vBGallery clean script Discussions

[Primopup]

Same here..? I just downloaded clean.php from the first page.

Working in

Scanning for PHP files in your gallery files directory:

Warning: readdir(): supplied argument is not a valid Directory resource in /admincp/clean.php on line 26

Warning: closedir(): supplied argument is not a valid Directory resource in /admincp/clean.php on line 55
processed 0 files


Click Here to remove all files listed

Please remember to delete this clean.php file from your server when done.

Quote:

Originally Posted by V-Rodforums

This is what I get when I try to run the clean.php script.

Working in

Scanning for PHP files in your gallery files directory:

Warning: readdir(): supplied argument is not a valid Directory resource in /admincp/clean.php on line 17

Warning: closedir(): supplied argument is not a valid Directory resource in /admincp/clean.php on line 46
processed 0 files


Click Here to remove all files listed

Please remember to delete this clean.php file from your server when done.

[V-Rodforums]

Quote:

Originally Posted by Zachariah

@ V-Rodforums

- I see your problem.
- I did not factor for a code change that gets your directory path on the older gallery version.

1st post attachment updated.

Thanks Zach, I know your working on it, that brings me back the same error as primeopup with a 26 and 55.

[Happy Camper]

thanks for your help, Zachariah!

[rinkrat]

Thanks for the update and security announcement.

[Michael P]

I moved the thread here since every post sends out a notice to a many of our users subscribe to the Announcements forum for notices.

[antivirus]

Quote:

Originally Posted by Primopup

Same here..? I just downloaded clean.php from the first page.

Working in

Scanning for PHP files in your gallery files directory:

Warning: readdir(): supplied argument is not a valid Directory resource in /admincp/clean.php on line 26

Warning: closedir(): supplied argument is not a valid Directory resource in /admincp/clean.php on line 55
processed 0 files


Click Here to remove all files listed

Please remember to delete this clean.php file from your server when done.

Experiencing same issue here when attempting to use clean.php

Zach - is it possible that the admincp directory being renamed to something like admincpx/ could be causing the problem?

[Snobbytec]

It seems that the directory variable can not be read.

Quick fix: Open clean.php find
listdir($ppg_options['gallery_filedirectory']);

change it to your path, for example
listdir("/your/path/to/gallery/files");

save, upload and re-run it.

Then change the path again for the userfolder:
listdir("/your/path/to/gallery/users");

re-run it.

[antivirus]

Quote:

Originally Posted by Snobbytec

It seems that the directory variable can not be read.

Quick fix: Open clean.php find
listdir($ppg_options['gallery_filedirectory']);

change it to your path, for example
listdir("/your/path/to/gallery/files");

save, upload and re-run it.

Then change the path again for the userfolder:
listdir("/your/path/to/gallery/users");

re-run it.

Thanks Snobbytech, that worked just fine.

[V-Rodforums]

Quote:

Originally Posted by Snobbytec

It seems that the directory variable can not be read.

Quick fix: Open clean.php find
listdir($ppg_options['gallery_filedirectory']);

change it to your path, for example
listdir("/your/path/to/gallery/files");

save, upload and re-run it.

Then change the path again for the userfolder:
listdir("/your/path/to/gallery/users");

re-run it.

Thanks, that seems to do it. Can I assume that this means I had no files with problems?

Working in

Scanning for PHP files in your gallery files directory:
processed 130631 files


Click Here to remove all files listed

Please remember to delete this clean.php file from your server when done.

[Zachariah]

Quote:

Originally Posted by V-Rodforums

Thanks, that seems to do it. Can I assume that this means I had no files with problems?

Working in

Scanning for PHP files in your gallery files directory:
processed 130631 files


Click Here to remove all files listed

Please remember to delete this clean.php file from your server when done.

Your good
- No problems

---------------------------------------------------

EX: Output of problems
There will be a file list output to review:

Scanning for PHP files in your gallery files directory:
Found file -> /home/public_html/gallery/files/1/phpinfo.php.psd
Found file -> /home/public_html/gallery/files/1/somefile.cgi
Found file -> /home/public_html/gallery/files/1/somefile.pl
Found file -> /home/public_html/gallery/files/1/somefile.php.wmv
Found file -> /home/public_html/gallery/files/1/somefile.php.wav
Found file -> /home/public_html/gallery/files/clean.php
processed 6088 files
6 PHP files found!


Click Here to remove all files listed

Please remember to delete this clean.php file from your server when done.

