Slap that spammers in the face!

When I was maintaining my ‘Wordpress’ account, I was a little confuse and frustrated. For example, I already altered individual settings from the ‘Discussion’ area. But, these spammers (which are stupid), they just want to play dirty and never leave my blog alone and my brain from exploding. So, I decided to drop the bomb on these hooligans and teach them a lesson!

For those who had these problem, then listen carefully – if we are going to kick those spam-bots a lesson! But, don’t worry, these technique are SAFE and secure for everyone…

Method 01 – Utilize 3rd party plugins

1.] Direct your browser to this site and download ‘Bad Behavior’ plugins.

http://bad-behavior.ioerror.us/download/

2.] Login to Cpanel / Plesk and direct yourself to this directory. However, your current directory may be different from the given example.

../blog/wp-content/plugins

3.] Upload the package and extract it. After that, you must login to WP account and activate this plugin. For more information, you may direct yourself to the given link (above) and learn how to use this plugin by yourself…

Method – Rename a FILE!

1.] Login to the root directory (Cpanel / Plesk) and rename this file. However, don’t be stupid and delete it.

File to rename: “wp-comments-post.php”

2.] Right click on this file and add this phrase in front: “backup.” and accept the change.

3.] Logout and let the hooligans hit their 404 jackpot!

Important: if there is on-going issues about ‘spam comment’, then don’t hesitate to trash – dump – delete ‘wp-comments-post.php’. This is because, spammers are now capable looking for this file (it doesn’t matter if they are modify or hidden). They will eventually find it and bombard you once more.

Tips & Tricks: regarding to security and safety, please use ‘htaccess’ to block offensive hostname / IP addresses. However, please don’t play stupid and input your own IP address…

order allow,deny
deny from 123.45.6.7
deny from 012.34.5.6
deny from .bad-site.com
deny from .evil-hackers.org
allow from all

Lair360 – “It’s NICE to play Evil!”

Copyrighted By Lair360

For those who is against “Adsense” and other advertised agency, then why don’t you try this script on your own site? It’s also simple and very easy to implement – if your server has “parsing – enabled” for HTML WebPages.

Notes: this script will only work on webpages which utilize PHP source. Nevertheless, it will also work on hybrid – website which deploys PHP parsing for HTML.

1.] Copy this script and save it as: “ads-block.php”. But, don’t forget to integrate this file on your server.

<?php
$fcontents = join ('', file ('../ads-block/ads-block.txt'));
$s_con = split("#",$fcontents);

$banner_no = rand(0,(count($s_con)-1));
echo $s_con[$banner_no];
?>

2.] Create a new ‘text’ file (*.txt) and give it a name. After that, you must integrate these sources and modify it to your hearth’s content. However, you must keep this ‘#’ symbol. This is basically used as a ‘break’ for each advert, instead of spacing.

<a href="Link01" target="_blank" >
<img src="/ad-sponsor/468x60_ads.jpg" width="468" height="60" alt="Adverts Here!" border="0"></a>
#
<a href="Link02" target="_blank" >
<img src="/ad-sponsor/468x60_ads.jpg" width="468" height="60" alt="Adverts Here!" border="0"></a>
#
<a href="Link03" target="_blank" >
<img src="/ad-sponsor/468x60_ads.jpg" width="468" height="60" alt="Adverts Here!" border="0"></a>
#
<a href="Link04" target="_blank" >
<img src="/ad-sponsor/468x60_ads.jpg" width="468" height="60" alt="Adverts Here!" border="0"></a>

3.] Grab this script and place them anywhere on your webpage. However, you will need to replace “php_include” directory and point it to this file: “ads-block.php”. But, don’t forget to check your server if you want to use these within HTML environment.

WordPress

<?php include (TEMPLATEPATH . '/ads-block.php'); ?>

HTML Webpage

<?php include("../directory/ads-block.php"); ?>

WordPress / HTML

<?php include $_SERVER['DOCUMENT_ROOT'] . "/directory/ads-block.php"; ?>

4.] You are done!

