New attack on shared servers

For the last few days there is news of attacks on sites that are based on PHP as is WordPress, and today I can give some clear directions in this regard, sorry for the delay however.

The first thing to clarify is that is not a massive attack on WordPress but this injection of code affects any web based on PHP and, to this day, the other relevant data is that they also share a server, it is not happening on dedicated servers. In fact, if it were a massive attack on WordPress there would be many more infected sites, given the huge implementation that today (thanks to you) has this CMS.

This makes us think of two possible causes, one sure. The first is that the attacker uses security vulnerabilities of the server on which he is hosted and which he shares with other sites, and the second is that something is allowing the code to be injected into the PHP files of the attacked sites, either a bad plugin designed, a bad security configuration of the CMS used. However I bet on the first option because the Zettapetta has infected static sites where there were a couple of loose PHP files and, as I said, if it were something special for WordPress we would all be infected, or almost, and it is not.

This case is special, because there is even a video in which the supposed cause explains how to inject code into shared servers of Networks Solutions without having to steal usernames and / or passwords!

Fortunately there is a solution. [19659003] The attackers are infecting the webs with a script that tries to inject malicious software into the "client" sites and, in addition, prevents the anti-malware mechanics that modern browsers such as Firefox and Safari can detect.

script affects any shared server and attacks have already been verified in several top-tier hosting providers, such as Mediatemple.

In the atac sites The following javascript was inserted:

And what does the Zettapetta ] this one of the noses is to add a lot of base64 code at the beginning of all the PHP files that will be found on the server, recursively. Come on, if it enters your WordPress it infects all the files 'core', those of the plugins, the themes, everything, up to the wp-config.php and the index.php usually empty.

Once the base64 is decoded, what it contains is this:

The bug has cloth so to clean it has been said …

The first thing is to try the hack they have developed in . Download this file to your desktop: and rename it to wordpress-fix.php

Once done this you upload it to your site by FTP and execute it from the browser. That is:

The script takes a few minutes to complete as it scans your entire site and removes the malware entries, recursively as well.

When finished you can delete the file and then to ensure that you leave everything clean, follow these indications, as always:

  • Export all your content using the WordPress export utility and save the wp-content folder as well as any other that you use so manual. Check your theme, plugins and uploads folders, etc, before giving them for insurance.
  • Check the file wp-config.php to eliminate any possible code injection, change the permissions to 644 or, much better, load a wp -config.php completely clean.
  • Change all passwords: ftp, database. Use strong passwords, using alphanumeric characters and symbols
  • As the problem affects the database, it must be discarded. Delete the current one and create a new one or, failing that, check each one of the tables
  • Delete all the contents of the current WordPress installation (remember that you have done backup before)
  • Install a clean WordPress (latest version) ), using the information from the newly created database
  • Upload your wp-content folder again, once you have verified that everything is clean
  • Import the posts from your site that you exported with the WordPress import utility
  • Set up your WordPress securely by following the instructions in the links provided

Let the backup be with you!

NOTICE : This publication is from two years ago or more. If it's a code or a plugin it might not work in the latest versions of WordPress, and if it's a news story it might be obsolete. Then do not say we have not warned you.

Loading …

That may also help you:

Programmed posts that are not published

Some time ago I had problems with the scheduled posts ( yesterday we talked about this matter ). I usually write as I have the day of inspiration and I do not always publish all the same day. Here for example, in WordPress Help, I usually schedule many posts to be able to always offer at least one trick or guide per day, then I also publish everything that is rabidly current.

 posts-programmed "title =" posts-programados "width = "500" height = "285" class = "aligncenter size-medium wp-image-3922" /> </a></p>
<p> Well, to what I was going, after <a href= the initial migration of May I verified that the programmed posts never finished publishing, when the time came that they had to come to light they began as an infinite loop in which every time the counter of time was up for the post in question to be published.

After a lot of research, I came up with the solution that, of course, had to do with something strange that happened in the migration, when I discovered it I shared it in the support forums of Mediatemple but today I have fallen in that I never mentioned it here, a big mistake that I'm going to solve now.

