Welcome, Guest: Register On Nairaland / LOGIN! / Trending / Recent / NewStats: 3,195,167 members, 7,957,360 topics. Date: Tuesday, 24 September 2024 at 11:31 AM |
Nairaland Forum / Dmayor7's Profile / Dmayor7's Posts
(1) (2) (3) (4) (5) (6) (7) (8) (9) (10) (of 32 pages)
Webmasters / Re: An Interesting Story Of a Lady, A Hacked Website, And How I Fixed The Hack by Dmayor7(m): 9:36pm On Jul 13, 2020 |
hannahwealth: Yea... |
Programming / Re: I Told Her The Hacked Website Is Fixed. A Few Moments Later, She Called Me... by Dmayor7(m): 9:35pm On Jul 13, 2020 |
pinkyruledworld: Thank you. |
Programming / Re: I Told Her The Hacked Website Is Fixed. A Few Moments Later, She Called Me... by Dmayor7(m): 9:35pm On Jul 13, 2020 |
nnamdiosu: For website Backups, you can use Updraft for it. 2 Likes 1 Share |
Webmasters / An Interesting Story Of a Lady, A Hacked Website, And How I Fixed The Hack by Dmayor7(m): 6:22pm On Jul 07, 2020 |
Website hacking is real and costs a lot of time and money to fix, depending on what's affected. I just cleaned up a hacked website the other day. I started since morning and finished in the evening. Time-consuming and also tiring. I was just lucky it's minimal, some hacks will take days to clean up. It happens that the site was injected with a "malicious redirect code". When you visit the website, it redirects to another site done by the hacker, and the sites are always different each time you reload the site. Please, before I move on, I want you to know that I am no Security Expert, but knows quite enough to detect when something isn't going right and then fix it. So, what is a "Malicious Redirect"? According to WordFence; A malicious redirect is a code inserted into a website with the intent of redirecting the site visitor to another website. Malicious redirects are typically inserted into a website by attackers with the intent of generating advertising impressions. However, some malicious redirections can have more damaging effects. A malicious redirect can exploit vulnerabilities in a site visitor’s computer through web-based scripts to install malware on unprotected machines. As such, it is critical to remove malicious redirects from your site. So, as you can see, this malicious code can be damaging to your reputation and branding. When my friend called me and told me her site is experiencing such, her voice was tired, she does not know what the problem is, and people have been calling her saying they can't browse her website. Then I geared up and logged into the site. The first thing that greeted me was a whole lot of outdated plugins and themes. I started by updating all of them. After I finished, I went to the homepage to see if it still redirects. It didn't redirect so I thought it's over, but no, I am really in for a long tiring day. DEADLY MISTAKE NUMBER 1: Always update your website software, themes, plugins, everything. Let it be up to date at all times. I called her on the phone and told her the site is fixed that she can crosscheck. Only for her to call me back a few moments later, "Darlington, it's still redirecting o" ME: But how can that be? Alright, clear your browser cache and cookies, then try it again. HER: I just did it, but it's still the same thing. That was when I realized that this is going to be a tough one. So, I headed on to Sucuri and scanned the website. Lo and behold! JavaScript malicious code was in it. I must say this, one thing I love about Sucuri site check is the fact that it even showed me the exact code and where it was. In my case, it appears to be in the header of all the pages on the site. I went to the Theme Editor and selected the "header.php", searched for that particular code and removed it. I was so happy and feeling like a demi-god but little did I know that it's not yet Uhuru. I saved my changes and did another scan using Sucuri. Still, it shows me the malicious codes are still there. Alright, time to kill this rat from another angle. I installed WordFence plugin and ran a malware scan on the site. After the scan, it shows me full detail of all the folders and directories that were infected by this same code. More than 92 different files inside different folders! I told you, am in for a long day. That is it. I have to remove the malicious code from all those files, manually. I braced myself up for the task and kept on it, opening files, removing malware, saving changes, then doing it over and over and over again. It wasn't easy, but this is the penalty for not taking your website security seriously. DEADLY MISTAKE NUMBER 2: Always integrate a security plugin on your WordPress website. WordFence has been saving lives since the 19 zero zeros. You may think, well at least I now know what to delete and where to go and delete it, but it comes with its problems too. The problem came toward evening time when I