Does anybody know of a security vulnerability in Wordpress whereby fraudsters are sending out banking phishing emails (purporting to be banks) with a login link pointing to a valid domain but with extended path that may be unknown to the legitimate owner of the domain?
For Example:
href = [HOST]=http://www.ponnuki.net
[EXTENSION] = /wordpress/MOBILE-DO/absa-mobiledo/absaBanking/index.php
Judging from the number of these I have been receiving recently, it appears that the hosts are not geo-specific, so the obvious conclusion is that they are seeking out vulnerable hosts to piggy-back on.
Can someone recommend who would be the best to report this to?
If you believe you have found a security issue with Wordpress, see below.
For actual security issues with the self-hosted version of WordPress,
then you should send an email with the details to security [at]
wordpress.org. Include as much detail as you can.
Taken from the Wordpress Codex.
Related
I have some subdomains running in all in wordpress. They worked fine but when I tried to install or delete or update any plugin, wordpress was showing me a message that i need to connect ftp and all info, which we didn't. Later I tried to login my cpanel whm, I got redirected back to a error page
Internal Server Error
500
Error ID 25356b0625763
cpsrvd Server at mydomain.test
What could possibly go wrong and how can I recover it?
And yes, I see hacker placed a text that they hacked it. In main site, there was nothing hosted, all were in subdomain..
I've written some articles that specifically answer the question that you've asked about how to recover:
https://support.cpanel.net/hc/en-us/articles/360055310013-What-can-be-done-if-a-cPanel-account-is-compromised-
https://support.cpanel.net/hc/en-us/articles/360061360914-Is-it-possible-to-clean-malware-from-a-hacked-website-
As for what went wrong, that can be and is most often a very complex topic that requires a high level of expertise to properly and accurately diagnose.
That type of investigation would be risky and unreasonable to do via Stackoverflow due to the amount of identifiable server information that you'd need to provide.
I'd also like to mention that an account compromise occurs due to vulnerabilities in the websites and scripts hosted within the account and that those compromises will be contained within that individual cPanel account unless the attack were to make use of the symlink race vulnerability, which should be solved at the kernel level to be done properly:
https://docs.cpanel.net/ea4/apache/symlink-race-condition-protection/
cPanel's Security Advisor will let you know about the status of the symlink race vulnerability on your specific server:
WHM >> Home >> Security Center >> Security Advisor
There are no known vulnerabilities in cPanel or WHM that would allow for an account-level compromise to escape an account or allow a root compromise to occur.
If you suspect that you've discovered a zero-day vulnerability in cPanel or WHM, you should submit a ticket to cPanel support, as the issue would be taken very seriously.
However, the process of investigating and diagnosing the cause of an account-level compromise that came about due to a vulnerability in a website or script is something that a security specialist would be best equipped to take care of for you. Typically you'd want to seek out a Web Application Security Specialist.
As for the 500 error that you're seeing provided by cpsrvd (cPanel's webserver that handles requests for the cPanel, Webmail, and WHM interfaces) that is not likely related to the compromise. You can typically find more information about the cpsrvd 500 error by reviewing the cPanel error log at:
/usr/local/cpanel/logs/error_log
cPanel support would always be happy to assist with any 500 errors that you're experiencing on cpsrvd.
I've had a request to provide some internal assistance with our company WordPress website. Its a public site and our marketing team would like to host a single page on there that only existing customers can gain access to. We have an internal in-house developed CRM which the devs have exposed an API to check if an email address provided is that of a customer or not and return a true/false result. The internal CRM uses identity for its auth.
I've done quite a bit of research into the possible options, but none really give a definitive path to achieve this, or offer an alternative solution.
I have a small amount of WP experience, and unfortunately am the only person internally who comes close to being able to "help", however I need some assistance please! What would be the best way to go about securing a single page on a WP site, authenticated by a user providing their email address and it checking the CRM endpoint for true/false validity?
So my wordpress site domain is from Godaddy, and hosted in a hong kong server, as our target users are mainly from hong kong. When i wish to improve SEO and started submitting backlink to directory sites, i always get the error message of "The URL could not be validated. Either the page does not exist or the server cound not be contacted."
I have read from another platform that someone commented: You're getting the error because you're using an SSL that belongs to someone else. When these directories attempt to verify your site using the "https", they get a warning that says your site is potentially harmful and the third party SSL is the reason given. My suggestion would be to buy an SSL directly from your web host or from a reputable SSL company."
But unfortunately, i can't ensure if this is the right direction and how can i do that.
Could someone teach me please? By the way my website link is , hopefully you can find some clues with the link. Thanks in advance.
https://www.bananaportal.com/
Have you tries https://easyengine.io/docs/lets-encrypt/
Most trusted and almost free SSL certificate for everyone to install fully Secure and trustable certificate that widely accepted in the world.
The certificate itself is fine. You can see the results of two different tests here:
https://www.sslshopper.com/ssl-checker.html#hostname=https://www.bananaportal.com/
https://www.ssllabs.com/ssltest/analyze.html?d=www.bananaportal.com
Many directory sites are unable to process https, and that might be the source of your problem. In any case, directory sites aren't going to improve your SEO anymore.
