Someone is permanently trying to hack wordpress website, can someone suggest possible ways to prevent this.
I dont think they will hack it because i have taking all security measures and preventions really strong password etc, its just annoying i have a plugin call activity monitor which will output below.
so this just happens then i have to go in and block the ip in my .htaccess file. 115.87.105.135
Heres the info i get from a lookup
IP : 115.87.105.135 Neighborhood
Host : ppp-115-87-105-135.revip4.asianet.co.th
Country : Thailand
What information can i get from a ip to see who is trying to hack me and where or is there no information i can get just have to keep waiting and blocking ips all the time???
Thanks
To stop brute force attacks by limiting the amount of times people can unsuccessfully login to your Wordpress admin panel, use the Login LockDown plugin.
You could use the whois information to learn who is administrating the IP range the IP originates from. They have to provide contact information (email address, ...) to report abuse by their users.
If you are just interested in the location there are ip geolocating services available on the net but they are not very accurate (maybe they'll show the right town).
Add the following code to bottom of your functions.php in theme folder it will stop the ping back request.
add_filter( 'xmlrpc_methods', 'remove_xmlrpc_pingback_ping' );
function remove_xmlrpc_pingback_ping( $methods ) {
unset( $methods['pingback.ping'] );
return $methods;
}
Related
I want to forward all mail for root (so basically the output of all cron jobs but other mails for root as well) to an external email address (hotmail).
Easiest method would be to use the aliases file. I updated the root alias:
root: mymail#hotmail.com
And ran newaliases.
When an email is sent I see that the hotmail MX server "accepts" my mail. Standard MS Security through obscurity makes me think it's silently discarding my email ( not in junk mail, ... ).
This server is used to send/receive mail for a domain (and more domains in the future).
I've checked the logs and it seems the mail is sent with from field of : root#mail.domain.com
I'm pretty sure this is at the root of my mail never received in my hotmail.
The existing email addresses are using user#domain.com as from.
Now I would like to rewrite this (mail) from address/ctladdr.
I thought this would be an easy fix with genericstable.
Genericstable (had multiple tries):
root info#domain.com
root#localhost info#domain.com
root#mail.domain.com info#domain.com
Regenerated the db with makemap.
I tried with different settings.
I also removed the EXPOSED_USER root (from the generic m4 file). I can see it's not in the generated cf file.
I also added root to the trusted users.
In my m4 file:
FEATURE(genericstable)dnl
GENERICS_DOMAIN(domain.com)dnl
dnl GENERICS_DOMAIN(mail.domain.com)dnl
dnl GENERICS_DOMAIN_FILE(`/etc/mail/generics-domains')dnl
FEATURE(masquerade_envelope)dnl
dnl define(`LOCAL_RELAY', `localhost')dnl
I have a submit mc file as well. Not sure if this matters but I don't think so.
(I don't have sendmail in MSP mode running as far as I know).
I've tried with GENERICS_DOMAIN as the domain that I want it to be or the domain that I want to be rewritten.
make all install
and restarted sendmail.
Still it just seems to go out as root#mail.domain.com
I tried with sendmail in address test mode (bt; tryflags hs and try esmtp root). This correctly modifies to the wanted source address: info#domain.com.
Anyone has some other ideas why this is not working? Or more debugging ways?
Do I need local_relay to make this work? What's expected to be in the hosts file? Fqdn(mail.domain.com) and hostname(so mail) for 127.0.0.1 ?
EDIT: I probably should mention that I have an incoming queue for MailScanner.
Thanks a lot in advance!
I believe the source of my issue is that I was expecting all mailserver mentioned in the headers to have the mail.example.com removed.
However the first header is to submit it to the local queue.
And only when Sendmail is sending the mail out (connecting to the outside MX of example.com) the translation gets done.
So the servers mentioned in the headers stay with mail.example.com.
I thought the mail.example.com was the culprit in hotmail not delivering my email. Which seemed to be wrong.
After investigating for a long time I noticed that if I sent an email from info#example.com to hotmail it was nowhere shown(no, not even in spam, ...) while it was accepted.
If I sent an email first to info#example.com and then sent one back from info#example.com the mail gets successfully delivered in the hotmail mailbox.
