perezbox
Forum Replies Created
-
Forum: Fixing WordPress
In reply to: Malicious attack on our websiteOk, best of luck. Keep us posted.
Forum: Fixing WordPress
In reply to: WordPress re-routing malwareHi @kamerleon1er were you able to get this addressed? Is everything resolved?
Tony
Forum: Fixing WordPress
In reply to: Malware Detected by GoogleHi @velibor
Working with Google blacklists can be a bit tricky. We put together this guide to help in the process: https://sucuri.net/website-security/google-blacklisted-my-website
Google if flagging you because it’s seeing a redirect here:
Some pages on this website send visitors to the following dangerous websites: oxyo.home[.]pl.
We put together this guide to help you walk through the process of cleaning up your site: https://sucuri.net/guides/how-to-clean-hacked-wordpress
Hope this helps.
Forum: Fixing WordPress
In reply to: Malicious attack on our websiteHi @dee man
I’m not quite sure if you’ve figured this out yet, but but it seems as if your theme is possibly corrupted. You don’t have to uninstalls the old version of core, you can rename /wp-admin and /wp-includes and do a manual upload as well. In fact, I’d probably recommend that.
I would also see about switching out the theme, see if that helps.
Here are a few links that you might find useful:
https://sucuri.net/guides/how-to-clean-hacked-wordpress
https://blog.sucuri.net/2012/07/website-malware-removal-wordpress-tips-tricks.htmlLet me know how it goes.
Tony
Hi @netvision
Yes, there are numerous very large sites running the plugin.
With that in mind, would you be open to sharing more information? Would love access to the logs, maybe the server so that we can see what might be going on?
Please let us know.
Tony
Hi @elza
Being your original post was modified and it now reads:
Bad experience with this plugin. A client had it installed and yet their website was corrupted. In the logs showed that this plugin had altered the .htaccess file with bad code that resulted in showing a white page instead of the front page. The log showed that the only thing that was changed was the Sucuri plugin. Strange for a plugin that offers to protect a site, corrupts the site instead.
I’d like to learn more about this client. Do you have the access and error logs we can take a look at?
While conflicts can occur, they are rare. I’m wondering if the hardening was applied, in instances where there is a white screen that is usually attributed to killing PHP execution somewhere in the directory structure. I would bet money that is what contributed to the issue. That being said, I’d like to learn more on the specifics of the configuration.
Hi @errol
Thanks for the feedback. Unfortunately my response is out of context with the original post being modified. Rest assured though, the original post offered no feedback, but rather was an attempt to smear our name by posting unrelated information.
I assure you, a good CEO will always defend his developers and the products they build, especially when it’s free. I do appreciate your candor, and hope you will do the same for mine.
Hi @elza
Not understanding how something works, doesn’t mean it doesn’t work. The site was hacked not because the plugin was activated, but because it was likely improperly maintained.
The Security Plugin Ecosystem: https://blog.sucuri.net/2014/09/understanding-the-wordpress-security-plugin-ecosystem.html
The plugin itself is not a preventive security tool, it’s a utility tool designed to help you harden and provide better visibility into what is happening. This is how we describe it in the notes.
Security is a complex domain, so much so I have written an article that will hopefully explain how so:
https://perezbox.com/2015/10/website-security-is-not-an-absolute/
I have a wide range of security related articles you might be interested here: https://perezbox.com/category/security/
So to your points:
The plugin does not provide security. period.
It does provide security, it’s just different than your interpretation of what “security” should be.
This week, with the plugin activated, a site was hacked.
Now how does that provide security?It’s difficult to say without more context, but a few ways it would have contributed to your security posture:
1 – As you referenced in your various other posts, the tool was notifying you that someone was trying to repeatedly log into your environment. This is called a brute force attack, something I talk about here: https://blog.sucuri.net/2014/03/understanding-denial-of-service-and-brute-force-attacks-wordpress-joomla-drupal-vbulletin.html
2 – If the attacker abused a vulnerability in the code and modified core files, it wold have alerted to you that issue via integrity issues.
3 – If the attacker made changes to posts and pages and other configuration changes the tracking feature would have notified you.
4 – The tool would also have assisted you in the post-compromise process as well, via those features.
