Author Topic: Ways to get a suspect image to pass the forum software security check  (Read 1521 times)

Offline TelePlay

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 6525
  • A Ringy-Dingy Thingy
    • . . . been good so far
I've run into that security error a few times within the past week myself. In this topic so far, one of the factors is the number of photos being  posted. Nothing wrong with that but it is the case that the more images posted, the more likely one will find one or two or more that fail the security check.

What I noticed in my photo issues, is that they were large, about 2MB in size. It seems the larger the image, the more likely that a string of characters within the image coding will by chance look like an issue to the forum software. What worked for me was to resize the image to make it smaller and then to save it as a JPEG with less than 100% resolution, say 95%. Those two thing seem to be enough to "scramble" the image code when saving and get rid of the string of characters looking like a security issue to the software. Just one of 6 images can cause the problem so even uploading them one at a time can find the offending image due for resizing. Then go back into the post that would not pass security and select the smaller image file.

The first image below is the first screen shot (the beginning of the coding) showing the coding for an image. The second image below is a resized image. while the first 12 or so lines of the code are the same, probably file information, the bottom 2/3rds of the code is different, scrambled if you will, which is what seems to work to get an offending image changed enough to pass the forum software security check.

Just my observation at what works to get an image uploaded and it's always a "large" lot of coding image that fails security check. But, even smaller ones can have an offending string that needs to be "scrambled" to upload it to the forum.
« Last Edit: January 24, 2017, 05:01:37 AM by TelePlay »
            John . . .

              

Offline twocvbloke

  • Hero Member
  • *****
  • Posts: 4060
  • W.E. 500 DM
I read about the security check thing on the Simple Machines Forums forum, it's a bug in the version that this forum is presently using, the current version had had it fixed for some time, so, maybe, quite possibly, update the forum software a little?  ;D

(just so long as it's not like how Plusnet "updated" their forum from an SMF to a Lithium forum which is a PITA to use!!)

Offline TelePlay

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 6525
  • A Ringy-Dingy Thingy
    • . . . been good so far
I read about the security check thing on the Simple Machines Forums forum, it's a bug in the version that this forum is presently using, the current version had had it fixed for some time, so, maybe, quite possibly, update the forum software a little?

Thanks for the info twocv. Didn't  know that. I thought Dennis told me we had the most current version loaded so I went to  the SMF site and found that we are indeed using the current production SMF software ( 2.0.11) but there is a new version (2.1) that is available but in development and not recommended for a production site. I think it is better to deal with the unknown that blow up the forum using development software, IMHO, of course.

Maybe someday the bug will be gone but until now, it's there and the above post if one way to deal with it. I'm sure there are others but I post a lot of images and this has always worked for me, along with using an imaging software program that also strips out a lot of the now standard today meta data.
            John . . .

              

Offline twocvbloke

  • Hero Member
  • *****
  • Posts: 4060
  • W.E. 500 DM
Can't be any worse than Windows 10, after all, that's still a beta, and they think it's fine (but then, MS's "fine" is everyone else's "that will absolutely not do at all"!!)... ;D

Offline twocvbloke

  • Hero Member
  • *****
  • Posts: 4060
  • W.E. 500 DM
I suppose I should add one way I've managed some success with uploading pictures is to resize them in an image editor, then use the "Save as..." option and save with is completely different name rather than the default one the camera/smartphone names them as, I also tend to use Jasc PaintShop Pro 7 too (positively ancient, but still works, even under Windows 7), which may or may not have some effect... :)

Offline TelePlay

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 6525
  • A Ringy-Dingy Thingy
    • . . . been good so far
I suppose I should add one way I've managed some success with uploading pictures is to resize them in an image editor, then use the "Save as..." option and save with is completely different name rather than the default one the camera/smartphone names them . . .

Yes, very good point I forgot to mention. ALWAYS use the "save as" function with a different file name - I use sm1 then sm2 then sm3, etc as I reduce them in size so I keep the same file name but the original file is not overwritten, a new one is created.
            John . . .

              

Offline compubit

  • Hero Member
  • *****
  • Posts: 524
So far, I've had good luck uploading as a PNG format file - keeps the quality, and seems to do well on the forum software.

Jim
A phone phanatic since I was less than 2 (thanks to Fisher Price); collector since a teenager; now able to afford to play!
Favorite Phone: Western Electric Trimline - it just feels right holding it up to my face!