This also seems to be the case with other users of the same example.com domain (so not solely with info#).
After some more investigating I noticed: html email seems to be more easily delivered(sent through squirrelmail). Plain text only mails seem to be ignored.
NOTE: in all cases my mail was accepted by the hotmail mailserver. So no error code 550 or something. I was always sending mail from the mail.example.com server (either command line or through Squirrelmail).
EDIT: I had yet another annoying encounter with Hotmail. Again my message is accepted and just disappears. I've been sending to this destination address before without any issues. But for some reason all of a sudden Hotmail mailservers get "improved".
I'd like to throw in this reference of a topic that got opened years ago which is still ongoing with no feedback from MS: https://answers.microsoft.com/en-us/outlook_com/forum/oemail-osend/messages-reported-as-250-queued-for-delivery-but/f451cda5-ba7d-45ff-b643-501efe2413dc?page=2 . So you're definitely not alone. But also understand that there can be multiple issues leading to the same symptoms.
So I'd like to add some steps which might help preventing a massive headache for others:
Use a footer that clearly states your company and domain.
Use HTML mail
For some reasons sometimes I see mails getting delivered directly in the Deleted folder. Not in Spam
For some reason sending more mails from your domain is better as you gain more "reputation"
You can open a case with Microsoft here:
https://support.microsoft.com/en-us/getsupport?oaspworkflow=start_1.0.0.0&wfname=capsub&productkey=edfsmsbl3&locale=en-us&ccsid=635754176123391261
Don't set your expectations high. They'll mainly send you an email back that you're not eligible for remediation and later on answer on your case with a standard answer. HOWEVER what creating this case does do is probably getting confirmation that your email got indeed "filtered" by the mighty SmartScreen (they will not tell you why). But this way at least you know it's the spam filter and the below points might help you out.
Make sure to pass the message ID, timestamp, ... (log entry from maillog is what I did)
The answer on your case will certainly mention to use SNDS(Smart Network Data Service) and JMRP (Junk Mail Reporting Program)
SNDS: I've subscribed and never seen anything listed here. So if you have low email volume don't expect anything to show up here
JMRP: this is a service that will send you an email when a message gets marked as spam by users. I've never got anything useful out of this either.
make sure that your DNS settings are correct (MX record, A record, PTR record). This was all correct for me and nobody could point out a flaw in my configuration.
if you open a case they'll also send you a link to "Improving E-mail Deliverability into Windows Live Hotmail". You can find this on google as well and it might give some pointers.
if you're clearly sending an email campaign add in an Opt-out link (which again was not the case for me)
even if the destination address has your email address whitelisted your mail might be silently discarded. This goes beyond all logic.
having them send an email and reply might get your email delivered as well although it looks clumsy to go ask to send you an email so you can actually use email.
Basically the filter tries to "intelligently" determine what's normal mail behavior and based on that will take actions. So there's a big chance you can get your mail delivered by improving the content of your mails.
All in all I can only recommend to not use hotmail. Not for yourself or for your customers if you're a business. Unless you always want to be doubting if the other side actually received the mail. Sometimes you might be able to call, but if this is a lead through your site and they never get your response that's lost business. Of course it's the user's choice but if you can, try to convince them to use another mail account they have as none of the other providers just silently deletes mails (or at least I've never seen it).
I hope this helps someone else.
I have recently setup forgot password functionality on my site using the stock symfony2 implementation.
Problem is my reset password email gets sent to my junk folder.
What causes this? Is it the content of the email itself?
Here it is:
Hello myemail#hotmail.com!
To reset your password - please visit http://application.mysite.com/resetting/reset/yLbv6BLD6ItSlmXSl4tFI7la78Es5UnS1GqvJnN_5uR
Regards,
the Team.
Could it be something in my settings?
There is a lot of possibilities that can cause this problem.
It's most often coming from the server (e-mail) configuration.
Look at the "original message" (with headers) to see if there is no explicit problem, but it's very difficult to debug.
Look at your email configuration (postfix local ? gmail ?), search for working examples and hopes you find the problem, especially if it's your production server.