am about to finish. I mistakenly deleted a core WordPress folder and boom! The site stops working. I then downloaded a fresh WordPress file and tried to recreate what I have deleted. I just cannot. It seems to me I missed one or two other files. I do not know, but I just cannot. Then fear crept into my heart. So, this is how I just deleted off my client website? She will not be happy, and it will warrant building a new website from the ground up. But is there any backup? Okay, let me check. I checked and behold there is a backup. Oh! God of mercy! DEADLY MISTAKE NUMBER 3: Always backup your website, and always check to see if there is a backup before attempting to do changes to your website files. Okay, It then strikes me like a bolt from the blues. What if I just rolled back the website to the backed-up version? I did it, and do you even know what happened? Can you guess? The website became reborn! No malicious codes, no whatsoever. The site became born anew! I wanted to flog myself in the buttock for not thinking of this in the first place. After spending all these long tiring hours, I just fixed the issue with a simple reinstalling of the backed-up version. Well, this is the life we live in this web designing game. Ask, my web developer friends can relate to this. To debug is not a child play, and most times, the solution can just be an easy little fix. So, my brothers and sisters, this is the story of my life and how I fixed a website injected with a malicious redirect code. ----------------------------------- Preventive Actions to Protect your website: ------------------------------- Now, let us get down to preventive actions you need to take to avoid experiencing this tiring and messy situation that I happened to find myself in. Keep software up to date: Whether WordPress or any other, try and keep things updated. It may seem obvious, but ensuring you keep all software up to date is vital in keeping your site secure. It applies to both the server operating system and any software you may be running on your website. Always, check for updates and upgrade to latest versions. Ensure the use of strong passwords: Almost everyone knows they should use complex passwords, but in reality, do they? Hell no! I heard Mark Zukerberg used 1234 as his Facebook login password and was compromised. Have you heard of Brute Force Attack? Listen, it is crucial to use strong passwords for your web server and website admin area, and equally important to insist on good password practices for your website users to protect the security of their accounts. I recommend you use "LastPass" to generate and manage strong passwords. Make use of HTTPS or SSL: It stands for Secured Hypertext Transfer Protocol, and it guarantees that users are talking to the server they expect and that nobody else can intercept or change the content they see in transit. It is not even expensive, "Let's Encrypt" is here to make your life easier. Install a website security tool: See, your website resides in a world full of hackers, who are all the time on the prowl, looking for who to take advantage. A website without any security measures could be more prone to attacks. The first thing you should do when you set up a WordPress website is installing a security plugin right away. I recommend my darling WordFence and Sucuri. Any of them will never fail you. Backup Frequently: Should I still emphasise on this? Please, fixing a hacked website is hard and could take a long time! A backup copy of your site would enable you to restore it to normalcy. You can then take time to fix the hack and seal off any website vulnerabilities that allowed the hacker to get an express ticket to your website. Implement 2 Factor Authentication: When you install WordFence, there is an option there to help you enable this on your website. A 2-factor authentication helps to add another layer of security to your login. Once you try to log in, it will send you a code to either your email or phone number and require you to input the number code before you can log in. It is necessary to implement. Of course, there are many ways to kill a rat, as my people will say. If we start discussing ways to prevent a hack and protect your website, the cow will come home. Other methods include but not limited to; Disallow Plugin Installations Auto Logout Inactive Users Limit Login Attempts Restrict File Uploads Change The "wp-admin" to something else Now, let me ask you. Are you using WordPress on your website? Is your admin username still "admin"? You know it is hard to change your username once you have created your admin account, but I have something for you. An easy bonus tip you can implement right away and change your username. Follow me step by step... Login to your WordPress dashboard. Click on "Users" then click on "Add New". Put in a correct and good