The issue relates to esoteric web browsers, you can read more on it here: https://community.letsencrypt.org/t/some-browser-say-certificate-is-not-trusted/28766
It is also important to mention, that your current certificate is doing perfect on encryption, but the authentication is the simplest and cheapest (free) possible. You've never showed any legal document that prove your claimed identity, in order to receive the certificate.
You can be more impressive with a Verisign payed certificate.
I am currently doing work for a client and am running into a bit of an issue when an email receipt is sent to the user. What is happening is that once the email address is delivered the from address is completely different then the one I am using. I have tried using a few different email addresses and they work fine. It's only the one that they really want to use that is causing the problem.
I don't have access to their site and am also unsure of how the mail is sent. What I am wondering is if anyone knows the questions that I can ask to figure out what is going on on there end. They recently changed who was handling their site so I have a feeling something may be getting mixed up.
The site is built with WordPress and is using Gravity Forms. From the changed email address I can see that they are using Bluehost since the email changes from #companyname to #boxXXX.bluehost.com.
Email servers are not my area of expertise so I really appreciate any help.
Very likely their Wordpress website is sending emails through the wp_mail() function which is nothing more than the usual mail() function from PHP.
By default if you send an email through this method it will display either the hostname of the server where the website is sitting or the SMTP server, in this case boxXXX.bluehost.com depending on what's the policy of Bluehost regarding sending e-mails.
Generally hosting provider switch off the php mail() function in shared hosting environments to prevent spam and they provide you with the details to connect to their SMTP server and send legit e-mails, if their server is sitting on a shared hosting I think you might need support from Bluehost directly, explain to them the situation and they will help you throughout the process.
If the website is sitting on a virtual dedicated server then they need to do additional configuration on it. In this case what I do is to access onto cPanel and create a new mailbox with the address I want to send from (wordpress#domain.com, info#domain.com, whatever the client wants to be displayed) and configure Wordpress to send with through the VPS SMTP (you can do that easily with this nice plugin: http://wordpress.org/plugins/wp-mail-smtp ) with the address and password you chose when creating the email account on cPanel.
From now on the email will show the correct address.
Also you might want to increase the deliverability of your message and to instruct the email servers that are receiving the email that you're using a legit account, so you should add to their DNS both DKIM and SPF server records.
Note: I suggest you to be extremely cautious when playing around with DNSes, especially when touching email related records. If you are not familiar on how setup new and change the current existing records ask for help from someone who has quite good experience and to guide you through the process so you understand how it works and the consequences of a bad formatted or clashing records.
We recently had a really bad couple of hours at work when someone touched the company records without any clue of what was doing and we ended up with no email and website working for several hours.
I'm new to Drupal, just made my first site and having some issues with email. Two questions:
I've enabled the site-wide contact form, and sometimes though not always, I'll receive two identical emails from my site when someone submits a message via the contact form.
I've found documentation on Drupal's email handling very sparse. Can someone give me a brief rundown on how Drupal sends email? I have it installed on a godaddy server, and I have my own domain name, but I never set up any email services from godaddy or configured any emails settings for Drupal (e.g. SMTP, POP), so I was surprised it could send emails right off the bat. On this topic, is there a better way to handle simple email tasks like the contact form than by using the built-in email features of Drupal core?
Thanks.
I'm not sure. Can you replicate this
problem yourself or is the just an occasional happening?
By default Drupal will
use the PHP mail() function
(http://php.net/manual/en/function.mail.php)
which (usually) does not require you to do any
explicit email configuration.
You can use the hook_mail_alter (http://api.drupal.org/api/drupal/developer--hooks--core.php/function/hook_mail_alter/6) in a custom module to peer more deeply into the emails that are being sent. This does require an understanding of PHP.
A very widely used (and better) alternative to the Contact Form is the Webform module (http://drupal.org/project/webform). It provides a very easy to use interface to generate custom forms and does not require any programming knowledge.
If you wish to send more sophisticated emails you may want to investigate the SMTP module (http://drupal.org/project/smtp) which allows you to send to an SMTP server. Also, check into the MimeMail module (http://drupal.org/project/mimemail) as it allows for things like attachments and HTML emails without having to crack open and modify an email's headers via hook_mail_alter.
Answers
Hard to say, it could be a few things, but answering question 2 may give clues about question 1. I am guessing it is due to the configuration of your current email server.
Drupal can be configured to send mail LOTS of different ways, but by default it uses the built in php mail() function. This is configured in your php.ini. I would imagine that godaddy probably set up an SMTP or sendmail server by default.
For both of these issues, I would look at how things are configured (which, due to the nature of godaddy, may not work very well) or by talking to godaddy.
My recommendation would be to use google apps to host your email. Then you can have email sent from your domain but with google reliability, and having it be free!. To connect with drupal, use this module which requires PHPmailer, which may or may not be installed already by godaddy (they should support it though!).
Hope that helps. Leave any more questions in the comments.