Tag Archives: wordpress

11May/16

Install WordPress Using cPanel cPAddon Option.

WHM is famous web-hosting control panel that are used for creating websites, email accounts, create database etc using their control panel. This is will lower the head ache of web hosting owners.

WordPress is a web software that are used commonly for website creation specifically for blogs, apps etc. Many of them are opting WordPress because of simplicity. There are many people that have a requirement of one click install for wordpress. So in this article we are trying to explain how we can enable and install wordpress using the cPAddon option available in WHM/cPanel.

    •  Log into WHM control panel
    •  Go to Home »cPanel »Install cPAddons Site Software
    •  Select WordPress from the list and click “Update cPAddon Config ” option.
      wordpress1
    • Once the update completes, go to Home »cPanel »Manage cPAddons Site Software and
      make sure WordPress is checked, and click “Update Moderation”.

wordpress2

  • Now WordPress is available to installed through cPanel of each websites. So log
    into cPanel for your domain. go to Site Software option >> select wordpress >>
    Fill up the necessary information >> Click Submit Moderation Request
  • Now Go back to WHM >> Home »cPanel »Manage cPAddons Site Software and approve
    the wordpress install request.
  • Once approved the WordPress should be installed under the website with in few
    minutes.
13Dec/14

Detecting WordPress Outbound Bruteforce attack

We have heard a lot about the WordPress inbound Bruteforce attacks. On checking we can see the inbound attack IP’s  may have cpanel installed and  are actually generating from some other server which is infected.

Two day before,we  got a message from a client of ours saying data center has informed them that server is infected and is generating attacks on other servers. Initially I am not able to get any of the details regarding the attack as no rogue process is running neither scan using gave me any valid clue on this attack .

I was just checking the result of tcpdump to see the what all data is being transferred from the server.

user@host ~ # tcpdump -A -i eth0 -s 1500 port not 22

While checking the results I can see something is going on and many wp-login.php entry was going on.

Sample tcpdump Output (changed domain and hostnames)

v.G....pPOST /restaurants/wp-login.php HTTP/1.0^M
Host: domain.com^M
Content-Type: application/x-www-form-urlencoded^M
Content-Length: 30^M
^M
log=admin&pwd=minedoruksay2940
06:15:22.056294 IP host5.domain.com > host6.domain.com48202: Flags [P.], seq 2779525802:2779527849, ack 2761432155, win 3216, options [nop,nop,TS val 166530731 ecr 1994475337], length 2047

I tried to stop apache and mysql ,psa, and still some process were running as www-data user and the process was some thing like the below.

www-data 1258 10.8 1.5 18327 1268 ? Ssl Dec10 129:10 /usr/bin/host 

I took the lsof result of this command and I got the culprit (account ) responsible for this attack 🙂 Thanks to lsof command to give me correct location and scripts.

Relevant output from lsof command

COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
host 20636 username cwd DIR 9,2 4096 60874901 /var/www/vhosts/domain.com/site1/wordpress/wp-content/plugins/subscribe2/extension/readygraph/assets/js
host 20636 username rtd DIR 9,2 4096 2 /
host 20636 username txt REG 9,2 120240 68160132 /usr/bin/host
host 20636 username DEL REG 9,2 60817452 /var/www/vhosts/domain.com/site1/wordpress/wp-content/plugins/subscribe2/extension/readygraph/assets/js/bruteforce.so
host 20636 username mem REG 9,2 22928 23855190 /lib/libnss_dns-2.11.3.so
host 20636 username mem REG 9,2 51728 23855282 /lib/libnss_files-2.11.3.so
host 20636 username mem REG 9,2 12582912 60827148 /var/www/vhosts/domain.com/site1/wordpress/wp-content/plugins/subscribe2/extension/readygraph/assets/js/.frsdfg
host 20636 username DEL REG 9,2 60817412 /var/www/vhosts/domain.com/site1/wordpress/wp-content/plugins/subscribe2/extension/readygraph/assets/js/libworker.so
cwd : /var/www/vhosts/domain.com/site1/wordpress/wp-content/plugins/subscribe2/extension/readygraph/assets/js

The above entry from lsof means attack is being generated from this folder and scripts are located in this location.

/var/www/vhosts/domain.com/site1/wordpress/wp-content/plugins/subscribe2/extension/readygraph/assets/js/bruteforce.so

/var/www/vhosts/domain.com/site1/wordpress/wp-content/plugins/subscribe2/extension/readygraph/assets/js/.frsdfg

/var/www/vhosts/domain.com/site1/wordpress/wp-content/plugins/subscribe2/extension/readygraph/assets/js/libworker.so

Above 3 files are the main hack files in which /bruteforce.so was not present in the server at that time . This script was removed soon after the attack in initiated.

To fix this , I have removed the entire “js” folder and then kill all these process. Also asked client to remove the plugin. It will be good if we can remove the host binary (/usr/bin/host) file. If it is there, they can again come back with the attack and can kill the server reputation within few hours.

15Sep/13

ntVersionCheck : New release v1.1.0

cPanel plugin for finding the outdated applications in the server. Currently the plugin is configured for wordpress and joomla installations.

Features

  • Find all outdated wordpress and joomla applications in the cPanel Server
  • Display the wordpress and joomla versions with color difference for visibility
  • News, Announce the latest news related with application vulnerabilities and plugin updates
  • The installations are grouped by user and reseller wise
  • One click update available for future releases Continue reading
17Jun/13

WordPress – Some quick notes!

What is WordPress?

WordPress is a well known PHP based CMS with MySQL back-end, mostly used to build blogs. In addition to develop blogs, WordPress is commonly used to develop websites as well. Even though the WordPress is build as a blog software, it is very flexible and we can develop beautiful websites with it. There are millions of WordPress powered websites run in Internet now. It built in plug-in architecture and a template system.

Features

1. Customization :- As WordPress is built and operates based on a template system, it provides lots of opening to customize your web pages.

2. Dashboard :- The dashboard of WordPress is quiet nice and very user friendly. Among the other CMSes available in the market, it is very simple but powerful and can be managed even by a newbie easily.

3. Themes :- We can easily switch WordPress themes. There are thousands of themes available in the market; both free and paid versions. As it is a very popular application, your search for good theme will end up in a good result.

4. Plugins :- Plugin support is another big advantage of WordPress. You can find almost all types of your plugin needs with WordPress. Due to its wide range of user-base, plugin development and maintenance is very active in the community.

Continue reading