whereisnomad
Forum Replies Created
-
Forum: Fixing WordPress
In reply to: How Do I Remove Text Transition on My SliderHi Tara,
No, no plugin, it’s just part of my “Divi: theme. Running 2.7.5Best,
DamonForum: Fixing WordPress
In reply to: Can Changes logged under "System" (127.0.0.1) be a Hack?I just wanted to thank you for the care and guidance on this! Mucho appreciation!
Damon
Forum: Fixing WordPress
In reply to: Can Changes logged under "System" (127.0.0.1) be a Hack?Here’s the site URL: https://www.appliedhumanity.com
I’ve had Maintenance Mode up but will turn it off for a bit so you can poke around.And thanks for the encouragement! In all honesty, my new level of “wisdom” comes after having my entire server shredded by someone getting in through a very old (and forgotten) and vulnerable WP install, having all my sites on the same user, and basically having to erase everything and start over. Hence my extra-sensitivity and new paranoia.
Thank you again,
DamonForum: Fixing WordPress
In reply to: Can Changes logged under "System" (127.0.0.1) be a Hack?Hi Jackie,
Heres the htaccess content:# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ – [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule># END WordPress
Thats it.
I actually added the DearDiary folder as a (possibly incorrectly executed?) attempt to make a folder for Logs that wasn’t “in root” as I’d recently read. The folder is currently completely empty.Thanks so much for the help on this!
Damon
Forum: Fixing WordPress
In reply to: Can Changes logged under "System" (127.0.0.1) be a Hack?Forgot one item for the log. This was logged just BEFORE the entry above:
August 7, 2016 8:36 am system 127.0.0.1 File modified .htaccess (old size: 11143, new size: 11847)
Forum: Fixing WordPress
In reply to: Can Changes logged under "System" (127.0.0.1) be a Hack?Hi Jackie, and thanks for the reply!
Here’s the log (pulled form Sucuri Audit Log on the Sucuti dashboard)August 7, 2016 8:36 am system 127.0.0.1 New file added: (multiple entries):
DearDiary/index.php (size: 27)
iThemeslogs/index.php (size: 27)
wp-content/plugins/captcha/bws_menu/bws_functions.php
wp-content/plugins/captcha/bws_menu/bws_include.php
wp-content/plugins/captcha/Unless there is a discrepancy with what time my system thinks it is, I’m almost certain I wasn’t online at that time. Could it be the plugin itself updating? Or is this a possible vulnerable plugin that someone exploited? Finally is it possible for an attack to be disguised as the System itself?
Thanks for the help and insight!
Damon
PS, while were on the subject, I reached out to my host about the fact that through simple UNIX commands anyone can SSH in and get a list of all users on the system, which they think is no big deal and even in my noob’ness can see is half the battle for an attacker. Is there another way to mask the users on my server or on my website?
Thanks again!
Forum: Localhost Installs
In reply to: Localhost install WITHOUT dashboard/site accessIs the database itself somewhere in the full site files I downloaded from the server? Can I extract it separately from the download and/or server the site is still living on?