username. Make sure you use LastPass to generate a strong password. On the "Role", select "Administrator" Then click on "Add New User" at the bottom. Have you done this? Now, follow me, we are almost done. Logout from your website. Log in using the new user you just created. Click on "Users". Now, select the old "admin" user. Have you selected it? Now, hover your mouse on it, you will be able to see "Delete" click it to delete the user. A page will come up asking you whether you want to transfer all posts by the old "admin" to yourself right now. Select yes and click on "Confirm Deletion" That's it, we are done. You have just changed your admin username to a brand new hard to guess username instead of the easy to guess "admin". Thank you for reading this post to the end. I know it's long but if I could make it shorter, I would have done so. I know you must have experienced website hack at some point in your internet journey. Tell us your story in the comment section and how you were able to fix it. 3 Likes
|
Programming / I Told Her The Hacked Website Is Fixed. A Few Moments Later, She Called Me... by Dmayor7(m): 6:10pm On Jul 07, 2020 |
Website hacking is real and costs a lot of time and money to fix, depending on what's affected. I just cleaned up a hacked website the other day. I started since morning and finished in the evening. Time-consuming and also tiring. I was just lucky it's minimal, some hacks will take days to clean up. It happens that the site was injected with a "malicious redirect code". When you visit the website, it redirects to another site done by the hacker, and the sites are always different each time you reload the site. Please, before I move on, I want you to know that I am no Security Expert, but knows quite enough to detect when something isn't going right and then fix it. So, what is a "Malicious Redirect"? According to WordFence; A malicious redirect is a code inserted into a website with the intent of redirecting the site visitor to another website. Malicious redirects are typically inserted into a website by attackers with the intent of generating advertising impressions. However, some malicious redirections can have more damaging effects. A malicious redirect can exploit vulnerabilities in a site visitor’s computer through web-based scripts to install malware on unprotected machines. As such, it is critical to remove malicious redirects from your site. So, as you can see, this malicious code can be damaging to your reputation and branding. When my friend called me and told me her site is experiencing such, her voice was tired, she does not know what the problem is, and people have been calling her saying they can't browse her website. Then I geared up and logged into the site. The first thing that greeted me was a whole lot of outdated plugins and themes. I started by updating all of them. After I finished, I went to the homepage to see if it still redirects. It didn't redirect so I thought it's over, but no, I am really in for a long tiring day. DEADLY MISTAKE NUMBER 1: Always update your website software, themes, plugins, everything. Let it be up to date at all times. I called her on the phone and told her the site is fixed that she can crosscheck. Only for her to call me back a few moments later, "Darlington, it's still redirecting o" ME: But how can that be? Alright, clear your browser cache and cookies, then try it again. HER: I just did it, but it's still the same thing. That was when I realized that this is going to be a tough one. So, I headed on to Sucuri and scanned the website. Lo and behold! JavaScript malicious code was in it. I must say this, one thing I love about Sucuri site check is the fact that it even showed me the exact code and where it was. In my case, it appears to be in the header of all the pages on the site. I went to the Theme Editor and selected the "header.php", searched for that particular code and removed it. I was so happy and feeling like a demi-god but little did I know that it's not yet Uhuru. I saved my changes and did another scan using Sucuri. Still, it shows me the malicious codes are still there. Alright, time to kill this rat from another angle. I installed WordFence plugin and ran a malware scan on the site. After the scan, it shows me full detail of all the folders and directories that were infected by this same code. More than 92 different files inside different folders! I told you, am in for a long day. That is it. I have to remove the malicious code from all those files, manually. I braced myself up for the task and kept on it, opening files, removing malware, saving changes, then doing it over and over and over again. It wasn't easy, but this is the penalty for not taking your website security seriously. DEADLY MISTAKE NUMBER 2: Always integrate a security plugin on your WordPress website. WordFence