A client I set up a ZenPhoto gallery for just directed my attention to something odd he found in the site's stats (using stats software supplied by the web host).
In the list of URLs most commonly visited on the site, most of the top ones are what you'd expect (site main page, gallery main page, various album pages, etc.) but then partway down there's a big long series of URL along the lines of:
http://www.[domain].com/gallery/zp-core/i.php?a=[name of album]&i=[file].jpg&w=400
(where [domain], [album] and [file] are the site's actual domain name, etc. - removed for privacy reasons)
I clicked on one of these, and it took me directly to the image file, as opposed to an image page. The client thought these URLs were references to people downloading his images, but I checked the URLs used on the actual site, both on the public side of the gallery and the admin side, and they don't follow that format at all - they're more along the lines of:
http://www.[domain].com/gallery/cache/[album]/[file].jpg_w400.jpgBut these zp-core image URLs each had anywhere from 10-40 accesses logged - so where are those coming from? Those URLs don't seem to appear anywhere on the site as far as I can tell, so how is it that someone or something is viewing images at them? My first thought was that maybe it's some kind of bot that's programmed to harvest photos from ZP sites, but I have no idea -- maybe it's just some kind of internal ZP process?
Does anyone have any idea what might be causing this, and whether or not it indicates any sort of security issue we need to address?
The gallery is using ZP v.1.1.3, in case that's relevant.
Zenphoto
![http://www.[domain].com/gallery/cache/[album]/[file].jpg_w400.jpg](http://www.[domain].com/gallery/cache/[album]/[file].jpg_w400.jpg){kind=link}
Comments
The first url is an image processing url. i.php (i from image) contains partly the resizing and cropping functions. So if you view an image/album page the first time zenphoto processes the thumbnail and/or the sized image (the bigger one) and stores it in the cache. This is done once unless you alter the options for image/thumb sizes so that all resized image are then loaded from the cache to save your server from unessecary workload.
This cache is the second url you mention. the "w400" indicates that the size of this cached image 400px.
It does seem weird that some of the image processing URLs would have been accessed up to 40 times, but then, the client has been experimenting and playing around the site since I turned it over to him, so he may have been resizing things or making other changes I don't know about.