I have a wordpress site on SiteGround and have hundreds of attempts entering looking for http://example.com/?option=com_k2&view=itemlist&task=user&id=93265
The old site used Joomla and it appears that bots still have the site on their list.
Please let me know if there is a way to prevent these requests from causing an "execution" of index.php as this has a 20,000 execution daily limit on Siteground shared host. Passing the limit causes the site to be disabled.
Thanks in advance for any suggestions.
Found this on http://botcrawl.com/how-to-block-incoming-traffic-backlinks-attempted-site-hijacks-and-multiple-urls-in-the-htaccess-file/
RewriteCond %{QUERY_STRING} option=com_k2
RewriteRule ^ - [F]
It appears to working. I'll write back if not.
Related
Recently I started a new WordPress blog and didn't add any forms for user registrations. But I got a email from my site saying that new users was registered. Still I haven't written any post or didn't advertise anything. still Im building it. When I check the site users it was as below.
Now my questions are,
1) What kind of attack is this. How did a attacker find my site while im just building it?
2)They are registered as subscribers, am I safe to just delete them?
any guideline from an expert will be highly appreciated. please advice me what should I do? Thanks.
Is it on WordPress.com or self-hosted? And yes, it's ok to delete them.
It may not be an 'attack'. If you are on WordPress.com (or even self-hosted) it may just be other users that came across the site. There are a lot of possibilities of who they are.
You can turn off allowing registrations in your Admin Settings and put up a landing page to show no content to unauthorized users while you're working on it.
If you're self-hosting it you can use your .htaccess to allow only your own IP address access while you're working on it.
.htaccess
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{REQUEST_URI} ^(.*)?wp-login\.php(.*)$ [OR]
RewriteCond %{REQUEST_URI} ^(.*)?wp-admin$
RewriteCond %{REMOTE_ADDR} !^YOUR_IP_ADDRESS$
RewriteRule ^(.*)$ - [R=403,L]
</IfModule>
Also, just to make sure no one has tried an attack, you can use a plugin like WordFence to do a security audit.
You can use the Wordfence plugin to secure your WordPress installation. The Wordfence plugin protects against brute force attacks and allows blocking ips.
This problem started yesterday.
When the public visitor view my website, the Wordpress navigation bar will appear on top of the page as if they are a login user. They can even see the greeting message on top right corner, "Howdy, John(My name)"
The good news is, these public visitors will not be able to access the wordpress configuration page. They can only thee the top navigation bar when they view the page.
My question is, what is going on?
Could it be a plugin?
Could it be CDN (Cloudflare) problem?
Could it be the hosting site problem?
or could it be a hacker's deed?
Please help, I have no idea where to begin with.
You're probably serving fully cached pages (which includes the logged-in user content) for all visitors. This means that a new visitor will get served the exact same HTML and other assets that have been served earlier for a logged-in user.
I would start by checking the Cloudflare settings and see whether there are any options for disabling the cache for certain types of visitors (e.g. validated by cookies).
Problem solved.
Apparently, the culprit is the wrong configuration in Apache Server.
One of our engineer added the snippet below into the .htaccess as a recommendation from LiteSpeed module for Wordpress. This little devil makes Apache server to do full-page caching.
<IfModule LiteSpeed>
CacheEnable public /
RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^(HEAD|GET)$
RewriteCond %{REQUEST_URI} !^/(wp-admin|wp-login.php|wp-cron.php)
RewriteRule .* - [E=Cache-Control:max-age=120]
</IfModule>
Thank you #ojrask for pointing out the possibility of full-page caching in Apache Server.
Been trying to clean up the aftermath of a decode64 content injection hack on multiple sites on my shared server.
It's clean, but now I'm getting links of incoming spam links with query string, like abc.com/?some-stupid-porno-spam/, so even though the content no longer exists, they're still being redirected to the front page. Am ranking for these spam words instead, or google's just saying those are soft-404s for the luckier sites.
Got a solution, but it's temporary. I was advised to add the following to the top of the .htaccess file:
RewriteEngine on
RewriteCond %{QUERY_STRING} .
RewriteRule ^/?$ - [L,R=404]
So, now all links with /? are redirected to a 404. 2 problems:
It's temporary, in that ALL /? queries are thrown to the 404, including wordpress post/page previews. Is there are way to make it such that it only works for non-existent pages?
The 404 points to the webhosts 404. How can I make it such that it goes to the theme's 404 instead?
Thanks for your time!
------ update
So, the above code works great. I can preview posts/pages, but I found there's a problem - it blocks wordpress' WYSIWYG text editor. The 'visual' tab remains blank, and none of the toolbars appear.
Help? lol
I am new to Stackoverflow but a friend gave me a tip to ask my question over here since he couldn't help me as well. I have google's for multiple days now and I see that my rankings are dropping again in google because of all the crawl errors. My main site is build in serif webplus X5. I have added a wordpress blog to it which can be found at www.sitename .com/blog
Google has found more than 150 crawling errors and this is growing on a daily base, the point is that google ads behind all my blog url's /default.htm
I was wondering if someone can write me a htaccess 301 code for all these url's so it will instant redirect?
Today I started with manually redirecting some url's but this will not solve my problem because everytime I add another post and new tags all these new page's will also have the same default issue.
As you can imagine this is really frustrating grrr...
I have tried a lot of code's that I had found during my search but none of them did what I would like to achieve, other tips to get rid of the default page's are also very welcome.
Thank all of you who would like to fix this problem with me
Place this rule just below RewriteEngine On rule in main WP .htaccess:
RewriteCond %{THE_REQUEST} /default\.htm [NC]
RewriteRule ^(.*?)default\.htm$ /blog/$1 [L,R=301,NC,NE]
If I try to navigate to http://vequityintelligence.co.uk then WordPress redirects the browser (301 Moved Permanently) to http://www.vequityintelligence.co.uk/defaultsite which doesn't exist, so I get a 404 Not Found error.
The htaccess file is the one that came with WordPress.
I've refreshed my permalinks by changing the permalink format.
The site frontpage is set to the 'Recent Posts' option, but changing this doesn't affect it.
I understand why I get redirected, but I don't understand where the addition of '/defaultsite' comes from.
I have searched google and SO with very few results, let alone any answers. I can't think what else might cause this.
I imagine you don't need this answer anymore, but adding it for posterity: weird as it sounds, I think it's a caching issue.
I just came across this with a client's site I'm working on, and was at my wit's end, but then found some references that said it worked okay in one browser but not another, and clearing the cache fixed it.
An easy test: if you visit the URL in a browser you've never used to visit it, do you still have the issue? If not, it's probably just a matter of clearing the cache in the browser that is giving you trouble.
In the Wordpress dashboard > General Settings, check your setting for the Wordpress Address (URL) and Site Address (URL).
This is where I made sure the ‘www.’ was unnecessary for my URL.
I'd say it's a problem with the htaccess file. Perhaps adding the following code to htaccess will resolve the problem.
RewriteEngine On
RewriteCond %{HTTP_HOST} !^www\.
RewriteRule ^(.*)$ http://www.%{HTTP_HOST}/$1 [R=301,L]
This redirects non-www to www. Put this near the top so it is processed before other rules are.
Code found here