has been saving lives since the 19 zero zeros. You may think, well at least I now know what to delete and where to go and delete it, but it comes with its problems too. The problem came toward evening time when I am about to finish. I mistakenly deleted a core WordPress folder and boom! The site stops working. I then downloaded a fresh WordPress file and tried to recreate what I have deleted. I just cannot. It seems to me I missed one or two other files. I do not know, but I just cannot. Then fear crept into my heart. So, this is how I just deleted off my client website? She will not be happy, and it will warrant building a new website from the ground up. But is there any backup? Okay, let me check. I checked and behold there is a backup. Oh! God of mercy! DEADLY MISTAKE NUMBER 3: Always backup your website, and always check to see if there is a backup before attempting to do changes to your website files. Okay, It then strikes me like a bolt from the blues. What if I just rolled back the website to the backed-up version? I did it, and do you even know what happened? Can you guess? The website became reborn! No malicious codes, no whatsoever. The site became born anew! I wanted to flog myself in the buttock for not thinking of this in the first place. After spending all these long tiring hours, I just fixed the issue with a simple reinstalling of the backed-up version. Well, this is the life we live in this web designing game. Ask, my web developer friends can relate to this. To debug is not a child play, and most times, the solution can just be an easy little fix. So, my brothers and sisters, this is the story of my life and how I fixed a website injected with a malicious redirect code. ----------------------------------- Preventive Actions to Protect your website: ------------------------------- Now, let us get down to preventive actions you need to take to avoid experiencing this tiring and messy situation that I happened to find myself in. Keep software up to date: Whether WordPress or any other, try and keep things updated. It may seem obvious, but ensuring you keep all software up to date is vital in keeping your site secure. It applies to both the server operating system and any software you may be running on your website. Always, check for updates and upgrade to latest versions. Ensure the use of strong passwords: Almost everyone knows they should use complex passwords, but in reality, do they? Hell no! I heard Mark Zukerberg used 1234 as his Facebook login password and was compromised. Have you heard of Brute Force Attack? Listen, it is crucial to use strong passwords for your web server and website admin area, and equally important to insist on good password practices for your website users to protect the security of their accounts. I recommend you use "LastPass" to generate and manage strong passwords. Make use of HTTPS or SSL: It stands for Secured Hypertext Transfer Protocol, and it guarantees that users are talking to the server they expect and that nobody else can intercept or change the content they see in transit. It is not even expensive, "Let's Encrypt" is here to make your life easier. Install a website security tool: See, your website resides in a world full of hackers, who are all the time on the prowl, looking for who to take advantage. A website without any security measures could be more prone to attacks. The first thing you should do when you set up a WordPress website is installing a security plugin right away. I recommend my darling WordFence and Sucuri. Any of them will never fail you. Backup Frequently: Should I still emphasise on this? Please, fixing a hacked website is hard and could take a long time! A backup copy of your site would enable you to restore it to normalcy. You can then take time to fix the hack and seal off any website vulnerabilities that allowed the hacker to get an express ticket to your website. Implement 2 Factor Authentication: When you install WordFence, there is an option there to help you enable this on your website. A 2-factor authentication helps to add another layer of security to your login. Once you try to log in, it will send you a code to either your email or phone number and require you to input the number code before you can log in. It is necessary to implement. Of course, there are many ways to kill a rat, as my people will say. If we start discussing ways to prevent a hack and protect your website, the cow will come home. Other methods include but not limited to; Disallow Plugin Installations Auto Logout Inactive Users Limit Login Attempts Restrict File Uploads Change The "wp-admin" to something else Now, let me ask you. Are you using WordPress on your website? Is your admin username still "admin"? You know it is hard to change your username once you have created your admin account, but I have something