!! Important !! Looking for someone to update Gallery

Started by Fedora-Tan, February 14, 2009, 08:25:03 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Fedora-Tan

There are too much security flaws on the Coppermine gallery used on this site.  ;014
I have to disable some php functions in order to prevent attacks from here to my server...

I'll make it very short : I need someone to either update and make sure the gallery is not a threat for the server anymore, either i'll have to close the gallery for security reasons.
Any solution is good : updating (and making sure it's not a sponge anymore), changing engine, or even finding a totally brand new solution (image board, etc.)  ;010

I do not have any time to do that myself, sorry.
Deadling is 31th of March.

Thanks for understanding  ;hi

Please contact me by mail and be sure you have already experience in doing that.

Added after 58 seconds:

And if one wants to update the forum too, it would be nice too :D but i didn't detect any exploits from there yet.

NejinOniwa

So the gallery's coppermine engine is outdated?
Not very strange (considering the amount of recent security updates they've been releasing lately) that you consider it that way, I guess.

I take it no install-engine software is present on the server, by that?
YOU COULD HAVE PREVENTED THIS

Fedora-Tan

Coppermine is a sponge regarding security, it always was... problem is, lately it tends to show quite straightforwardly, messing with files on server itself.

About installing engines, no. I consider them quite useless since anyway, you couldn't use them to even make a simple upgrade, due to the edits in the code to make it working with forum...

NejinOniwa

Right'o.

Personally I've got very little experience on this, but meh. If you haven't asked Tsubashi about it, please do, I think he's more of your man for this mission, haha. ^^

Anyway, by the quick-and-shallow search I did there doesn't seem to be a lot of good, big gallery engines available publicly - guess I'll have to scrounge around a bit to find something more worthwhile to compare with.
YOU COULD HAVE PREVENTED THIS

Smokey

Well, i have come to like and respect this forum enough to set my current projects aside and learn how to improve the gallery...
To put it simply, i volunteer to learn about the software needed to run the gallery and dedicate time to maintain it... i will learn as much as i can before the 31st of march and if noone else has reported, and i know enough to adress this problem, i will volunteer as a sort of gallery mod...
This is so i can prove to the people on this forum i have come to respect, that i can be useful and provide some meaningful input even though i am not an artist...
I dont tell you how to tell me what to do, so dont tell me how to do what you tell me to do... Bender the Great) :/
[Img disabled by Fedora-Tan]
Thanks Fedora-sama
Homer no function beer well without (Homer Simpson) ^_^

Fedora-Tan

No, i didn't ask Tsubashi yet but i believe ( ? ) he's quite crowded too. Also, i am not a big fan of doing things behind curtains so i don't see why other members wouldn't be aware that there's a task to do.

Usually, i take care of those myself but i'm really, really way too crowded lately to do anything about that. (Namely, i'll be at home today, friday evening -> sunday next week and then not anymore for at least a month or so ...)

Any participation is welcome, I can put a 'test environnement' if you want to try improvements without necessarily using your own comp for that (which would be normal)

NejinOniwa

Well, I can imagine that, considering how little that vampire's on nowadays... ^-^; I wasn't saying you should hide it, just that he's probably the most experienced in this stuff, but then, you'd know, wouldn't you ^^

Good to see some action from people there, Smokey.
YOU COULD HAVE PREVENTED THIS

AnimeTheme

Simplest solution: Disable the uploader. Turn the existing gallery into some kind of "non-interactable" archive. Any future images are posted directly in forums, maybe in dedicated threads.
Bring OS-tans and other Anime mascots to your Windows desktop! Check out my Windows Gadget Gallery!

Smokey

that wouldn't work... that would kill the usefulness of the gallery...

Also i wouldn't mind to use my comp as a testing environment (needs major overhaul anyways), just gimme a software suite i need/would want to learn... (for example Win2kserver with coppermine...)
I dont tell you how to tell me what to do, so dont tell me how to do what you tell me to do... Bender the Great) :/
[Img disabled by Fedora-Tan]
Thanks Fedora-sama
Homer no function beer well without (Homer Simpson) ^_^

Fedora-Tan

The upload is not especially the problem, it's the whole scripts which are potentially harmful.
On one attack (a few months ago now), it was the viewing script which was used to rot the files...

Smokey

i have found a possibly interesting suite, TinyWebGallery...

Here's a Wikipedia link...
http://en.wikipedia.org/wiki/TinyWebGallery
I dont tell you how to tell me what to do, so dont tell me how to do what you tell me to do... Bender the Great) :/
[Img disabled by Fedora-Tan]
Thanks Fedora-sama
Homer no function beer well without (Homer Simpson) ^_^

Fedora-Tan

It is important that all the current content can be moved to another gallery, if another gallery is used.

Smokey

I guess, that it can be done...
But I am trying to acuire some PIII servers so i can emulate different server environments and setups, so i can learn more efficiently...
Any suggestions from you on what i should install and then learn are highly appreciated...

http://ostan-collections.net/topic-991.html
I dont tell you how to tell me what to do, so dont tell me how to do what you tell me to do... Bender the Great) :/
[Img disabled by Fedora-Tan]
Thanks Fedora-sama
Homer no function beer well without (Homer Simpson) ^_^

Tsubashi

Gomen nasai, I have not been very active lately have I? v_v
*Bows Apologetically*

Thank you for your praise, Nejin-sama. It makes me very happy to hear.
Fedora-dono is right that I am somewhat busy, but I think I should be able to clear up some time to work on this problem. I most definitely owe it to all of you. ^^'
I will post back here with ideas later.
-Tsu

NejinOniwa

And here cometh he, the Lord of Apologies. ^^ Donmai, Tsubashi-chan. -w-


And good to hear that, I knew we could count on you for this as long as you had time for it.
YOU COULD HAVE PREVENTED THIS