Hack attempt, is this possible though.

I had this member sign up to my site yesterday, nothing suspicious at all. He uploaded what i thought was a ordinary picture, you could see the thumbnail in the gallery preview. but when you clicked on the thumbnail nothing shows up. This is where the fun started, i tried to go back to my homepage and my site went down, well not down but my ip addy was blocked by my host from my site for attempting to have 300 attempts in the space of a few seconds at getting into my cpanel. They quickly sorted it, so i thought nothing of it, but it did it again, just after i clicked on the same thumbnail. what it looks like it does, is when someone clicks on the thumbnail, its starts an attacking process off using the ip addy of the person that clicks on the picture. My host is keen on security so they have mods that protect your cpanel so soon blocks the attack.

Now i dont know anything about hacking, but to me this sounds a bit science fiction, but its the only thing that can explain it. Course i banned the member and got rid of all the uploaded pictures he put on, and its been fine ever since.

As anybody ever heard of this sort of thing before using a picture like this.

.

regards

'

Tyke

I've been doing more research on security in general and dolphin in specific. I'm probably wrong, but I think it is possible that what you described happened. I think it could be done if things aren't properly setup on your server and the php app misses security code- using what is called null byte injection where and attacker adds code after something like a JPEG upload or include. 8[

Any version of Dolphin before 6.1 was open to cross site scripting (XSS) so that a member could add code to a photo description.. then when someone clicked a photo the code would be executed. What version are you using?

Hi, I'm actually using the latest download of Dolphin, so this is in the new version.