This is an archived forum and the content is probably no longer relevant, but is provided here for posterity.
The active forums are here.
November 17, 2011 10:19am
Subscribe [2]#1 / Nov 17, 2011 10:19am
On a live EE2 site I’m admin for, some nutter is continuously uploading images of scantily clad ladies in the member_photos folder. I’m stumped to how he/she’s doing it, I’ve checked all members and their profiles and everything seems legit..
Any ideas on how to secure this folder/prevent these uploads?
#2 / Nov 17, 2011 3:11pm
Hi, e-man,
That is a bit disturbing, we take security seriously so let’s see if we can figure this out. Are you positive they’re being uploaded from EE? I’d recommend asking your host if they can trace how they were uploaded; I’d be worried about a hack into the server itself.
The best way to find the point of entry is to talk to your server admin - they should be able to find logs that help indicate what may be going on.
Thank you!
#3 / Nov 17, 2011 7:30pm
Already checked in with the host (Engine) who ran an exploit check, clean bill of health there. Going to investigate further.
#4 / Nov 21, 2011 4:31pm
e-man, do you want to prevent uploads to member photos entirely (or do you already) or is it more a matter of trying to catch someone who is abusing their permission to upload.
In other words, is ‘Enable Member Photos’ off and images are getting in there anyway?