Announcement

#1 2016-09-11 20:43:12

carltonb
Member
2013-02-18
9

Web Site Hacked- How to Restore

A week or so ago my site was hacked. All the picture files and some other files were affected.
I have deleted all of the site.
Webhost has no backups (My fault for not doing a full site backup)
I have a nightly Cron of my Database which was not affected.
I have all my pictures on a cloud drive.

I DO NOT HAVE A SITE BACKUP.

Since my database is intact is there any way I can restore the pictures onto the site.

Any help or ideas greatly appreciated.

Carlton Brooks

Piwigo version: 2.8.2
PHP version: 5.4.45
MySQL version: 5.5.51-38.1
Piwigo URL: http:// CURRENTLY OFF LINE

Offline

 

#2 2016-09-12 13:28:51

eliz82
Member
Romania
2016-04-27
281

Re: Web Site Hacked- How to Restore

I presume you have a backup of the the pictures with the original names.

1) If your pictures have been physical (in galleries directory) it should not be hard. Just copy back the files with they name and folder structure. And restore database back to your sql server. It should work out of the box.

2) If pictures have been virtual (in upload directory) ... Houston you have a problem. Because you know they are uploaded in the directory with /year/month/day/random-file-name.jpg

If you have some minimum php/perl programming skills:
a) You can investigate if the original filenames before renaming are kept somewhere in the Piwigo database? if they are ... your can create a script that is using the info from the database to recreate the folder-file structure of Piwigo.
b) Or maybe you can reverse the renaming files algorithm. Maybe is not random, maybe is an algorithm that can be reversed.

---
As an idea to the developers: I don't like that method of renaming the original files and uploading them to a year/month/day/ directory structure. This is also the Wordpress way and I profoundly dislike it. At lest Wordpress keep the original filenames.
I know is a method of avoiding duplicates but I simply don't like it, there are many reason why and what happened to this guy is one example.
Some software have better methods of avoiding duplicates. Just rename the file if is a duplicate put something like "_1,_2" at the end of the file or directory.

Last edited by eliz82 (2016-09-12 14:23:54)

Offline

 

#3 2016-09-12 15:09:00

carltonb
Member
2013-02-18
9

Re: Web Site Hacked- How to Restore

Thank you for the response.

Houston does have a problem.
All files were uploaded through the Photos> Add Function.
These are automatically loaded to the upload directory.

Is there a way to change it to upload to go to the galleries directory instead.

I will investigate the database to see if I can at least do a partial reconstruction.

Thank you
Carlton Brooks

Offline

 

#4 2016-09-12 20:29:09

eliz82
Member
Romania
2016-04-27
281

Re: Web Site Hacked- How to Restore

carltonb wrote:

Is there a way to change it to upload to go to the galleries directory instead.

Unfortunately no. Read this http://piwigo.org/forum/viewtopic.php?id=24398

It's just a Piwigo developers decision. Theoretically it should be easly to change the upload schema of the web uploader from virtual to physical  (as an admin option) .
All 3 reasons seems superficial to me. They just don't want to add this option, as you can see in the link.

Offline

 

#5 2016-09-12 20:33:34

carltonb
Member
2013-02-18
9

Re: Web Site Hacked- How to Restore

Thanks
Looks like I am starting from scratch some what.

Appreciate all the help.

Offline

 

#6 2016-09-12 22:38:14

flop25
Piwigo Team
2006-07-06
7037

Re: Web Site Hacked- How to Restore

eliz82 wrote:

All 3 reasons seems superficial to me. They just don't want to add this option, as you can see in the link.

ho you have no idea of the nightmare of special characters for web

in fact the main reason is that the upload web/api was coded as a technological break; since that it's now quite hard to reconcile both upload mode (like how to handle pictrues which can be in several albums) Additionally we are fewer with less free time than before


To get a better help : Politeness like Hello-A link-Your past actions precisely described
Check my extensions : more than 30 available
who I am and what I do : http://fr.gravatar.com/flop25
My gallery : an illustration of how to integrate Piwigo in your website

Offline

 

#7 2016-09-13 07:16:23

eliz82
Member
Romania
2016-04-27
281

Re: Web Site Hacked- How to Restore

flop25 wrote:

ho you have no idea of the nightmare of special characters for web

You have a filename error handling for the FTP sync method (for example with the space in the filename with the default config), what stop you for using the same method with the normal uploader?
If you don't like the filename tell that to user and don't upload the file. Is as simple as that.

I don't say to modify the default behaviour of Piwigo, this it's Piwigo team decision and I understand all that 3 reasons that Plg said in that post.
However 1) some of us don't care about security, we don't want to hide pictures. We value more keeping the original filename and a clean path. An easy to recover or easy to move gallery in case of problems
2) I already said about special chars in filename, use the same method as ftp sync. Just show an error
3) duplicates ... just rename the file when is detected as duplicate or show an error

So because of that I say it will be nice to have an admin option to change the web uploader schema from virtual to physical. Like you have seen on the forum they are many of us who want this.

flop25 wrote:

Additionally we are fewer with less free time than before

I observed that :(

Offline

 

#8 2016-09-13 08:12:07

flop25
Piwigo Team
2006-07-06
7037

Re: Web Site Hacked- How to Restore

Don't worry I share your thoughts since the beginning

If you know any web dev with free time... ;-)


To get a better help : Politeness like Hello-A link-Your past actions precisely described
Check my extensions : more than 30 available
who I am and what I do : http://fr.gravatar.com/flop25
My gallery : an illustration of how to integrate Piwigo in your website

Offline

 

Board footer

Powered by FluxBB

github twitter newsletter Donate Piwigo.org © 2002-2024 · Contact