Bi in, then the issue is that it has something to do with the file ' wp-cron.php ' and the server configuration …


  1. Type the following command through SSH (of course, you must have access to your server by this means)

    If everything is fine you will see a message of "OK". But if there are problems you will see an ugly 404 error message in the terminal window. If you have this bad luck you should follow these steps …

  2. Open your file ' etc / hosts '
  3. See if the DNS you point to is not the DNS address of your domain (eg. : if the DNS of your domain is and the hosts file points to
  4. Change the wrong DNS in the file ' etc / hosts ' to the real DNS of your domain
  5. Check again if your file ' wp-cron.php ' works correctly by typing the same thing as before …

    If you get an "OK" you already have it

Also, of course, you you can find in the situation where you do not have access via SSH . In that case you can always ask the technical service of your accommodation to do this check, for that you pay no?

NOTICE : this publication is two years or more ago. If it's a code or a plugin it might not work in the latest versions of WordPress, and if it's a news story it might be obsolete. Then do not say we have not warned you.

Loading …

That may also help you:

WordPress Help – 1 Year of Life • WordPress Help

Today marks 1 year of life WordPress Help since that December 26, 2007 in which Guillermo and a server started this task of forging a speaking WordPress community Hispanic . The goal and permanent motivation is to offer at least one trick, guide, plugin or daily theme, and also the relevant information of each day on WordPress and its entire ecosystem. I think we have achieved it and we have not fainted for a day. And, on this first anniversary, there are some things to share that are already part of the WordPress Help story :

There have been many more interesting days, but what touches are the thanks: [19659002] And I have many left, I hope you forgive me for my bad head. To all you guys Thanks!

Migrating that is gerund – Grabbing that there are curves

 fish-moving "title =" fish-moving "width =" 359 "height =" 283 "class =" aligncenter size-full wp-image-3364 "/> </a></p>
<p> During the weekend I go to <strong> migrate WordPress Help to a larger server </strong> (quite old), with resources – I hope – almost unlimited, if there is any, all thanks to a sponsorship offer of <a href= CDmon so that we will stop using Mediatemple for WordPress Help (not so for other sites that give me fewer headaches), and in the process we gain speed, technical support (I will not have to deal with the server anymore) and , consequently, time to publish more and better.

 server-major "title =" server-greater "width =" 460 "height =" 444 "class =" aligncenter size-full wp-image-3365 "/ > </a></p>
<p> This means that you may see strange things at some point during the weekend, or some strange temporary redirection that I will try to make short. This will also affect the <a href= Forum and the test sites we have: themes, wordpress 2.7, wordpress 2.6 and habari . The part that I think will be more complicated is that of the forum, because there I am quite green and I do not know if I will do a scam, which I hope not. In WordPress Help I'm going to take advantage of the migration to tweak the database – which I had been asking for some time -, delete plugins that we tested in their day and no longer use or are not necessary for posts, and some more than I'll tell you.

However, I will warn when we are on the new server, and from there I will ask you to send me a cable to know if everything is fine, if you have missed any comments or those things that may happen in the migrations, and more This one is of quite volume and characteristics of it. I just hope that this is the last migration (it's already the second one in less than a year), and that from now on this issue of resources will no longer be a concern and lack of sleep for me, and that WordPress Help will go as a shot, with what you all win.

 web-moving "title =" web-moving "width =" 300 "height =" 204 "class =" aligncenter size-medium wp-image-3363 "/> [19659002] What you read is an original content of <a rel= WordPress Help – Resources, themes, plugins and tutorials in Spanish and published Fernando Tellado first here: Migrating that is gerund – Grab that there are curves

Optimize: Improve Performance and Webload of a Blog

Many have ever received a notification of their hosting for abuse in ram consumption, processes, etc. You may want to read how optimize the use of ram memory reduce CPU usage and server memory, optimize the database and ] improve the speed of the blog . You can also consider switching to a hosting with virtual / dedicated server .

The entry Optimize: Improve Performance and Web Upload of a Blog published it first Alejandro in Help WordPress . Do not copy content, do not say anything good about you to your readers.