Good luck
There can be lot of reasons:
you send emails from shared IP segment
to low ammount of text in your message
spammy look sender email address (for example "noreply#...")
subject of message
url thas point somwhere to testing environment (for example 127.0.0.1)
Try to change these, and experiment...
I'm new to wordpress, so please bear with me.
We're hosting a wordpress 4.1 installation internally in our Windows Server, within our network; our WP url is http://ourserver:2020/wordpress/wp-login.php We're behind a firewall and I don't have access to it.
Initially, it wouldn't connect at all from the start, so I added the following and it works:
define('WP_PROXY_HOST', 'proxy.ourcompany.com');
define('WP_PROXY_PORT', '8080');
define ('WP_ACCESSIBLE_HOSTS', 'api.wordpress.org, downloads.wordpress.org, planet.wordpress.org, akismet.com');
But after I download and install a theme, I get the same error 3 times, but in different lines of update.php:
WordPress could not establish a secure connection to WordPress.org. Please contact your server administrator.) in C:\xampp\htdocs\wordpress\wp-includes\update.php on line 119
So I'm thinking that here particularly, WP requires a secure HTTPS connection to WP's server. That has to be the only explanation because it already connected to WP to download the theme.
I also added the following, but nothing:
define('FORCE_SSL_LOGIN', false);
define('FORCE_SSL_ADMIN', false);
define('FORCE_SSL', false);
define('WP_HTTP_BLOCK_EXTERNAL', false);
So two questions:
Is it possible that the error has to with the WP installation requiring a secure connection?
How can I connect securely from an IP to the wordpress server? From what I've read, I can't install an SSL certificate if I don't have a domain name.
Thanks.
The error is not with WordPress wanting to connect back to itself securely. It is trying to make a call to https://wordpress.org. The Defines you added are actually making it worse.
define('FORCE_SSL_LOGIN', false);
define('FORCE_SSL_ADMIN', false);
define('FORCE_SSL', false);
define('WP_HTTP_BLOCK_EXTERNAL', false);
I would remove them.
As ot the problem, I seem to remember Andrew Nacin talking about the fact that they were migrating all calls back to wordpress.org to https calls. While it is possible that it is your setup, my guess is that it is your firewall. For some reason it is blocking access to https://wordpress.org. This can easily be verified by checking the firewall logs. If that is the case, you will need to figure out how to allow your site to dial out in order to use the theme and/or plugin installer. Also, you won't be able to use the automatic updater.
All of these tasks can be done manually, so it's not the end of the world if you can't unblock it. But it will be an inconvenience.
HTH,
=C=
I have a plugin, that gets the comment authors name by "$comment->comment_author", but apparently this also gives you the authors ip and gateway, etc.
Is this normal behaviour or is there a way to stop this?
this is how the email looks:
Autor: Carlotta (IP: xxx.xxx.xxx , xxxx.adsl.highway.telekom.at)
E-Mail : xxx#student.tugraz.at
URL:
Whois: http://whois.arin.net/rest/ip/xx.114.244.129
thanks in advance
If you are the site administrator then WordPress will send you this information by default, however it is only the site admin who sees it, and not your average user.
sry, the problem is resolved! The Email to the users looks fine, but its the email to the site admin, that looks like this, which isnĀ“t a problem! Thanks anyways :)
What would be the easiest way to ban a specific IP (or a range of addresses) from being
able to access my publicly available web site?
Is it possible to do so using the ASP.NET only, without resorting to modifying any IIS settings?
It is easy and fast in asp.net using httpmodule, just take a look at Hanselman's post:
http://www.hanselman.com/blog/AnIPAddressBlockingHttpModuleForASPNETIn9Minutes.aspx
You can check the Request.ServerVariables["REMOTE_ADDR"] value and if they're banned redirect them to yahoo or something.
Indeed, Spencer Ruport's suggestion is the right way to go about it. (Not sure I would redirect to Yahoo however - an page informing the user they have been banned would be better, with some option for contacting the web admin if the client feels they were inadvertently banned).
I would add that it would be wise to check the HTTP_X_FORWARDED_FOR server variable (representing the IP forwarded by a proxy, or null if none) firstly in order to avoid the issue of the IP address for the proxy (and thus potentially many other users) also being banned.