Security issue with RSGallery?

Discussion regarding Joomla! 1.5 security issues.
Joomla! Vulnerable Extensions: http://feeds.joomla.org/JoomlaSecurityV ... Extensions

Moderator: General Support Moderators

Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Security Checklist
Forum Post Assistant - If you are serious about wanting help, you will use this tool to help you post.
Locked
rhonda427
Joomla! Apprentice
Joomla! Apprentice
Posts: 24
Joined: Sat Oct 14, 2006 9:50 am

Security issue with RSGallery?

Post by rhonda427 » Mon Mar 03, 2008 9:52 am

I have a huge number of errors in my error logs where no ip-address is displayed. They are mainly related to rsgallery2 (picture gallery manager) and ja_purity (template). Does anyone know if this is hackers trying to exploit a possible vulnerability in these programs, or what can be the cause? Please see an extract from my error log below:

Code: Select all

[Mon Mar  3 01:50:53 2008] [error] PHP Warning:  Missing argument 1 for downloadfile() in /home/mysite/public_html/components/com_rsgallery2/main.rsgallery2.php on line 57
[Mon Mar  3 01:48:44 2008] [error] PHP Warning:  mkdir(/home/mysite/public_html/components/com_rsgallery2/lib/exifreader/cache_thumbs) [<a href='function.mkdir'>function.mkdir</a>]: Permission denied in /home/mysite/public_html/components/com_rsgallery2/lib/exifreader/exifReader.php on line 389
[Mon Mar  3 01:46:59 2008] [error] PHP Warning:  mkdir(/home/mysite/public_html/components/com_rsgallery2/lib/exifreader/cache_thumbs) [<a href='function.mkdir'>function.mkdir</a>]: Permission denied in /home/mysite/public_html/components/com_rsgallery2/lib/exifreader/exifReader.php on line 389
[Mon Mar  3 01:45:07 2008] [error] PHP Warning:  mkdir(/home/mysite/public_html/components/com_rsgallery2/lib/exifreader/cache_thumbs) [<a href='function.mkdir'>function.mkdir</a>]: Permission denied in /home/mysite/public_html/components/com_rsgallery2/lib/exifreader/exifReader.php on line 389
[Mon Mar  3 01:43:09 2008] [error] PHP Warning:  mkdir(/home/mysite/public_html/components/com_rsgallery2/lib/exifreader/cache_thumbs) [<a href='function.mkdir'>function.mkdir</a>]: Permission denied in /home/mysite/public_html/components/com_rsgallery2/lib/exifreader/exifReader.php on line 389
[Mon Mar  3 01:41:08 2008] [error] PHP Warning:  mkdir(/home/mysite/public_html/components/com_rsgallery2/lib/exifreader/cache_thumbs) [<a href='function.mkdir'>function.mkdir</a>]: Permission denied in /home/mysite/public_html/components/com_rsgallery2/lib/exifreader/exifReader.php on line 389
[Mon Mar  3 01:39:29 2008] [error] PHP Warning:  Cannot modify header information - headers already sent by (output started at /home/mysite/public_html/components/com_rsgallery2/main.rsgallery2.php:100) in /home/mysite/public_html/templates/ja_purity/ja_templatetools.php on line 48
[Mon Mar  3 01:39:27 2008] [error] PHP Warning:  Missing argument 1 for downloadfile() in /home/mysite/public_html/components/com_rsgallery2/main.rsgallery2.php on line 57
[Mon Mar  3 01:37:29 2008] [error] PHP Warning:  Cannot modify header information - headers already sent by (output started at /home/mysite/public_html/components/com_rsgallery2/main.rsgallery2.php:100) in /home/mysite/public_html/templates/ja_purity/ja_templatetools.php on line 48
[Mon Mar  3 01:37:29 2008] [error] PHP Warning:  Missing argument 1 for downloadfile() in /home/mysite/public_html/components/com_rsgallery2/main.rsgallery2.php on line 57
[Mon Mar  3 01:35:36 2008] [error] PHP Warning:  Cannot modify header information - headers already sent by (output started at /home/mysite/public_html/components/com_rsgallery2/main.rsgallery2.php:100) in /home/mysite/public_html/templates/ja_purity/ja_templatetools.php on line 48
[Mon Mar  3 01:35:35 2008] [error] PHP Warning:  Missing argument 1 for downloadfile() in /home/mysite/public_html/components/com_rsgallery2/main.rsgallery2.php on line 57
[Mon Mar  3 01:33:36 2008] [error] PHP Warning:  mkdir(/home/mysite/public_html/components/com_rsgallery2/lib/exifreader/cache_thumbs) [<a href='function.mkdir'>function.mkdir</a>]: Permission denied in /home/mysite/public_html/components/com_rsgallery2/lib/exifreader/exifReader.php on line 389
[Mon Mar  3 01:31:48 2008] [error] PHP Warning:  Cannot modify header information - headers already sent by (output started at /home/mysite/public_html/components/com_rsgallery2/main.rsgallery2.php:100) in /home/mysite/public_html/templates/ja_purity/ja_templatetools.php on line 48
