To what extent can MAMP be hacked? - wordpress

I am running Wordpress on a local development server to test plugins from 'dubious' sources. I believe I've been hacked after installing an unofficial copy of a plugin. Now I'm looking for help to assess how serious this may be and how to proceed.
Here's what exactly went down:
Installed MAMP (4.2) on my Mac (10.14.6), with htdocs in it's default location (in the MAMP application folder)
Installed multiple Wordpress sites to develop for clients over several months
Used one of these existing, old, dev sites to test plugins before purchase
I began to install a plugin .zip file, however after I clicked "activate" I was asked by macos whether to allow MAMP access to photos, and then to calendar, both of which I denied. The activation failed due to a "Fatal Error".
I ditched this plugin and moved onto the next. The next one also failed due to fatal error, this time with the error message: "Fatal error: Namespace declaration statement has to be the very first statement or after any declare call in the script in"
Googled this message revealing it's common when hacked.
So, does the hacker have any access to this website? To the entire local server? To my entire computer where MAMP is installed?
Am I in the clear just deleting the plugin? Clean install MAMP?
Thanks.

Wordpress hacks tend to be more about collecting information from WordPress.
Anytime you get a warning like that, it should tell you where the issue is.
However, I would install Wordfence on your local sites and have it run a scan. It will compare core files etc to what is on the repo and tell you. It will get about 99% of it unless it is a Zero day.

Related

Composer issue with open social - Drupal

I installed latest open social 11.7.0 distribution for Drupal 9 using composer. Smoothly and setup went fine.
However when updating using composer update it takes ages to finally cast a killed message. Output is not really verbose and I don't have a clue what happens behind the scene. I saw it could be "memory usage" related but bypassing memory limit usage ends in same result.
To be mentioned I have an other classic drupal website on same server and composer update runs like a charm.
Any advice or idea ?
Thx beforehand,

Web Deploy 3.5 Install Error - #2738

I'm attempting to create a custom WordPress theme using MS WebMatrix and am encountering the following error when trying to install the WP app:
Error 2738: Could not access VBScript runtime for custom action
This occurs when the download attempts to install Web Deploy 3.5. I'm currently running Windows 7 64-bit OS.
The research that I've done indicates this is error stems from "VBScript being not properly configured to run on the PC."
The solutions I've encountered and tried - to no avail - are:
Run MS FixIT
Re-registering the VBScript dll via cmd prompt - c:\windows\syswow64\regsvr32 vbscript.dll
Run the System File Checker tool sfc /scannow
[Note: I do not have, nor have I had McAfee installed - I've seen reports that in some instances the McAfee installation can cause the wrong vbscript .dll to be registered]
Outside of doing a factory wipe - which I'd like to reserve as a last resort or completely scrap using WebMatrix entirely - I've run out of potential solutions searching this specific problem.
Has anyone had success with this issue outside of the solutions posted here already? Any help would be appreciated.
So, I discovered a solution to this issue that hasn't been covered well online, so I'm posting it here.
A steadfast solution to resolving this error if running Windows 7 64-bit OS:
Open your registry editor
Start -> Search -> Type "regedit"
In the editor, click on:
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\Wow6432Node\CLSID{B54F3741-5B07-11cf-A4B0-00AA004A55E8}\InprocServer32
Check the value for (Default)
If it's anything other than C:\Windows\SysWOW64\vbscript.dll that's where your issue is originating
Make sure you have the correct permissions to edit the value for (default)
Right Click on InprocServer32 -> Permissions -> Give yourself "Full Control"
Now edit (Default) and set it to C:\Windows\SysWOW64\vbscript.dll
Reboot
This should fix any issues that might have been encountered during the execution of custom VBScript during Web Deploy download.

Setting up wordpress on Ubuntu 12.04

I have dual-booted my Win7 laptop with Ubuntu 12.04, and I'm trying to install Wordpress. I have installed Apache2, Mysql-Server, and Wordpress and I keep getting asked for ftp credentials when I try and install plugins/themes. I know how to install the themes etc. manually by downloading and unzipping into the correct folders, but this isn't a permanent solution.
I've tried uninstalling and reinstalling everything but I keep getting faced with tutorials on setting up virtual hosts and I'm not sure if I need to have one?
Can anyone point me to an easy to follow (for beginners) tutorial from scratch? Or tell me if I'm missing something?
My Wordpress site needs to be moved from local machine to a server when it's finished (I don't know the server yet so I can't just start using it) so I need it to be as easy to use as possible.
Yes, there are available tutorials for that.
Step 1-
Installing the server-
Installing the server
Initial Setup (Optional)
Step 2-
Installing Wordpress-
https://www.digitalocean.com/community/tutorials/how-to-install-wordpress-on-ubuntu-14-04

Browser can't find www.dnndev.me to install DotNetNuke

I am working with asp.net and I want to install DotNetnuke (I really need to install it). I have installed it on another computer in the company where I am doign my internship there. But I can't install it on my laptop :#.
First of all I have installed IIS (7.5 didn't worked, after that 8.0) and went through the steps in the 4 part video on how to install dotnetnuke (here is the first part: First Part)
After I did all that, I went to start the isntallation by typing www.dnndev.me on the browser... and I got the error http 500.19 error.... I fixed it by checking some options in the Turn Widnows features on or of (at Programs and Features in Control Panel).
After that I got the error http 500.21 .... I also fixed this by executing aspnet_regiis.exe.
And after executing that .exe file, when I typed www.dnndev.me, all errors where gone... but the Browser couldn't find www.dnndev.me !! I tried it on Chrome, Mozilla and IE... but non of them worken :(..
What's the problem? I removed all the errors, I did all the things in the videos.... why not working on my laptop?
Did you add the binding to IIS for DNNDEV.ME as well as WWW.DNNDEV.ME? The video instructs you to use DNNDEV.ME which is different than WWW.DNNDEV.ME, so you will need to add the binding for WWW if you want to access that.
Right click on the website in IIS, choose Edit Bindings and add the new one there.