Version: 11.2
Revision: 33 Build 21

Vol 4 – Get Wild with WordPress Security & Spam!

Yesterday – night, I had a short email regarding to php.ini or php.cgi access. But, when I did some research, it was a little frightening! For example, if we take a cat and the critter was able to penetrate your system server, just by altering any of your php.ini, php.cgi, *admin.php and other server – directory, then the chances are risky, if you are not around to keep these devils outside your door. They could also inject malicious codes or viruses that can alter any of your SQL database. Although, that sounds like a bunch of morons trying to kill our hard work! Now, if you excuse me, I have some coding – artillery for you to try out. I hope you like them. But, make sure to give these spammers, evil – bots and other devils a lesson! We don’t want them to kiss our server goodbye. We want them to kiss their ass goodbye!!

Have a good time…

1.] If you want to hide all of your errors from these idiots, then I would suggest you to hide your “Wordpress Revision Number” and Errors (which appears if you made a mistake in your theme directory).

Hide WordPress Revision – functions.php

add_filter( 'the_generator', create_function('$a', "return null;") );

Hide WordPress Login Errors – functions.php

add_filter('login_errors',create_function('$a', "return null;"));

2.] If you are using “Admin” as your default username, then you will need to change it by copying this snippet into your SQL console (phpMyAdmin).

UPDATE wp_users SET user_login = 'New Username' WHERE user_login = 'Admin';

Notes: type in your new ‘username’ and keep ‘Admin’ as default in the process.
After that, you will need to assign all articles and transfer them to your new username. Here is the source if you want to change the author’s name…

UPDATE wp_posts SET post_author = ‘NEW_AUTHOR_ID’ WHERE post_author = ‘OLD_AUTHOR_ID’;

3.] Working on your blog and forgot to dump your spam comments? If you don’t trash your hooligans regularly, there may be security issue, especially your SQL database!

The biggest nightmare towards spam comment is “SQL injection; modification on your articles and server overload.” So, if I were you, would rather look at the spam area and erase them first before working.

DELETE FROM wp_comments WHERE comment_approved = 'spam';

0 = Awaiting Moderation
1 = Approved Comment
spam = Area marked as Spam

If you don’t want to waist your time looking at your junk box, then take this script and slap them into “phpMyAdmin” to disable WordPress comments (this sql script will disable all comments on your articles).

UPDATE posts p SET comment_status = 'closed', ping_status = 'closed' WHERE comment_status = 'open';

For some odd – reason, if you want to re-enable it for commenting, then take this script to revert back. But, I am warning you! Spammers will continue to bombard your site – regardless of your situation.

UPDATE posts p SET comment_status = 'open', ping_status = 'open' WHERE comment_status = 'closed';

4.] For those who are using private server with dedicated IP addresses, then here is the fun bit for security lovers! Although, this session requires you to create a backup of your “wp-config.php” file. Once you are done with this process, you may continue and add these sources. But, don’t forget to refresh your website for the changes to take effect.

For SSL Login, you will need this source: define ('FORCE_SSL_LOGIN', true);
For SSL Admin – panel, you will need apply this source: define ('FORCE_SSL_ADMIN', true);

Notes: these script were taken from a previous article. It was written here: http://lair360.co.uk/blog/815/

5.] If you want to block comment with another layer of protection, then staple these script into your .htaccess file.

RewriteEngine On
RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /.*/wp-comments-post\.php.*\ HTTP/ [NC]
RewriteRule .* - [F,NS,L]

^ This script will also try to block any comment attempts with a blank ‘HTTP_REFERER’ field.

RewriteEngine On
RewriteCond %{REQUEST_METHOD} POST
RewriteCond %{REQUEST_URI} .wp-comments-post.php
RewriteCond %{HTTP_REFERER} !mydomain.co.uk [OR]
RewriteCond %{HTTP_USER_AGENT} ^$
RewriteRule (.*) http://%{REMOTE_ADDR}/$ [R=301,L]

^ The above source will look for any particular referrers when the wp-comments-post.php file is accessed. If the referrer exists in your blog, then commenting is allowed. However, failing to provide proper referrers (real user) will result as a redirect.