for you. An easy bonus tip you can implement right away and change your username. Follow me step by step... Login to your WordPress dashboard. Click on "Users" then click on "Add New". Put in a correct and good username. Make sure you use LastPass to generate a strong password. On the "Role", select "Administrator" Then click on "Add New User" at the bottom. Have you done this? Now, follow me, we are almost done. Logout from your website. Log in using the new user you just created. Click on "Users". Now, select the old "admin" user. Have you selected it? Now, hover your mouse on it, you will be able to see "Delete" click it to delete the user. A page will come up asking you whether you want to transfer all posts by the old "admin" to yourself right now. Select yes and click on "Confirm Deletion" That's it, we are done. You have just changed your admin username to a brand new hard to guess username instead of the easy to guess "admin". Thank you for reading this post to the end. I know it's long but if I could make it shorter, I would have done so. I know you must have experienced website hack at some point in your internet journey. Tell us your story in the comment section and how you were able to fix it. 11 Likes 3 Shares
|
Webmasters / Re: Help!! Need A Reliable Host For .com.ng Domains by Dmayor7(m): 1:12am On Jan 28, 2019 |
power50: Bluehost is not the only good web hosting company.. But why I love Bluehost is because of there best to none customer care.. Seriously, I havent seen a web hosting with such professional, friendly, and expert customer service. They will listen to you and solve your problem in a matter of minutes. They can even help you out in any thing you finding hard to do in your website FREE of charge. All these and many more made me to fall in love with their service. I have been using them for 3 years now with nothing but good testimonies from me and my clients that I designed their websites. 1 Like |
Webmasters / Re: How Can I Get Advertisers To Advertise On My Blog? by Dmayor7(m): 6:38pm On Nov 02, 2018 |
benzems: Ok.. as you wish... |
Webmasters / Re: Work For A Blog And Get Paid by Dmayor7(m): 9:41am On Apr 07, 2018 |
Tenumah32: What's the pay? |
Webmasters / Re: How To Create Free Blog by Dmayor7(m): 9:40am On Apr 07, 2018 |
This is cool.. If creating a successful WordPress website is what you are after, then check this step by step tutorial at w3programs.com |
Webmasters / Re: Help Solve This Shipping Problem In My Ecommerce Website by Dmayor7(m): 9:11pm On Apr 06, 2018 |
domcreative: Check this article and your problem is solved. If along the way you still need a professional help, holla me via 08175765974 or dalingtonokafor@gmail.com |
Webmasters / Re: Woocommerce Shipping Price By State/city by Dmayor7(m): 9:06pm On Apr 06, 2018 |
fid4992: Hello... This can be solved remotely and easily. All you need to do is to list out what you need to achieve here and I will help you out from here too. |
Webmasters / Re: 10 Major Reasons For A Slow Website Speed by Dmayor7(m): 8:15am On Apr 06, 2018 |
akeentech: Sincerely, these above two can be totally solved perfectly and easily when you choose a good and reliable web hosting. For a comprehensive tutorial on web hosting and how to choose a befitting and reliable web hosting for your website check this article here w3progams.com/hosting 3 Likes |
Webmasters / Re: Buy Websites(blog) In Nigeria by Dmayor7(m): 8:11am On Apr 06, 2018 |
scaramenga: You are really not okay upstairs o... lol... |
Webmasters / Re: Buy Websites(blog) In Nigeria by Dmayor7(m): 10:35pm On Apr 05, 2018 |
scaramenga: Please check flippa.com and receive sense.. |
Webmasters / Re: Please Help, How Do I Leave Wordpress For Another Host by Dmayor7(m): 10:12pm On Apr 05, 2018 |
izzyboi: Hello... There are two types of WordPress website which is Self-hosted Wordpress and Hosted Wordpress I believe you are using the Hosted Wordpress with a . extension.. Alright, Here is what to do. You can migrate to a Self-hosted wordpress website by following this tutorial here Then if you need help in choosing a reliable hosting for your wordpress website so you don't make mistakes and loose money and time, you can read this article here I hope this helps? |
Webmasters / Re: Buy Websites(blog) In Nigeria by Dmayor7(m): 9:55pm On Apr 05, 2018 |
scaramenga: God will keep you alive to see the day it will rise to popularity and overflowing revenue.... Oloshi like you.. Instead of encouraging him you are here talking trash.. |
Webmasters / Re: Abrash Dah Banker Is About To Host Site by Dmayor7(m): 9:49pm On Apr 05, 2018 |
abrashmick: I advise you read this article at w3programs.com/hosting first before you take any action t avoid loosing money and time. The article will show you what and what to look in a web hosting and also guide you into choosing the best web hosting for your website. If you need any help along the way, holla me via 08175765974 or darlingtonokafor@gmail.com 1 Like 1 Share |
