Ask the community

This is a community support forum where you can ask
questions and interact with other PremiumPress Customers.

Possible Security Issue

  • James
    James
    Newbie 81 points
    July 31, 2014 at 2:45 pm

    Hi guys… I was just checking through settings and found 6 users to my site that should not have been able to register as i have Allow Visitor Submissions disabled (image 1)… In WP general settings Anyone can register unticked (image 2)… One of them even created a listing which went live…

    I don’t know if this is a possible security issue with CP theme or if my site has been hacked, but i thought id let you know so you can check your own sites just in case…

    Attachments:
    You must be logged in to view attached files.
  • Clive
    Clive
    Super Guru 1,818 points
    July 31, 2014 at 7:27 pm

    Are these users like Tom, Jane etc?

    If so, they are dummy users created by the theme for testing :-)

  • James
    James
    Newbie 81 points
    July 31, 2014 at 10:01 pm

    I cant remember the names, i deleted them as soon as i saw them… But that sounds plausible as the were all created on the same day (25th july) and i think that is about the same time i updated theme…

  • Mark Fail
    Mark Fail
    Super Guru 12,862 points
    August 1, 2014 at 2:47 am

    yes they will be the demo content installed with the theme :)

    This reply was awarded the best answer by the topic poster.
  • James
    James
    Newbie 81 points
    August 1, 2014 at 11:22 am

    Thanks Mark… was just a bit concerned, i thought my site had been hacked…

  • Mark Fail
    Mark Fail
    Super Guru 12,862 points
    August 1, 2014 at 3:55 pm

    no problems and fully understandable, glad we’ve eased your mind.

  • Dave Harris
    Dave Harris
    Super Guru 1,406 points
    August 1, 2014 at 5:20 pm

    Security is very important obviously.

    The most most most important thing is keeping things up to date with security issues and bomber passwords.

    lxqiBhiDbhvBxLFE2FFrso0Og for eg, please dont use that one, 😉

    Be careful with punctuation in pwds it can mess with PHP sites.

    David
    http://www.nofool.uk

  • James
    James
    Newbie 81 points
    August 2, 2014 at 11:44 am

    David… How did you know my password… lol

    When you say punctuation in passwords mess with sites do you mean symbols like ! . , etc? Because i think a few of my sites have some in passwords… In what way do they mess with site?

  • Dave Harris
    Dave Harris
    Super Guru 1,406 points
    August 2, 2014 at 1:45 pm

    What I have found is that apostrophes ( ‘ ) can cause white screen of death for some PHP related reason.

    You will find that out on a new install of a PHP site though, or a change of pwd on an established site.

    Also pwds that are too long can also cause problems, 15 > 25 should suffice.

    Also, one thing that totally amazes me is there are never any security updates with Mark’s themes. Hat’s off. :) Well done Mark.

  • James
    James
    Newbie 81 points
    August 2, 2014 at 2:16 pm

    Thanks David… I’ll keep that in mind next time i change my pwds… I use a pwd generator that lets you set length and use special chrs, i usually use about 45 chrs, but I’m not sure if apostrophe is used… Is it just an issue with that symbol or are there others?

  • Adam
    Adam
    Newbie 9 points
    August 13, 2014 at 12:08 am

    Hello All,

    I have some issue, unfortunately i have been hacked a couple of times trough WP and I detected in the plugins and the theme filec this code (attached)

    I look at this and i found that this is a shell injection and is the way that are been hacked, but I dunno what I can do, I changed all my pswd a bounch of times and changed the administrator user, and I been hacked again. does anybody know how i can avoid it?

    Also I would like to say that I have my site with david nofool and he help me a bounch of times to restore my sites due this hacks trough WP, that really helps in this times. (thank you David)

    Ed

  • Mark Fail
    Mark Fail
    Super Guru 12,862 points
    August 13, 2014 at 1:01 am

    Ed, sorry to hear about it. You’ll need to know how/where you got hacked first before you can look into fixing it.

    It could be something simple like someone has access to your email and so is requesting your hosting details or that they have access to your hosting account login page where your details are found.

  • Dave Harris
    Dave Harris
    Super Guru 1,406 points
    August 13, 2014 at 5:04 am

    Yep Mark it’s a case of weak pwds I am afraid.

    I can keep restoring your sites Edgar but goodness knows what’s in them after the hack. Remember you have 30 days worth.

  • Mark Fail
    Mark Fail
    Super Guru 12,862 points
    August 13, 2014 at 5:12 am

    :(

  • Dave Harris
    Dave Harris
    Super Guru 1,406 points
    August 13, 2014 at 3:30 pm

    Mark, your new sig regarding the hosting at hostupon? Are you aware of their prices?

    And the dedicated prices lol.

    David
    http://www.nofool.co.uk

Viewing 15 posts - 1 through 15 (of 19 total)