Notes: by any chance, you cannot access this file: “.htaccess”, then why not use this php-source and place them inside your “functions.php”, just to kick out these miserable hooligans?

function check_referrer() {
    if (!isset($_SERVER['HTTP_REFERER']) || $_SERVER['HTTP_REFERER'] == “”) {
        wp_die( __('Please enable referrers in your browser!') );
    }
}
add_action('check_comment_flood', 'check_referrer');

6.] If you are using Google Analytics, then you will need to wrap all of your Google codes in-between, just to stop the tracking of your Admin pages or anything else that is important. In other terms, you really don’t want Google to track your footstep as you are trying to login…

<?php if (!current_user_can('level_10')) { ?>

	/* Paste your Google code in this box */

<?php } ?>

7.] Every-month, you will need to change your password. This will boost security measure and you can stop biting your fingers. Instead of that, you can tell hackers to get out of your door and stop harassing your Login page and your Admin directory.

UPDATE `wp_users` SET `user_pass` = MD5('PASSWORD') WHERE `wp_users`.`user_login` =`admin` LIMIT 1;

8.] If you don’t want idiots modifying / reading any of your “.htaccess / .htpasswd” files, then get this little angel in your .htaccess directory.

<Files ~ "^\.ht">
Order allow,deny
Deny from all
</Files>

Finally, this is the end of Lair360’s Volume 4. But, don’t forget to support this domain and RSS bookmark my site for more hilarious coding and freebies! Although, please be-aware, that these codes are only used for educational purposes only. In shorter terms, you can’t sell them and make profit.

Copyrighted By Lair360

Version: 11.1
Revision: 23 Build 9

Say goodbye to proxy offender!

On the 9th of June, 2010, my website was bombarded by a suspicious hacker. They managed to access my server without my consent. Therefore, I have to shutdown / block any users from accessing my account / site. Anyway, when I arrived home, it was sorted and I can now write more articles for my readers.

In this article, we are going to show you how to implement a ‘proxy blocker’ for WordPress. However, if you implement this script, it will also block legit viewers and commentators. So, if I were you, I would think about it before implementing this script.

1.] Login to Cpanel and locate your WordPress directory.
2.] Find your ‘theme’ directory and open this file: “functions.php”

Tips: I would suggest you to backup your “functions.php” file before adding anymore scripts / codes.

3.] Copy this source and place them inside. But, don’t forget your PHP tags!

<?php
/**
 * Block Proxies - PHP
 * Copyright 2010 - Lair360
 */

function checkProxy {
if($_SERVER['HTTP_X_FORWARDED_FOR'] || $_SERVER['HTTP_X_FORWARDED'] || $_SERVER['HTTP_FORWARDED_FOR'] || $_SERVER['HTTP_CLIENT_IP'] || $_SERVER['HTTP_VIA']) {
die('No proxies allowed');
	}
}
?>

4.] Save the changes and refresh your webpage.

Notes: this script will check your browser if the user is behind a proxy / proxy provider. After that, it will block the offending users (proxy users) from accessing your webpage or specific page. However, please be aware that this script can also block you if your workplace utilize proxies.

Version: 11.4b
Revision: 5 Build 11

How to remove spam links in your comment area!

For those who had big problems with your next neighbours, your evil spammers. You could pretty much disable the entire link! However, this tactics will also disable legit links. So, my advice is, you got to think and make a decision. But, if you look at the good side, your blog will eventually be safer against link farms and code injection.

1.] Login to your Cpanel and locate your WordPress directory.
2.] Find your theme directory and open this file: “functions.php”
3.] Copy these codes and place them inside. But, don’t forget your PHP tags!

