Johndoe2: Why not just make.

organic
No comments yet

 
Stolley: ElectriX yup, I cleaned all of those FilesMan type things.

Filsaime: ElectriX: first Granade the local and go from there

Rusteberg: That works. Had a site of mine hacked once and they injected pretty much every file. Somehow I managed to clean it up without a fresh start

Pomrenke: This is a repeat offender. for some reason a script kiddie in Kazakstan loves this domain name.

Sundet: Opsec: IP Geo Block – https://----escape_autolink_uri:a03ded6cd97ffffa8f7b4e1454f3eecc----.org/plugins/ip-geo-block/

Ogley: Johndoe2: was it a hack? and what plugin?

Savaria: It’s 99.99% certain that most attacks on a wp site will be a compromised computer, not an actual person.

Lizaola: Johndoe2: good for me to know just in case.

Teresi: You use wordfence or anything?

Poppert: People who access their WP sites with keyloggers

Prell: Johndoe2: if that particular site is getting hacked often, take in the computers you use to access the admin regular. Guaranteed you have a keylogger on one

Savaria: No one has time to hit 1000’s wordpress sites manually looking for holes.

Warp: And for the people that do

Lardizabal: Find . -iregex “.*readme.*” -delete

Nussbaum: I dunno why people leave their readme files uploaded

Monrreal: Bu***and it was a hack. an injected plugin called WPCoreAPI2. Source code here: http://pastebin.com/8dWQ85fr

Mincer: I failed to ack for error_reporting0. noob mistake.

Stagowski: Johndoe2: ugh. thats not even a “real” plugin though

Broekemeier: Where’s the injection?

Siriani: Bu***and nope, not at all. should have stuck out, but for some reason I overlooked it.

Mastella: I’m getting an error “Are you sure you want to do this?” when I try to upload a theme, and I’ve changed in my Debian server in the PHP config max_file_size from 2M to 10M, and restarted the apache but the same error is still there – what can I do?

Swem: Opsec I agree, I’ll just geoblock that country for a while.

Reinmiller: Boyer: sounds like a cookies/authentication problem

Bendig: StrixUK1: I’ll try to change browser, thank you

Littell: Boyer also, there’s another post size I think

Tiu: Or, even easier still, try from a private browsing session

Savaria: No, upload_max_size / post_max_size — roughly 4x the size of max_upload

Demichelis: Or if you have FTP just ftp it over

Savaria: Upload_max_size = 10M / post_max_size = 40M

Wamble: Opsec: do you remember the recent “vuln” code WP announced and patched?

Wragg: I forget. something with query vars or something

Kropp: Johndoe2: Tried changing the browser, and now I’ve changed both the upload_max_size and post_max_size and restarted the apache but still same thing.

Bengtson: Boyer hmm, this is not a multisite install is it?

Lucksom: Johndoe2: No, it’s the normal one

Barreneche: Do you have FTP access?

Bonds: For now I’ve only SSH

Murad: But it’s trhough the Webmin panel tho

Lochte: Gotcha. try confirming that the settings stuck in php.ini. Get a phpinfo.php in the / of your site, and add ?php phpinfo; ? to it, and visit it in the browser

Seppi: If you want you can email me the theme and I can you can wget it from my server

Rainge: Then search for post_max size and the other thing you changed

Cieloha: Does groupby not actually modify the returned array

Litsey: Hold on, I know that I got the same problem last time I got an server to configure – it’s inside the /etc/apache2/sites-available/000-default.conf

Horgan: In ssh you can do it easily, like this: echo ‘?php phpinfo; ?’ /path/to/your/website/folder/phpinfo.php

Pope: Posts_groupby i mean https://codex.----escape_autolink_uri:a03ded6cd97ffffa8f7b4e1454f3eecc----.org/Plugin_API/Filter_Reference/posts_groupby

Sugabo: Johndoe2: Why not just make a PHP file in the root phpinfo.php with ?php phpinfo; ?. why echo anything?