I’ve been cleaning up lots of hacked wordpress sites lately and i thought i’d share my findings and also my attempt to refine this technique with AES-encryption instead of obfuscation
Author: Nimpen Jimmy Nordström
System Developer and Network Security Enthusiast
Unhacking a Hacked WordPress Site
A collection of commands to help you determine if you’ve been hacked, the same commands can be used to find obfuscated code and dangerous php in any other CMS system such as Joomla or Drupal.
Using the Find command
A few different ways to utilize this powerful command. Set different permissions on files and folders sudo find . -type f -exec chmod 664 {} \; sudo find . -type d -exec chmod 775 {} \;
PhpMyAdmin with MariaDB on Stretch
In Debian 9 MariaDB is using the UNIX auth_socket plugin by default. This basically means that database users will be “auth” by the system user credentials.
xmlrpc.php
I was seeing lots of Warnings about POST-request to xmlrpc.php in the logfiles of modSecurity for apache. Turns out that wordpress uses the XML-RPC protocol that was created in 1998, the problem with having this enabled is that it encourages hackers to try and guess your password by making hundreds or thousands of login attempts… Continue reading xmlrpc.php
Minified Chroot for WordPress & Joomla with PHP FPM on Debian 9 Stretch
For months i was giving up on this project and used Debootstrap to get a 300Mb+ minbase version of debian, but… …i finally got it working and here is the code for a chroot under 50Mb.
Securing your RSYNC backups with SSH & SUDO
We use several dedicated server in remote locations responsible for backing up the server farm. The backup server pulls the data from source.
The ultimate ~/.vimrc
So many hours spent on this file… It only uses built in functions from the vim-nox package, if you dont already have it installed then issue: # apt-get install vim-nox I use vim as a full IDE for all my development, combined with MiniBufExpl plugin and TMux to split screen for tailing log files.
Tcpcrypt.. How could we miss this?
Install Tcpcrypt and you’ll feel no difference in your every day user experience, but yet your traffic will be more secure and you’ll have made life much harder for hackers.
GenRandID
PHP Class for generating unique non chronological ids from a number list This code is part of a larger project where we needed user ids that would be simple to remeber but hard to predict.