Re: How to secure WordPress, WordPress Directory and file permissions

WordPress can be a secure blog however an altering from the recommended file permission settings can leave your site open to getting hacked. It will happen, you will get hacked if you have directories set to 777.

To change file and directory permissions you can use any FTP application or even the Plesk File Manager.

By default all WordPress folders should have a chmod of 755 to help with accessing and executing the sub folder files. Most of the time, the installers mark all folders 755 which is the right setting but it is worth checking.

WordPress Files

All files starting with ‘wp-’ (apart from the exceptions below) should be set to 644.

WordPress Directories

All directories starting with ‘wp-’ (apart from the exceptions below) should be set to 755.

wp-config.php

The wp-config.php file is very important, the best setting for this file is 640.

.htaccess

The .htaccess file should be set to 644 as 640 would be too restrictive.

robots.txt

This file is important and should be set to 755 in order to allow search engines full access.

Hardening /wp-includes scripts

For additional protection, prevent scripts from running where they should not be for any user by adding the following entry to your WordPress .htaccess file:

# Block the include-only files.
RewriteEngine On
RewriteBase /
RewriteRule ^wp-admin/includes/ – [F,L]
RewriteRule !^wp-includes/ – [S=3]
RewriteRule ^wp-includes/[^/]+\.php$ – [F,L]
RewriteRule ^wp-includes/js/tinymce/langs/.+\.php – [F,L]
RewriteRule ^wp-includes/theme-compat/ – [F,L]

Update your Plugins

The majority of vulnerabilities are a result of insecure and outdated plugins. It is absolutely essential that you ensure you are running the latest versions of all plugins. Many plugin updates are released to close known vulnerabilities.

Further securing your WordPress blog

You can further secure your WordPress blog by reading 7 easy ways to secure WordPress

Re: WordPress Upgrade Failed, Download Failed, Could not create Temporary file

This problem can be caused by over-securing your WordPress installation – not a bad thing! Here is a quick way to get the upgrade working.

1. CHMOD 777 the /wp-content folder
2. Perform the WordPress Upgrade
3. CHMOD 755 the /wp-content folder

If this fails, make sure you have the folder /wp-content/upgrade created.

Your WordPress should now upgrade successfully.

Re: Can’t install Wordpres, Joomal or other Database Application

The error message “Database required (mysql, version >= 5.0) (not available, please check domain or client limits)” is usually returned when there are no spare databases left to install the application.

To resolve, try the following:

• 1) Within Plesk, Database, delete any unwanted databases to free up your allocation
• 2) Upgrade your Hosting account so that you have a greater database allocation

Re: KILLALL, Kill processes containing text

kill -9 `ps -ef | grep TEXT  | grep -v grep | awk '{print $2}'`

Re: Plesk default page, remove default index page

By default, before you upload any files, you will see the Plesk Default Page. When you create your website be sure to delete this page (or overwrite it).

You must ensure that your home page is named index.html, index.htm or index.php. The default sample index page in your web space is named index.htmlso do ensure you delete / overwrite this sample file.

Re: Your PHP MySQL library version, This may cause unpredictable behavior message

This warning message is given by phpMyAdmin because the PHP libraries are newer than the phpMyAdmin was expecting. Don’t worry, this message can be very safely ignored.

Re: Changing max_execution_time and max_input_time in .htaccess for a single domain

Sometimes you need more time for your script or upload to complete however you want to avoid changing these setting for the entire server, so the option to change for a single domain is there when running PHP as Apache.

To change max_execution_time and max_input_time from the 60 second default add the following lines to the top of your .htaccess:

php_value max_execution_time 600
php_value max_input_time 600

The change is instantly active and affects only the virtual host in question.

Re: Problems sending attachments, attachments wont attach

Usually this problem is browser related and can be traced to an over-protective security setting, try the following in Internet Explorer:

• Click “Tools”,”Internet options”,”Security” tab,”Custom level”
• Scroll down util you find “Navigate sub-frames across different domains”
• Click “Enable”, “Apply”, “Ok”

Now try to attach again.

