Stolley: ElectriX yup, I cleaned all of those FilesMan type things.
Filsaime: ElectriX: first Granade the local and go from there
Rusteberg: That works. Had a site of mine hacked once and they injected pretty much every file. Somehow I managed to clean it up without a fresh start
Pomrenke: This is a repeat offender. for some reason a script kiddie in Kazakstan loves this domain name.
Sundet: Opsec: IP Geo Block – https://----escape_autolink_uri:a03ded6cd97ffffa8f7b4e1454f3eecc----.org/plugins/ip-geo-block/
Ogley: Johndoe2: was it a hack? and what plugin?
Savaria: It’s 99.99% certain that most attacks on a wp site will be a compromised computer, not an actual person.
Lizaola: Johndoe2: good for me to know just in case.
Teresi: You use wordfence or anything?
Poppert: People who access their WP sites with keyloggers
Prell: Johndoe2: if that particular site is getting hacked often, take in the computers you use to access the admin regular. Guaranteed you have a keylogger on one
Savaria: No one has time to hit 1000’s wordpress sites manually looking for holes.
Warp: And for the people that do
Lardizabal: Find . -iregex “.*readme.*” -delete
Nussbaum: I dunno why people leave their readme files uploaded
Monrreal: Bu***and it was a hack. an injected plugin called WPCoreAPI2. Source code here: http://pastebin.com/8dWQ85fr
Mincer: I failed to ack for error_reporting0. noob mistake.
Stagowski: Johndoe2: ugh. thats not even a “real” plugin though
Broekemeier: Where’s the injection?
Siriani: Bu***and nope, not at all. should have stuck out, but for some reason I overlooked it.
Mastella: I’m getting an error “Are you sure you want to do this?” when I try to upload a theme, and I’ve changed in my Debian server in the PHP config max_file_size from 2M to 10M, and restarted the apache but the same error is still there – what can I do?
Swem: Opsec I agree, I’ll just geoblock that country for a while.
Reinmiller: Boyer: sounds like a cookies/authentication problem
Bendig: StrixUK1: I’ll try to change browser, thank you
Littell: Boyer also, there’s another post size I think
Tiu: Or, even easier still, try from a private browsing session
Savaria: No, upload_max_size / post_max_size — roughly 4x the size of max_upload
Demichelis: Or if you have FTP just ftp it over
Savaria: Upload_max_size = 10M / post_max_size = 40M
Wamble: Opsec: do you remember the recent “vuln” code WP announced and patched?
Wragg: I forget. something with query vars or something
Kropp: Johndoe2: Tried changing the browser, and now I’ve changed both the upload_max_size and post_max_size and restarted the apache but still same thing.
Bengtson: Boyer hmm, this is not a multisite install is it?
Lucksom: Johndoe2: No, it’s the normal one
Barreneche: Do you have FTP access?
Bonds: For now I’ve only SSH
Murad: But it’s trhough the Webmin panel tho
Lochte: Gotcha. try confirming that the settings stuck in php.ini. Get a phpinfo.php in the / of your site, and add ?php phpinfo; ? to it, and visit it in the browser
Seppi: If you want you can email me the theme and I can you can wget it from my server
Rainge: Then search for post_max size and the other thing you changed
Cieloha: Does groupby not actually modify the returned array
Litsey: Hold on, I know that I got the same problem last time I got an server to configure – it’s inside the /etc/apache2/sites-available/000-default.conf
Horgan: In ssh you can do it easily, like this: echo ‘?php phpinfo; ?’ /path/to/your/website/folder/phpinfo.php
Pope: Posts_groupby i mean https://codex.----escape_autolink_uri:a03ded6cd97ffffa8f7b4e1454f3eecc----.org/Plugin_API/Filter_Reference/posts_groupby
Sugabo: Johndoe2: Why not just make a PHP file in the root phpinfo.php with ?php phpinfo; ?. why echo anything?