Should I look for php code.

organic
No comments yet

 
Menzer: Well that explains a whole lot

Tretola: Jeng: I got a friend who wants to move from Linode to something else that has a more automated approach for security and things like cPanel but with dedicated resources, so either a more full-featured ‘vps’ or a PaaS, any idea?

Mashiah: Blahkat-: My Eyes Are Up Here – https://----escape_autolink_uri:a03ded6cd97ffffa8f7b4e1454f3eecc----.org/plugins/my-eyes-are-up-here/

Jeng: Blahkat-: that helps you control how images are cropped

Godlove: Tretola, vpsdime.com, digitalocean.com

Larrick: Tretola, check digitalocean

Tretola: Crisumi: but it seems like the same concern

Jeng: Tretola: so he really doesn’t want to learn how to secure a site! He’d do better to look into managed WP hosting from a place like WP Engine or DreamPress.

Tretola: No I think he just doesn’t like managing it

Tretola: Because he did it ages ago and is tired of looking up all of his info

Jeng: Security is not a set it and forget it thinkg

Tretola: Yeah, I think it will have to be WPE or something like it

Tretola: That’s what I was thinking

Hawley: Tretola, just use wpengine

Jolls: You manage your wordpress core, theme, plugin updates

Efaw: If he can’t do that then he needs to hire someone and put them on retainer

Jeng: Look at DreamPress. because it’ comes with a full helping of Ipstenu wordpress/">https://www.dreamhost.com/hosting/wordpress/

Mccleaf: He works there or is that his company?

Tretola: Do either WPE or DP allow external access to the DB?

Medez: Jeng: hi there, how are you, there?

Jeng: Doing OK, dury. Thanks for asking.

Jeng: Tretola: dunno. You’d have to ask them.

Medez: Jeng: can’t upload any image to wordpress though? could you please help me

Jeng: Dury: do you get an error message?

Medez: Jeng: yeah it’s in basque

Dunnaway: Tretola, using things like cpanel add another few dozen attack vectors. If you’re trying to create something secure, don’t undo your hard work by using those :

Jeng: Dury: well, translate it for me, plz

Tretola: Yeah I think I need to figure out exactly what he believes he needs before I give him any better recommendation

Olesnevich: Dcr: I don’t have, unfortunatelly

Medez: Jeng: mmmm? hang on one minute please

Dunnaway: Without exception that I found, trying to find a decent one drop the firewall and disable on EL machines at least selinux. Many of them use their own compiled binaries for services http, dovecot et al or drag them down, install a buildsys and compile them at run time. You’re expecting php scripts/handlers to carry out sysadmin level tasks. The whole thing ****s pretty badly

Dunnaway: Mateusz, ****s.how much work to start from scratch?

Jeng: Mateusz: You can pay Sucuri $299 to clean your site http://sucuri.net, run a test first at http://sitecheck.sucuri.net

Jeng: There are other ways to clean your site, but it depends on your knowledge of WP, SQL, etc. How are you on those things?

Dunnaway: Oh, some of them use 777 as a default mask as well.lovely. The result? basically what you’re looking at now

Dunnaway: Zpanel at least does that, as does sentora

Storlie: Jeng: knowledge is not bad, I would say

Greenfelder: Dcr: I am trying to list plugins, remove all files, install from scratch, put database back

Satsky: There is a possibility the malware will sit in database as well?

Jeng: If you do not have a backup, here’s my recommendation: 1 Shut down httpd to take the site offline. 2 Download wp-config.php to keep it safe. 3 Make a list of all plugins on your site.

Dunnaway: Good call. You need to be pretty hot with cli tools like grep/sed/awk IME to pull malicious code from a site

Bastian: Should I look for php code as well?