Photo Gallery Forums

Hi There,

I cannot acces my ImageVue website anymore, it says:'Hacked By TheCur3'
see www.layerlab.nl

What is wrong and how can i fix this?

Thanks in advance for the help.

Dorus

Your website has been hacked. How I don't know, but it is not possible through imagevue unless you left your login/password open for either Imagevue or FTP, or if you had anything else on your server.

I would suggest: login by FTP, delete everything, change all passwords (ftp etc), setup website from scratch. You could keep Imagevue content folder with the your images, but then you would need to go through each folder manually by FTP and check that there are no suspicious files there.

mjau-mjau wrote:Your website has been hacked. How I don't know, but it is not possible through imagevue unless you left your login/password open for either Imagevue or FTP, or if you had anything else on your server.

I would suggest: login by FTP, delete everything, change all passwords (ftp etc), setup website from scratch. You could keep Imagevue content folder with the your images, but then you would need to go through each folder manually by FTP and check that there are no suspicious files there.

Strange... the same thing happened to me two days ago... I only just noticed it.
Gladly I had a backup from before the time of the hack, so I could delete the added/changed files...

Is it possible to hack through the Imagevue admin?
I had the default Imagevue software installed in a separate directory and no special password for the admin on that one...

Just a thought...

Martin

Looks like they log in to Imagevue galleries with the default password (or guess passwords in some cases), then change allowed file extensions, add php and upload php script. Here is a part of config from one of the galleries I found:
We will release an update that doesn't allow php or phtml files to be uploaded no matter what.

Please download 2.8.10 just released that doesn't let you upload any suspicious files. And please, choose better passwords.

Hi Nick,

Thanks for looking into this and for the quick update.

I kept a default installation of Imagevue in a separate directory just for testing something.
I never realised that that one needed a stronger password...

Thnx!

Martin wrote:I never realised that that one needed a stronger password...

It needs something else than the default admin/admin login, as this will allow "hackers" admin access to your web application, and that is never a good idea.

The problem occurs when the uninvited user accesses the admin, goes to settings and changes the file types that can be uploaded (including PHP) files, and then proceeds to upload some malicious PHP file from the uploader. Once they are able to upload PHP files to the server, Imagevue's own restrictions won't do much ...

This has been fixed in latest release so that even if they can login to an unprotected admin, they still will not be able to upload certain file types.

...but now I cannot insert jpg into textpages or enter into the html view in textppages after upgrading 2.8.10

Regarding images, I bet some javascript got cached, please clear your browser cache.

In the latest versions there is a setting in Seo > Redirect to Flash which redirects all users from html to flash pages to improve indexing. If you need to use both HTML and Flash version - disable this setting.

Nick wrote:.....
In the latest versions there is a setting in Seo > Redirect to Flash which redirects all users from html to flash pages to improve indexing. If you need to use both HTML and Flash version - disable this setting.

I have to say this setting is absolutely stupid. It's been driving me crazy!! Install, remove, install, remove, install on another server, remove, install remove.... what an incredibly silly idea (activating it by Default).
There is no way to know or be aware of this new setting - perhaps a new Block on the RHS of the Admin area could include these "NEW" settings for configuration and include a shortcut?

I have Flash disabled by default, so it kept redirecting me back to the Flash page with a "Play" icon in the middle of the screen to download and run the flash media. So going around in circles was not fun!


Question: You say that it redirects to Flash to improve indexing. How does Google and other search engines index Flash pages and content?

Thank you so much for the solution to Flash/HTML!!!

Admin >> Settings >> SEO Tab >> Redirect to Flash gallery. >> Un-Tick

Question: What further options and alternatives are available to boost security and improve and prevent unauthorised access?

I can think of using .htaccess files to prevent access to the /iv-admin/ directory and:
- Specific File Types
- Specific Sub-Directories,
- I.P. Address Restriction,
- Password Protection.

I'd recommend these options and hopefully have at least one implemented by default. Currently there is no htaccess provided - to include basic details such as "DirectoryIndex index.html index.php", etc, etc....

Solutions?

Bulletproof IT wrote:I have Flash disabled by default, so it kept redirecting me back to the Flash page with a "Play" icon in the middle of the screen to download and run the flash media. So going around in circles was not fun!

