Welcome to the GoFuckYourself.com - Adult Webmaster Forum forums.

You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content and access many other special features. Registration is fast, simple and absolutely free so please, join our community today!

If you have any problems with the registration process or your account login, please contact us.

Post New Thread Reply

Register GFY Rules Calendar
Go Back   GoFuckYourself.com - Adult Webmaster Forum > >
Discuss what's fucking going on, and which programs are best and worst. One-time "program" announcements from "established" webmasters are allowed.

 
Thread Tools
Old 10-20-2008, 11:37 PM   #1
ilbb
Confirmed User
 
ilbb's Avatar
 
Industry Role:
Join Date: May 2005
Location: EU - Czech republic
Posts: 3,025
Tool that saved my biz several times

I run shitload of wordpress installations on my server. I always do my best to keep wordpress up to date but it was hacked and infected many times.

I made custom script that guard my php files from being hacked:

Features:
e-mail/cell phone reporting of:

- NEW php files (you are informed when attacker findout new security hole in your applications and uploads new files to your server)
- CHANGED php files (you are informed when attacker modify your php files)
- DELETED php files (you are informed when attacker delete some of your php files)

script is launched by cron every 10 minutes so I'm informed really fast about new security hole in my WP installation, it helps me to monitor thousands of php files I've on my server


I can install/sell it for you for only $50 epass - (free updates of the script included)
bonus: simple .htaccess for wp protection

orders: icq 988 396 42

example of the mail report:

Code:
TOTAL NEW FILES: 0
===========================================


TOTAL CHANGED FILES: 3
===========================================
18.10.2008 09:32:58	/home/www/xxxblog/www/wp-includes/deprecated.php
18.10.2008 09:30:51	/home/www/xxxblog/www/index.php
18.10.2008 09:26:41	/home/www/zmcom/www/rekvalifikace-skoleni.php


TOTAL DELETED FILES: 0
===========================================
ilbb is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 10-20-2008, 11:42 PM   #2
RenegadeCash Mark
Confirmed User
 
Join Date: Apr 2008
Location: Australia
Posts: 1,002
Pretty cool.

How intensive is it?

It would depend on how many files it needs to check yeah?
RenegadeCash Mark is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 10-20-2008, 11:45 PM   #3
ilbb
Confirmed User
 
ilbb's Avatar
 
Industry Role:
Join Date: May 2005
Location: EU - Czech republic
Posts: 3,025
I run it in the background by cron from bash, no problem with maintance, sure it depends on the amount of files
ilbb is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 10-20-2008, 11:46 PM   #4
GrouchyAdmin
Now choke yourself!
 
GrouchyAdmin's Avatar
 
Industry Role:
Join Date: Apr 2006
Posts: 12,085
Quote:
Originally Posted by RenegadeCash Mark View Post
Pretty cool.

How intensive is it?

It would depend on how many files it needs to check yeah?
This might not be it; it's probably more extensive, but this is likely it's heuristic:

find /docroot -type f -name *.{php|inc|html|etc} -exec md5sum {} >> /tmp/omghaxxorz.txt \;
#!/bin/sh
for n in `cat /tmp/omghaxxorz.txt` do
name=`cut -f1 -d: $n`
md5=`cut -f2 -d: $n`
if [`md5sum $name | cut -f2 -d:`"x" != $md5"x" ]; then
OMG A HAXXOR
else
DONT TAZE ME BRO
fi
__________________
GrouchyAdmin is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 10-20-2008, 11:58 PM   #5
darksoul
Confirmed User
 
darksoul's Avatar
 
Join Date: Apr 2002
Location: /root/
Posts: 4,997
see tripwire sourceforge.net/projects/tripwire http://www.tripwire.org
__________________
1337 5y54|)m1n: 157717888
BM-2cUBw4B2fgiYAfjkE7JvWaJMiUXD96n9tN
Cambooth
darksoul is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 10-20-2008, 11:59 PM   #6
ilbb
Confirmed User
 
