m6mdr

Any news on this change?

I’m trying to set up a small store using the Twenty Fourteen theme and I only want my commerce menu items to show up in the right hand sidebar when visitors are on commerce related pages such as shop, checkout etc.

I’ve got it working on all the pages I want, how I want it except paginated blog posts. As soon as I click on page 2, all the widgets I want hidden appear and squash the layout.

??

Also to add, why doesn’t the watermark process take place when importing from a folder? NONE of the images imported from folder have a water mark on them.

I have to go around and set the watermark manually which is long and time consuming. Surely if the import process can check for duplicate images and thumbs, generate thumbs and add the images to the correct gallery, it is capable of running the watermarking process too?

Just seems a bit daft to include multiple ways of adding images but the user still has to manually apply the watermark.

This hmei7 guys has been pretty much everywhere. Just Google the name and you’ll see he’s apparently Indonesian and recently it is claimed the he has hacked a large data centre resulting in the defacement of over 5000 sites.

The Amateur Radio Club site I help maintain has been done over by this guy and upon deep investigation I found index.old files in pretty much every directory, I also found randomly named PHP files containing large strings and missing closing tags which I presume was some kind of injection / shell exploit attempts and also his calling card file x.txt.

My friend who hosts the site for our club also had 3 other domains under his hosting which were also defaced / penetrated / violated.

The first time it happened it “appeared” as if the club site had been attacked by a group called wild clique and we didn’t really understand the nature of the attack so we fixed it up as best we could but
the site has since been attacked several times by various hacker groups and individuals.

Today, I’ve been with my friend and we’ve completely ripped out the club’s site and upon going through the files we’ve found no end of files that shouldn’t be present as I described at the start of this reply.

The site was so badly affected we couldn’t risk using any of it as such and so had to go through quite a complicated procedure of installing a clean but newer version of web software and slowly and systematically “merging” the content after sanitizing what we could.

I’m actually about half way through restoring the old data on the newer platform and now the penny has begun to drop on what’s happened.

My friend’s other sites under his hosting comprise of two joomla 2.5 sites, a custom HTML site and our club site formerly running Joomla 1.5.

I think this guy initially penetrated the club site with a shell script or some other injection / RFI and then went on to take over the rest of the domains under my friends account from there. Or at least Mr hmei7 opened the door for others to do it. We certainly found the same files on the other domains too and the only thing they all share in common is they are all under the one user hosting account.

Without waffling on needlessly, the point I am trying to make is, if this guy’s been at your site, I wouldn’t trust a SINGLE file or directory and I’d be looking at all my other sites closely too.

Just because your sites aren’t defaced or whatever doesn’t mean there isn’t something nasty sitting and waiting!

I suggest everyone wanting to secure their sites familiarise themselves with the following hacking techniques so as to understand how these attacks work and how to counter them in the future.

RFI (Remote File Inclusion)
LFI (Local File Inclusion)
SQL Injection
XSS (Cross Site Scripting)

It is also important to keep every aspect of your site’s up to date; from core to plugins! You should also make sure you follow all steps listed by the creators of any scripts or software you are using to keep them secured.

I’m only aware of this after the fact of course, but if this info can help others and prevent them from falling foul to this hmei7 and others then it was worth posting.

I should add that since we have been attacked, I have spent countless hours researching, reading about and trying out the attacks listed above and more besides and I am now better prepared to protect my sites now I know how some of these attacks work and have seen them in action with my own eyes.

I will admit that during my research I have actually been on Google and have dorked a few vulnerable sites and I’ve penetrated them using various freely available penetration techniques BUT I am not a malicious person and I have not and will not use any of the data I managed to exploit. I did it purely for educational purposes to see how it was done and if it could still be done on a live site and in most cases, there are PLENTY of sites vulnerable to these attacks still out there.

In my case, I have of course notified the sites I have penetrated and hopefully they will act on my information.

So take my advice folks – keep up to date with your software, keep up to date with your knowledge and if you suspect you’ve been hacked, don’t trust a single file – Check every file and folder under your account!

Peace and stay safe!

This hmei7 guys has been pretty much everywhere. Just Google the name and you’ll see he’s apparently Indonesian and recently it is claimed the he has hacked a large data centre resulting in the defacement of over 5000 sites.

The Amateur Radio Club site I help maintain has been done over by this guy and upon deep investigation I found index.old files in pretty much every directory, I also found randomly named PHP files containing large strings and missing closing tags which I presume was some kind of injection / shell exploit attempts and also his calling card file x.txt.

