Oct 01 2013

Nifty little PHP Script to show server uptime load averages and more on shared linux hosting servers

<!—-This is free to download copy use and/or modify and should work on most linux based hosting servers.  Simply select all of the text and code and create a file called time.php or whatever you wish to name it.  You can adjust the auto page refresh at the bottom of the page.  This is a great work around for people on shared hosting servers without ROOT access or CLI Privs.
Created Oct 1st, 2013
Author: Eric Schneller
Website: http://www.ericschneller.com
Enjoy!–>
<html>
<title>SERVER STATUS, UPTIMES AND MEMORY USAGE</title>
<center>
<?php
echo “<hr>”;
echo “CURRENT LOAD AVERAGES”;
echo “<b><pre>”;
$uptime = passthru (“/usr/bin/uptime”);
echo “<font face=\”Verdana, Helvetica\” SIZE=\”1\”>$uptime</font></p>”;
echo “</b></pre>”;
echo “<hr>”;
echo “24 HOUR LOAD AVERAGES BY THE MINUTE”;
echo “<b><pre>”;
$sarq = passthru (“/usr/bin/sar -q”);
echo “<font face=\”Verdana, Helvetica\” SIZE=\”1\”>$sarq</font></p>”;
echo “<hr>”;
echo “</b></pre>”;
echo “CURRENT MEMORY USAGE”;
echo “<b><pre>”;
$mem = passthru (“egrep ‘Mem|Cache|Swap’ /proc/meminfo”);
echo “<font face=\”Verdana, Helvetica\” SIZE=\”1\”>$mem</font></p>”;
echo “</b>”;
echo “<hr>”;
echo (‘<meta http-equiv=”refresh” content=”120″>’);
?>
<blink><font color=”red”><b>This page will auto refresh in 120 seconds</b></font></blink>
<hr>
<center>
———————————————————————————–
DO NOT COPY BELOW THIS LINE
———————————————————————————–

See a working example HERE

Permanent link to this article: http://www.ericschneller.com/2013/10/01/nifty-little-php-script-to-show-server-uptime-load-averages-and-more-on-shared-linux-hosting-servers/

Apr 17 2013

WordPress Brute Force Attack On wp-login.php

As most of you have heard already there is/was a widespread Brute Force Attack

(definition – http://en.wikipedia.org/wiki/Brute-force_attack)

that affected the file wp-login.php that allowed the hacker(s) to access your website by running an automated script that uses Rainbow Tables

(definition – http://en.wikipedia.org/wiki/Rainbow_tables) and or a list of common words found in the dictionary.

I run multiple WordPress sites and none of mine were affected as I have the plugin SI-Captcha on the wp-login.php or wp-admin.php page which you can download here:

http://wordpress.org/extend/plugins/si-captcha-for-wordpress/

However, having a secure password is always the best way to protect your site from being hacked. Using insecure passwords like “ilovecats” or “layla123″ your name or birth date for example are a very bad idea and easily guessed by a well executed Brute Force Attack.

A good password generator can be found here:

https://secure.pctools.com/guides/password/

Treat your password like a PIN number to your bank account, enough said.

Also, if you have been affected and changed your password to something secure such as: s7udraNe if the hacker is still logged in they still HAVE full access and can deface your site, delete content, inject malicious code and viruses, etc.

You need to change your “Salt” and “Secret Keys” in the wp-config.php file:

You can obtain a new salt and key here: https://api.wordpress.org/secret-key/1.1/salt/

See example screenshot below:

Click to Enlarge Photo:

wp-config

This can be done via ftp, Cpanel or another form of file editing software that you can access via your web host. After editing the file, SAVE the changes and then change the permissions (CHMOD) for wp-config.php to 440 or 400 so that is not “World Readable”, if you can pull up your wp-config.php from a browser you are begging to be hacked as it contains your database login information.

See example screenshot of wp-login.php with SI-Captcha below:

Click to Enlarge Photo:

wp-login-screenshot

These are valuable steps to protect your WordPress Sites.

You can scan your sites for malware by entering the domain name at the link below:

http://sitecheck.sucuri.net/scanner/

Your MySql Database is the HEART of your blog/wp site and should be backed up regularly in case of a catastrophic event such as a hack, do NOT rely on your host for backups, do your OWN.

A top rated webhosting company “Inmotion Hosting” has written a great article suggesting .htaccess modifications and a plugin that limits the amount of login attempts to help mitigate this type of attack.

The article can be found here: http://www.inmotionhosting.com/support/news/general/wp-login-brute-force-attack

Permanent link to this article: http://www.ericschneller.com/2013/04/17/wordpress-brute-force-attack-on-wp-login-php/

Dec 26 2012

Custom Footer for Graphene WordPress Theme

To remove the default credits Graphene puts into your theme using footer.php and links to WP etc and make your site more proffesional in appearance; let me show you the quick and dirty way 100% tested with the most current copy of the Graphine theme for WP by edting the footer.php file.

Remove lines 89 and 90 from the file /blog/location/wp-content/themes/graphene/footer.php you have to edit it via FTP or thru cPanels file manager not from the “editor” in your WP Dashboard; replace it with the snippet below and save the file, customise it to your liking and enjoy!

Example (put on line 89 after removing 89 and 90):

<p align="right"><a href="#">Custom Link Here</a> Custom Text Here</align>

Simple HTML is the easiest way to do this without getting too fancy.

The above is merely an example and the author(s) still get credit in the meta tags and headers. Only downside is if you update the theme it will overwrite it unless you change the files permissons to 640 to footer.php however I just upgrade and change it, takes 5 minutes or less. Difficulty = Easy

If you have a question drop me a line: Click Here for questions

* Make sure you back up your data before attempting this

Permanent link to this article: http://www.ericschneller.com/2012/12/26/custom-footer-for-graphene-wordpress-theme/

Older posts «