[Mon Mar  3 01:31:47 2008] [error] PHP Warning:  Missing argument 1 for downloadfile() in /home/mysite/public_html/components/com_rsgallery2/main.rsgallery2.php on line 57
[Mon Mar  3 01:30:14 2008] [error] PHP Warning:  mkdir(/home/mysite/public_html/components/com_rsgallery2/lib/exifreader/cache_thumbs) [<a href='function.mkdir'>function.mkdir</a>]: Permission denied in /home/mysite/public_html/components/com_rsgallery2/lib/exifreader/exifReader.php on line 389
[Mon Mar  3 01:29:53 2008] [error] PHP Warning:  Cannot modify header information - headers already sent by (output started at /home/mysite/public_html/components/com_rsgallery2/main.rsgallery2.php:100) in /home/mysite/public_html/templates/ja_purity/ja_templatetools.php on line 48
[Mon Mar  3 01:29:52 2008] [error] PHP Warning:  Missing argument 1 for downloadfile() in /home/mysite/public_html/components/com_rsgallery2/main.rsgallery2.php on line 57
[Mon Mar  3 01:28:02 2008] [error] PHP Warning:  mkdir(/home/mysite/public_html/components/com_rsgallery2/lib/exifreader/cache_thumbs) [<a href='function.mkdir'>function.mkdir</a>]: Permission denied in /home/mysite/public_html/components/com_rsgallery2/lib/exifreader/exifReader.php on line 389
[Mon Mar  3 01:26:02 2008] [error] PHP Warning:  Cannot modify header information - headers already sent by (output started at /home/mysite/public_html/components/com_rsgallery2/main.rsgallery2.php:100) in /home/mysite/public_html/templates/ja_purity/ja_templatetools.php on line 48
[Mon Mar  3 01:26:02 2008] [error] PHP Warning:  Missing argument 1 for downloadfile() in /home/mysite/public_html/components/com_rsgallery2/main.rsgallery2.php on line 57
[Mon Mar  3 01:24:06 2008] [error] PHP Warning:  Cannot modify header information - headers already sent by (output started at /home/mysite/public_html/components/com_rsgallery2/main.rsgallery2.php:100) in /home/mysite/public_html/templates/ja_purity/ja_templatetools.php on line 48
[Mon Mar  3 01:24:06 2008] [error] PHP Warning:  Missing argument 1 for downloadfile() in /home/mysite/public_html/components/com_rsgallery2/main.rsgallery2.php on line 57
[Mon Mar  3 01:22:52 2008] [error] PHP Warning:  mkdir(/home/mysite/public_html/components/com_rsgallery2/lib/exifreader/cache_thumbs) [<a href='function.mkdir'>function.mkdir</a>]: Permission denied in /home/mysite/public_html/components/com_rsgallery2/lib/exifreader/exifReader.php on line 389
[Mon Mar  3 01:22:44 2008] [error] PHP Warning:  Cannot modify header information - headers already sent by (output started at /home/mysite/public_html/components/com_rsgallery2/main.rsgallery2.php:100) in /home/mysite/public_html/templates/ja_purity/ja_templatetools.php on line 48
[Mon Mar  3 01:22:43 2008] [error] PHP Warning:  Missing argument 1 for downloadfile() in /home/mysite/public_html/components/com_rsgallery2/main.rsgallery2.php on line 57
[Mon Mar  3 00:56:58 2008] [error] PHP Warning:  mkdir(/home/mysite/public_html/components/com_rsgallery2/lib/exifreader/cache_thumbs) [<a href='function.mkdir'>function.mkdir</a>]: Permission denied in /home/mysite/public_html/components/com_rsgallery2/lib/exifreader/exifReader.php on line 389
[Mon Mar  3 00:40:21 2008] [error] PHP Warning:  mkdir(/home/mysite/public_html/components/com_rsgallery2/lib/exifreader/cache_thumbs) [<a href='function.mkdir'>function.mkdir</a>]: Permission denied in /home/mysite/public_html/components/com_rsgallery2/lib/exifreader/exifReader.php on line 389
[Mon Mar  3 00:11:51 2008] [error] PHP Warning:  Cannot modify header information - headers already sent by (output started at /home/mysite/public_html/components/com_rsgallery2/main.rsgallery2.php:100) in /home/mysite/public_html/templates/ja_purity/ja_templatetools.php on line 48


locutus
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 111
Joined: Thu Aug 18, 2005 6:43 pm

Re: Security issue with RSGallery?

Post by locutus » Mon Mar 03, 2008 1:51 pm

Are you using RS gallery's latest version? in 1.14.3 there was a low threat security fix. The php warnings say there is something wrong with exif. Try to disable it in RSGallery and see if there are still errors.

rhonda427
Joomla! Apprentice
Joomla! Apprentice
Posts: 24
Joined: Sat Oct 14, 2006 9:50 am

Re: Security issue with RSGallery?

Post by rhonda427 » Mon Mar 03, 2008 2:18 pm

Yes, I'm using 1.14.3. and have tried to disable exif. So I will see if this helps.

This morning I had 60 visitors and as it is relatively new, and not yet fully in the search engine indexes, I found this quite peculiar.

But thanks for your help.


Locked

Return to “Security in Joomla! 1.5”