<?php
function plc_comment_post( $incoming_comment ) {
	$incoming_comment['comment_content'] = htmlspecialchars($incoming_comment['comment_content']);
	$incoming_comment['comment_content'] = str_replace( "'", '&apos;', $incoming_comment['comment_content'] );
	return( $incoming_comment );
}

function plc_comment_display( $comment_to_display ) {
	$comment_to_display = str_replace( '&apos;', "'", $comment_to_display );
	return $comment_to_display;
}

add_filter( 'preprocess_comment', 'plc_comment_post', '', 1);
add_filter( 'comment_text', 'plc_comment_display', '', 1);
add_filter( 'comment_text_rss', 'plc_comment_display', '', 1);
add_filter( 'comment_excerpt', 'plc_comment_display', '', 1);
?>

Notes: when this code is active, it will immediately stripped every HTML code and convert them into plain text. In other terms, the actual links will be visible. But, they are un-clickable. This would make your blog a lot safer from unwanted code – injections or modifications from cyber – criminals.

Copyrighted By Lair360

Version: 1.1a
Revision: 34 Build 11

Wordpress – Give your SPAM comments a good kick!

In this tutorial, we are going to use SQL commands to delete all spam comments and approved comments which are no longer needed. However, these source were only written for WordPress users. Therefore, I would recommend you to stay away from this script, if you haven’t got WordPress.

Deleting comments in your “Admin Panel,” it can be frustrating, if you have a lot of SPAM and BULK comments. So, the only way to flush these hordes (messages) from your SPAM box and your Moderation box, then you will have to use these commands. To use these scripts, you will have to click on “phpMyAdmin”.

DELETE FROM wp_comments WHERE comment_approved = 'spam';

Code lists
——————–
0 = Comment Awaiting Moderation
1 = Approved Comment
spam = Comment marked as Spam

Now, if you don’t want to keep these maniacs in your moderation queue / spam box, then, I would advise you to use these PHP source. However, you must place this script inside your “function.php” directory for it to work.

<?php
function verify_comment_referer() {
    if (!wp_get_referer()) {
        wp_die( __('You cannot post comment at this time,
as you will need to enable referrers in your browser.') );
    }
}
add_action('check_comment_flood', 'verify_comment_referer');
?>

Copyrighted By Lair360

Version: 11.1
Revision: 33 Build 12

Give the thieves a good kick in the butt!

For the passed months, I was reading a book about “Linux coding”. It really made me wanting to simplify the ‘htaccess’ by modifying parts of my blocking sequences. So that the server doesn’t get angry and overkill the resources. However, this source will only support ‘Linux’ servers with HTA backbone support.

1.] Create a new ‘HTA script file’ and copy these codes…

RewriteCond %(HTTP_REFERER) !^http(s)?://(www\.)?your-domain\.com [NC]
RewriteCond %(HTTP_REFERER) !^$
RewriteCond %(HTTP_REFERER) ^http(s)?://.*$
RewriteRule \.(jpe?g|gif|png|bmp)$ - [F]

2.] Save your new ‘HTA file’ and delete your old revision. Nevertheless, if you want to keep your old file, you will need to rename it as ‘old.htaccess’ or something like that.

3.] Upload your new ‘htaccess’ file and delete your internet temporary files.

4.] You are done!

Tips for confused users

‘nocase | NC’ [no case] – this source makes the test case-insensitive. In other terms, there is no similarity or difference between ‘upper-cases and lower-cases’. This flag is effective only for comparison, and it has no direct – effect on file systems and sub-request checks.

‘ornext | OR’ [or next condition] – this source is useful if you want to link or combine individual rules with a local OR instead of the using AND.

‘forbidden | F’ (force URL to be forbidden) – this source forces the Url to be forbidden for all users. So, if you ever add one of these commands, there is going to be a 403 (FORBIDDEN) message right at your door.

‘^’ – this is the start of line anchoring.
‘$’ – this is the end of line anchoring

Copyrighted By Lair360

Version: 13.1
Revision: 15 Build 33

Wordpress – Which file is the most important?

Introduction: In this tutorial, we are going to learn the basic about files, directory and study how important these files can be! But, for those who already knew these, then I am not going to argue. But, you may want to continue and learn something new… it’s your choice!

