-
How to restore a WordPress site after hacks or exploits in 10 easy steps
A lot of people use WordPress, and seemingly a lot forget to click the upgrade button regularly enough and find they are exploited. In an ideal world, you would click that button whenever you see it needs updates, and have copious amounts of good backups. However, sometimes these things do not happen, and you need…
-
Identifying exploits and exploited websites
I have made posts before regarding how to find exploits, and what to do about those previously, however it has come to my attention that some people are not even realizing what the basics are to look for. In this post i will give you ideas on what to look for, how to identify exploits…
-
Finding Exploits and Trojan php hacks on a website
Its always unfortunate when you are exploited, and the best method to fix a site is to wipe and restore from a known backup as well as track down the entry point they gained access and fix it. Sometimes you need to ‘clean’ a site of these files before migrating things over however , or…
-
Blocking malicious crawlers or scrapers in Apache
Occasionally we see a customer who has a popular website that often gets people trying to crawl it and copy the lot, This has the unfortunate side effect that its hammering the site. Made worse only by dynamic pages and loops this can literally take down a server in some occasions. Often you can slow…
-
Migrating VPS with virtualmin – Multiple DNS changes
We have had a customer move from one host to a new one with Virtualmin, this is usually ok, except in this case he had DNS hosted on his own VPS, most of it pointing to his old IP address. The task was to update all DNS records on his VPS without manually clicking each…
-
Old versions of PHPMyAdmin and Automated Scanning
It has come to our attention that we have had a decent number of alerts about machines scanning on our networks in the last day. All of them have been running hacks from /tmp named things like /tmp/dd_ssh etc. These files are owned and run by the apache user, and on further investigation all put…
-
Rimuhosting does LCA2010
A couple of the die hard Linux fanatics here at Rimuhosting decided to bribe the boss into letting us go to Linux.conf.au this year, and in fact even managed to get him to become a little blue penguin sponsor. Luckily we have a fantastic employer[1] who was keen to get rid of us. We had…
-
Has your VPS been hacked?
If you use any pre-packaged software, it always pays to sign up to their mailing list or security advisory list. This means if any exploits or updates happen, you are on the ball and up to date. Today we had an email from a customer whos front page had been replaced. I noticed it was…
-
nginx hacking using proxy
It sucks getting hacked Every now and then servers get hacked. Often because of an exploitable webapp, or because (most commonly) a weak, easily guessable password was used on a well known user account (like ‘root’ or ‘info’ or ‘test’). Once hackers gain access they often install some kind of malware. e.g. something that goes…