Announcement

#1 2018-09-10 09:23:07

aviceda
Member
2013-06-09
8

Are my Piwigo installations being 'hacked'?

Hi,

Recently I suspected that my piwigo albums were being 'hacked' after seeing a Wordfence WP plugin's report. I backed up all the images and re-installed them to different URL's. Unfortunately the same thing seems to be happening again (see attached screenshot)

The logs are full of messages showing some conversion to a filenames such as cpbg_0356_800.JPG converted to one with a location added, like <i>cpbg_0356_800-sq.JPG</i>
Is this a 'legimate' action of Piwigo or an intrusion? From the times given it seems to be happening when I'm not logged on.

Also icons don't seem to display in the 'bootloader' theme, but were showing at the weekend, this could be something completely separate maybe PHP Version 7?

Are there any ways (such as .htaccess, permissions) that I can use to 'lock' malicious people out?

Tom






Piwigo version: 2.9.4
PHP version: 7.1.21
MySQL version: 5.6.40
Piwigo URL: https://aviceda.org/800px


Uploaded Images

Offline

 

#2 2018-09-10 15:46:09

erAck
Member
2015-09-06
172

Re: Are my Piwigo installations being 'hacked'?

The -sq in cpbg_0356_800-sq.JPG is legitimate, that's just the generated square thumbnail for the cpbg_0356_800.JPG image. Also your screenshot shows just other thumbnail or picture sizes that are generated on request when someone views a picture page.


Running Piwigo at https://erack.net/gallery/

Offline

 

Board footer

Powered by FluxBB

github twitter facebook google+ newsletter Donate Piwigo.org © 2002-2019 · Contact