ZenphotoCMS Forum     Support     General support    

setup scripts missing

Pages (3):    1 2 3   
Administrator
Administrator
acrylian   09-11-2011, 17:27
#21

If it got in via tinymce it might have been the ajax file manager security hole as that is also used as a tinymce plugin. It would help if you have some proof how and where they got in. I have not seen that yet. If it was not the file manager the tinymce developers might also be interessted in that (note 1.4.1.5 does not use the latest, the 1.4.2 beta does).

As said on another thread several security sites had posted (and copied from each other as usual) this security site so maybe someone exploited that since naturally many people don't upgrade regulary.

Of course you can remove tinymce, it is just a plugin you should disable before doing so. You will then of course loose the texteditor and have to add everything manually via plain html code.

  
Member
Member
darkufo   09-11-2011, 17:29
#22

Thanks, I'm working with my provider to get to the bottom of it.

I've deleted tinymce (didn't use it anyway )

I'll keep an eye on the server to make sure we don't get hit again.

  
Administrator
Administrator
acrylian   09-11-2011, 17:40
#23

For albums and images TinyMCE is not necessary if you or your users are confident using html. For the lazy ones..;-) But for articles and pages it provides some convenient tools (tinyZenpage to include images for example).

  
Member
Member
darkufo   09-11-2011, 17:41
#24

Cool. Yep, we only use it for images

  
Member
Member
ajkphoto   09-11-2011, 17:44
#25

Thanks darkufo, luckily this is actually a site I manage for an organisation and I don't have any of my own sites on that host.

When I reinstalled this site and brought up to date with 1.4.1.5 zenphoto found the following files which it suggested I remove but I don't know whether that's normal:

zp-core/tmp_2087833521026081.php
zp-core/zp-extensions/tiny_mce/plugins/ajaxfilemanager/inc/data.php
zp-core/zp-extensions/tiny_mce/plugins/ajaxfilemanager/inc/error_log
zp-core/zp-extensions/tiny_mce/plugins/ajaxfilemanager/inc/tmpphp.php
zp-core/zp-extensions/tiny_mce/plugins/ajaxfilemanager/inc/index.php
zp-core/zp-extensions/tiny_mce/plugins/ajaxfilemanager/inc/class.images.php
zp-core/error_log

  
Member
Member
darkufo   09-11-2011, 17:52
#26

Thanks, I've removed all the TINYMCE ones already.

  
Administrator
Administrator
acrylian   09-11-2011, 18:07
#27

@ajkphoto:
All files are correct except:

  • "zp-core/tmp_2087833521026081.php" one, which is not generated by Zenphoto, might be a from your server.
  • "zp-core/error_log" Don't know what that is, might be genrated by your server. Zenphoto stores its log with a suffix .txt within zp-data.
  • "zp-core/zp-extensions/tiny_mce/plugins/ajaxfilemanager/inc/tmpphp.php" - is actually not a file that should be there.

Setup probably complains about the other because of the time stamp and "suggest" they might not be okay. It is not file compare.

  
Member
Member
ajkphoto   09-11-2011, 18:08
#28

Yeah I know I just posted that for reference if anyone else experiences this.

Presumably with comments now disabled and me the only one accessing the site the TINYMCE issue shouldn't be a problem if I keep it enabled for my convenience.

  
Member
Member
ajkphoto   09-11-2011, 18:21
#29

I just noticed that if I visit http://www.gjr-web.com/ where the zpgallerific theme comes from it's also down with the "setup scripts missing" message being displayed. Is this a coincidence?

  
Administrator
Administrator
acrylian   09-11-2011, 18:24
#30

gjr surely will tell us soon.

  
Member
Member
darkufo   09-11-2011, 18:48
#31

Ouch, I wonder how many other Zen installs are going to fall foul of these nasty hackers

  
Administrator
Administrator
acrylian   09-11-2011, 19:02
#32

Well, it is not that Zenphoto is the first and surely not hte last CMS this happens. And it is actually not our fault if it is the file manager only - we surely cannot check every 3rd party tool we use...

  
Member
Member
darkufo   09-11-2011, 19:05
#33

Oh I quite understand that Acrylian.

But it seems that Zen is currently on the spammers/hackers radar.

It there anyway you could make an announcement etc to warn people to upgrade to 1.4.1.5 or warn them in some other way.

Do you have a Newsletter or Twitter account etc that you could post to?

  
Administrator
Administrator
acrylian   09-11-2011, 19:30
#34

I just published on our news section (and automatically on twitter).

  
Member
Member
darkufo   09-11-2011, 19:32
#35

Awesome, if it just helps one person it would have been worth it

  
Member
Member
ajkphoto   09-11-2011, 19:52
#36

I agree with darkufo.

I love the simplicity and elegance of Zenphoto but if something goes wrong, whether directly due to Zenphoto or not as in this case, it's great to see prompt support and the news being put out there

  
Administrator
Administrator
acrylian   09-11-2011, 19:55
#37

Thanks, not always that easy with "prompt" support if you are a very small team and then partly in different time zones.

  
Member
Member
bic   09-11-2011, 20:18
#38

Same problem here, today!
I didn't know about this vulnerability, my version was 1.4 (6467)

  
Member
Member
binoyte   23-11-2011, 13:49
#39

I've been hacked too. Exactly as described above. Only php files in the zenphoto folder (phpmyadmin an piwik weren't concerned).

Thanks to backup tools I restored easily my web sites.

Permissions were loose. Now they are strict on every folder. Less convenient but safer.

  
Member
Member
formulae   23-11-2011, 17:21
#40

I've been hacked too
Thanks to my ISP I have cleared the .htaccess files , they were present in the zp-core , zpextensions and the tinymce folders.

The .htaccess files created files called thumbsdata.php

Here is the code inside one of the htaccess files:
RewriteRule !thumbsdata.php

  
Pages (3):    1 2 3   
Next Oldest      Next Newest
  
 Contact Us
Legal
Terms Of Service
Privacy
 RSS Syndication
 Return to Top
Powered By MyBB, © 2002-2026 MyBB Group.
Made with by Curves UI.