Thumbs.php Hack – How To Fix It?

September 29, 2011 by · Comments Off
Filed under: Website Talk 

( The Best Web Hosting Service )-Recently, this site and about 10 others (on 9/28/11) I run were hacked and hackers managed to compromise our thumbs.php file.  Honestly, I had no clue what a thumbs.php was until it was hacked.  But, as you are about to learn in this article the compromise of your thumbs.php (for WordPress, Joomla, Drupal, ect) can cause a lot of stress.  It is the first time I have dealt with this exploit and I want to show you how to fix it and make sure it doesn’t happen again.  However, don’t worry because it is a simple fix that is easy to manage.

Provided you are taking all the right security measures, such as keeping your framework up to date with your themes and keeping up with the WordPress (or whatever CMS) you are using updated, you shouldn’t have that many issues with the thumbs.php getting hacked.  Bare in mind, these precautions won’t hurt you but do make it a little tougher for intruders to get into your site and screw up your server.

For me I got a message from InMotion telling me my server was suspended, which actually made my heart stop a beat for a second.

Here is what you need to do to find a thumbs.php hack:

•    Login to your cPanel and check your log files (errors)
•    Identify where people are trying to go on your server and take note of the IP address
•    See what theme is at risk (remember to update your framework)  I personally, like WooThemes because they are very good at always having updates for their themes
•    Remove the files that are corrupt (thumbs.php)  This is found in your wp-content/themes/

One thing I want to you to take note of when you are viewing your log files is for errors.  If you see repeat attempts to gain access to this file you know that people are trying to exploit you.  It is sad that so many people try to hack and make our jobs/hobbies harder than they have to be.

To simply fix this problem it is very easy:

Make sure that you are backing up your sites ones a week.  Believe me, the worst feeling in the world is having your site hacked and having a backup on file that was a year ago (very frustrating).  Their are a number of WordPress backup plugins which can save you a lot of time and you should start using if you aren’t currently using them.

Simply replace your thumbs.php file with a backup one from a week ago.  That is all you need to do.

Now for the prevention (of the thumbs.php hack):

Once you look at your error logs block the IP’s that were trying to access you thumbs.php
Go to your .htaccess file and put this code in:

<FilesMatch "^(wp-config\.php|install\.php|php\.ini|php5\.ini|readme\.html|bb-config\.php|\.htaccess|readme\.txt|timthumb\.php|thumb\.php|error_log|error\.log)">
Deny from all
</FilesMatch>

Your all good to go now you can tell hackers to go to hell!  If you are having issues with GoDaddy (which I don’t recommend) than you can switch to InMotion or Hostgator which seem to be a lot more secure than Godaddy.

Tags: , ,

GreenGeeks Promo Code 2011

September 28, 2011 by · Comments Off
Filed under: Choosing The Best Web Host 

Green Geeks(The Best Web Hosting Service )- GreenGeeks is certainly a great web hosting service and why I do recommend them as much as InMotion, Hostgator, and WebHostingHub there are couple of things that make them a valuable company to call your web hosting service.

Save $30 on ALL annual packages “TBWHS30″ CLICK HERE.

For starters when you sign up with GreenGeeks you get a free domain which is an excellent benefit.  Not to mention all the extra goodies their service comes with like Adwords credit, site builders, ect. but they are fairly cheap for the money.  True their are cheaper web hosting companies such as Fatcow, but GreekGeeks is certainly a feature rich web hosting service.

I have personally worked out a special offer with GreenGeeks and you can receive $30 off their annual packages if you use the promo code “TBWHS30″.  This certainly is a great deal and you get web hosting for 3 years for $150.  That averages out to a little over $4 per month!

This coupon code is going to expire at the end of this year so please make sure you don’t wait if you are serious about doing business with GreenGeeks (which I highly recommend)  You can see my full GreenGeeks review if you are still not sure about their service.

Not to mention they are 100% green!

Save $30 on ALL annual packages “TBWHS30″ CLICK HERE.

Tags: ,

TinyMCE Advanced – WordPress Plugin

September 26, 2011 by · Comments Off
Filed under: Wordpress and Blogging 

TinyMCE Advanced( The Best Web Hosting Service )- Looking for ways to beautify your WordPress pages and posts but not knowledgeable with HTML or JavaScript codes?  Then definitely there’s a plugin that can help you.  TinyMCE Advanced is a perfect plugin that could let you edit designs through a WYSIWYG editor to complement your blog’s whole layout.

Apparently, TinyMCE, also known as Tiny Moxiecode Content Editor plugin, is one of the top visual platform-based editor that can be integrated on different CMS platforms other than WordPress.
TinyMCE Advanced, the latest development in the plugin, has added another 15 design features that you can add to posts, including ability to import CSS classes directly from the main stylesheet displayed within a drop-down list, adding and editing tables within posts, support of XHTML tags and div layers, embedding videos, and in-line CSS styles.  It also comes with a lot more emoticons and smileys, for that more personalized and enjoyable look on your posts.

The default posting feature of WordPress has not much to offer in terms of designing the posts you make.  However, with this plugin, you can do much within the same old window, with just a lot of added buttons.  In case you are worried about it giving you longer time to fix the posts, it actually does the contrary.  It also comes with a lot of shortcuts to make your postings easy, especially if you post often.  The icons are not much of a trouble, and they are definitely user-friendly and will only eat up a bit of the space of the screen.  The new icons are grouped like additional toolbars above the editable part of the screen.