ilbb's Avatar
 
Industry Role:
Join Date: May 2005
Location: EU - Czech republic
Posts: 3,025
Quote:
Originally Posted by GrouchyAdmin View Post
This might not be it; it's probably more extensive, but this is likely it's heuristic:

find /docroot -type f -name *.{php|inc|html|etc} -exec md5sum {} >> /tmp/omghaxxorz.txt \;
#!/bin/sh
for n in `cat /tmp/omghaxxorz.txt` do
name=`cut -f1 -d: $n`
md5=`cut -f2 -d: $n`
if [`md5sum $name | cut -f2 -d:`"x" != $md5"x" ]; then
OMG A HAXXOR
else
DONT TAZE ME BRO
fi
this will do similar job!
ilbb is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 10-21-2008, 12:07 AM   #7
ilbb
Confirmed User
 
ilbb's Avatar
 
Industry Role:
Join Date: May 2005
Location: EU - Czech republic
Posts: 3,025
Some tips for wordpress security

Upgrade Wordpress Version
This is a double edged sword. If you don't upgrade you are exposed to known exploits. If you do upgrade you are exposed to unknown exploits. The lesser evil are the unknown exploits since alot fewer people are targeting them. It sucks, the situation is not going to get better anytime soon.

Need to Know Basis

It was nice to have that wordpress link in the footer to let everyone know who powers your blog. Now it is a bullseye for hackers looking for new targets. Your users don't need to know you use wordpress, remove this beacon for hackers. While you are at it remove the wordpress version info from the code. This is even more dangerous since it tells the hackers exactly which exploits will open your site wide open.

Search and Rename

Taking the "need to know" concept even further, you should go search and rename anything (folders, databases, urls, etc) that starts with "wp-". You may not be able to rename everything on existing blogs. Try your best. The more unique and less cookie cutter your blog is, the harder it will be for hackers to find it and exploit it.

Prevent Access to Wordpress Folders

Once hackers find your blog they will try to get into your folders. Stop them! Using htaccess, only allow your ip address access to wp-admin (which is the most critical folder). Matter of fact be proactive and block any wordpress folders that don't need to be accessible. Also try to minimize access whenever possible, only allow access .html, .css, etc. This will help decrease the chance of hackers from abusing your blog.

Danger Plugins Ahead

By blocking those folders you closed the front door but plugins allow for a huge backdoor. Plugins can be comprised and turned into 8 lane highway of attack. Minimize the plugins you use and remove what you do not need.

Admins are Trouble
Many people have created a master user account for their blog with the username "admin". Don't be like everyone. Kill the admin account and rename it something unique. While you are at it make sure your password is not "password".

Template Time
Go through your template and start making everything unique. Give your site flavor. Instead of saying "blog comments" rename it to "readers thoughts". Instead of "blog archive" rename it "knowledge database". Again this is about avoiding the cookie cutter approach and minimizing the target on your back. ps - your template may include some files that can be exploited.

Avoid Untrusted Internet Connections

We love blogging 24/7. That free open wifi is very tempting. It is also an unnecessary risk. You can be exposing your username and password. Even if you are at a tradeshow, the hardwired internet kiosks are not secure. Only use internet connections that you fully control. Think I'm paranoid? I know someone that tapped an internet kiosk at an internet conference just to win a bet. What better place to get access to a large volume of powerful websites than an internet conference? Your information can be tapped by recording the data sent and also let us not forget through keystroke tracking

In general if you don't need it, get rid of it. If you need it, minimize it. If you can't minimize it, rename it. Most hack attacks are not custom attacks. It is more efficient & profitable for a hacker to automate attacks using common exploit. Raise your site above the cookie cutter level and avoid those automated attacks. Good luck!
ilbb is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 10-21-2008, 12:55 AM   #8
woj
<&(©¿©)&>
 
woj's Avatar
 
Industry Role:
Join Date: Jul 2002
Location: Chicago
Posts: 47,882
would be kinda cool if it would backup files as well, and if it could auto heal itself...
__________________
Custom Software Development, email: woj#at#wojfun#.#com to discuss details or skype: wojl2000 or gchat: wojfun or telegram: wojl2000
Affiliate program tools: Hosted Galleries Manager Banner Manager Video Manager
Wordpress Affiliate Plugin Pic/Movie of the Day Fansign Generator Zip Manager
woj is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 10-21-2008, 12:56 AM   #9
JamesK
hi
 
