Sorry but I don't click links from people I don't know with javascript enabled, especially when the link is some masked/shortened url that could got to some malware site for all I know.

When I click it without javascript I cannot see any image at all.

My best guess, is you have some javascript error on the page that is breaking the file uploader, even an unrelated javascript error can break it. When you upgrade a site that old, most likely there are problems in the skin resulting in javascript errors on the page that need to be fixed.

I suggest either copy one of the newer skins from under /Data/skins into /Data/Sites/[SiteID]/skins for the sites that is not working. If it works using the newer skin then you can be sure there is some problem with the old skin. You should review the Important Skin Changes article and apply any needed changes since your old version, and most importantly use web browser dev tools to look for any script errors on the page or any script files that fail to load.

proxy servers are always worth mentioning.

Recently there was reported several issues with using ssl proxy servers, one problem was related to file uploads. We were creating javascript with a service url for the file upload but since the web server was not really seeing a secure request it was using http instead of https for the url meanwhile the outer url of the page was using https. The proxy handles the https but changes it to http and passes the request to the web server so the web server does not know it is a secure request and builds the service url with http and this caused it to fail to upload.

If this is what is happening in your case, I patched this issue after version 2.4.0.8 was released and I uploaded the patch to our codeplex download page for that version. For the patched solution to work depends on if the proxy server is providing any custom server variable that can be used to help the web server know when it is handling a secure request (since it is not an https request from the web server point of view). See the article using an SSL Proxy Server for more information about how to configure detection of the server variables, but keep in mind that would only work if you upgrade to 2.4.0.8 and then apply the patched version of mojoPortal.Web.dll

however if this proxy is changing the the hostname/domain name and the web server is not seeing the real host/domain name (ie the host/domain that the users sees in the browser) then the service url may still be wrong so it may not work for you, I'm just not sure.

another option is you could put this in user.config or Web.config

<add key="ForceLegacyFileUpload" value="true" />

the will downgrade the fancy javascript file uploader to a more old fashioned one at a time file upload by postback

<add key="ForceLegacyFileUpload" value="true" />

this should dramatically change the user experience for file upload. note that changes in user.config are not detected by the runtime, so if you make a change there you need to touch web.config file in order to make the runtime reload appsettings.

the user that is the identity on the application pool must have full control over all files and folders starting at the /Data folder

the /App_Data folder should also be writable

all other files can be read only

note that if you move the site from one machine to another machine the file permissions can get messed up because the file owner sid does not exist on the new machine and this can cause problems updating existing individual files even if the folder permissions are correct.