Currently, TinyMCE Advanced is compatible with the newer versions of WordPress, and it is still doing improvements on the service, which is by the way free, that can actually come within your dashboards as free updates.  Cool, isn’t it?  This plugin is now available on 80 different languages including English, German, French, Italian, Spanish, Portuguese, Russian, Chinese and Japanese.  So basically almost everyone can benefit from this cool plugin.

You can also use TinyMCE Advanced along with other TinyMCE plugins associated with all the features for more improvement, such as Tiny Table or TinyMCE Generic WP Shortcode Editor.

Indeed, this plugin is a very useful add-on that’s why there are many known major webmasters who got them on their own blogs.  Not only does it add the ability for further customization, but it also creates a much more personalized environment for authors who spend a long time and effort doing their best to make useful and entertaining contents.

To check out the TinyMCE Advanced plugin please click here.

Tags: , ,

InMotion Servers Hacked – But Great At Handling It

September 26, 2011 by · Comments Off
Filed under: Web Hosting Help, Website Talk 

Website Hacked( The Best Web Hosting Service )- You know i certainly love InMotion hosting as my InMotion review clearly shows.  But, one thing that was just impressive about them today was since their servers got hacked (believe me it happens wherever you host), but when it does they handle it very professionally.

Other hosting services on the other hand have never sent out an notification on this matter and to be honest with you some of them could care less, rather than just tell you they are working on the issue.  InMotion actually sent out emails today showing you how to fix the problem since they are bombarded with calls from people that have gotten their websites hacked.

Here is a copy of the message that was sent out today:

Dear Garen Arnold,

As you may be aware, our network, and potentially your server, was the
target of a large scale website defacing attack this morning, Sunday,
the 25th.  The defacement worked by replacing index files in all
public_html directories with the attacker”s index.php.  At this time, it
does not appear to be any more malicious than taking over the web site”s
home page, but we are still reviewing servers at this time.

We understand the method the attacker used to accomplished this and the
main exploit path was through an internal management server that can
control Cpanel on other servers.  The management server was used to
change passwords on the Cpanel servers then login with those passwords.
It does not appear that gaining passwords was a goal or was
accomplished, just password changes were used.  Access to the management
server was gained from an exploited customer”s server that was within
our network.

Though our team moved quickly to disable the internal management server
and limit the exposure of the servers to this attack when it began, it
was a very serious breach and could have been much worse if the hacker
had intended to do more harm.

At this time, we want to be sure you are aware of the attack and your
server”s potential exposure.  Our systems team has moved to repair the
index files, but the automated system is still running and may take a
few hours to finish all sites.

Please you review your sites if you have not already done so.  If you
have a backup of your site, you may upload your index.php files to
correct this. You will most likely need to do this for each directory.
If your site uses an index.html or index.htm, you will need to upload
those files, then delete the index.php.

If you were affected and you need assistance recovering the home page or
other directory indexes, please contact us.

Further, if you feel your server has been targeted more in-depth than
the index.php defacement, please contact us immediately and we will do
an additional scan on your server.

Though it does not appear gaining passwords was an intent of this
attack, it is recommended that you update all of your passwords related
to your server.

Please note, our billing, domain management, and customer tracking
system (AMP) was not targeted, nor was available to the Cpanel
management server.  It is on a separate network and firewall.

Please accept our apologies as we go through this process.  We are very
aware of our failure in this situation and we will provide more details
when we have completed the work of recovery.

Again, please review your server and sites if you have not done so
already.  Reach out to us immediately if you suspect a more in-depth
attack on your server.

Sincerely,

Todd Robinson
President
InMotion Hosting

Great job InMotion hosting and thanks for treating me well and helping to get my websites restored in no time at all :)

Tags: ,

Simple Tags – WordPress Plugin

September 19, 2011 by · Comments Off
Filed under: Wordpress and Blogging 

Simple Tags( The Best Web Hosting Service )- Another way to enhance your WWW influence is maximizing your categories and tags on your WordPress blog.  These are usually neglected areas, but apparently, they actually affect your website’s visibility on search engines.  If you aren’t sure how to supercharge these areas, then let me introduce you to Simple Tags plugin.

Simple Tags plugin is basically a plugin that lets you maximize the tag functionality built within the WordPress itself.  To understand what tags are and how important they are for your site, let’s discuss a bit on what they are.  In a nutshell, tags are keywords connected within contents and classification in your own website that drives users to find and select specific contents of your websites, much like how keywords work for search engines.  Tags are searched within your website that shows your visitors how useful your blog actually is.

Actually, as a blog visitor myself, I find a site more useful if I can find more relevant topics to what initially brought me there.  Supposing I searched for a certain event in a certain country in Google, then it draws me to a particular post in a website, I would of course want to see all the posts in that website related to that event.  If in fact I cannot find anything useful around, chances are I’ll find another site to suffice my needs.  That’s how important tags are.

Now, Simple Tags plugin maximizes the tag system by suggesting tags every time you post something and also by doing auto tagging.  It also helps you manage tags by letting you rename them, delete them, or merge them some time after you made all these tags.  It also searches automatically for related tags you already have within your website that is connected to what your new content is.  You can even do all these stuff with more than 50 posts at once!  Yes, Simple Tags lets you do mass editing of your tags, helping you save a lot of your time.

Along with these features, Simple Tags can also be synchronized with Technorati, Flickr and Delicious tags.  Also with this plugin, not only posts can be tagged, but also pages, and tags can be displayed in numerous and dynamic tag clouds to keep up with your theme design.

Indeed, tags are important way of keeping our visitors on our site, and with this plugin installed on our WP sites, we can definitely maximize this feature to benefit our traffic as well as interconnection with websites and visitors.

Please check out the Simple Tags WordPress plugin here.

Tags: , ,

Next Page »