tcPhotoGallery

Advanced Search

Security breach related to this add-on

Permalink Browser Info Environment
Not sure if any damage was done, but got this disturbing email today...I deleted the add-on. Hadn't been using it. Not sure if there is an easy for anyone using it.



There has been a submission of the form Contact through your concrete5 website.

Name
Ali Elderov

Email
cyberkatze@yandex.ru

Phone
999000

Best time to call
Email preferred

Event date (if applicable)


Comment
hallo! please secure your web-site.. all can see content on backend if usehttp://photosbyge.com/packages/tc_photo_gallery/...  this url and can navigate throught directories... best regards!



To view all of this form's submissions, visithttp://photosbyge.com/index.php/dashboard/reports/forms/?qsid=13325...
Type: Pre-Sale
Status: In Progress
gewald
View Replies:
gewald replied on at Permalink Reply
gewald
I see that the developer has stopped supporting it.
tbcrowe replied on at Permalink Reply
tbcrowe
You are correct. tcPhotoGallery is no longer supported.

This security problem isn't related to tcPhotoGallery. It is a problem with the configuration of your web server. This is usually solved by adding "Options -Indexes" to your .htaccess file.

concrete5 Environment Information

# concrete5 Version
5.6.3.1

# concrete5 Packages
AddThis (1.0), AddThis Bar (1.0), Advanced Slider (1.2), Area Splitter (2.0.9), Extended FAQ (1.2), Fjhadd Vimeo Thumb Gallery (1.0), Free Cookies Disclosure (1.0.3), Hi_Vis (1.0.7), Intense Debate Comments (0.3.1), Mailing List (2.22), Mosaic Gallery (1.0.1), PanoViewer (1.2), PUG+ PopUp Gallery (1.7.1), Seo Manager (2.5.3), Slate Theme (1.0), Sortable Fancybox Gallery (1.17), tcPhotoGallery (1.4.1), The Void theme (1.0), Traffic & Statistics (3.04), Whale Nivo Image Slider (1.2).

# concrete5 Overrides
None

# concrete5 Cache Settings
Block Cache - On
Overrides Cache - On
Full Page Caching - Off

# Server Software
Apache

# Server API
cgi-fcgi

# PHP Version
5.3.29

# PHP Extensions
bcmath, bz2, bz2_filter, calendar, cgi-fcgi, Core, ctype, curl, date, dba, dom, enchant, ereg, exif, fileinfo, filter, ftp, gd, gettext, hash, http, iconv, imap, intl, ionCube Loader, json, ldap, libxml, mailparse, mbstring, mcrypt, memcache, mhash, mysql, mysqli, openssl, pcntl, pcre, PDO, pdo_mysql, pdo_pgsql, pdo_sqlite, pgsql, Phar, posix, pspell, readline, Reflection, session, shmop, SimpleXML, soap, sockets, SourceGuardian, SPL, SQLite, sqlite3, standard, stats, tidy, tokenizer, wddx, xattr, xml, xmlreader, xmlrpc, xmlwriter, xsl, Zend Guard Loader, zip, zlib.

# PHP Settings
max_execution_time - 120
log_errors_max_len - 1024
max_file_uploads - 20
max_input_nesting_level - 64
max_input_time - 120
max_input_vars - 2000
memory_limit - 192M
post_max_size - 100M
safe_mode - Off
safe_mode_exec_dir - <i>no value</i>
safe_mode_gid - Off
safe_mode_include_dir - <i>no value</i>
sql.safe_mode - Off
upload_max_filesize - 100M
http.persistent.handles.limit - -1
ldap.max_links - Unlimited
memcache.max_failover_attempts - 20
mysql.max_links - 60
mysql.max_persistent - Unlimited
mysqli.max_links - 60
mysqli.max_persistent - Unlimited
pcre.backtrack_limit - 1000000
pcre.recursion_limit - 100000
pgsql.max_links - 60
pgsql.max_persistent - Unlimited
session.cache_limiter - nocache
session.gc_maxlifetime - 7200
soap.wsdl_cache_limit - 5
safe_mode_allowed_env_vars - PHP_
safe_mode_protected_env_vars - LD_LIBRARY_PATH

Browser User-Agent String

Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_4) AppleWebKit/537.78.2 (KHTML, like Gecko) Version/7.0.6 Safari/537.78.2

Hide Post Content

This will replace the post content with the message: "Content has been removed by an Administrator"

Hide Content

Request Refund

You have not specified a license for this support ticket. You must have a valid license assigned to a support ticket to request a refund.