🌍
English
Announcement
- [2024-04-17] Piwigo 14.4.0
- [2024-04-01] Piwigo in Hobbit runes
- [2024-03-01] Piwigo 14.3.0
- [2024-01-30] Piwigo 14.2.0
- [2023-12-29] Piwigo 14.1.0
#1 2017-01-04 08:00:59
- CharlieM
- Member
- Gloucester, UK
- 2015-04-27
- 71
Is my site hacked
Hi
I have a site I recently set up. Today the web host contacted me to say they have disabled scripting on the site due to a permanent process running on the site. They say this may be due to the site being hacked. The logs show:-
12903 gloucesterphotos.co.uk (449 s) [03/Jan/2017:16:42:32 +0000]
"convert" (/bin/bash) /bin/sh /usr/bin/convert /home/sites/gloucesterphotos.co.uk/public_html/upload/2017/01/03/20170103105939-b5029e17.jpg -filter Lanczos -resize 1008x671! -compose dissolve -define compose:args=100 /home/sites/gloucesterphotos.co.uk/public_html/themes/default/watermarks/copyright.png -gravity NorthWest -geometry +417+311 -composite -quality 95 -interlace line -sampling-factor 4:2:2 /home/sites/gloucesterphotos.co.uk/public_html/_data/i/upload/2017/01/03/20170103105939-b5029e17-la.jpg
convert 12903 gloucesterphotos.co.uk 0r FIFO 0,8 0t0 1165876393 pipe
convert 12903 gloucesterphotos.co.uk 1w FIFO 0,8 0t0 1165876474 pipe
convert 12903 gloucesterphotos.co.uk 2w FIFO 0,8 0t0 1165876474 pipe
convert 12903 gloucesterphotos.co.uk 255r REG 8,5 669 17063 /usr/bin/im-wrapper
Can anyone shed any light on this?
Piwigo version: Not sure was updated to latest version yesterday
PHP version: 5.2
Piwigo URL: http://gloucesterphotos.co.uk
Offline
#2 2017-01-04 14:33:24
- flop25
- Piwigo Team
- 2006-07-06
- 7037
Re: Is my site hacked
Hello
as you can read it's just the processing of uploaded pictures
That's something you will learn in the plugin Take A Tour
To get a better help : Politeness like Hello-A link-Your past actions precisely described
Check my extensions : more than 30 available
who I am and what I do : http://fr.gravatar.com/flop25
My gallery : an illustration of how to integrate Piwigo in your website
Offline
#3 2017-01-04 14:36:56
- CharlieM
- Member
- Gloucester, UK
- 2015-04-27
- 71
Re: Is my site hacked
Thanks @Flop25. This confuses me as the host say it was running as a continuous process. How can that be as the site only has a few images on it. Is it possible that the process crashed/hung?
Offline
#4 2017-01-04 14:41:59
- flop25
- Piwigo Team
- 2006-07-06
- 7037
Re: Is my site hacked
check the creation fo those pictrues in _data/i and if the thumbnails displayed are from i.php or _data/i
Or that might be due to the fact that you have very few visitors and so the pictures never got generated until recently someone discovered your gallery
your gallery is locked so I cna't tell
Ps: web hosters for shared hosting won't check themself what's wrong. Their scripts check for errors or anything detrimental for their business, then usually block a part or the whole website.
To get a better help : Politeness like Hello-A link-Your past actions precisely described
Check my extensions : more than 30 available
who I am and what I do : http://fr.gravatar.com/flop25
My gallery : an illustration of how to integrate Piwigo in your website
Offline
#6 2017-01-06 11:19:50
- CharlieM
- Member
- Gloucester, UK
- 2015-04-27
- 71
Re: Is my site hacked
Just to add that the host has now confirmed that there are no vulnerabilities and that this must have been due to the image process script crashing and remaining open. AFAIK this must be a very rare event as I am now using Piwigo on a number of sites an nothing like this has occurred before.
Offline
#7 2017-01-16 00:23:16
- CharlieM
- Member
- Gloucester, UK
- 2015-04-27
- 71
Re: Is my site hacked
Just to update. This issue returned so I reinstalled the site and no further problems.
Offline