This isn’t Yet Another PHP Security blog post, like you see on all the other websites. This is aimed at people who run existing software such as SMF, Joomla and Wordpress.

Some people using pre-made software think they are immune to hacking attempts. 4 days ago, there was a vulnerability found in the latest version of the Coppermine Gallery software, after the vulnerability was made public, hundreds of people got hit, and their galleries essentially destroyed. Infact there were 2 SQL injection vulnerabilities found within 5 days of each other. For something that has been in development since September 7th 2003, thats pretty scary.

Now, if you owned a Coppermine Gallery what measures could you take to make sure that your installation was safe, even if you couldn’t patch it yourself, you could take it offline until one is released. The website securityfocus.com is a security and vulnerability website. People post the latest vulnerabilities there in software, for example one of the coppermine vulns , http://www.securityfocus.com/bid/28767 . If you do a daily run of your blogs/forums, you could also go there and type in the version and software that your using to do a quick check. Social news websites such as digg, stumbleupon and del.icio.us are also good for checking for a vulnerability. Again, just type in your software name and version number and some results might come up!

There is no proper way to prevent your website from being hacked, all of these new exploits are 0 days. Its a race between you shutting down or patching your website, and the hacker getting to it first.