7,612
edits
Changes
Jump to navigation
Jump to search
Wordpress Blog Site (Tool) (view source)
Revision as of 00:31, 19 October 2017
, 00:31, 19 October 2017→Upgrading the blog
To start the service, restore the conf file first:
mv /etc/init/vsftpd.conf.stop /etc/init/vsftpd.conf
service vsftpd stopstart
==Update Wordpress==
grep -r "wp_class_support"
returns no results!
===Identified Malware===
Checking the files:
-rwxr-xr-x 1 www-data root 1627 Oct 4 06:16 wp-blog-header.php
In wp-includes we also have (despite the directory having an older mod stamp), but for now let's treat this as irrelevant.
-rwxr-xr-x 1 www-data root 619 Sep 20 04:08 version.php
-rwxr-xr-x 1 www-data root 144389 Sep 20 04:08 class-wp-customize-manager.php
Both wp-content/themes and wp-content/plugins have an Oct 18 date on them. But both have subdirs with older access dates and seem clean. And the directory 2017/10 has Oct 4th dates on it but is empty. This is consistent with a numerically named php file being executed from here and then deleted.
According to the malware report it should target two additional files. We don't have WordFence, so only one is relevant:
locate wfScanEngine.php
locate class-wp-upgrader.php
===Upgrading Ubuntu's packages===
To start , upgrade ubuntu's packages so that everything is fresh and new.
apt-get updates
(maybe need to do a separate dpkg --configure -a)
===The Plan===
*Fix Fixed corrupted filesbut copying them over with clean versions from /var/lib/wordpress_bak/*Remove Renamed dodgy .htaccess file*Turn Turned on the FTPServer*Upgrade wordpress and its plugins. Note: DO NOT UPDATE THEMES!!!*Turned off the FTP Server*Look Locked down directory permissions more tightly(see below)*Remove disused user accounts(any contributions set to Anne Dayton)*Changed permissions of all users to author, except Tay to editor, and left just Ed and Anne to admin I also installed the delete-all-comments-easily plugin and easily deleted the enormous queue of junk comments. ===Changing permissions=== I used the shared server config found here: https://www.smashingmagazine.com/2014/05/proper-wordpress-filesystem-permissions-ownerships/ From the wordpress dir run: sudo find . -type f -exec chmod 644 {} + sudo find . -type d -exec chmod 755 {} + sudo chmod 600 wp-config.php Image upload was tested and worked fine, and a new plugin was also installed fine. ===Installing WordFence=== I also installed the free version of WordFence. It wouldn't have stopped our last malware, most likely, but it should stop at least some of the future annoyances. I went with the basic config. The notifications are sent to mcnair@rice.edu ===Still to do=== We should consider some extra hardening! See, for example, https://codex.wordpress.org/Hardening_WordPress
That we really can't update our theme is an ongoing issue...
[[Category: McNair Admin]]
