Menzer: Well that explains a whole lot
Tretola: Jeng: I got a friend who wants to move from Linode to something else that has a more automated approach for security and things like cPanel but with dedicated resources, so either a more full-featured ‘vps’ or a PaaS, any idea?
Mashiah: Blahkat-: My Eyes Are Up Here – https://----escape_autolink_uri:a03ded6cd97ffffa8f7b4e1454f3eecc----.org/plugins/my-eyes-are-up-here/
Jeng: Blahkat-: that helps you control how images are cropped
Godlove: Tretola, vpsdime.com, digitalocean.com
Larrick: Tretola, check digitalocean
Tretola: Crisumi: but it seems like the same concern
Jeng: Tretola: so he really doesn’t want to learn how to secure a site! He’d do better to look into managed WP hosting from a place like WP Engine or DreamPress.
Tretola: No I think he just doesn’t like managing it
Tretola: Because he did it ages ago and is tired of looking up all of his info
Jeng: Security is not a set it and forget it thinkg
Tretola: Yeah, I think it will have to be WPE or something like it
Tretola: That’s what I was thinking
Hawley: Tretola, just use wpengine
Jolls: You manage your wordpress core, theme, plugin updates
Efaw: If he can’t do that then he needs to hire someone and put them on retainer
Mccleaf: He works there or is that his company?
Tretola: Do either WPE or DP allow external access to the DB?
Medez: Jeng: hi there, how are you, there?
Jeng: Doing OK, dury. Thanks for asking.
Jeng: Tretola: dunno. You’d have to ask them.
Medez: Jeng: can’t upload any image to wordpress though? could you please help me
Jeng: Dury: do you get an error message?
Medez: Jeng: yeah it’s in basque
Dunnaway: Tretola, using things like cpanel add another few dozen attack vectors. If you’re trying to create something secure, don’t undo your hard work by using those :
Jeng: Dury: well, translate it for me, plz
Tretola: Yeah I think I need to figure out exactly what he believes he needs before I give him any better recommendation
Olesnevich: Dcr: I don’t have, unfortunatelly
Medez: Jeng: mmmm? hang on one minute please
Dunnaway: Without exception that I found, trying to find a decent one drop the firewall and disable on EL machines at least selinux. Many of them use their own compiled binaries for services http, dovecot et al or drag them down, install a buildsys and compile them at run time. You’re expecting php scripts/handlers to carry out sysadmin level tasks. The whole thing ****s pretty badly
Dunnaway: Mateusz, ****s.how much work to start from scratch?
Jeng: There are other ways to clean your site, but it depends on your knowledge of WP, SQL, etc. How are you on those things?
Dunnaway: Oh, some of them use 777 as a default mask as well.lovely. The result? basically what you’re looking at now
Dunnaway: Zpanel at least does that, as does sentora
Storlie: Jeng: knowledge is not bad, I would say
Greenfelder: Dcr: I am trying to list plugins, remove all files, install from scratch, put database back
Satsky: There is a possibility the malware will sit in database as well?
Jeng: If you do not have a backup, here’s my recommendation: 1 Shut down httpd to take the site offline. 2 Download wp-config.php to keep it safe. 3 Make a list of all plugins on your site.
Dunnaway: Good call. You need to be pretty hot with cli tools like grep/sed/awk IME to pull malicious code from a site
Bastian: Should I look for php code as well?