Jump to content

Archived

This topic is now archived and is closed to further replies.

DonStone

Hacked Image Display

Recommended Posts

I'm using v 2.3.3 and believe that I have been hacked.

 

All of my catalog images have "disappeared" from both the admin and catalog website screens.  I am unable to determine where the hacking  has occurred.  For example, an image is in the proper location on the server and displays fine from that point using my ftp program.  And, it is properly linked in the product description page. However, it does not display on the admin and on-line catalog screen.

 

I have not made any changes to the catalog since the time that the images displayed properly.

 

Does anyone have an idea where I should look; code or database?  Is there a flag somewhere that inhibits image display?

 

You can see an example of where there are missing images at: http://www.ventureclubs.org/catalog/index.php?cPath=28

 

Thanks for any "heads up" to solve my problem.

 

Don

 

 

Share this post


Link to post
Share on other sites

Hi

 

copy one of your image links e.g.

 

http://www.ventureclubs.org/catalog/images/lp79_black_model_front_011311_1[1].jpg

 

and try to navigate to it in a browser and you'll get a 500 (server feck'dup) error 

 

That may be worth looking into

Thank you Bob for the info!

 

Yes, I got the 500 error just as you said!  I tried that technique on a different website and it displayed just fine.

 

After a bit of snooping, I found that the .htaccess, in the image folder, had code in it that apparently caused the problem:

 

# Prevents any script files from being accessed from the images folder

<FilesMatch "\.(php([0-9]|s)?|s?p?html|cgi|pl|exe)$">

   Order Deny,Allow

   Deny from all

</FilesMatch>

 

I renamed it.  However, it seems that this code should be there but...

 

Thanks again,

Don

Share this post


Link to post
Share on other sites

Hello--

 

I tried commenting out the options but the result was that it inhibited part of the images.

 

For now, I am going to just rename the .htaccess file and then determine what the required content should be.

 

Thanks for all the help!

 

Don

Share this post


Link to post
Share on other sites

Don't leave .htaccess disabled. It's there for a purpose, and needs to be fixed if it's the problem.

 

You have generally invalid file names, if there is something like [1] in them. You need to try to avoid such names. Worst case, you will eventually need to fix them (rename the files themselves, and update their references in the database. Unfortunately, not a trivial job). At least try not to create more of them in the meantime.

 

Your store seems to show pictures OK for me right now. If you still have a problem, did you put a # in front of Options -Indexes? Or did you change something else? Did you put any phpvalue or phpflag commands in your .htaccess? Those should go in php.ini (with a different syntax).

Share this post


Link to post
Share on other sites

×