My friend who hosts the site for our club also had 3 other domains under his hosting which were also defaced / penetrated / violated.

The first time it happened it “appeared” as if the club site had been attacked by a group called wild clique and we didn’t really understand the nature of the attack so we fixed it up as best we could but
the site has since been attacked several times by various hacker groups and individuals.

Today, I’ve been with my friend and we’ve completely ripped out the club’s site and upon going through the files we’ve found no end of files that shouldn’t be present as I described at the start of this reply.

The site was so badly affected we couldn’t risk using any of it as such and so had to go through quite a complicated procedure of installing a clean but newer version of web software and slowly and systematically “merging” the content after sanitizing what we could.

I’m actually about half way through restoring the old data on the newer platform and now the penny has begun to drop on what’s happened.

My friend’s other sites under his hosting comprise of two joomla 2.5 sites, a custom HTML site and our club site formerly running Joomla 1.5.

I think this guy initially penetrated the club site with a shell script or some other injection / RFI and then went on to take over the rest of the domains under my friends account from there. Or at least Mr hmei7 opened the door for others to do it. We certainly found the same files on the other domains too and the only thing they all share in common is they are all under the one user hosting account.

Without waffling on needlessly, the point I am trying to make is, if this guy’s been at your site, I wouldn’t trust a SINGLE file or directory and I’d be looking at all my other sites closely too.

Just because your sites aren’t defaced or whatever doesn’t mean there isn’t something nasty sitting and waiting!

I suggest everyone wanting to secure their sites familiarise themselves with the following hacking techniques so as to understand how these attacks work and how to counter them in the future.

RFI (Remote File Inclusion)
LFI (Local File Inclusion)
SQL Injection
XSS (Cross Site Scripting)

It is also important to keep every aspect of your site’s up to date; from core to plugins! You should also make sure you follow all steps listed by the creators of any scripts or software you are using to keep them secured.

I’m only aware of this after the fact of course, but if this info can help others and prevent them from falling foul to this hmei7 and others then it was worth posting.

I should add that since we have been attacked, I have spent countless hours researching, reading about and trying out the attacks listed above and more besides and I am now better prepared to protect my sites now I know how some of these attacks work and have seen them in action with my own eyes.

I will admit that during my research I have actually been on Google and have dorked a few vulnerable sites and I’ve penetrated them using various freely available penetration techniques BUT I am not a malicious person and I have not and will not use any of the data I managed to exploit. I did it purely for educational purposes to see how it was done and if it could still be done on a live site and in most cases, there are PLENTY of sites vulnerable to these attacks still out there.

In my case, I have of course notified the sites I have penetrated and hopefully they will act on my information.

So take my advice folks – keep up to date with your software, keep up to date with your knowledge and if you suspect you’ve been hacked, don’t trust a single file – Check every file and folder under your account!

Peace and stay safe!

I’ve got the same problem. Everything else is working as should be except this one field.

Hi, I know this is an old question but I came across this issue myself.

I’m using the same player but I downloaded the actual ffmp3 files to host myself and changed everything in the embed code to point to the sites URL.

Here’s how for anyone else having trouble.

Download FFMP3 from here https://ffmp3.sourceforge.net/ and generate the embed code while you’re there.

Then upload the FFMP3 files to the root of your domain.

Now you need to edit the embed code and change where it looks for the config file and the skins.

If you look through the embed you will see it refer to the following:

<param name=”movie” value=”/fmp3-config.swf” />

AND

skin=/ffmp3-mcclean.xml

Those lines of code both appear twice.. Once near the top of the embed code and once near the bottom. This is for cross browser embedding purposes.

You need to edit all instances of those lines of code with

<param name=”movie” value=”https://YOURSITEURL.com/fmp3-config.swf&#8221; />

skin=https://YOURSITEURL.com/ffmp3-mcclean.xml

What’s happening is the player can’t find the files when you move away from the homepage because they are configured to look for what ever page URL your on followed by a /fmp3-config.swf for example.

So while your on the homepage, the player sees https://yoururl.com/fmp3-config.swf and finds the files. When you navigate to another page the player sees https://yoururl.com/Your-Page/fmp3-config.swf which is wrong.

By telling the player to look the domain URL rather than internal file paths, it will always find the files as long as they’re in the domain root folder.

Only snag with this is the player will only play while on the page.
If you move pages, the player will have to stop and start again when the new page loads. If continuous uninterrupted play is required, you can always put it in a popup.