Re: qmail restart error, plesk qmail error,  [: =: unary operator expected

You have installed Plesk, updated all your modules, upgrade PHP, mysql, everything looks great. Then, you realise that you have Plesk with the Postfix MTA but you want Qmail MTA - so you go ahead and select Qmail MTA in the Plesk Upgrade Manager.

Install is fine, until you try to start qmail.

[root@server ~]# service qmail restart
/etc/init.d/qmail: line 25: [: =: unary operator expected

Before you panic, check this file:

# cat /etc/sysconfig/network

HOSTNAME=server.yourhostname.com
NETWORKING=yes

If you are missing the NETWORKING line, simply insert it.

# [root@server ~]# service qmail start
Starting qmail:                                            [  OK  ]

Your qmail service is now functioning as required. Panic over

We offer mailboxes with our parked domain services. The mailboxes supplied with parked domain names operate slightly differently to hosting mailboxes, this FAQ should help in answering some of the common questions regarding parked domains.

How should my name servers be set?

For parked domain mailboxes you domain name servers need to be set to point to the parking server (MICROLITE1). The name servers should be set to:

• ns.microlite1.com
• ns2.microlite1.com

If your name servers are not set to the parking name servers then your domain name will not be connected to your domain mailbox service and no email will be received to your mailbox. Any name server changes are subject to the usual global DNS propagation delay of up to 72 hours.

How do I access my domain mailbox?

You can access your domain mailbox be using the login details in your welcome email. We currently offer Squirrelmail as the webmail client for domain mailboxes which you can access using the following URL:

http://www.microlite1.com/webmail

You can also add your domain mailbox POP user details to your email client (such as Outlook) by using the incoming mail server name “mail.microlite1.com”. The outgoing mail server name must be that as provided by your ISP.

How do I send emails from my domain mailbox?

You can send email from your domain mailbox by logging in to your webmail client (currently based on Squirrelmail) at the URL below:

http://www.microlite1.com/webmail

It is not possible to send email using your local email client at this time unless your ISP allows you to send outgoing mail direct from your PC.

Can I send email through my PC mail client eg Outlook?

It is not possible to send email using your email client at this time. Emails can only be sent by using the webmail client accessable here: http://www.microlite1.com/webmail

Can I receive email through my PC email client eg Outlook?

Yes, simply use your mailbox name (eg mbname-domain-co-uk) as  your POP username and mail.microlite1.com as your incoming POP mail server name. This will enable you to download your emails to your local email client.

Re: Email port, ports for email, secure email ports

When troubleshooting email and mail server related problems it is wise to first check that all of your email ports are open and not being blocked by your firewall, here you can find the ports you need open for POP, POPS, IMAP, IMAPS and SMTP

• Port 25 allows SMTP connections
• Port 110 allows POP connections
• Port 995 allows POPS connections
• Port 143 allows IMAP connections
• Port 993 allows IMAPS connections

Ensure these ports are open if you are have problems communicating with your mail server.

Re: Setup email on iPhone, iPad, iPod or IMAP PC/Mac client

So you have logged in to Plesk and created your mailbox. Now, apart from being able to AtMail Webmail straight away, you might want to connect your iDevices too. Here’s how to do it…

Try the following for sending/receiving IMAP on your iPhone/iPad or Mac/PC devices:

Incoming Mail Server
Hostname: mail.yourdomain.co.uk
User Name: mailboxname@yourdomain.co.uk
Password: (your password)

Advanced Incoming Settings
Use SSL: OFF
Athentication: Password
IMAP Prefix /
Server Port: 143
S/MIME: OFF

Outgoing Mail Server
Hostname: mail.yourdomain.co.uk
User Name: mailboxname@yourdomain.co.uk
Password: (your password)
Use SSL: ON
Authentication: Password
Server Port: 587

Obviously replace mailboxname with the actual mail box name and yourdomain with your actual domain name. Now you should be able to send and receive without any problems.