*CLICK*

Scanning for PHP files in your gallery files directory:
Found file -> /home/public_html/gallery/files/1/phpinfo.php.psd
Removing file -> /home/public_html/gallery/files/1/phpinfo.php.psd
Found file -> /home/public_html/gallery/files/1/somefile.cgi
Removing file -> /home/public_html/gallery/files/1/somefile.cgi
Found file -> /home/public_html/gallery/files/1/somefile.pl
Removing file -> /home/public_html/gallery/files/1/somefile.pl
Found file -> /home/public_html/gallery/files/1/somefile.php.wmv
Removing file -> /home/public_html/gallery/files/1/somefile.php.wmv
Found file -> /home/public_html/gallery/files/1/somefile.php.wav
Removing file -> /home/public_html/gallery/files/1/somefile.php.wav
Found file -> /home/public_html/gallery/files/clean.php
Removing file -> /home/public_html/gallery/files/clean.php
processed 6088 files
6 PHP files found!
6 files removed!

[imported_Allen]

Trying to patch vB Gallery v 2.1

This code: (I can't find)
$filename = preg_replace("/[^a-zA-Z0-9\-_\.]+/", "_", $filename);
$filename = strtolower($filename);

This code: ( I can find)
$filename = preg_replace("/[^a-z_.0-9-]/i", '', $filename);
---------------------------

Do I replace : $filename = preg_replace("/[^a-z_.0-9-]/i", '', $filename);

With:
$ext = substr($filename,strrpos($filename,".")+1);
$name = preg_replace( "/\.\w+$/U", "", $filename );
$name = preg_replace(array('/\.php/', '/\.php3/', '/\.php4/', '/\.php5/', '/\.php6/', '/\.pl/', '/\.cgi/'), "", $name);
$name = preg_replace("#[^a-z0-9_,]#i", " ", $name);
$name = trim(str_replace("_", " ", $name));
$name = str_replace(" ", "_", $name);

$filename = strtolower($name.'.'.$ext);
unset($name, $ext);


Thanks for any help.

[Zachariah]

@imported_Allen

You should have 2 lines of code right next to each other starting with

Quote:

$filename =

Just below:

Quote:

$imginfo['truename'] = $filename;

[kall]

I must say, it's quite slack to have allowed this exploit to occur in the first place, but totally rude not to supply people with free 'upgrades' to the unexploited version.

As with Allan, I don't have that code to find/replace in v2.2.

A suggestion to avoid multiple unhappier customers, provide the fix for all versions.

[imported_Allen]

@ Zacharia

This is what I have:

$imginfo['truename'] = $filename;
$filename = urldecode($filename);
$filename = preg_replace("/[^a-z_.0-9-]/i", '', $filename);

[oldengine]

How does one determine the version number currently installed? I don't find it in the script headers or the config file and I have the brand free option.

Skip it. I found it under admin > vBGallery > Statistics

[Zachariah]

Good idea kall

1.0.0 - 2.1

Code:

Content visible to verified customers only.

2.2, 2.3

Code:

Content visible to verified customers only.

2.4 +

Code:

Content visible to verified customers only.

---------------------------------------------------------

@Oldengine

AdminCP -> vBGallery => Statistics
- Installed Version: x.x.x

OR

vBulletin 3.0 - 3.5

Code:

Content visible to verified customers only.

vBulletin 3.5 - 3.6+

Code:

Content visible to verified customers only.

[Ozark]

Is there a new update for the "Clean" scanner script? What I used in the email (PhotoPost vBGallery Important Security Bulletin) is no help. My site is hacked big time! Ordered upgrade and to see if that would be faster.

[0ptima]

Thanks for providing the fix! The clean.php file needs to be fixed as I had to manually add my files directory to the script.

[AtomicVette]

since this is actually an apache security hole, will it affect my photopost install which is running on IIS6?

[ScottW]

Quote:

Originally Posted by Ozark

Is there a new update for the "Clean" scanner script? What I used in the email (PhotoPost vBGallery Important Security Bulletin) is no help. My site is hacked big time! Ordered upgrade and to see if that would be faster.

The clean script only removes files that hackers might have uploaded using vBGallery. It doesn't repair anything that a hacker might have done to your site using those uploaded files, since there's no way for us to know what they did or didn't do. A hacker executing a malicious script on your server can do anything from wiping your server's hard drive clean, and deleting your databases, to just changing a few pages around. That's why we always recommend backing up your server daily - most hosts offer these services included. Hackers will always find a way to do their thing despite software developers' best efforts.