Need a new image gallery now!

Discussion in 'Web Design and Development' started by LastLine, Jun 20, 2007.

  1. LastLine macrumors 65816

    Joined:
    Aug 24, 2005
    #1
    http://www.nofearspunk.com/test.htm

    Ok, so I'm working on a new layout, but I can't shift this black line to the right of the site map, can't figure out what's causing it, anyone got any ideas?

    Site attached to post if people want to paly with the code.

    On a second note someone else seems to have access to my site, they keep posting random pages into my ftp. Occasionally I'll log in to find a random htm page uploaded, now I know nobody knows the user/pass so it can't be that so if anyone fancies a challenge I'd like to see if you can figure out how to upload a page (let's call it macrumors.htm) to the site, and if so explain how you did it and how I can stop it reoccuring (the offending page is http://www.clarkephotography.co.uk/Lord.htm) The main site page is www.clarkephotography.co.uk

    Anyone fancy the challenge?
     

    Attached Files:

  2. jng macrumors 65816

    jng

    Joined:
    Apr 6, 2007
    Location:
    Germany
    #2
  3. angelneo macrumors 68000

    Joined:
    Jun 13, 2004
    Location:
    afk
    #3
    Holy crap, your admin password hash (via md5) is exposed to the rest of the world. Give them a few hours and they can crack your password if your password is badly formed

    I suggest changing the app, apparently, I can use that php script to look at the encypted passwords of the rest of the accounts on your shared hosting, there are approx 13,000 users on it.
     
  4. LastLine thread starter macrumors 65816

    Joined:
    Aug 24, 2005
    #4
    To the first poster - Linux I believe - 1and1's basic package.

    Yeah, I figured it might be something like that - just wanted someone to have a go without a suggestion just to see if someone could come up with it. Thank you (?) for confirming my suspicions - does anyone have a suggestion for a similar, more secure script? I don't have SQL available yet, but would be able to transfer to a different package if needed.


    As for the black line, I've assumed this to be a CSS issue thus far, however I can't find anything in the CSS that I can use to get rid of it, that said I'm *fairly* inexperienced with CSS thus far so perhaps someone can see something I'm missing?


    Thanks for the help so far guys - you've been brilliant - hopefully you'll continue to help me :)
     
  5. angelneo macrumors 68000

    Joined:
    Jun 13, 2004
    Location:
    afk
    #5
    This link will tell you about how to secure your users folder
    linkety


    Personally, I don't think it is this flaw that caused the intrusion, it looks like the hacker is trying to be a smartass, I don't think he will put in that much effort to crack the password. I suspect it's something more convenient, might have something to do with the fact you have your register_globals is turn on in php configuration. I will be off work soon and might have some time to take an actual crack at your site.
     
  6. LastLine thread starter macrumors 65816

    Joined:
    Aug 24, 2005
    #6
    Yeah, see the hack isn't actually a real problem as it's not replacing anything that I've made as such, just putting it there to show he can. The thing that concerns me is that I don't have the programming knowledge to fix the problem (the script itself was downloaded from elsewhere and looking at the code game me a headache lol)

    For theories sake if I removed the script and stuck to ftp access would that solve the problem?
     
  7. LastLine thread starter macrumors 65816

    Joined:
    Aug 24, 2005
    #7
    Ok, I've currently removed the site due to the attacks getting ridiculous but i'm no let with no solution :(

    Anyone able to suggest the following:
    Requirements: No SQL be needed

    I need

    A File upload system - preferably one that can be used through a browser window - must be secure, this is what caused the problem last time - must be passworded, and people must not be able to find the password/user anywhere.

    A gallery that displays images in .jpg format, generates it's own thumbnails, basically I want to be able to put this on my site, upload photos and have the page add them itself.

    As I say, don't want to have to use SQL here - but as a bonus, if anyone can find a way that I can leave comments on the photos (i.e. exif information) have users rate it, then that's a bonus.


    Many thanks all
     

Share This Page