First of all, if you have flash disabled, it should NOT redirect to the Flash version. It only redirects to the flash version if flash is enabled, that is the entire point. This allows Google to index the html version, while visitors clicking the indexed links in google, will be forwarded to the flash version (if they have flash enabled). I do not see why this is a silly concept ... Our users want visitors to see the flash gallery (if they have flash).

Please send us link if this is happening for you.

Bulletproof IT wrote:Question: You say that it redirects to Flash to improve indexing. How does Google and other search engines index Flash pages and content?

We never said that it improves indexing by redirecting to flash. What we said, is that Google is a BOT, and will identify itself as a non-flash visitor, hence it will index the HTML gallery. However, a user who finds the gallery link in Google, will most likely wish to see the flash version of the page, and therefore they are redirected to the flash version once the link in Google is clicked (if they have flash enabled).

Bulletproof IT wrote:Question: What further options and alternatives are available to boost security and improve and prevent unauthorised access?

I can think of using .htaccess files to prevent access to the /iv-admin/ directory and:
- Specific File Types
- Specific Sub-Directories,
- I.P. Address Restriction,
- Password Protection.

I'd recommend these options and hopefully have at least one implemented by default. Currently there is no htaccess provided - to include basic details such as "DirectoryIndex index.html index.php", etc, etc....

Solutions?

I am not sure why you need extra security if your server is setup correctly. We have never added anything extra in our popular demo gallery, and it has never been compromised. Just make sure they cannot access your admin, by making sure you have a good username/password.

mjau-mjau wrote:

Bulletproof IT wrote:I have Flash disabled by default, so it kept redirecting me back to the Flash page with a "Play" icon in the middle of the screen to download and run the flash media. So going around in circles was not fun!

First of all, if you have flash disabled, it should NOT redirect to the Flash version. It only redirects to the flash version if flash is enabled, that is the entire point. This allows Google to index the html version, while visitors clicking the indexed links in google, will be forwarded to the flash version (if they have flash enabled). I do not see why this is a silly concept ... Our users want visitors to see the flash gallery (if they have flash).

Please send us link if this is happening for you.

I mean to say "I have Flash disabled by default **in my browser**". I'm finding things to be really very random. For example when visiting Firefox gets redirected to HTML now. I've even set Flash to load automatically by adding the URL to the whitelist. So flash loads immediatley after loading the page.
So I'm not sure what's wrong with the site.

mjau-mjau wrote:

Bulletproof IT wrote:Question: You say that it redirects to Flash to improve indexing. How does Google and other search engines index Flash pages and content?

We never said that it improves indexing by redirecting to flash. What we said, is that Google is a BOT, and will identify itself as a non-flash visitor, hence it will index the HTML gallery. However, a user who finds the gallery link in Google, will most likely wish to see the flash version of the page, and therefore they are redirected to the flash version once the link in Google is clicked (if they have flash enabled).

Sorry, I think there is some confusion. I was quoting what Nick had said. Please understand that I'm referring to earlier posts in this topic (Nick @ 02 May 2013, 03:27)
So what I said was right, it cannot index the flash content, only the HTML content... right?

Thanks for your time and clarifying my security concerns for the gallery installation!

p.s. PM'd you the URL to the installation. Thank you.

Bulletproof IT wrote:I mean to say "I have Flash disabled by default **in my browser**". I'm finding things to be really very random. For example when visiting Firefox gets redirected to HTML now. I've even set Flash to load automatically by adding the URL to the whitelist. So flash loads immediatley after loading the page.
So I'm not sure what's wrong with the site.

If you have disabled flash in your browser, it should redirect to the html version (like you say you are experiencing). Not sure about this whitelist you speak about ... Normally if you disable flash in your browser, it is disabled and thats it.

Mobile Device >> Will show the mobile version.
Desktop, non flash (or disabled) >> Will redirect to the html version.
Desktop, flash >> Will show the default flash version.

If any of the above conditions do not apply for you, I would need to diagnose the links

Bulletproof IT wrote:So what I said was right, it cannot index the flash content, only the HTML content... right?

That is correct!

Bulletproof IT wrote:p.s. PM'd you the URL to the installation. Thank you.

I cannot see that I received any PM from you.