————————

Everyday, when we login and operate WordPress, there is a file that controls your SQL database and your administrator panel. This file is called: “wp-config.php”. However, if there is a server problem or your blog was hacked, there is a chance that you may lose your “Wordpress password and SQL Database”. Therefore, you have to create a plan and keep these files in a safe place!

On the other hand, your SQL database, it can be ‘backed up’ with your Cpanel and export it to your external devices, such as: removable drive or compact disk. But, please be aware about your internal hard drive. They can crash and cause serious problem! So, get yourself an external hard drive, if you don’t have one yet!

Secondly, if you have a large collection of plug-ins, you may also want to compress all of these as a ZIP file and download them to your external hard drive. So, if your server had a crash… again… there is always a backup for you to upload! This will also reduce your time and bandwidth. Well… technically, if you are a busy guy, like me, you may want to learn this word “Logic” and keep yourself happy from these miserable nightmares! But, don’t forget about your “Themes” directory. There must be a lot of work going into these folders!

Thirdly, if you have a large “htaccess” file, you will need to create a backup of that too. Don’t forget it! It will come in handy!!

Finally, here is a short version, if you are confused or clueless…

To make this short and simple, there are four areas that you need to back up. These are your “wp-config.php file, htaccess file, wp-plugin directory and your theme’s folder.” If you are not bother about these files, then you are on your own. But, I am not going to be around and flick my wand.

That is today lesson! Better get working on my art profile…

Copyrighted By Lair360

Version: 12.1
Revision: 13 Build 11

How to repair WordPress from hackers!

Introduction: When you are working really hard and gained good amount of visitors, then your blog is considered as a target practice for hackers and cyber-space criminals. In other terms, if you get hacked by these ‘god-who-knows’, then you are in big trouble! This can potentially effect your page-rank, offend honest readers and infect other reader’s computer; making you as an unwilling promoter to subject materials that are not related to the article or your blog. Nevertheless, this issue can also be classified into many categories, for example: “spamming with SQL injection, rude topics, swearing and pranks.” But, the worse dilemma is losing your articles and valuable contents. However, if you are a victim, it is best not to postpone on the clean up process, since a speedy restore will generally minimize the damage that was caused by the hackers.

From the other hand, there are many sources that will suggest you to upgrade your WordPress to the latest version. However, there is a flaw in the upgrade, as most users will not notify you that the hacker may have left a backdoor (hidden file) in a directory where it wouldn’t get overwritten with the actually upgrade. Therefore, I am writing this article to completely clean and restore a WordPress installation that was hacked beyond repair.

1.] Backup your website and database.

Backing up a hacked copy of your blog or database, it is still a crucial process as it contains valuable information, files and documents.
You really don’t want to lose your data if something goes wrong with the cleanup process.

2.] Create a copy of your uploaded files and images.

Images are generally safe from posing a security risk and ones which you uploaded, yourself (for example: the ones that was included with a theme, for instance) will be harder to trace and replace after things are fixed again. Therefore, I would recommend you to grab a copy of all the images in your uploaded folder to avoid broken images in your posts. If you have any non-image files that may possibly been compromised, such as zip files, plugins or php scripts that were offered to the public, it is best to grab fresh copies of those from the original source.

3.] Download a fresh copy of WP, plugins and ‘clean’ template.

Upgrading WordPress automatically, it will make life easier for you and everyone! However, it will only replace specific files and it doesn’t delete obsolete ones. It will also leave your current themes and plugins in its original place. This means, if you upgrade a blog that has already been compromised, it can very well leave attackers the same or different door to get back in. So, please understand and start from scratch as far as your file portion and installation goes.

4.] Delete all files and folders in WP directory & upload!

FTP protocol = Slower (depends on your file size and folders).
Cpanel Manager = Faster (depends on your server responses).

When you have a fresh copy of all your files and folders, you will need to completely wipe (Erase) the entire directory and structure of your blog. This is the only (possible) way to completely remove all infected files. You can do all of these through FTP protocol, but due to the way that FTP handle folder’s deletion, this can be slow as hell! This can also disconnect you from your server, due to flooding with FTP commands.
If you have Cpanel, you can easily compress everything within a Zip file and extract them within the server.

