last week my wordpress website get redirected to a malicious website, i found some sql injections on my database and also a script on my index.php doing this redirect. I deleted all the malicious database entries and also the script in the index.php, some days later the index have again this script but i cant see the script again on my database. In the chrome inspector mode you can see the file causing the redirect but i cant find from what file my website its calling the script. I downloaded the whole site and use the search function of vscode but cant find the source of the infection. Anyone know how can i find the source/file of this GET?
The malicious redirect is js.cofounderspecials...
You didn't check for file uploads and extension before user uploads so the hacker uploaded a php and js file and edited db easily can u check for cronjobs and to see if there is any cronjob maliciously created?
Related
I need to prevent people from downloading .zip files in my server unless they are logged in. For this purpose and since I'm also using MediaWiki and I would like to have to modify the least this as I'm not familiar with it I was thinking about doing the following:
When a user wants to download a .zip file, it will be redirected by the server (with a web.config rule) to something like download.php?file=fileName and inside the PHP, I can do my programming to see if he's logged in and then use readFile() to give him the file.
However I'm not familiar with IIS (not much more with Apache either) and I'm totally clueless as how to write this rule. Could someone please help me out on this?
I'm also open to other suggestions. Putting the upload folder in a place not accessible to the public (but to the server) may do the trick but images are also uploaded then and then they wouldn't download. I could, again modify the behavior of the upload system myself but as it's done by MediaWiki I would prefer not to.
I have found this code (by using a .htaccess to web.config online translator) but it's not working. Maybe it's easier for you to just fix this code:
http://pastebin.com/waMJnFyK
The uploads are in subdirectories within /images like for example /images/a/ae/file.zip and I would like that when you try to open that you get redirected to a php file where as a GET input I have the file location.
Solution I took: http://pastebin.com/7skGT9uN
It redirects everything that ends in .zip within /images to download.php?fileName=whatever where the /images part is not passed.
i have migrated from host to my new host
everything is working good but when i upload a image to my media it goes with old URL and wont even show up
the thing is the image actually uploads , i know that from filezilla cause it goes into the uploads folder
what is the problem? and how can i fix it?
Edit functions.php
If you have access to the site via FTP, then this method will help you quickly get a site back up and running, if you changed those values incorrectly.
FTP to the site, and get a copy of the active theme's functions.php file. You're going to edit it in a simple text editor (like notepad) and upload it back to the site.
Add these two lines to the file, immediately after the initial "
update_option('siteurl','http://example.com');
update_option('home','http://example.com');
Use your own URL instead of example.com, obviously.
Upload the file back to your site, in the same location. FileZilla offers a handy "edit file" function to do all of the above rapidly; if you can use that, do so.
Load the login or admin page a couple of times. The site should come back up.
Repeat the above steps, but remove those lines. IMPORTANT: Do NOT leave those lines in there. Remove them immediately after the site is up and running again.
I have this in my code:
Sample PDF
So basically it will appear to be a download link to file 'sample.pdf' but the problem is, there's a restriction in downloading this file. so whenever there are confidential reports uploaded and a malicious user accidentally memorized or viewed the URL of the download link in the browser history he can easily download it even without accessing the website because it is a direct link. What am i supposed to do so this link will be protected? or be downloaded only for the user assigned to it?
Don't serve up files by their direct URLs. Have a PHP script receive the filename of the file wanted, and serve it up.
So, if someone wants to download the above files, he would go to
example.com/getfile?file=sample.pdf
Your PHP script would check if the current user has permission to view the file, and then serve it up.
Make your links like this:
Sample PDF
Your current method is very insecure for sensitive files. A malicious user could trivially write a script to download ALL files in res/pdf. All he needs to do is check every permutation of letters in the directory, and throw away all 404 errors.
You will not redirect the user since that would defeat the purpose. You will serve the file as a download with the appropriate Content-disposition header.
Here's an example: Fastest Way to Serve a File Using PHP
You can google and get many more examples.
Here's a great example that shows how to serve PDF files:
https://serverfault.com/questions/316814/php-serve-a-file-for-download-without-providing-the-direct-link
You can restrict using htaccess
I have a WordPress site, in which type1 users can upload *.doc files and type2 users should be able to open them by clicking on a link which represents a file.
The file then should be opened in a new window of the browser.
I got the first part easily - there are many guides on uploading a file.
But I couldn't find one that goes through all the steps of getting and opening a file which resides on a server directory.
I assume clicking the link should cause an ajax request which will send the file key to the server.
The server can then get from the MySQL DB the file name and location.
But what do I do then?
How do I get the file from the server directory, send it back to the client and open it for reading in the browser?
Edit:
I want the files to be confidential and not let just anyone read them so giving the users the link for the file on the server isn't the right way.
I still think I need to send the file from the server directory to the client.
How can this be done?
You can add links to uploaded media in WordPress easily. Just remember to link to the actual file:
I want the files to be confidential and not let just anyone read them so giving the users the link for the file on the server isn't the right way.
Yes it is. You can't let people read the document without giving them the document.
If you want to keep it confidential, then require the users to agree not to share the link with anyone else. Or go further and add a layer of authentication + authorisation and also require that users not hand over their credentials.
Simply, redirect the browser to the location of the file. It's depend on user's browser settings that file opens on the browser directly, or user sees open/save dialog.
But, if you want to open the file inside the browser without letting user download it, you should redirect her/him to a custom page. e.g. a page that loads a doc editor.
There's no way to show a Microsoft Word file inside the browser unless they install proper software. e.g. an Applet or ActiveX or something that be able to open MSWord files.
Consider using WP Client File Share plugin.
I have a weird unexplainable phenomenon going on.
I downloaded some source code from a website, a basic PHP script. It came with an SQL to reference numbers as part of the script.
I uploaded the file called post.php and SQL file to my server and ran it - but - instead of executing the code in the PHP file, it loads the content of the webpage of the author of the source code. and stays on my server URL.
The code in the file has nothing to do with the author's site, or graphics or links or redirects or anything.
EVEN IF I delete the entire contents of the post.php file, run the empty file and it STILL LOADS CONTENT from the author's website, where I downloaded it from.
Refreshed browser, restarted, reloaded, you name it. How is this physically possible?
-----UPDATE
In addition when I try renaming PHP files on my server, they become permanently broken "oops broken link" error.
It would be very helpful if you could post some more specific details about what the script was, etc. But, here is my guess. Firstly, make sure that your web server is not doing any caching. If the problem persists, try getting rid of the post.php file itself. Then, I would check to see if the PHP script has created any HTML/PHP files on its own. If all else fails, try going into the code that you downloaded and see what its doing.