Industry Role:
Join Date: Jun 2002
Posts: 16,731
Quote:
Originally Posted by woj View Post
would be kinda cool if it would backup files as well, and if it could auto heal itself...
Yeah I'd pay for that
__________________
M3Server - NATS Hosting
JamesK is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 10-21-2008, 01:02 AM   #10
budz
Disruptive Innovator
 
budz's Avatar
 
Industry Role:
Join Date: Sep 2003
Location: Vegas
Posts: 4,230
Quote:
Originally Posted by ilbb View Post
Some tips for wordpress security

Upgrade Wordpress Version
This is a double edged sword. If you don't upgrade you are exposed to known exploits. If you do upgrade you are exposed to unknown exploits. The lesser evil are the unknown exploits since alot fewer people are targeting them. It sucks, the situation is not going to get better anytime soon.

Need to Know Basis

It was nice to have that wordpress link in the footer to let everyone know who powers your blog. Now it is a bullseye for hackers looking for new targets. Your users don't need to know you use wordpress, remove this beacon for hackers. While you are at it remove the wordpress version info from the code. This is even more dangerous since it tells the hackers exactly which exploits will open your site wide open.

Search and Rename

Taking the "need to know" concept even further, you should go search and rename anything (folders, databases, urls, etc) that starts with "wp-". You may not be able to rename everything on existing blogs. Try your best. The more unique and less cookie cutter your blog is, the harder it will be for hackers to find it and exploit it.

Prevent Access to Wordpress Folders

Once hackers find your blog they will try to get into your folders. Stop them! Using htaccess, only allow your ip address access to wp-admin (which is the most critical folder). Matter of fact be proactive and block any wordpress folders that don't need to be accessible. Also try to minimize access whenever possible, only allow access .html, .css, etc. This will help decrease the chance of hackers from abusing your blog.

Danger Plugins Ahead

By blocking those folders you closed the front door but plugins allow for a huge backdoor. Plugins can be comprised and turned into 8 lane highway of attack. Minimize the plugins you use and remove what you do not need.

Admins are Trouble
Many people have created a master user account for their blog with the username "admin". Don't be like everyone. Kill the admin account and rename it something unique. While you are at it make sure your password is not "password".

Template Time
Go through your template and start making everything unique. Give your site flavor. Instead of saying "blog comments" rename it to "readers thoughts". Instead of "blog archive" rename it "knowledge database". Again this is about avoiding the cookie cutter approach and minimizing the target on your back. ps - your template may include some files that can be exploited.

Avoid Untrusted Internet Connections

We love blogging 24/7. That free open wifi is very tempting. It is also an unnecessary risk. You can be exposing your username and password. Even if you are at a tradeshow, the hardwired internet kiosks are not secure. Only use internet connections that you fully control. Think I'm paranoid? I know someone that tapped an internet kiosk at an internet conference just to win a bet. What better place to get access to a large volume of powerful websites than an internet conference? Your information can be tapped by recording the data sent and also let us not forget through keystroke tracking

In general if you don't need it, get rid of it. If you need it, minimize it. If you can't minimize it, rename it. Most hack attacks are not custom attacks. It is more efficient & profitable for a hacker to automate attacks using common exploit. Raise your site above the cookie cutter level and avoid those automated attacks. Good luck!

good post, did u write this up or c&p?

Lots of common sense stuff that a lot of ppl dont do!
__________________
C:\Code\
C:\Code\Run\
budz is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Post New Thread Reply
Go Back   GoFuckYourself.com - Adult Webmaster Forum > >

Bookmarks



Advertising inquiries - marketing at gfy dot com

Contact Admin - Advertise - GFY Rules - Top

©2000-, AI Media Network Inc



Powered by vBulletin
Copyright © 2000- Jelsoft Enterprises Limited.