Hi There,
I cannot acces my ImageVue website anymore, it says:'Hacked By TheCur3'
see www.layerlab.nl
What is wrong and how can i fix this?
Thanks in advance for the help.
Dorus
X3 Photo Gallery Support Forums
Strange... the same thing happened to me two days ago... I only just noticed it.mjau-mjau wrote:Your website has been hacked. How I don't know, but it is not possible through imagevue unless you left your login/password open for either Imagevue or FTP, or if you had anything else on your server.
I would suggest: login by FTP, delete everything, change all passwords (ftp etc), setup website from scratch. You could keep Imagevue content folder with the your images, but then you would need to go through each folder manually by FTP and check that there are no suspicious files there.
<allowedext>
mp3,jpg,png,gif,jpeg,swf,doc,docx,flv,html,pdf,txt,php
</allowedext>
It needs something else than the default admin/admin login, as this will allow "hackers" admin access to your web application, and that is never a good idea.Martin wrote:I never realised that that one needed a stronger password...
I have to say this setting is absolutely stupid. It's been driving me crazy!! Install, remove, install, remove, install on another server, remove, install remove.... what an incredibly silly idea (activating it by Default).Nick wrote:.....
In the latest versions there is a setting in Seo > Redirect to Flash which redirects all users from html to flash pages to improve indexing. If you need to use both HTML and Flash version - disable this setting.
Admin >> Settings >> SEO Tab >> Redirect to Flash gallery. >> Un-Tick
First of all, if you have flash disabled, it should NOT redirect to the Flash version. It only redirects to the flash version if flash is enabled, that is the entire point. This allows Google to index the html version, while visitors clicking the indexed links in google, will be forwarded to the flash version (if they have flash enabled). I do not see why this is a silly concept ... Our users want visitors to see the flash gallery (if they have flash).Bulletproof IT wrote:I have Flash disabled by default, so it kept redirecting me back to the Flash page with a "Play" icon in the middle of the screen to download and run the flash media. So going around in circles was not fun!
We never said that it improves indexing by redirecting to flash. What we said, is that Google is a BOT, and will identify itself as a non-flash visitor, hence it will index the HTML gallery. However, a user who finds the gallery link in Google, will most likely wish to see the flash version of the page, and therefore they are redirected to the flash version once the link in Google is clicked (if they have flash enabled).Bulletproof IT wrote:Question: You say that it redirects to Flash to improve indexing. How does Google and other search engines index Flash pages and content?
I am not sure why you need extra security if your server is setup correctly. We have never added anything extra in our popular demo gallery, and it has never been compromised. Just make sure they cannot access your admin, by making sure you have a good username/password.Bulletproof IT wrote:Question: What further options and alternatives are available to boost security and improve and prevent unauthorised access?
I can think of using .htaccess files to prevent access to the /iv-admin/ directory and:
- Specific File Types
- Specific Sub-Directories,
- I.P. Address Restriction,
- Password Protection.
I'd recommend these options and hopefully have at least one implemented by default. Currently there is no htaccess provided - to include basic details such as "DirectoryIndex index.html index.php", etc, etc....
Solutions?
I mean to say "I have Flash disabled by default **in my browser**". I'm finding things to be really very random. For example when visiting Firefox gets redirected to HTML now. I've even set Flash to load automatically by adding the URL to the whitelist. So flash loads immediatley after loading the page.mjau-mjau wrote:First of all, if you have flash disabled, it should NOT redirect to the Flash version. It only redirects to the flash version if flash is enabled, that is the entire point. This allows Google to index the html version, while visitors clicking the indexed links in google, will be forwarded to the flash version (if they have flash enabled). I do not see why this is a silly concept ... Our users want visitors to see the flash gallery (if they have flash).Bulletproof IT wrote:I have Flash disabled by default, so it kept redirecting me back to the Flash page with a "Play" icon in the middle of the screen to download and run the flash media. So going around in circles was not fun!
Please send us link if this is happening for you.
Sorry, I think there is some confusion. I was quoting what Nick had said. Please understand that I'm referring to earlier posts in this topic (Nick @ 02 May 2013, 03:27)mjau-mjau wrote:We never said that it improves indexing by redirecting to flash. What we said, is that Google is a BOT, and will identify itself as a non-flash visitor, hence it will index the HTML gallery. However, a user who finds the gallery link in Google, will most likely wish to see the flash version of the page, and therefore they are redirected to the flash version once the link in Google is clicked (if they have flash enabled).Bulletproof IT wrote:Question: You say that it redirects to Flash to improve indexing. How does Google and other search engines index Flash pages and content?
If you have disabled flash in your browser, it should redirect to the html version (like you say you are experiencing). Not sure about this whitelist you speak about ... Normally if you disable flash in your browser, it is disabled and thats it.Bulletproof IT wrote:I mean to say "I have Flash disabled by default **in my browser**". I'm finding things to be really very random. For example when visiting Firefox gets redirected to HTML now. I've even set Flash to load automatically by adding the URL to the whitelist. So flash loads immediatley after loading the page.
So I'm not sure what's wrong with the site.
That is correct!Bulletproof IT wrote:So what I said was right, it cannot index the flash content, only the HTML content... right?
I cannot see that I received any PM from you.Bulletproof IT wrote:p.s. PM'd you the URL to the installation. Thank you.