Either I don’t get it or wordpress self-hosting is weak and unreliable like window95.

It is several months trying to figure out WordPress self-hosting.

There is always a problem. Secure yourself too much and you end up knocking a door which you locked yourself.

Searching all the net but there is no step by step instructions on security. There are so many options but so little help.

The point is wordpress.com CMS is good enough for blog on a website enclosed by hard coded secure place but not as an independent CMS.

What I have discovered is that wordpress can be manipulated with right commands from the browser sings to command far more than an average user can make a system dance from Linux terminal.

It is a window95 type version of CMS.

It appears that all the experience of past four years with word press is wasted as it can not survive in open ocean of deepweb without commercial software. So much from the free wordpress.com.

WordPress.com uses security software at server level which are not available to an average user. Some of these additions/plugins/security measure are available at a price and my guess is that is a part of financing the project of blogging.

But real security wordpress.com ensure is from its server configuration not from wordpress.com CMS which is mostly stupid stuff for an average user.

May be it is time to move on to something better like Joomla. But is that really better?

Presently after or really with the labyrinth, self-hosted  websites are accessible from public but I can not write or add anything.

 

So much for user friendliness. But that word is always an euphemism for inviting people to fall into trap. Sorry no trap. This is how technical stuff is sold.

Great! A new challenge.

Advertisements

Hacked by Triple Defacer

Another Crisis: Hacked by Triple Defacer.

Hacked  by Triple DefacerBlogging and self hosting is such a pain at all the wrong places. It becomes worst if the Host offering vps is new or inexperienced. GIC Webworld appears to be such a host. But they will rank several notch above hosting.india.to about whom I shall soon write a review. Few months back we (me and few friends) had started a legal online magazine at LawAndJustice.Asia. Since day before yesterday at night, somebody broke into the servers of my host and uploaded a script. Infact this somebody is known or proclaimed (see screen shot.) They are turkhackteam.net.

Who are these people. Why they are what they are. Why violence is so important. The web is really a reflection of human mind.

This screen shot is generated from a script. Part of script is as under:

<!–DOCTYPE html>
<!– saved from url=(0026)http://lawandjustice.asia/ –>
<html lang=”en-US” prefix=”og: http://ogp.me/ns#”><head><meta http-equiv=”Content-Type” content=”text/html; charset=UTF-8″><title>Hacked By Triple Defacers</title>

var adfly_id = 5422646;
</script>

<script type=”text/javascript”>
var adfly_id = 5422646;
var adfly_advert = ‘int’;
var frequency_cap = 5;
var frequency_delay = 5;
var init_delay = 3;
var popunder = true;
</script>

Now the interesting part is to find location of this script. Where it is?

Searching “Hacked by Triple defacer” on Google reveals that numerous websites (some working fine) have these words in their header or somewhere including the above one but we and our host are not able to find it’s location.

The option they suggest is to re-install. But that is no solution. If there is a vulnerability, it must be addressed first. May be I should, not only re-install but also relocate it!

I am very much tempted to re-install the whole thing but they can do it again. Or may be the problem may be somewhere else because serving host is naïve and his suggestion is a mere speculation. Until they actually find the problem, it just an educated guess.

Surprising thing is that wp install is perfectly fine. Word fence detected the changes I had made in one file but except that there is nothing to detect. iTheme is the other security and it reported nothing.

Any help out there? Waiting for some good Samaritan.

There is one thing I did change. Anonymous ftp account is open by default. I do not know why? I have unchecked it and now doing a fresh install. Let us see, what happens.