Support community for TTG plugins and products.
NOTICE
The Turning Gate's Community has moved to a new home, at https://discourse.theturninggate.net.
This forum is now closed, and exists here as a read-only archive.
You are not logged in.
Pages: 1
Has anyone experienced any security issues with CE4 Gallery? I have used the Gallery module for years to display pictures for a local hockey team. I have never had any issues.
This year I have had my hosting account suspened for using too may resources. I have tried to restrict access with .htaccess and php.ini files but almost every day I get rouge *.php files in my gallery that I have to clean up. I do NOT use download.php but i believe I am up to date anyway. I plan on regenerating my site this weekend just to be sure it is built with the latest files.
Any other ideas?
Thanks,
Offline
are you on some sort of hosting the limits your storage space?
Rod
Just a user with way too much time on his hands.
www.rodbarbee.com
ttg-tips.com, Backlight 2/3 test site
Offline
It appears the php files that were put on my site were sending out 400 emails an hour. The limit I was hitting was cpu usage I believe. I have basically unlimited storage.
Mike
Offline
what files are these (Matt and Ben will probably want to know). I don't know of any TTG Gallery files that will do this.
Also, it might help them troubleshoot if you can post a link to your site or a specific problem gallery.
Rod
Just a user with way too much time on his hands.
www.rodbarbee.com
ttg-tips.com, Backlight 2/3 test site
Offline
Are you running Wordpress on your site? WP is very commonly used to compromise sites.
Offline
I had a Wordpress installation but removed it a couple weeks ago when this all started. I first suspected Wordpress was the problem as well. I am not convinced CE4 is the issue but I am trying to verify everything. Right now the only thing I have is the site for pictures. I use the autoindex to index a gallery for each game.
I deleted all the bad php files. They were not normal Turning Gate names so they were easy to find. They were named things like code29.php, XDYDF.php etc. They have been in the root directory as well as the photos and lib directories.
Right now everything seems clean but my site can be found at FMHockey.com
Thanks for the help,
Mike
Offline
Hi Mike, I hope the cleanup works for the long term. I had a compromised Wordpress site recently, and found it hard to clean up. In my case I didn't have the option of removing Wordpress or starting afresh with it. Two weeks after clean-up (removing all nefarious files I could find, setting strong passwords everywhere, making sure everything WP-related was up-to-date), the problem arose again.
There aren't many weak points in TTG that we are aware of. Security isn't 100% perfect and never can be without at least requiring sites to use SSL, which isn't practical for most customers. To date though we are not aware of sites being compromised through our code.
Offline
Pages: 1