Coppermine Photo Gallery - MySQL ?

P Crabtree · 28-09-2005, 09:45 AM

After my previous photo gallery had been interferred with. It had been suggestion that I try Coppermine. I have now uploaded this to my website, but this is where I have come up against a few things I,m not sure about
It is asking for
1.MySQL database name
2.MySQL username
3.MySQL password

It states that these will be supplied by my webhost support ?

Is there anything else I need to do and does anyone know what these settings are

many thanks
(web knowledge level on a scale of 1-10 is about 4)

Tim Marshall · 28-09-2005, 10:09 AM

Did the turkish hacker mess with your gallery or was the isse with something else? What gallery were you using as i think mine was a possible point of entry but its secured now.....

Assuming you have the resource added to your package for a mysql database you just need to go to databases, create one and set yourself a username and password!

Thats it!!!!

Tim Marshall

P Crabtree · 28-09-2005, 12:40 PM

Tim

Thnaks for that I will give it a go

Hacker - From taking advice from here and elsewhere it does appear that the hacker entered my site via my photo gallery which was called "igallery" - there was a section on thyat where others could upload photos to mysite, even though that part was turned off it appears that this was the way it manage to infest everything else.

I have now removed the entire section and looking at starting again

cheers
Paul

P Crabtree · 28-09-2005, 12:46 PM

tried as suggest, error message.
MySQL error was : Can't connect to MySQL server on 'localhost' (10061)

Tim Marshall · 28-09-2005, 01:28 PM

Whatever you're connecting with is trying to use 'localhost' as part of the connection string which is wrong, you need to connect to mysql.active-ns.com as the server name and then enter your username/password given to you from HELM.

Coincidentally i too use the igallery product on the domain that got hacked and after going through all the code found the possible point of entry.

It can be stopped easily as i have my site still up and running with no hacks since the amendment. All you have to do is take out any logins in the database that aren't you're own. By default it has a 'fullsite' login in it and also a bpdevelopers one which you can find out about easy enough.
Suprisingly despite being told to do so in the install a lot of people (me included) leave them in there which means upload can be turned on, file types to allow can be changed and there's you're hacked file sorted!!

Once in they can overwrite or amend existing files and also delete all traces of how they got there by deleting the file they uploaded leaving you none the wiser.

The code itself is sound and secure, just the db issue!!

I amusingly did a search in Google for IGallery 3.3 and other versions as was able to enter numerous people's website's admin areas!!!

Silly people!!

Anyway, stick the gallery back and remove all logins other than you're own and you will have no worries and save work putting up a new gallery which after looking at it isn't as good as igallery!

Tim Marshall

P Crabtree · 28-09-2005, 02:31 PM

cheers Tim - will try that or go back to igallery - it was a good one

28-09-2005, 09:45 AM	#1 (permalink)
P Crabtree Registered User Join Date: Aug 2005 Location: Brampton, Cumbria Posts: 21	Coppermine Photo Gallery - MySQL ? After my previous photo gallery had been interferred with. It had been suggestion that I try Coppermine. I have now uploaded this to my website, but this is where I have come up against a few things I,m not sure about It is asking for 1.MySQL database name 2.MySQL username 3.MySQL password It states that these will be supplied by my webhost support ? Is there anything else I need to do and does anyone know what these settings are many thanks (web knowledge level on a scale of 1-10 is about 4)

28-09-2005, 02:31 PM	#6 (permalink)
P Crabtree Registered User Join Date: Aug 2005 Location: Brampton, Cumbria Posts: 21	cheers Tim - will try that or go back to igallery - it was a good one __________________ Paul Crabtree www.bramptonweather.co.uk

Thread Tools
Show Printable Version Email this Page
Display Modes	Rate This Thread
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode	Rate This Thread:

28-09-2005, 10:09 AM	#2 (permalink)
Tim Marshall Applications Developer Join Date: Oct 2003 Location: Cheshire Posts: 275	Did the turkish hacker mess with your gallery or was the isse with something else? What gallery were you using as i think mine was a possible point of entry but its secured now..... Assuming you have the resource added to your package for a mysql database you just need to go to databases, create one and set yourself a username and password! Thats it!!!! Tim Marshall

28-09-2005, 12:40 PM	#3 (permalink)
P Crabtree Registered User Join Date: Aug 2005 Location: Brampton, Cumbria Posts: 21	Tim Thnaks for that I will give it a go Hacker - From taking advice from here and elsewhere it does appear that the hacker entered my site via my photo gallery which was called "igallery" - there was a section on thyat where others could upload photos to mysite, even though that part was turned off it appears that this was the way it manage to infest everything else. I have now removed the entire section and looking at starting again cheers Paul

28-09-2005, 12:46 PM	#4 (permalink)
P Crabtree Registered User Join Date: Aug 2005 Location: Brampton, Cumbria Posts: 21	tried as suggest, error message. MySQL error was : Can't connect to MySQL server on 'localhost' (10061)

28-09-2005, 01:28 PM	#5 (permalink)
Tim Marshall Applications Developer Join Date: Oct 2003 Location: Cheshire Posts: 275	Whatever you're connecting with is trying to use 'localhost' as part of the connection string which is wrong, you need to connect to mysql.active-ns.com as the server name and then enter your username/password given to you from HELM. Coincidentally i too use the igallery product on the domain that got hacked and after going through all the code found the possible point of entry. It can be stopped easily as i have my site still up and running with no hacks since the amendment. All you have to do is take out any logins in the database that aren't you're own. By default it has a 'fullsite' login in it and also a bpdevelopers one which you can find out about easy enough. Suprisingly despite being told to do so in the install a lot of people (me included) leave them in there which means upload can be turned on, file types to allow can be changed and there's you're hacked file sorted!! Once in they can overwrite or amend existing files and also delete all traces of how they got there by deleting the file they uploaded leaving you none the wiser. The code itself is sound and secure, just the db issue!! I amusingly did a search in Google for IGallery 3.3 and other versions as was able to enter numerous people's website's admin areas!!! Silly people!! Anyway, stick the gallery back and remove all logins other than you're own and you will have no worries and save work putting up a new gallery which after looking at it isn't as good as igallery! Tim Marshall