Another thing that bothers me:

The newsticker is running in the wrong direction. It is running from left to right which means that you have to read the sentences starting at the end.

Thanks

Hello,

yes, that’s correct. In line 258, the font size is set to `5px` (`font-size:5px;`), which affects two tabs.

It should be set to `12px` (`font-size:12px;`) or higher.

css:

/* Table: Layout & Spacing */
.bot-info-table {
  width: 60%;
  border-collapse: separate;
  border-spacing: 0;
  table-layout: fixed;
  font-size: 12px;
}

You can either edit the affected line yourself or download the corrected style.zip file here.

Please replace the file with the corrected version. After that, refresh the page with **Ctrl + F5** to make sure the updated stylesheet is loaded.

Thank you.

Have a nice day,
Olaf

Thanks too and I didn't notice that the newsticker can be managed in the settings tab.

Hello,

For some reasons I'm not able to change now IP-addresses of all visitors of my Piwigo gallery are 127.0.0.1.
So, blocking bots by IP is not my case.

I included 127.0.0.1 in the IP's White list and excluded it from Blocked IPs list. Nevertheless this address appears in Blocked IPs list immediately (I guess when new visitor comes). And I have reports from visitors that gallery responds with 403 error.

Is it possible to exclude 127.0.0.1 address from Blocked IPs list forever?
The bots' blocking itself works very effective.

BYB version is 2.4.2, installed yesterday.
Piwigo 16.3.0
PHP 8.2.0

Thanks,
  Alexandr

Hello Olaf,

Thank you very much.

In my case, but this is for sure not the universal rule, the real IP of each visitor is written into the header X-Real-IP
PHP shows it as $_SERVER['HTTP_X_REAL_IP']

Alexandr

Last edited by abravorus (2026-03-30 15:00:16)

abravorus wrote:

Hello Olaf,

I decided to play a little bit with BYB plugin on weekend and I have two questions:

1) Is it correct that function "bp_current_ip()" is the only point where current ip-address defined?

2) Does the plugin's code cached somehow in Piwigo or PHP environment and if yes what should I do to renew the code after the change of source code?

I've made a very simple change in function bp_current_ip() by changing $_SERVER['REMOTE_ADDR'] to $_SERVER['HTTP_X_REAL_IP'] (which I can check independently by phpinfo()), but in BYB control panel I still see the same ip-address equal to  $_SERVER['REMOTE_ADDR']

Thanks,
  Alexandr

Hello Alexandr,

thank you for your feedback.

To better understand your setup, I have a few short questions:

* What kind of server or hosting package are you using for your Piwigo installation?
* Is it normal shared hosting, a VPS / vServer, a dedicated server, or something else?
* Are you using Apache, nginx, or a combination of both?
* Is there any reverse proxy, load balancer, Cloudflare, or similar proxy service in front of Piwigo?
* How exactly is Piwigo installed on your side?
* Is it installed directly in your webspace, in a subfolder, through a hosting panel, or in a special server environment?

This is important because `X-Real-IP` is usually only available and useful in certain proxy or server configurations.

Olaf

My primary Piwigo site keeps getting pounded by, I assume, bots and even BYB doesn't seem to help. The IPs are all different so it's not triggering flood protection. Only commonality I can find is that the User-Agent always seems to be:

Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36

And these bots are crawing all sorts of Piwigo URLs against my site like:

- GET /photos/index.php?/tags/
- GET /photos/picture.php?/<id>/tags
- GET /photos/index.php?/categories/created-weekly-list-yyyy-mm-dd
- GET /photos/search.php?tag_id=xxxx,xxxx,xxxx

Going through my web server stats, I've been pulling out the IPs with the highest bandwidth usage (around 2.4gb each, it's almost like they stop after that) and adding them to the blocked IPs list. 98% of my traffic yesterday (150gb!) was PHP files from my Piwigo site and these crawlers.

Update: I've tried enabling DNS proxy through Cloudflare to see if that will help, but now I'm wondering if BYB's flood protection could end up blocking Cloudflare IPs? Suggestions on how to handle a problem like this?

Update 2: I finally had to write a configuration rule on my Cloudflare account for the domain to basically enable "I'm under attack" mode for my Piwigo URI and that finally stemmed the traffic. Of course, now that broke the Piwigo IOS app since it can't accept the Cloudflare challenge, but at least I'm able to get into my own site now.

Last edited by windracer (2026-04-18 22:00:26)