Lost all Images after 3.0.18

[webwzrd]

After upgrading to 3.0.18 the noimage.gif is appearing for all images on the front and back end. Can anyone help me problem solve this?

Brian

[jenkinhill]

Upgrading from what? Joomla version? URL?

[webwzrd]

I upgraded from 3.0.16 and it's Joomla 3.6.4

Edit: removed site link

[Jörgen]

Hello

You have a securiyty issue, I can reach the edit icon as unregistered user.  I get access to Your backens  Take the shop off line immediately is my suggestion !
I have actually taken the shop offline, before some one else does something worse. Hope You don´t mind.

regards

Jörgen @ Kreativ Fotografi

[webwzrd]

Jorgen, Thank you very much. I actually restored the site from a few days ago, but still a 3.0.18 version and all the images came back, so this wasn't a VM upgrade issue. However the security issue was still there so I took it back offline too.

Thank you very much for your presumptive action. Now I have some work to do.

[webwzrd]

Any suggestions how it is that the store is showing the edit icon to the public?

[webwzrd]

Got it under control. I really appreciate your assistance, your help was invaluable.

[Jörgen]

Hello again

What was the issue that opened access to the site. Maybe others could be warned ?

regards

Jörgen @ Kreativ Fotografi

[Milbo]

Just for historic reasons. Could it be that your public group got some admin rights? Because you woud be the 3rd shop within 3 days with this manipulation.

[webwzrd]

I believe this was related to the recent Joomla (pre-3.6.4) vulnerability allowing users to register with elevated privileges. This hack allowed "guests" to have admin rights. I had upgraded Joomla this past weekend but it was after it was already hacked. I even saw the extra users and deleted them, but the damage had already been done, I just didn't notice it until Jörgen pointed it out. I forget when I upgraded VM, but just assumed I hadn't checked to make sure everything was working and that the new version broke the images. Sorry, I was wrong.

Looks like the hacker did something that disrupted all the store images and worst, they deleted all previous orders. I couldn't find any other damage. I restored the site to an earlier state and re-upgraded everything.

[Milbo]

You have really an ugly story to tell webwzrd. From my point of view, it is not your fault. A lot people got hacked due this hack and have problems.

[GJC Web Design]

Still not 100% sure about a recent site that I upgraded to J3.6.4

it was J3.2.0 and i can't find any recent user registrations etc.. maybe they cleaned after themselves but long story short after the the upgrade, Public had full SuperAdmin rights

I still have a copy of it original site locally (3.2.0)  and Public do NOT have these rights.. it was the previous settings + the 3.6.4 upgrade that passed them
And it wasn't a hack -- it was just the Global settings Permissions that inherited to Public the SuperAdmin rights after the upgrade
with the correct Global settings Permissions all OK ..

so don't know if this was a hacker pre-setting the rights to do this (sounds unlikely) or wrongly set 3.2.0 perms that allowed Public once upgraded .. or....  settings that were kosher in 3.2.0 that aren't in 3.6.4
..also seems unlikely

[Milbo]

yepp, and i had after the update to j3.6.4 public permission for "Configure ACL & Options", which is "core.admin". There was no account added. any other right was as before and it was also not "inherited" like in the case of GJC