Viscosity
Forum Replies Created
-
Forum: Plugins
In reply to: [WP-Invoice - Web Invoice and Billing] Send message not workingDid you check the mail server setup because at time it is the mail server that block it detecting it as spam.
Forum: Plugins
In reply to: [GD Star Rating] become slow my website by GD Star RatingShare hosting mean your web hosting is using a single web hasting server serving hundred or thousand customer on the same server.
Forum: Plugins
In reply to: [GD Star Rating] become slow my website by GD Star RatingAre you on a share hosting?
Forum: Everything else WordPress
In reply to: Clean up of one hacked siteThere are several things in which you have to look into.
For application, fresh clean up and re installed help to clear up those mess. Re-installed and update all your required plugins,then do a full backup. Used security plugins like bulletproof security, wordfence, Timthumb Vulnerability Scanner, Theme Authenticity Checker (TAC),etc does not grant u that your sites is not hackable.
For network, disable all your ftp and ssh when you are not using it connected to your panel.Use strong password with a minimum 15 characters length contain, upper & lower letter, number and including special character to prevent any dictionary attack on your password.
The attack appears to have been an SQL-injection.
What make you so sure it is SQL attack? If so, then your gonna look into your SQL updates and version used.http://codex.wordpress.org/Hardening_WordPress
It did mention clearly the steps to take to harden your wordpress.External Service
Cloudflare * Incapsula help to reduce your chance getting hack even though your are using their free service.Forum: Everything else WordPress
In reply to: Clean up of one hacked siteTo clean up is uninstall and install back all the wordpress in order to perform a clean wipe out in which may contain backdoor left behind.
Forum: Plugins
In reply to: [Networks for WordPress] Dns and server configurationI think the easy way out if through your webhoster cpanel which there is a setting for it.
Forum: Everything else WordPress
In reply to: Questionable 404's ?I've noticed a recent IP address with unusual 404's and wondered if anyone could give me their opinion, and suggestions for solutions if warranted. 404 examples: 404: login.php?action=quit 404: modules.php?app=user_reg 404: member.php?mod=logging&action=loginYou can see that they are trying to target your php code and doing an SQL injection, doing a redirection of your sites or exploiting your login.
These are just a few, there are many from the same IP, all along the same lines, with various commands.Very likely they are using an automatic program scanning and trying to exploit your site for vulnerability.
Forum: Hacks
In reply to: Plugin newbie, looking for quick guidance..I bet for a quick guide is where you can try your luck in utube or google in which you may find some tutorial 🙂
Forum: Fixing WordPress
In reply to: Theme Hacked@esmi What the given the link is based on web application but network layer including the OS are not covered as this is a self host wordpress.
What the hack attempt which done on your sites is just using dictionary attack which is often done by script kiddies. Skill hack just need to exploit on your SQL injection, from there and they will dump all your usernames and passwords crack within their own system. Of course there are some other approach of the hack attempts. Currently i only got 1x fail intrusion attempt and look forward for more challenges 🙂
Perhaps you shall let me do some penetration test when i am free provided with your approval.
Forum: Fixing WordPress
In reply to: Theme HackedActually there are few things you need to look into.
1,Look into your control panel or error log message for those error encounter.
2.Summary the error log and find out what is the attack vertor target is at php or other.
3. Use Timthumb security scan on your wordpress and update it as most of the theme contain outdated Timthumb which prone to hack.
4. Use Theme Authenticity Checker (TAC) to scan for malicious code if you are using free theme.
5. Use a firewall to only allow the designated port for your blog only.
6. Use a IDS/IPS to protect your system from being rooted.……………..
There are lot more and i do not wish to get into more details least you do the basic.
Forum: Everything else WordPress
In reply to: Fraudulent WordPress Internet site warning50% of my site is done by my hired web designer and another 50% is done by me. The reason for doing so is that i am not an expert when come to web design but for web security and other items are fully accomplish by me.
You do not need to transfer your domain,aussieappshop.com.au to bluehost but what you need to know is your domain dns ip address so that you can add it in your web hoster control panel.
Forum: Everything else WordPress
In reply to: Fraudulent WordPress Internet site warningOf course i understand how you feel but stay cooled with a clear mind. Overheated rage will not get you anyway 🙂
Forum: Your WordPress
In reply to: My SiteNice. Clean and simple
Forum: Everything else WordPress
In reply to: Fraudulent WordPress Internet site warningShaza777 , Pardon me i just don’t understand why you don’t hint my advise? It is not worthwhile to fight over a general domain as you have understood the value of it. Anyway, it’s your choice.
If you are refering to wordpress.com or .org then i will advise you stay out of it as we are not the owner of that domain.