hackthebox apocalyst walkthrough

Starting with masscan Two ports are open, web and ssh Browsing web, we see WordPress but site does not look good. To view it correctly we need to put following in our /etc/hosts file Then browsing the site. We can go to to view the user in WordPress. This gives us user falaraki We […]

How to restore hacked WordPress website? v2

BACKUP!! BACKUP!! BACKUP!! Make sure you do backup regularly or at least ask your clients’ to take a clean backup of website. Change Password After your website gets hacked, first thing to do is to make sure that you change passwords ie: cpanel, database, wp-admin, etc Replace Files/Folders 1. Rename public_html folder to something else […]

Japanese seo hack WordPress

Japanese seo in google

Ever encountered php unknown code injected at top of your index.php file? I have same issue in my WordPress website where some unknown php scripts was injected at top of index.php file. Below is the sample of that php code: &lt?php @set_time_limit(3600); @ignore_user_abort(1); $xmlname = ‘mapss271.xml’; $jdir = ”; $smuri_tmp = smrequest_uri(); if($smuri_tmp==”){ $smuri_tmp=’/’; } […]

WordPress wp-admin/async-upload.php 403 Forbidden

I was trying to upload image from WordPess media and was getting 403 message. I searched and tried every method. Some of them include: disabled modsecurity created alternate uploads folder given 777 permission to uploads folder At last I turned on WP_DEBUG log and got following error: WordPress database error: [Duplicate entry ‘794356’ for key […]

How to stop WordPress ddos bot attack in shared cpanel server?

If you have hosted lots of WordPress website in your shared hosting then you may have came across this situation where attacker tries to brute force attack on wp-login.php increasing server load hence doing Ddos attack. You can’t even apply modsec rules or csf rules as attacker uses one ip no more than two times. […]

Your PHP installation appears to be missing the MySQL extension which is required by WordPress.

You will get above error message if you are using suPHP_ConfigPath inside your .htaccess file in cpanel. This error was encountered in easyapache4 where there are multiple php available. In this post I am referring to php56. Similar config can be done to other versions too. When we use suPHP_ConfigPath inside our .htaccess this tells […]

How to restore hacked WordPress website?

Follow following steps to restore your WordPress website which has been compromised. These steps will help you to restore your WordPress website without any cost. Compress the entire remote site files from cpanel and download to local Delete everything in ‘public_html’ folder Change FTP, cPanel, email account and MySQL passwords Unzip local site and scan […]