphoto version weeks after the issue had been fixed. We did not install the version and had nothing to do with that install. So the provider did not keep his automatic installer up to date which is his responsibility. Not ours.
It is your tone that also got through in your email you come here as a new forum member. Btw, this "gang" is the Zenphoto community and we did not "call" them...
If it's my provider that had a bad on them, think of it as this... If General Motors produced a weeks worth of cars with brakes that failed after 15 miles, would they be forgiven for producing cars after that point with brakes that worked? Just blowing off what was already out there? Same deal.
Well, I found this inexpensive car in Mexico. Bought it from this guy who also had a whole bunch of great bargan watches hanging from the inside of his coat. It was a Corvair at a really good price.
Unfortunately, I had an accident driving it. Damn GM for making an unreliable car. Certainly not my fault that the problems with this vehicle have been well documented for some time. They should have found and fixed each and every one of them so that some person like me would not get hurt.
Remember my last post. Guess The answer is "the latter".
However, as baddco did make one final analogy to try and assert his point, I'll respond to that then I'm done trying to explain reason.
@baddco, you bring up GM and cars etc. What happens when that situation happens? GM issues a recall, right? And then it's up to the end user to get their device fixed. Zenphoto issued a news post, more than one actually, as well as resolved the issue within an acceptable amount of time. Whether or not you responded to the "recall notice" (read in your news on your overview page that there was a security risk, or even the news page on the site, or even the forums here).
Another thing to factor in that you may not have at this point, English is not a native language for many of the people on the forums here. Sometimes you may perceive something that truly wasn't there or intended the way it was perceived.
At this point, you're obviously done with Zenphoto which is truly sad. I've worked with the other gallery options out there and Zenphoto by far is the easiest to work with which is why I use it.
I'll make you an offer, and I truly do hope you take me up on it. If you want to give zenphoto another shot, I'll help you get it installed (not from the auto-installer you used previously) so you're using the most up to date, and I'll even try to help you if you have any issues past that, at least point you in the right direction. If not, no loss either way, just hate to see you resort to bloated over-weight scripts like Gallery or Coppermine etc.
Take care, and remember, not everything you read is intended the way you read it, especially on the internet.
I'm not a glory seeker, quite the opposite. But when out of the starting gate get called an idiot, you ( I ) get an attitude. I do wish most, not all.. a good Holiday Season. And as you mentioned, I do believe the thread has terminated.
Thank You
I got the same problem where the Zenphoto installation got hacked (by the time I was ready to update to the latest, the deed had already been done). This took out all my Wordpress installations as well (should have done the update earlier).
Now, I am slowly restoring all the blogs, but also wanted to ensure that this does not happen again. I tried searching for information on how to keep each blog / Zenphoto installation separate on my hosted account (I host at Hostmonster) so that one hack does not affect the others, but so far d not have any clear clues on what to do. If somebody can provide guidance, I will be grateful.
I looked at the forums, but could also see the bit about security settings for files / folders to be set as 644/755
If you say that happened after you upgrade Zenphoto the cause of your hack might have been another system/install you had. As far as I read on the net that weeks/months ago the same hackers that exploited our security hole exploited already others. There are numerous reasons why someone could get in.
We have two Drupal sites on one Bluehost account, and also had three ZenPhoto installs going as well as Gallery2 (since it plays nicely with Drupal). ALL PHP files on the account got filled with malicious code, and most of the .htaccess files were also edited - even in the root. Other random php files with suspicious and random names were also added here and there.
The hacks added redirects that are only called if your site is found through a referrer. Go directly to the site and it looked fine. Redirected to a series of .ru malware sites. Bad news.
After trying everything, I slapped up a splash page and started uninstalling bits and pieces. That's when I found the ajaxfilemanager problem. When ZP was uninstalled, that directory remained, and its permissions (as well as all files inside) were set to 000. The only way to delete the files was to individually change permissions and delete. On one install, Bluehost support had do the killing, as some of the offending files returned as soon as I deleted them in Cpanel.
My suggestion would be to dump tinymce since they are loading you up with bad code. This is unforgivable. This hassle cost me about two weeks of work during the holidays and caused our site to be down.
So, we won't be dropping TinyMCE. But you are free to write a plugin for any other editor you like as well.
http://sucuri.net/
I am using every day and it catches most of the malware.
My zenphoto gallery has been hacked too. I have been lucky so far because only a few files have been infected. Therefore, I have been able to delete all the code and files added by the hacker (well at least that’s what I think).
However, I have studied the statistics of my website visitors. I have noticed that every time I change something in the ajaxfilemanager directory, a visitor is coming a few hours later. The IP address is different each time but the visitor always comes from a URL (referring URL) such as “mail.yahoo.net” or “mail.yahoo.com” and is trying to have a look at something in the ajaxfilemanager/inc/ directory.
Therefore I think that someone is monitoring my FTP and can be somehow alerted by email every time I try to change something. I guess some files are still infected.
I wonder if deleting the ajaxfilemanager directory and upgrading zenphoto will change anything since the hacker will be alerted by email...
I currently use Zenphoto version 1.3.1.2
Has anyone noticed the same problem?
Thank you in advance for your help.
PS: I apologize for my poor English; you might have noticed that English is not my native language
If you think someone is monitoring you or your site you might want to check not only your server but your computer as well. It is always possible that that one has been hacked or infected by a trojan or else as well!
Btw, your English is fine (I am not a native speaker as well),
I don’t think that the monitoring comes from a virus on my computer because I have modified my website from 3 different computers and the unknown visitor keeps coming back every time... But anyway I’ll scan my computer with an antivirus and antimalware software, just to be sure.
I've started from some point and ended elsewhere
First, I've started with a problem with the exif (it won't list the lens info but everything else was OK). So, I thought that it might be because I was on the 1.4.1.6(or something). So, I've downloaded the 1.4.2 version and upgraded. As soon the installation was complete, I've tryed the new site. Surprise... I was redirected to a russian site (<link removed by admin>). So, I've searched the issue and I discovered that the .htaccess was cracked and edited with a redirect to this site. I've edited the file (I'm not a programmer but I've searched the net) but the site is no longer working:( I don't know what to do about this...
So if it was the same hack I would recommend to delete all zenphoto files again and reupload everything. Also check anything else on your webspace as the hack spreader to other files (see this topic and the others linked from our security alert posts on the news).