Hacking attempt on "image_id" GET parameter