Offline TelePlay

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 6525
  • A Ringy-Dingy Thingy
    • . . . been good so far
Re: Ways to get a suspect image to pass the forum software security check
« Reply #7 on: January 13, 2017, 01:21:50 AM »
When uploading the Contest Phone Glossary images tonight, I discovered something interesting.

The first 3 or 4 replies uploading 6 images at a time worked fine. All images uploaded were from images having no meta or exif data that would cause the security issue.

On the next issue, I got the security flag. As such, it had to be a string of characters within the image causing the issue.

The images I uploaded were 3000 x 600 in size so opened the original .psd image back up in PhotoShop Elements and resized it to 4000 wide. The resized it to 3100 and then finally back to 3000, the original size. Saved it as the same .jpg file and it uploaded without issue. So, stirring the code by mixed resizing broke up the offending string.

On the next batch of 6, I got another error. resized the first image and still got the error. Uploaded only the first image and it went up well. The second image had the issue. Resized it and it uploaded fine. The remaining 4 uploaded without issue.

The next group, I got another error but this time I did not assume it was the first image. I uploaded the first image by itself without resizing without problems. The second image also uploaded by itself. It was the 3rd image that had the issue and resizing that took care of the flag.

So, what I learned is that the software looks at all of the images first, scans them all, and send up the flag once an issue is found, be it in the 1st, 3rd, 5th or 6th image, or more than one. So, whenever the security flag is raised, it does not mean it is the first attached image that has a problem. It means it is one of the group of images being uploaded.

So, rather than resizing the first of a group, I would suggest uploading them one at a time until the offending image is found and fixing that image. That would save some unnecessary time fixing images that don't need to be fixed, and find the one or ones that have the issue.

Now, all this had to do with strings of code within the image. The issue of meta or exif data at the top of the image can not be fixed by resizing. those problems can only be resolved by stripping the meta or exif data from the image.
            John . . .

              

Offline TelePlay

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 6525
  • A Ringy-Dingy Thingy
    • . . . been good so far
Re: Ways to get a suspect image to pass the forum software security check
« Reply #8 on: January 18, 2017, 04:33:10 AM »
This is a summary of what I have found to work to get an image to upload after encountering the security "Error" message.

===========================


While it is not know exactly when or specifically why some images when being uploaded do not and generate an "An Error Has Occurred!" message with a "back" hyperlink to return to the last page.

There are two issues that can cause the security issue and the error message. 1) The is digital code within the image meta data (typical of smart phone photos) that is seen by the software as malicious; 2) there is a random string of code that makes up the image that by chance is read by and seen as malicious by the software as it scans the images being uploaded.

There is at least one way to fix each of these issues. There  may be others but these two work around fixes are guaranteed to work, to "fix" the image so it can be uploaded.

1) meta data can be almost totally stripped from an image file by running the image through a program called BatchPurifies-Lite. The "lite" version is a free download from CNET and works only on jpg images (the paid full version will handle all file types).

     http://download.cnet.com/BatchPurifier-Lite/3000-2144_4-10908843.html

A bit more about downloading and installing this software can be found in this topic reply

     http://www.classicrotaryphones.com/forum/index.php?topic=14032.msg178851#msg178851

2) a random string of code within the massive volume of digital code that makes up an image (the larger the image the more code needed and be greater the chance of having such a string of characters) can be fixed by resizing the image. Changing the size of an image mixes up the code and usually breaks up the offending string on one resizing. Simply use whatever image editing software available to open the image, resize it, and then resave it. It is best to resave the image with a new file name. If the error still occurs, resize a second time. The size change can be increase or decrease and from only 1 pixel to hundreds.

NOTE:  It can be the case that both issues affect one image so if after stripping the meta data it fails to load, it may also have to be resized. Images need not be larger than 2500 pixels in width by 1000 or so in height to provide good image quality but keep the size of the image down to under 2 MBytes (images uploaded directly from a smart phone or a 12 MPixel camera can exceed 4 MBytes).

There may be other ways to "clean" the meta data or change the code of an image (converting a jpg to a png is one that has worked for some). The information provided above is known to work each time it was needed to get an image to upload without issue. All images do not have to be stripped and resized, only those that generate the "Error" message.