5 – The tool has a section specific for hardening. In fact, we keep the hardening simple and practical intentionally, because in our experience it’s they are the most effective.
So again, not understanding a domain or how a tool works, doesn’t mean something doesn’t work.
Thanks
Tony
Dear @elza
Please, feel free not to use our free plugin. I also highly encourage you not to use any of our products. You apparently have a firm grasp on your security needs, and we’re obviously missing the boat.
Also, while I gather you have crossed the line of being constructive and focused on being malicious socially, allow me to clarify…
Those articles have absolutely nothing to do with the issue you experienced or this ability of this plugin, they are inflammatory and now you’re crossing into the line of social harassment unnecessarily. It’s a shame, seeing your social presence that you’d stoop so low. They are also inaccurate and completely out of context. What you suffered was a fundamental lack of understanding, and that’s ok; that is unfortunately the reality that we as an organization have to subscribe to when trying to help.
I do encourage you though, being your intimate familiarity with security and development, to build or maybe contribute some code to help the rest of the community. That is in fact the open-source way.
All the best,
Tony
Hi @elza
There is a fundamental difference between the FREE WordPress security plugin offered, and the services offered by Sucuri via our SaaS product offerings.
The SaaS product offering provides a website owner comprehensive security via our security stack, or protection only services specifically via our Firewall. Sucuri is not a plugin company, we are a security company that has developed and released a security plugin for the WP ecosystem.
The plugin doesn’t arbitrarily send emails, they’re sent when they’re triggered by an action. Just because you don’t want to see the emails, doesn’t mean you don’t have a problem.
The plugin provides you visibility into what is happening, that’s it’s purpose. If you prefer, don’t hesitate to use any other of the number of plugins out there. here is an article I wrote specifically talking to the myriad of options available to you: https://blog.sucuri.net/2014/09/understanding-the-wordpress-security-plugin-ecosystem.html
Your accusations however are unfounded. If you honestly feel the way you do, please remove it and move on, or disable the notifications. Also, just because an IP resolves to a host doesn’t mean the attack is not happening.
Thanks
Forum: Plugins
In reply to: fetch as google/url injectionsIs that your domain?
Forum: Fixing WordPress
In reply to: Websites always hackedHi Ioscamos
With that many domains, managing their security can be challenging. Have you ever considered leveraging a security service provider like Sucuri? Especially if you’re continuously getting hacked, sounds like it might be time to get some professional help.
With an environment like this, there are multiple places to account for with issues. Here are two articles to assist:
https://blog.sucuri.net/2012/07/website-malware-removal-wordpress-tips-tricks.html
and
https://blog.sucuri.net/2012/11/website-malware-removal-ftp-tips-tricks.html
Hope these helps, let us know if you need more help.
Tony
Forum: Plugins
In reply to: fetch as google/url injectionsHi @tyresekagam
It honestly depends on what the response was, but it sounds like it could be an infection. Maybe SEO Spam? I take it you did a Fetch because you feel you are infected or maybe blacklisted.
Is that right? Can you share the fetch results?
Forum: Fixing WordPress
In reply to: Site Got HackedHi @obisike
Need a bit more information. What did the host say about why they disabled the account? Did they provide any list of issues?
Here are some tips that are still very applicable: https://blog.sucuri.net/2012/07/website-malware-removal-wordpress-tips-tricks.html
Forum: Plugins
In reply to: [WPS Hide Login] Still have failed login attempts (Sucuri email notification)Hi
Just because you hide the login, doesn’t mean the requests to the wp-login file will stop. If you feel confident there is nothing there, I’d probably disable the alerts.
Forum: Plugins
In reply to: Still getting hackedHi @cedaly1968
If you’ve been having this issue for a year, I would probably stop avoiding the list of things you should do. If you don’t do the things you need to, you’re likely to continue to find yourself in the same situation over and over again. Also, it’s a bit detracting for anyone willing to help if you’re not willing to help yourself.
If the user continues to be generated you inevitably have a script or code snippet that’s doing the regeneration. Either in a script on the server, or inside a file (i’d look in your functions file). Also, using .htaccess to block access to login will do little for you if the user can initiate the regeneration via direct access or some automation script.
Best of luck