Hacked? Ghost image in SM homepage slideshow

EEFASEEFAS Registered Users Posts: 23 Big grins
edited November 16, 2012 in SmugMug Support
Not too sure what to make of this. I was checking my site & found a ghost image that now appears in my slideshow on my homepage. It's not in any galleries and I never loaded it.

I contacted SM & they say it will take a couple days to figure out? How did anyone get access to my Site? How did they get past a 14 character pass? I tried posting this thread an hour ago - but it never showed up. All my systems are running fine - just finished another round of checks.

Anyone have this problem? Help

Comments

  • docwalkerdocwalker Registered Users Posts: 1,867 SmugMug Employee
    edited November 10, 2012
    I highly doubt that someone hacked your account and added a single image to your slideshow. We certainly take any security issue seriously and will investigate if that is the problem. What it is most likely happening is an image ID has gotten mixed up, or there is a bug in the system. I cannot determine at this time which case is yours to check the status. Please contact us on the help desk and we can take a look at what is going on.
    SmugMug Support Hero
    http://help.smugmug.com
  • EEFASEEFAS Registered Users Posts: 23 Big grins
    edited November 10, 2012
    SM could not help till Monday. I contacted MyProFoto - who did the original customization. He found one image that would only switch to what I posted above when played in the homepage slideshow. When all images were moved to a new gallery and relinked to the s show - it appeared again. When he went image by image #42 was the issue. When removed the s show plays fine - minus the one image w/ the B/W ghost embedded. This was not here last week, or the week before. This s show gallery has not been touched by me since day one back in April. My concern is if it happened once - are all my images vulnerable?
    Thankfully, it was one of the last images in the s show & few watch the whole thing....... Either way - not happy & very concerned.
  • AperturePlusAperturePlus Registered Users Posts: 374 Major grins
    edited November 11, 2012
    A quick search, reveals this image appears here: http://www.thebrokeassbride.com/2012/07/e-sesh-kim-alexs-mischievous-partners-in-crime-themed-engagement-shoot/

    Are you connected to this site?
    www.apertureplus.com
  • EEFASEEFAS Registered Users Posts: 23 Big grins
    edited November 11, 2012
    Nope. I work from Helicopters mostly - never done a wedding. Thx though!
  • EEFASEEFAS Registered Users Posts: 23 Big grins
    edited November 14, 2012
    Well, no real response from SM on this matter. They do not even want to listen to what actually happened. I'm very disappointed & now questioning SM security.

    The 1st image in my homepage slideshow has been there & working fine for 7 months. Last week, it would open as the aerial, then switch to the image I posted above.

    I asked a number of questions - here is Sm's response.

    "You have jQuery in your customization. jQuery is not supported on SM?

    that's crap. MyProFoto, an authorized customizer for SM did the work.

    "The customization must have been used before and had links to this image"

    total crap - if that was the case the ghost image would have been appearing since day one, 7 months ago.

    "There are no logs for that gallery as you deleted & replaced the image"

    really? no logs for anything related to my homepage slideshow gallery? That is a total lie

    "if you are concerned about security you should change your passwords."

    wow - I would have never thought of that, nor do I rotate my passwords monthly as a rule. duh?

    All I get is stupid, canned responses & blame assigned to MyProFoto, which is total bulls#$t.
    Ever seen a GIF that opened as one thing then changed - this is the same thing that happened to my image. Why does SM not want to look @ this? Why are they so rude & condescending in their responses? I was nice until this post - now I'm wondering if they even look @ issues - or just glaze over like typical Corp desk jockeys? Yeah, I'm pissed off.

    All I need is info on Site logins or gallery changes for a 2 day window last week - when this occurred. SM is either unwilling, unable or too busy to give me this info - or even look into it so far...... Thanks for that guys!
  • mishenkamishenka Banned Posts: 470 Major grins
    edited November 14, 2012
    Does MyProFoto still have access to your site?

    jQuery is in fact JavaScript. SM supports JavaScript. So, to say they support JavaScript but do not support jQuery is a very strange thing to say:)

    It is my understanding that you already removed the offending image, correct?
  • EEFASEEFAS Registered Users Posts: 23 Big grins
    edited November 16, 2012
    Yes. We removed it & replaced it w/ a copy of the original from backup. Moving it
    to another Gallery & relinking did not help. I know jQuery is JS - thought it was a lame thing to say that it's not supported.
Sign In or Register to comment.