Re: Finding Plesk Spammer, Qmail spam source, Anonymous spam

So you’ve done all the basics, looked through the maillogs and you’ve determined the spammer is sending from “anonymous” which means a vulnerable script somewhere on the server. But where? Great, so now let’s delve a little deeper to find the UID of the spammer.

1) Let’s take a look in the mail queue and read one of those spam email references:

# /var/qmail/bin/qmail-qread

remote ankush_krishna2137@yahoo.com
6 Jan 2012 09:14:53 GMT #34012584 2987 <anonymous@server.microlite8.com>

2) Now we have a message ID, let’s search for the actual message:

# find /var/qmail/queue/ -name 34012584

/var/qmail/queue/info/0/34012584
/var/qmail/queue/remote/0/34012584
/var/qmail/queue/mess/0/34012584

3) Great! Now let’s see what’s in the message to get out that all telling UID:

# cat /var/qmail/queue/mess/0/34012584

Received: (qmail 9936 invoked by uid 10820); 6 Jan 2012 09:14:50 +0000
Date: 6 Jan 2012 09:14:50 +0000
Message-ID: <20120106091450.9934.qmail@server.microliteX.com>
To: annette@recdom.wandoo.co.uk
Subject: Urgent Reply
From: Mrs.Farida Waziri <faridawaziri@hotmail.com>

4) Let’s map the UID to a domain name on the Plesk server:

# cat /etc/passwd | grep 10820

admin947932:x:10820:2523::/var/www/vhosts/thisisthespammer.com:/bin/false

5) Spammer caught

Please share this page on Facebook or Google+ if you found this article useful.

Re: Is my site infected with Malware, Is there malicious code in my site?

There is one sure fire way to check if your site is infected with Malware, ask Google!

Go to the following URL and insert your domain name at the end, here is a sample:

http://www.google.com/safebrowsing/diagnostic?site=uk-cheapest.co.uk

To check your PC for malware, use the following free software:

AdAware - http://www.lavasoft.com/
MBAM - http://www.malwarebytes.org/products/malwarebytes_free

This free software will remove all malware and malicious ads, spyware and cookies from your PC and should be run regularly to ensure an optimum browsing experience.

Re: Yandex IP range, Yandex subnets, Block Yandex Robots

Across our server range we are finding that Yandex continues to ignore robots.txt files and crawls some sites constantly, so how do you stop such an abuse of your network resources?

If you use IPTABLES or APF (you should!) then you can block all Yandex spiders using the following IP ranges:

77.88.0.0/18 # yandex.ru
77.88.22.0/23 # yandex.ru
77.88.24.0/21 # yandex.ru
77.88.24.0/22 # yandex.ru
77.88.28.0/22 # yandex.ru
77.88.36.0/23 # yandex.ru
77.88.42.0/23 # yandex.ru
77.88.44.0/24 # yandex.ru
77.88.50.0/23 # yandex.ru
87.250.224.0/19 # yandex.ru
87.250.230.0/23 # yandex.ru
87.250.252.0/22 # yandex.ru
93.158.128.0/18 # yandex.ru
93.158.137.0/24 # yandex.ru
93.158.144.0/21 # yandex.ru
93.158.144.0/23 # yandex.ru
93.158.146.0/23 # yandex.ru
93.158.148.0/22 # yandex.ru
95.108.128.0/17 # yandex.ru
95.108.128.0/24 # yandex.ru
95.108.152.0/22 # yandex.ru
95.108.216.0/23 # yandex.ru
95.108.240.0/21 # yandex.ru
95.108.248.0/23  # yandex.ru
178.154.128.0/17 # yandex.ru
178.154.160.0/22 # yandex.ru
178.154.164.0/23 # yandex.ru
199.36.240.0/22 # yandex.ru
213.180.192.0/19 # yandex.ru
213.180.204.0/24 # yandex.ru
213.180.206.0/23 # yandex.ru
213.180.209.0/24 # yandex.ru
213.180.218.0/23 # yandex.ru
213.180.220.0/23 # yandex.ru

Simply restart APF and Yandex will no longer be a problem (until they extend their network!).