Home General support

Updating from 1.2.6 (TinyMCE filemanager exploited)

Sim Member
in General support
Hi there!

Firstly, thanks to the developers for a very cool CMS! :)

After over 2 years of trouble free galleries, I now have a problem I'm sure you've had a lot of contact with..

I set up 2 sites for my brother's 3D artwork and photography using zenphoto over 2 years ago (www.pintura3d.com & www.stevekennedyphotography.com). I have just been alerted by the host that the photography site had an exploit that was being used for spam email and they have disabled the site. I saw the post about the previous security exploit and removed the ajaxfilemanager folder from the pintura site so that doesn't get disabled too. I also removed a file that showed up on my antivirus scanner (mt19491250n.php) from many locations on the site as well as class.images.php. Unfortunately, the links for the replacement tinyMCE don't seem to be working so the site isn't functioning properly at the moment..

So I have a few questions on what to do next?

1.Is there workaround for the filemanager available? Link?

2.Could there be remnants of the hack that I need to worry about?

3.Do I need to update zenphoto? My brother is quite happy with it as it is.

4.Can I upgrade straight from 1.2.6 to 1.4.2.4 without problems?

5.I have a custom theme. Will this affect anything?

Thanks for your time!

Sim

Comments

  • acrylian Administrator, Developer
    1. The fix is explained here (easy to find on our news section) and the linked forum topics: http://www.zenphoto.org/news/security-alert-part-2
    The easier fix is to install at least 1.4.1.6 but since then a few more things have been improved naturally.

    2.See the link above.

    3."Need" is relative. If you want to have a more secure system clearly yes. Especially as we don't have resources to support older releases.

    4. It might and should work but in any case you should backup everything, especially the database, as not all server may behave the same. If it doesn'T you need to upgrade step by step.

    5. We really cannot answer not knowing your theme naturally but probably yes, since a few things changed over the years naturally. In 1.4. some major changes were introduced: http://www.zenphoto.org/news/theme-design-changes-in-zenphoto-1-4
    If you encounter issues look at the official themes and consult the theming tutorial.

    PS: Thanks for the note about the broken downloads. The links have been removed as you should upgrade anyway.
Sign In or Register to comment.