The Hack Repair Guy
Forum Replies Created
-
Forum: Fixing WordPress
In reply to: WordPress 3.3.1 hackedThis is not a hacked htaccess though:
# -FrontPage-
IndexIgnore .htaccess */.??* *~ *# */HEADER* */README* */_vti*
<Limit GET POST>
order deny,allow
deny from all
allow from all
</Limit>
<Limit PUT DELETE>
order deny,allow
deny from all
</Limit>
AuthName mydomain.com
AuthUserFile /home/myusername/public_html/_vti_pvt/service.pwd
AuthGroupFile /home/myusername/public_html/_vti_pvt/service.grp
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ – [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPressForum: Fixing WordPress
In reply to: WordPress 3.3.1 hackedIf they entered through your /images folder this means one of the scripts on your website is allowing for the injection of files (like those you are finding within your images folder).
To stop your hacker from being able to execute those files within your images folder (effectively stopping them cold!) just create a text file named:
.htaccessThen put these lines of text in the file:
# This prevents people from looking at your htaccess file.
<Files ~ “\.htaccess$”>
order deny,allow
deny from all
</Files>
# This line turn off directory listings
Options -Indexes
# Makes scripts appear as text. Good for image only directories (antihacker)
Addhandler text/plain .pl .cgi .php .py .jsp .asp .shtml .shUpload the file into your /images directory.
Enjoy!
Forum: Hacks
In reply to: My WordPress 3.2.1 Was HackedI have to admit I’m a fan of cloudsafe365 as well and have even included it with honorable mention within my free website monitoring services list, http://hackrepair.com/free-website-monitoring-services
Forum: Plugins
In reply to: I have been well and truly HackedHi,
I would like to hear more about this:
“<?php preg_replace”You this was part of a snippet of malware code within one of your pages?
Any possibility you can post that on pastebin or something?
Forum: Fixing WordPress
In reply to: Hacked Worppress sitesI helped someone in a similar situation the other day, and it turned out his computer was compromised, and hacker used the user/passwords gathered from his computer to hack several of his blogs (setup much like yours).
If nothing else, I recommend changing all passwords, then running a full malware scan on any computers you may have saved passwords on prevoiusly.
Also, very important:
NEVER user “admin” as your WordPress username.
This just makes a would be hackers job so much easier…Forum: Fixing WordPress
In reply to: website hacked by ghost-dzIt’s possible you may have been hit by that old Timthumb compromise. Add and run the “Timthumb vulnerability scanner” plugin.
Forum: Fixing WordPress
In reply to: website hacked by ghost-dzVirtually all of the sites I repair for hacking are hacked due to the FTP user/password being stolen in some way. Occasionally a plugin will be the culprit.
I recommend my clients review this when installing new plugins:
Security AdvisoryAs well as install the Bulletproof Security plugin I discuss here.
Please consider adding your note as a comment in the video link at Youtube.
Thanks,
JimI have since updated the video. Hopefully it now meets your requirements BPS folks:
Updated post (since I can’t delete the prior one).
I love Bulletproof Security and “require” my clients install BPS plugin to improve their blog’s security.
Watch this video to see how to install bulletproof security:
Watch BPS installation video?Enjoy!
Jim WalkerForum: Developing with WordPress
In reply to: Load spikes – any ideas?Can you clarify what you mean by:
core control http logging
?Thanks.
Forum: Developing with WordPress
In reply to: Load spikes – any ideas?Hi folks,
I encountered almost exactly the same issue with a WP site as well.Obviously just adding more RAM isn’t the solution– I mean at some point WP is going to bomb once it uses up 8gb of RAM, so adding RAM only seems to postpone the inevitable server crash.
Any other sage advice?
Thanks,
JimForum: Themes and Templates
In reply to: Mystique Theme Problem, "White Screen Of Death" , Please HelpHi,
You may find an answer relating to how to turn off those WordPress High memory usage notification email messages here:
http://wordpress.org/extend/plugins/tpc-memory-usage/faq/Best Wishes,
Jim Walker
http://TVC.NetForum: Plugins
In reply to: Static pages in horizontal menu sub-pages strange behavior with Librio 1.0Hi,
I really like this theme.It has only one bug as far as I can tell.
I have a bunch of static pages that read like this:
Home About Contact FAQAs the theme is set up now, these appear fine along top, BUT
this also appears on ALL pages:Home About Contact FAQ
FAQ1 FAQ2 FAQ3Now, to make this theme perfect I would want the FAQ’s to appear ONLY when one clicks on FAQ, and not below the topics on every page.
While <?php wp_list_pages(‘depth=1&title_li=’); ?> fixes the issue of the submenus appearing, it ensures the submenus appear on “every” page (causing confusion).
Anyone get this to work in an expected fashion (submenus only appear when the main topic is clicked)?
Thanks,
Jim