This question is answered. Helpful answers available: 2. Correct answers available: 1.


Permlink Replies: 2 - Pages: 1 - Last Post: 2 Dec 18, 04:59 Last Post By: parametric
parametric

Posts: 15
Registered: 21-Sep-2012
My Website and linked JAlbum instance (12.7.2 - Java 1.8 32bit) got hacked
Posted: 24 Nov 18, 03:48
 
  Click to reply to this thread Reply
My Domainhost admin, who is currently repairing the damage remarked . . .

"The gallery seems to have a security loophole. It is not database driven..or at least not MySQL so I assume it is using a cgi database and that presents a massive security risk. CGI is a script and can easily be hacked. If you have a user name and password for logging into the gallery online, definitely change that now. "

Any observations on this?

I'm very happy with JAlbum version 12, and really need no more than it offers, but perhaps security is improved in the next version?

ATB

parametric
JeffTucker

Posts: 8,039
Registered: 31-Jan-2006
Re: My Website and linked JAlbum instance (12.7.2 - Java 1.8 32bit) got hacked
Posted: 24 Nov 18, 06:09   in response to: parametric in response to: parametric
 
  Click to reply to this thread Reply
Your host admin is blowing smoke. There is no CGI in a jAlbum-produced gallery - it's not database driven. In fact, there's no server-side processing in such a gallery at all - it consists solely of HTML, CSS, and Javascript, all of which are simply passed to the visitor's PC, where the only "processing" takes place. Nothing is passed back to the server.

A jAlbum gallery is not directly hackable. It can be affected only if a hacker gains access to your host by some other means, like hacking your PC or your cPanel account. The album itself has no pathway for a hacker to exploit.
parametric

Posts: 15
Registered: 21-Sep-2012
Re: My Website and linked JAlbum instance (12.7.2 - Java 1.8 32bit) got hacked
Posted: 2 Dec 18, 04:59   in response to: JeffTucker in response to: JeffTucker
 
  Click to reply to this thread Reply
Thanks JG . . . .

That's good to know. JAlbum has obviously been WELL DESIGNED from the ground up.

It seems its been got at in the public_html folder, via the CPanel Admin login.

My logins have been altered and I'm about to add 2-step authentification, via my Phone - which should stop this happening . .

Sorry for the late reply, but thanks for your confirmation . . . .

ATB

parametric
Legend
Forum admins
Helpful Answer
Correct Answer

Point your RSS reader here for a feed of the latest messages in all forums