Tag Archives: Web search engine

Follow up to the Great Smugmug Hack of 2014

example of geolocation of IP AddressFollow up to the Great Smugmug Hack of 2014

 

Earlier this year we talked about the exposure of boudoir pictures on Smugmug, and I was one of the lucky winners. 8 months or so later it is still happening, people are still not password protecting their galleries, or making the passwords easily guessable. I get a report from Smugmug almost daily (early on it was a report 3 times a day) about people trying to get to the galleries.

 

Needless to say that we have implemented a much stronger password policy on the naughty bits so that they do not end up on “hot or not” or some other web site that ends up rating the person in the picture. Believe me there is nothing more unfriendly than a call from a model wanting to know why their pictures are on a “porn site”.

 

What is interesting is that the methods that the “hackers” are using have changed from exterior links (many of the voyeur web sites cracked down on that when it went public on much more public web sites than mine) to using Smugmug’s own internal search mechanism looking for those pictures we have posted, and made them Smugmug searchable.

 

Usually when you mark a gallery with a password it will not be indexed in Smugmug search, but the gallery keywords will be. So if you want to really annoy someone, post a bunch of pictures of cats, and keyword them with nude pussy. I am not above pranking people using Smugmug’s internal search mechanism to annoy someone.

 

If you use Gallery (Folder, Page) Key wording (like we should be doing to get more attention on the site, and in Google) then those will show up even if the gallery is password protected (as much as I can tell, for naughty pictures I stopped using Gallery, Folder and Image keywords and most of the “hacking traffic” has dropped to nill) and there will be a result in the search if they are looking for galleries.

 

This is one of the more interesting aspects of what we think we learned about Smugmug internal search.

 

The internal search tool is amazingly good, and absolutely relies on the keywords and text that you wrap around your images. Again you should be using text captions, you should be using key words when setting up your images either in Lightroom or photo editor of choice, and then going through and making sure that Smugmug picked up the keywords by looking at the images after the upload. A lot of photographers I have noticed do not use this function, it is critical if you want your stuff picked up by internal or external search engines.

 

But it is also a double edged sword, if you do not set a password on your gallery, or your pictures, then it is easily picked up by Smugmug internal search, and the “hackers” have resorted to using that tool to keep up to date on all the groovy naughty stuff being posted to Smugmug.

I have to applaud Smugmug though for their efforts to help photographers understand what was going on early on in the year. Indeed voyeur web sites and some amateur porn sites had picked up the boudoir and other pictures that were being posted online because of faulty use of the Smugmug system.

 

The bad part is that the “hacks” are still happening, but based on what we are seeing inside our Smugmug and Google Analytic statistics, 90% of all the attempts are being driven by the Smugmug internal search feature now, rather than the majority of this coming from outside sources.

 

Let us know if you have any questions, we would love to hear your side of the story.