tigertech on "Attack against wp-config.php~ (with a tilde)"
I work at a hosting company where one of our customer's WordPress sites was hacked today. It was done by a "hacker" who discovered the WordPress database password due to an unfortunate user error. The...
View Articlet-p on "Attack against wp-config.php~ (with a tilde)"
Hi tigertech, Thanks for sharing. Good info. .htaccess rules could include a line to forbid requests for ".php~" files. How? What would be the snippet? I use my own .htaccess in the root folder of WP,...
View Articletigertech on "Attack against wp-config.php~ (with a tilde)"
What would be the snippet? Oh, you could do something like this: RewriteEngine On RewriteRule \.php~$ - [forbidden,last]
View Articlet-p on "Attack against wp-config.php~ (with a tilde)"
Thanks a lot tigertech. RewriteEngine On RewriteRule \.php~$ - [forbidden,last] As I am not a programmer, dev,or designer, I just want to make sure if this is the complete snippet. If this is not...
View ArticleMark / t31os on "Attack against wp-config.php~ (with a tilde)"
You should wrap that in a module check. <IfModule mod_rewrite.c> RewriteEngine On RewriteRule \.php~$ - [F,L] </IfModule> And place it above the WordPress rules in the htaccess file, but of...
View Articletigertech on "Attack against wp-config.php~ (with a tilde)"
That's the entire thing that goes in the .htaccess file, just the two lines. The first line enables Apache's "RewriteEngine" if it's not already on. The second looks for filenames ending in ".php~",...
View ArticleMark / t31os on "Attack against wp-config.php~ (with a tilde)"
You should check the module is available first, not just assume it is.. <IfModule mod_rewrite.c> # rule </IfModule> https://httpd.apache.org/docs/2.0/mod/core.html#ifmodule
View Articlet-p on "Attack against wp-config.php~ (with a tilde)"
Thanks t31os. I don't have any file ending with tilde. I am just trying to educate myself to best protect the WP installation.
View ArticleTerry on "Attack against wp-config.php~ (with a tilde)"
How does the file with the .php~ get on the server in the first place? Did the person upload it separately from the normal .php file? So are there two different files on the server (one .php and one...
View Articletigertech on "Attack against wp-config.php~ (with a tilde)"
How does the file with the .php~ get on the server in the first place? Several text editors, particularly Unix ones like emacs, automatically create a "backup" copy of any file you edit, giving the...
View Articlet-p on "Attack against wp-config.php~ (with a tilde)"
Hi tigertech, Just a general question. I thought I ask you since you work at a hosting company. My experience dealing with hosting companies is that whenever you contact them about any problem, they...
View ArticleClaytonJames on "Attack against wp-config.php~ (with a tilde)"
Here is an article that I thought interesting. I know it's a little old, but it still seems relevant. http://www.beulbek.nl/2007/07/20/emacs-php-and-the-tilde/ It appears to offer some insight on some...
View Articletigertech on "Attack against wp-config.php~ (with a tilde)"
My experience dealing with hosting companies is that whenever you contact them about any problem, they invariable say that the problem might be at your end... Well, in their slight defense, I will say...
View Articlet-p on "Attack against wp-config.php~ (with a tilde)"
Thanks tigertech. I really appreciate you taking time to respond. You can find good companies -- honest! How can one know he/she has found the right one (BEFORE SIGNING UP!)? For example, are there...
View Articletigertech on "Attack against wp-config.php~ (with a tilde)"
How can one know he/she has found the right one (BEFORE SIGNING UP!)? I'd search Google and Twitter for any hosting company's name. Ignore paid ads and referral links on the positive side, and...
View ArticleBeer on "Attack against wp-config.php~ (with a tilde)"
Are you from tigertech, the host? I can't speak highly enough about how nice it is hosting with TigerTech.net!
View Articletigertech on "Attack against wp-config.php~ (with a tilde)"
Beer -- thanks for the kind words; yes, I'm one of the "techs" in Tiger Tech!
View Articlecuban_cigar on "Attack against wp-config.php~ (with a tilde)"
thanks i fixed some blogs
View ArticleReply To: Attack against wp-config.php~ (with a tilde)
How does the file with the .php~ get on the server in the first place? Several text editors, particularly Unix ones like emacs, automatically create a “backup” copy of any file you edit, giving the...
View ArticleReply To: Attack against wp-config.php~ (with a tilde)
How does the file with the .php~ get on the server in the first place? Did the person upload it separately from the normal .php file? So are there two different files on the server (one .php and one...
View Article