Others may have other ways to simply fix images and they are welcome to post a detailed summary of their methods in this topic.
« Last Edit: January 24, 2017, 04:57:36 AM by TelePlay »
            John . . .

              

Offline TelePlay

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 6525
  • A Ringy-Dingy Thingy
    • . . . been good so far
Re: Ways to get a suspect image to pass the forum software security check
« Reply #9 on: February 10, 2017, 06:24:57 PM »
Discovered a quirk in the security error issue, actually, discovered it twice over the last few weeks, today and a few weeks ago.

When creating a contest back then and today, I got the security error when uploading the images. During both of those two times, resized the images, saved them, attached the revised images to the topic and after that, the "Post" button would not work. I could not save the contest.

I had to copy the contest text, save it in a Word file, "X" out of the topic, create a "New Topic," copy the text into that topic, attach the revised images and click on "Post." It worked and the contest with images uploaded.

Seems the security error in some was disabled the "Post" button and the only way to solve that was start over. Didn't have to get out of the browser, get out of the forum or even get out of the board. Just X'd out the topic and and start a "New Topic." Anyone else have this happen to them? Whatever caused the security error also did something that froze the software.
            John . . .

              

Offline TelePlay

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 6525
  • A Ringy-Dingy Thingy
    • . . . been good so far
Re: Ways to get a suspect image to pass the forum software security check
« Reply #10 on: July 09, 2017, 01:55:38 PM »
Spent some time this morning reading SMF blogs related to the "security error" flag seen at times when trying to upload an image.


One of the SMF programmers wrote "Everyone who uploads files to our forum has this problem occasionally. If I get the file directly from them and try to upload it myself, which is exactly what happened in this case, I will get the same problem, so that rules out the files being tampered-with on the server side. I also experience this problem myself, and the odds of it happening increases if more and larger files are attached. As far as I can tell, this issue is completely random, with SMF tripping over random data combinations it doesn't like.

I altered checkImageContents() in Subs-Graphics.php to always return true (allow any and all images to upload), so there will never be any security checks on image files. I tested the change with a known problem file and it was successfully uploaded."


And another programmer posted "I would rather the uploading member enable re-encoding of potentially dangerous files as it wouldn't pose a possible security risk. In short, no, it shouldn't be encouraged that forum operators break important security measures put in place to protect themselves and their members"

And then a user/SMF member posted " I'm a bit of a photo nut and some of my .jpgs are being denied by SMF.  In my case they're taken on my Nikon D800 as NEF but exported as .jpgs after processing in Lightroom.  I am seeing more rejections, & have been wondering if the latest version of Lightroom is putting more content in the EXIF info that confuses the SMF security checker.

The reason you haven't seen so many attacks (on web site forums and blogs) is because websites have gotten better at protecting themselves.

Exploits thru images are a very real - and current - threat:

https://www.trustwave.com/Resources/SpiderLabs-Blog/Hiding-Webshell-Backdoor-Code-in-Image-Files/  (content posted in pdf below)

For the most strict security, re-encoding (removing EXIF/meta data) is probably the way to go because it is the ONLY way to remove the non-photo content.

I suspect all the 'smart' photo features these days are causing false-positives in SMF's security check."




After reading the full two page topic on the SMF security error, the consensus of the SMF programmer is Do Not Disable the extensive forum security checks by unchecking the Perform extensive security checks box in the forum set up area.

The SMF programmers also agreed that occasional false positives generated by the extensive security check being enabled (and requiring re-coding of the image by the up-loader) is a small inconvenience compared to the very serious risk of having any malicious code getting into the forum.

The two reasons stated in the two page blog were, which I discovered by trial and error experiment and reported in many places on the forum since them, were EXIF/meta date and a random string in the image, many times a "$57 53 07" code or some combination of those numbers which is/was apparently one way of getting back door malicious content into a computer or site, at least back then.

The attached pdf about back door code was written in 2013 and since then, the hacking has become more intense and sophisticated. If you want to know how it was done then, read the pdf or go to that site from which it came (link provided above).

This may not be everything about this issue and some of it may not be correct but it is my best attempt at once again trying to explain the problem, its solution (or lack of a good one), the small inconvenience when it occurs and what can be done to "fix" the image." I do not know computer code or hacking techniques so I am just reporting what the SMF programmers discussed with SMF operators.

Others are encouraged to add to or correct anything written above.
            John . . .