Call to undefined function field_attach_load() in my-path-to-root/my-site/includes/entity.inc on line 320

I am moving a site over to a different server to test.
getting this error
Call to undefined function field_attach_load() in my-path-to-root/my-site/includes/entity.inc on line 320
strange... if i try accessing a subdirectry http://www.mysite/randomstuff
i get this error
Fatal error: Call to undefined function user_access() in /home/borsodas3/digipowers.devserver2012.com/modules/overlay/overlay.module on line 130
Fatal error: Call to undefined function node_access_needs_rebuild() in /home/borsodas3/digipowers.devserver2012.com/sites/all/modules/taxonomy_access/taxonomy>_access.module on line 598
here are the two php.info files
going to this server [http://www.freeenergymedia.com/phpinfo-to.htm][1]
from this one [http://www.freeenergymedia.com/phpinfo-from.htm][2]
the drupal status report from the site I am migrating FROM looks like this...
Info
Drupal 7.8
OK
Access to update.php Protected
Error
CTools CSS Cache Unable to create
The CTools CSS cache directory, ctools/css could not be created due to a misconfigured files directory. Please ensure that the files directory is correctly configured and that the webserver has permission to create directories.
OK
Configuration file Protected
OK
Credit card encryption Credit card data is encrypted during checkout for maximum security.
OK
Cron maintenance tasks Last run 26 min ago
You can run cron manually.
To run cron from outside the site, go to mysite.com
OK
Database system MySQL, MariaDB, or equivalent
OK
Database system version 5.1.57-log
OK
Database updates Up to date
OK
Date API System date settings
The timezone has been set to America/New_York. The first day of the week has been set to Monday. The medium date format has been set to to F j, Y - g:ia.
Error
Drupal core update status Not secure! (version 7.12 available)
There is a security update available for your version of Drupal. To ensure the security of your server, you should update immediately! See the available updates page for more information and to install your missing updates.
OK
File system Writable (public download method)
OK
Fitvids library Installed
Fitvids Javascript Library. Download it from here, copy it to the module directory, and rename it to jquery.fitvids.js.
OK
GD library PNG support bundled (2.0.34 compatible)
OK
GD library rotate and desaturate effects bundled (2.0.34 compatible)
OK
Images Product image support has been automatically configured by Ubercart.
Error
Module and theme update status Not secure!
There are security updates available for one or more of your modules or themes. To ensure the security of your server, you should update immediately! See the available updates page for more information and to install your missing updates.
OK
Node Access Permissions 1832 permissions in use
If the site is experiencing problems with permissions to content, you may have to rebuild the permissions cache. Rebuilding will remove all privileges to content and replace them with permissions based on the current modules and settings. Rebuilding may take some time if there is a lot of content or complex permission settings. After rebuilding has completed, content will automatically use the new permissions. Rebuild permissions
OK
PHP 5.3.2 (more information)
OK
PHP extensions Enabled
OK
PHP memory limit 300M
OK
PHP register globals Disabled
Warning
Unicode library Standard PHP
Operations on Unicode strings are emulated on a best-effort basis. Install the PHP mbstring extension for improved Unicode support.
OK
Update notifications Enabled
Info
Upload progress Not enabled
Your server is capable of displaying file upload progress through APC, but it is not enabled. Add apc.rfc1867 = 1 to your php.ini configuration. Alternatively, it is recommended to use PECL uploadprogress, which supports more than one simultaneous upload.
OK
Web server Apache/2.2.3 (CentOS)
OK
cURL Enabled
The first thing I'd do is update to the latest version of Drupal Core. The error message you are seeing is coming from core, but could be from a contrib module. Update all your modules if any are as outdated as your Drupal core is. There are security issues in Drupal 7.8 and other issues which might affect your situation could well have been resolved. The current version of Drupal is 7.12 and a lot has been fixed since Drupal 7.8, which was released about 6 months ago, so you definitely want to upgrade core. Is it also possible that you are running different versions of core on the different machines? If so, the database might not be compatible, especially if you are taking a newer database (more recent modules and core) and loading it into a system with older modules/core.
After also updating other contrib modules and running update.php at appropriate times, if your problem still persists, you might want to use the "divide and conquer" method to identify which module is actually responsible. Remove groups of contrib modules and see where the problem disappears, then narrow it down to which one is causing the problem. It could also be a compatibility issue or configuration problem. Or you might have modules where the code has been updated, but update.php hasn't been run so the database isn't what it should be. You can also use tools such as the Devel module to try to track down issues, but it depends on how "broken" your site is. If you are getting "fatal errors", then you might first want to see what you can do to get past that.
I also notice you need to properly set the permissions/ownership of your files directory so that CSS caching can take place (among other tasks the webserver may be trying to do and which could also be involved in errors you are experiencing), even if not at the root of the "fatal errors".
Hope that helps someā€¦ troubleshooting can be a pain sometimes.
When I installed for the first time, I hadn`t checked "Create new database" and had the same bag but in line 321.

Resources