Hi,

Recently I suspected that my piwigo albums were being 'hacked' after seeing a Wordfence WP plugin's report. I backed up all the images and re-installed them to different URL's. Unfortunately the same thing seems to be happening again (see attached screenshot)

The logs are full of messages showing some conversion to a filenames such as cpbg_0356_800.JPG converted to one with a location added, like <i>cpbg_0356_800-sq.JPG</i>
Is this a 'legimate' action of Piwigo or an intrusion? From the times given it seems to be happening when I'm not logged on.

Also icons don't seem to display in the 'bootloader' theme, but were showing at the weekend, this could be something completely separate maybe PHP Version 7?

Are there any ways (such as .htaccess, permissions) that I can use to 'lock' malicious people out?

Tom






Piwigo version: 2.9.4
PHP version: 7.1.21
MySQL version: 5.6.40
Piwigo URL: https://aviceda.org/800px