Where are the BlogStars hosted? • WordPress Help

In Who is hosting this? (Who is hosting this?) Have conducted an investigation to find out where the most famous blogs on the web are hosted. Starting from the list of Top 100 Technorati Blogs, they have analyzed where the 100 biggest blogs are hosted and the result is the following …

How will you see the winner – by far – is Mediatemple and, to what? do not know where is the server of WordPress Help ?. We are not in the Top 100, only in the position 863 (the Top Thousand) but we also deserved a good accommodation, specifically (in case you do not know) the DV all the advantages of a dedicated to the price of a VPS .

Striking that Blogspot and Six Apart (with Typepad ) are in such a good position, and that does not appear on the list, despite its VIP program which seems to have not had the success expected.

Chronicle of an Immigration

Well, it seems that everything has been restored, and it's time to give the explanations and apologize for the day that we have been disconnected incidentally not our fault … or so we believe.

It all started at midnight on Wednesday 7 when our previous accommodation, CDmon ante a confluence of simultaneous requests to the blog, and seen that s we exceeded the maximum number of connections to the hosting had to stop our service so as not to harm the rest of the sites hosted in the shared hosting where we were. Yes, you read correctly, shared hosting, of the cheap .

And this blog, which started a little over 4 months ago, has grown a lot in a short time, ] having today more than 500 daily subscribers to feed more than 1,000 unique visitors a day, Pagerank 5 all those numbers that indicate the traffic and presence of a website. And as this only costs us money and effort (which we use to our liking) to Guillermo and a server, because the investment we tried to make it fair, at least at the beginning, and we have been growing these few months, not without much patience of CDmon that, it must be said, they put up with us without penalizing several highs of traffic without pretending to charge us another euro or disconnecting us.

But it seems that yesterday we exceeded the limit and we only had left the option to hire something better for this blog of our loves.

Do not think we did not know that this was going to happen, because from the first day we decided to create what should be the largest WordPress support site in Spanish we were clear that we would have to have the right machinery to withstand the generated expectation and audience. And about a month ago we started looking for alternatives, with the hope of being able to put up with that the advertising included in the blog would cover the expenses of a bigger and more powerful accommodation.

And, well, you see what happened. In the end we have been forced to make the decision "a la brava", out of necessity and at full speed. I have to say that I had already kept an eye on the hosting of our dreams, a service that hosts sites as powerful as Techcrunch Starbucks Mashable Sony L'Oreal or Diesel . Now also Help WordPress and the WordPress Forum Spanish .

Still aware that it will not be the last migration or update, we have contracted the plan called Media Temple DV a VPS (Virtual Private Server – Virtual Private Server), with the power of a dedicated server but with support from the hosting service.

The characteristics – scalable – of the new server are the following:

  • 20 Gb of storage
  • 256 Mb of dedicated RAM
  • 1 Tb of transfer
  • CentOS 5, PHP5.2, MySQL 5.0, Perl 5.8.8, Python 2.4.3, Ruby 1.8.5 and more
  • Plesk 8.3
  • Root access
  • Exclusive IP

Well, there are many things that we will have to discover. And the first obstacle has been my absolute ignorance of these tools, the very fact of administering the server, all new to me.

On the way, and despite having done backup of everything, We are faced with the problem of importing the blog and forum databases (too large to import directly). Fortunately, there were Perro Callejero and elfran222 to offer altruistically all their knowledge, time and dedication. We can never thank such dedication, interest and good work Thanks guys!

And, well, here we are still fine-tuning the machinery, preparing the final touches to make everything work as it should, and if something does not work It's just our fault. We are also aware that we will have to update soon, at least increase RAM little by little, all that is needed by our readers. That yes, we will try to do it in a more organized way, without having to run. We hope to get some income to cover this success. In the meantime, if you see that something is not fine, you tell us.

Thanks to all for supporting our task of sharing knowledge about WordPress 😉

NOTICE : this Publication is from two years ago or more. If it's a code or a plugin it might not work in the latest versions of WordPress, and if it's a news story it might be obsolete. Then do not say we have not warned you.

Loading …