Php photo gallery TWG | JFUploader | TWG Flash upload | WFU | Forum
https://www.tinywebgallery.com/forum/

1.4.2 installation hacked [Solution: delete examples folder]
https://www.tinywebgallery.com/forum/viewtopic.php?f=5&t=450
Page 1 of 1

Author:  jschor [ 11. Aug 2006, 21:09 ]
Post subject:  1.4.2 installation hacked [Solution: delete examples folder]

One of my 1.4.2 installations has been hacked. Please let me know to which email adress i can sent information about this (if there is a leak somewheren i don't think its good to tell in which file it is on the forum). Not untill there is a solution.

Author:  TinyWebGallery [ 13. Aug 2006, 17:38 ]
Post subject: 

send it to my email



Michael

Author:  TinyWebGallery [ 14. Aug 2006, 16:04 ]
Post subject: 

It not a problem of TWG but of one of the provided example files!
I'll change the zip file that a .htaccess file is in this directory that prevents external access!
Additionally I have added a define to these files that they can only be included by TWG!

/Michael

Author:  novw [ 16. Aug 2006, 11:52 ]
Post subject: 

ditto.

the "open" dirs all contain sh*t that should not be there. Plus I have been receiving tons and tons and tons and tons (!) of german spam since I started running TWG. I am pretty unhappy at the moment...I thought I had found a simple photo-album script, it seems it is too simple to be safe.

And updating is not an optioneither , since it takes ages and ages.

Author:  TinyWebGallery [ 16. Aug 2006, 12:21 ]
Post subject: 

Hi,

TWG itself is save.

This is an example dir that should actually not be upladed at all - simply delete the "examples" folder.
It the current update I have protected this folder too.

You don't have to update - a small delete does the fix!

Any why are you getting german spam? Define spam? I only send messages from the forum once in a while - thats it.
From where should the spam come from? I have all 3 demo running since ages and never got one spam email! The only thing I can think of that robots scan the forum for email addresses and use them for spam - Then you have to hide you email - thats it.

And I do updates of TWG almost 10 times a day! takes me less the 5 minutes per update!

/Michael

Author:  novw [ 16. Aug 2006, 12:40 ]
Post subject: 

do you have 2000+ pictures that are linked to from other pages ? Copying the links takes a month by itself. Thats why updating takes ages.

I got your message (not spam :wink: ) telling about the security issue. That's why I took a look in the first place. I removed the examples/ folder and I am praying this solves the prob. My hoster is trying to get rid of all the non-native files that were left on the server.

And spam is spam. Adds for plastic palmtrees, and I do not know what else. In the german language. I never got any spam from / in German(y) untill (hm) 6 months ago. I might be a coinsidence that this is around the time I registered.

Author:  TinyWebGallery [ 16. Aug 2006, 13:01 ]
Post subject: 

Updating TWG does not change the links.

but do you use TWG to collect 2000 images from other sources?
or to you have links from many sources to the images?

About the spam - TWG itself cannot be the problem.

But if robots scan the forums for emails and add them ....
The only problem is that I don't get any spam over the email here in the forum - maybe I have an excellent spam filter.

all other files from TWG are protected agains external access by either .htaccess files or checks of the parameters (like index.php, image.php ...).

/Michael

Author:  novw [ 16. Aug 2006, 13:24 ]
Post subject: 

I have 2000+ pictures, and webpages point to the TWG page that shows the picture. I do not "allow" linking straight into the picture, showing just the picture.

(catalog-like thing)

(just looked it up: 5439 pictures :oops: )

Author:  TinyWebGallery [ 16. Aug 2006, 14:14 ]
Post subject: 

5400 pictures - new TWG record!

Is the speed still o.k? - My testinstall hast "only" 1300 images.

/Michael

Author:  novw [ 16. Aug 2006, 15:17 ]
Post subject: 

-> http://www.kerstdorpen.nl/catalog2

Author:  TinyWebGallery [ 16. Aug 2006, 15:28 ]
Post subject: 

speed is good on my machine ;).

I you want to speed it up you should change the colage to a single image ;).
Just in case :wink:

/Michael

Page 1 of 1 All times are UTC + 1 hour [ DST ]
Powered by phpBB® Forum Software © phpBB Group
http://www.phpbb.com/