Notes: if you are planning to upload any files and folders within a compressed ‘Zip’ file, then there is a good chance that your codes not broken or corrupted. So, please use Cpanel if you have large project. It will also save you time and bandwidth!

6.] Run a database update!

At this stage, you will need to give WP a little boot in the backside. It means, you will need to point your browser at “/wp-admin/upgrade.php”.

7.] Change your Admin password!

From this level, if you have more than one Admin, and you can’t get the others to change their passwords, then you will have to change their user levels (privileges) and notify them to change their password. However, if there is anyone in your user-list that has ‘editing’ capabilities, and you don’t recognize them, it’s best to kick (remove) them out of your blog. But, for best practice, I would recommend you to delete everyone and tell your staff to register again.

8.] Check all posts and articles for ‘iframe’ hacks!

Inside your Cpanel, you will need to direct yourself to “phpMyAdmin” and run the following SQL scripts.

This script will search your SQL database for hidden iframes, script injection and display.
Also, please note that you can delete these rows if it exists (it should be rebuilt dynamically)
———————————-

SELECT * FROM wp_posts WHERE post_content LIKE '%iframe%'

SELECT * FROM wp_posts WHERE post_content LIKE '%noscript%'

SELECT * FROM wp_posts WHERE post_content LIKE '%display:%'

———————————-

If you want to combine the above script into a single batch – process, you can use this scripts as an alternative.
———————————-

SELECT * FROM wp_posts WHERE post_content LIKE '%iframe%' OR post_content LIKE  '%noscript%' OR post_content LIKE  '%display:%';

———————————-

9.] Double check your blog (for a second time) and look into your SQL database for anything suspicious!

Finally, keep a lookout at all time and manually update your WordPress!

Copyrighted By Lair360

Version: 13.1
Revision: 43 Build 13

Encrypt your WordPress from attackers!

Introduction: This year is nearly Christmas! Therefore, here is a short tutorial that can help publishers enable SSL or Secure Sockets Layer for WordPress. But, don’t panic! If you don’t know how to install it on your server, then why don’t you ask your hosting provider to install it for you? It’s not that bad…

Advantages: Encrypting your admin pages, it will provide more security for your WordPress login – session and your control panel. In order to enforce SSL in your admin pages you need to apply some codes into your “wp-config.php” file.

1.] In order to install SSL encryption, you will need to have a dedicated IP address. You can get this from your hosting provider. However, when you have your dedicated IP address, you will need to wait for another 24 hrs for your website to propagate.

Notes: It’s best if you ask the staff to install your SSL encryption. It’s a lot safer and they can install it without a single – fuss! However, if you decide to install it by yourself, there might be a problems like… the page is not appearing correctly or the passport control is warning the users to stay away from your website. So, please be careful and ask the staff!

2.] When you got a dedicated IP address and SSL encryption, you will need to modify your “wp-config.php” file. Here is the following code…

define(’AUTH_KEY’, ‘the auth key’);
define(’SECURE_AUTH_KEY’, ‘the secure auth key’);
define(’LOGGED_IN_KEY’, ‘the logged in key’);

Notes: you will need to generate your personal codes from this link: http://api.wordpress.org/secret-key/1.1/ and insert it into your “wp-config” file.

3.] Now, you’ll need to add these codes and set it as: “TRUE”.

define(’FORCE_SSL_ADMIN’, true); // integrate this if you want your admin site to use SSL
define(’FORCE_SSL_LOGIN’, true); // integrate this if you want the login page to use SSL

Warning: “FORCE_SSL_ADMIN” is a little strict on your plug-ins. So, you will need to double – check your plug-ins, before you try this setting. But, don’t worry about “FORCE_SSL_LOGIN”. This setting will only encrypt your login page so that your login password will be encrypted.

4.] You are done!

Copyrighted By Lair360