Someones hacking my pixelpost database

[Mav]

Maybe this will convince you to upgrade : Security advisory for Pixelpost version 1.5-beta and prior.

With this vulnerability they can fetch almost any data from the database, and from any tables. So yeah, upgrading might help. The final 1.5 version seems to be safe. And 1.6 is still in beta, but I'll stick with 1.6 myself for now.

New versions usually include security patches, I'm a little surprised that devs/admins even give other possible solutions first.

[Dennis+]

1.6 isn't in beta anymore

The reason we're trying another solution is because of the hacks applied here. But I strongly advise the following:

1. Copy all files and folders related to Pixelpost to your computer as a backup
2. Remove all files related to Pixelpost (if you done it well, you have all your images on your own pc.
3. The next step is important and you have to feel comfortable with this: export your database (structure and data). This gives a nice ASCII file with all the database content. You can try to remove all suspicious code but this is not what I recommend.
4. Drop the entire database
5. Create a new database (different name, different user, different password)
6. Download the new version from our website
7. Extract all files on your server.
8. Install Pixelpost
9. (and this requires the most work) reupload all the images. For descriptions you can look at the database backup (the ascii file) but make sure you don't copy/paste malicious code in your new blog.

This will remove the comments. This might be the only way to make sure you have a clean blog. (if you have the knowledge to clean the comments you can import them again... but only do this if yoy know what you're doing.)

[mark]

fun fun

First i think im gonna try upgrading to 1.6 and getting all my custom stuff back in my index.php. The only thing im worried about here is what the upgrade will do to my current database. When i run the "admin" index.php, im afraid on what it'll do. I'll have a backup of my database, but still..its worrisome. does the initial run of the admin index.php write over and replace anything, or does it just try to build tables?

[Dennis+]

It is always an upgrade process, so it starts from 1.3 and then upgrades the database. Should go quite easy, but still, you never know.

[austriaka+]

overthink your custom stuff in index.php. There have been a lot of changes ad a bunch of new addons with 1.4, 1.5 and 1.6
So perhaps you even don't have to hack the core files anymore but could realize your custom workflow with addons?
If you tell us what you want to implement, we can tell you
KArin

[mark]

yeah, theres no doubt i should have done it with addons in the first place, but at the time i didnt know any better. The main custom things are some silly visual stuff that i built in the index.php.......i dont think it'll be a big deal to implement again (if i do it the same silly way) when i upgrade. ...

I guess the main problem that im worried about is that I programmed the multicategory thing in the first place that was implemented in the following releases....and i see that you are using the same table names that i originally created and named, but i havent checked to make sure that all the column names have the same name. I dont want to start the upgrade until im sure all my categories will be in place....I've also added some columns to some other tables, but really they arent that important....