Forum Replies Created

Viewing 15 replies - 1 through 15 (of 16 total)
  • Thanks. I use askimet but all spam detected goes to the spam tab. I want these emails to be deleted immediately and never go to that spam tab on wordpress, or in other words, to never be stored on the database.

    If wordpress detects a spam why is that spam stored? I don’t want to review them. I want them to be vaporized after being detected as spam.

    so, you have a blog with 6,000 categories running on wordpress, what would you do to display the categories?

    These queries worked fast 0.0650 seconds. The problem is really with wordpress or more probably with php. Believe me. Imagine the time and memory that should be used by a query to list all 6,000 categories alphabetically. Php will never do that. It will timeout or crash before.

    upgrading wp process is really disgusting. As wordpress, the upgrade process is designed to small databases, sites with no more than 20,000 posts. Have you ever tried to upgrade from the browser a site with 120,000 posts and 6,000 categories? hahaha… upgrading from a browser sucks to infinity +1, it will never go thru and you will end jumping from a bridge.

    I agree completely, when I read the explanation about “the famous 5 minute installation” I knew it would be a nightmare. I am trying to update my wordpress installation since yesterday. 22 hours trying… zillions of errors.-.. 5 MINUTES, THEY SAY…. I had to restore the database 3 times and try different methods. This upgrade via browser sucks to infinity + 1. Instead of developing a shell program that could update that, a genius developed a php program to upgrade via browser. If you have a large database, of course the browser window will time out and you will be in hell.

    SCREENER: I am not making the calls. WP is and version 2.3.3 is worst than 2.2. The old version can access the database faster.

    PINOY.CA: Yes it is a dedicated server and the MySQL server is on the same box.

    the full use of wp_create_categories is

    wp_create_categories ($category_name, $post_id)

    In this case, it will create a new category in the case the one you are trying to assing do not exist.

    The problem is that this is theory and do not really works. Not for me.

    The main problem with that wordpress import routine is that it simply do not works unless you have 3 or 4 posts. Try it with 10,000 posts. Try it with 900,000 posts, as I am trying for a week.

    The attacker was able to make posts. Thousands! In fact, posts and comments. I had to rename the php files in order to stop him. That was the only way to stop him. Nothing appeared to stop him. He posted with total easy. He used some sort of script to run specific files of WP installation, in order to post.

    I am the only one allowed to post. Nobody have neither authorization or even logins/passwords, just me and I never disclosered to anyone.


    ah, just to complement…
    like in war, obscurity is not security, I agree.
    Obscurity is camouflage!

    Viper007Bond, unfortunately you are wrong in everything you said.

    You are assuming that I use easy words, but I can use any word in any language. Will you guess a word in French or German? And if I name the file as “xT12314lsd23.php” how will you discover it? Guessing?

    The other point is that you are assuming that every cracker is an expert. 99% of those guys invading sites are completely morons who follow a recipe: 1) google for some site using WP 2) use the file xyz.php and do bla bla bla…

    If you make your site invisible (not common) to google, how will they discover it? It’s like a car alarm. The alarm will not stop a pro, but will stop 99% of the morons.

    You are wrong again when you said I am new to the web develpment world. I am developing for the web since 1996 and in PHP since 2000. I never have a site invaded before using WordPress, due to the fact that I never name any of my directories and files using english words or obvious words in any language (too many crackers speaking english, so this is the language they will try).

    Another common error I never do, is to show detailed error messages, the king of messages that can guide the cracker. For example. If you put a login screen where one have to fill username and password, you can have 2 situations: unknown username or wrong password. If you show an error message saying: WRONG PASSWORD, the cracker will know he have a correct username.

    Things like that make the difference.

    My site cracked site was written in French and Portuguese. The cracker was located in the USA. Do you think the site was cracked by an american who knows french and portuguese? No. I will tell you: the site was googled by the words PROUDLY POWERED BY WORDPRESS (I have a log entry with cracker’s IP and such string googled) and the guy knew the files to crack, due to the fact they had the original names.

    I agree that such modifications I suggested were difficult to implement on the first phase, cause many code would have to be rewritten, but it will turn crackers like hard.

    I am not expecting no one to accept the ideas I exposed. Those were just my ideas. I think they can help.


    Thanks to all those who understood and tried to accept and considere the ideas I posted. I also agree that stupid are those who always accept the former opinions and knowledge and never offer his/her position, standing as heretic after the Inquisition… (I am dramatic today… someone listening to violins out there?)…

    So, let’s start modifying all stuff… 🙂

    I would like not to integrade both. I would like to get rid of SMF and copy all posts on SMF as posts on WP.

    what concerns? have you read what I said? I said get rid of all words, phrases, etc., that could identify wp installation. That’s it. Better this way than the present way. My blog was invaded by someone who found it thru google. I have traced the guy on my logs and he first googled for wordpress, find my blog and posts 720 thousand sex-casino-viagra cr*p!

    come on boys…

    database name, username and pass would be in index.php.
    Why use a unique name like wp-config.php if one can use a generic name like index.php? As I said, just one file cannot be renamed, index.php and index.php can be anything. The idea is to mask all occurrences of the name WORDPRESS and replace them for images with different names.

Viewing 15 replies - 1 through 15 (of 16 total)