Programming / Re: Xampp Server User Please Come In And Assist by Dmayor7(m): 9:31pm On Apr 05, 2018 |
ediko5: Unistall that Picasa and check.. If it still persist then you need to really upgrade to windows 8 |
Webmasters / Re: Best Registration Plugin For Wordpress by Dmayor7(m): 5:38pm On Apr 04, 2018 |
[quote author=hemlock0 post=66431665][/quote] You are welcome... Edit your previous comment, the one you qouted me.. Your reply is inside my own quote.. |
Webmasters / Re: Bloggers Drop Your Url For Total Reviews by Dmayor7(m): 5:21pm On Apr 04, 2018 |
seoscrib: Check www.w3programs.com |
Webmasters / Re: Logo Design Needed by Dmayor7(m): 5:19pm On Apr 04, 2018 |
JohnChopDollar: Hi, I am a good web/graphics designer with eyes for good designs and outstanding color combinations. I have worked on many designs ranging from flex banners, to I.D cards, to Marketing Flyers, to Logos and brochures. Let's talk via 08175769574 and I assure you of a professional and high quality logo design. Thanks. |
Webmasters / Re: Kilowi Social Media App by Dmayor7(m): 5:15pm On Apr 04, 2018 |
1 Like |
Webmasters / Re: Google Honors Mandela's Wife, Winnie By Using Her Emoji As Google's Homepage by Dmayor7(m): 5:12pm On Apr 04, 2018 |
bumi10: This is wonderful!.. |
Webmasters / Re: Best Registration Plugin For Wordpress by Dmayor7(m): 5:10pm On Apr 04, 2018 |
hemlock0: First you need to enable registration in your wordpress website. Then you need two plugins.. Ninja Form and Membership pro With the Ninja Form you design your registration form. With the Membership Pro you enable user dashboard and other things you need. If you need help in any way, holla me via 08175765974 Kudos 1 Like |
Webmasters / Re: Can I Earn Money Advertising For Eleavers.com On My Website Here In Nigeria by Dmayor7(m): 5:04pm On Apr 04, 2018 |
danwilliams4u: You can withdraw your money if you have a U.S paypal. You will need; a VPN a U.S Address a U.S number a Payooner Account I can help you open a U.S paypal account for a little bucks. Contact me via 08175765974 or darlingtonokafor@gmail.com |
Programming / Re: Software developers. A question regarding work-life balance. by Dmayor7(m): 4:55pm On Apr 04, 2018 |
Ibelievee: Its really hard sha... I sometimes cut my date short just because a new idea popped inside my head on how to tackle a particular bug that has been bugging my codes. At times, I will forget to even eat or cook anything to eat until late into the night... I lost most of my peers because I don't usually show up for Sunday eve drinks and groove. In all, I am always fulfilled whenever i get a project right. 2 Likes |
Webmasters / Re: I Need Web Designer To Help Me Rank Up My Site On Google by Dmayor7(m): 9:43am On Apr 03, 2018 |
Unique32: For you to start seeing the results of SEO it takes time. And you can even do it yourself when you have the right knowledge. I strongly advise you to try and do it yourself before you fall into scam! Below are resources to guide you with your website SEO https://neilpatel.com/blog/improve-google-rankings-without-getting-penalized/ http://www.wpbeginner.com/wordpress-seo/ http://www.bulletpoint.ca/blog/how-to-do-seo-no-money-no-time/ https://ahrefs.com/blog/increase-website-traffic/ http://www.jeffbullas.com/13-super-easy-ways-to-immediately-improve-your-seo-ranking/ Seriously, after going through all these you will become an SEO PRO already. If you need any help along the way about anything or SEO concept you didn't understand, just holla me via 08175765974 or darlingtonokafor@gmail.com |
Webmasters / Re: How Many Programmers Experience This by Dmayor7(m): 9:33am On Apr 03, 2018 |
asco15: hahhahaaahahhaaa.. times without number.. I have spoilt my keyboard at a certain time because I slept on my laptop while drinking tea. The tea spilled into the keyboard and spoilt it. I have also spoilt my android phone when I slept off on top if it. I woke up to a broken screen!... I am laughing now, but it's not funny, never. But wetin I man go do? Some programming need to be done. Some debugging needs my attention. I need to research and learn more. So, my brother there is no time o... 1 Like |
Webmasters / Re: Good Content Writer by Dmayor7(m): 9:28am On Apr 03, 2018 |
gibsolala: Sure, I am up or the task... Let's talk via 08175765974 |
(1) (2) (3) (4) (5) (6) (7) (8) (9) (10) (of 32 pages)
(Go Up)
Sections: politics (1) business autos (1) jobs (1) career education (1) romance computers phones travel sports fashion health religion celebs tv-movies music-radio literature webmasters programming techmarket Links: (1) (2) (3) (4) (5) (6) (7) (8) (9) (10) Nairaland - Copyright © 2005 - 2024 Oluwaseun Osewa. All rights reserved. See How To Advertise. 85 |