Localhost? It seems a ramsonware, a virus that encrypts data and ask money to return the files back. If you are using Windows that's probably in your system, so it should not be related to the application code. The same can happen if the folder is shared in a local network and the virus is compromising all the files it can reach.
I just saw your question, so according to FB best practises:
Use images that are at least 1200 x 630 pixels for the best display on high resolution devices. At the minimum, you should use images that are 600 x 315 pixels to display link page posts with larger images. Images can be up to 8MB in size.
If your image is smaller than 600 x 315 px, it will still display in the link page post, but the size will be much smaller.
We've also redesigned link page posts so that the aspect ratio for images is the same across desktop and mobile News Feed. Try to keep your images as close to 1.91:1 aspect ratio as possible to display the full image in News Feed without any cropping.
The minimum image size is 200 x 200 pixels. If you try to use an image smaller than this you will see an error in the Sharing Debugger.
... And regarding Nginx, if you were able to get Nginx to work with PUT and PATCH, please let me know how! Whenever I try, Nginx short circuits and returns back a status of 501 not implemented and with a message body of "This method may not be used."
From my understanding, you can compile Nginx with a module to override this, and enable PUT, PATCH, and DELETE but when doing so, Nginx again short circuits PHP and actually PUTS/DELETEs files in the file system!
I have tried that and, yes, it works like in your description but only if webdav is enabled for that location. Otherwise it works like in pty's example.
i am just curious how to access social media accounts like facebook, watspp etc. with the users' permission in order to help them prevent unethical hackers from breaking into their accounts.
Even if ethical, that would probably be a misuse of FaceBook terms of services. There are projects, like BugCrowd, which allows you to hack into a service, limiting the activity to specific targets requested by the owner and following specific rules: non disclosure & co. Facebook partecipates to that, and usually pays bounties through their system. So, if you are really interested check it out: https://bugcrowd.com/
just to add something: the first step to avoid spam filters is to setup SPF and DKIM in the TXT records of the domain. That way Google, Hotmail & co. can verify if the sender address is allowed and if the origin is correct. For example, take Daniweb setup:
# query Google DNS
> dig daniwebmail.com ANY @18.104.22.168
daniwebmail.com. 299 IN MX 5 daniwebmail-com.mail.protection.outlook.com.
daniwebmail.com. 299 IN A 22.214.171.124
daniwebmail.com. 299 IN TXT "MS=ms74324738"
daniwebmail.com. 299 IN TXT "v=spf1 include:spf.protection.outlook.com ip4:126.96.36.199/28 ip4:188.8.131.52/27 ip4:184.108.40.206/25 a mx include:_spf.google.com ~all"
The TXT record is saying from which IP addresses the emails should be considered valid, this includes a range of IPs, the mail server defined in the MX record and the IP from the A record.
For example last newsletter came from firstname.lastname@example.org and from IP 220.127.116.11. With spfquery you can test the validity of the origin:
spfquery -guess "v=spf1 mx a -all" -ip 18.104.22.168 -sender email@example.com
The response looks like this:
spfquery: domain of daniwebmail.com designates 22.214.171.124 as permitted sender
Received-SPF: pass (spfquery: domain of daniwebmail.com designates 126.96.36.199 as permitted sender) client-ip=188.8.131.52; firstname.lastname@example.org;
Which is basically what are doing mail services when receiving an email message. If the SPF is genuine then there are good chances to avoid the SPAM folder. But at that point it's necessary to act like you wrote, by rate limiting messages and by choosing correct phrasing.
In addition: if the hash is generated by a salted md5 or sha1, the attacker can generate a string that outputs the same hash, it does not need to find the exact password, it just need to find a collision. See:
That would not work on Google, but it can work on other web services that are storing passwords as md5 or sha1 hashes. In some cases, you could see that the collision string does not work, for the only reason that the Z webiste is storing passwords in plain text :D
If I can suggest, change the passwords everywhere and activate the 2FA:
Also, it's a good practice to use plus addressing when signing in new services, as example email@example.com so, if you get spammy messages, you have a chance to find out the source. Plus addressing also works in Hotmail.
By the way, I use this service to get data breaches notices: