How To Fix: H4ck3d by R3d Dr4GoN
This happened to me on both of my WordPress blogs, this one, and Pacific Northwest Photoblog. This could happen to any site though, not just WordPress sites.
First off, do not panic.
Either way clearing this up is pretty easy. In both cases there was a 301 Redirect in my .htaccess file on the very first line. I removed this and was able to get to sub pages. The main page continued to be a problem though. Looking closer I found that I had an index.php and index.html page. Since WordPress renders completely in PHP, the presence of Index.html was a bit strange. Taking a look at it I found:
H4ck3d By R3d Dr4GoN
This Site Is
Very clearly this is incorrect. So I renamed Index.html to Index.hack, refreshed my main and everything was back to normal! After this be sure to change the password to your terminal/ftp user, create new SSH keys or create new ones if you don’t have any, and just to be safe, change your WordPress blog admin password.
While the actual hack was pretty amateurish, and was likely done by a script that exploited known security issues, it shows just how important proper security is in this day and age. And more importantly, it shows that no matter what you know, and how much you prepare – you will get hacked someday.
How To: Streamline WordPress by removing Database calls
*Warning – the following instructions involve editing PHP code. Doing so incorrectly can mess up a working blog very badly. Only attempt if you are confident you know what you are doing.*
One of the powers of WordPress is that it is very customizable with thousands of themes and as many plugins. A lot of this customization is done via generic database calls that store the required information. This has two advantages, theme designers know exactly what calls to make so that a blog shows all the required information. And this allows blog admins to quickly and easily flip between themes with no configuration needs afterwards.
But the downside is that a blog makes over a dozen database calls just to bring up a single web page. Many of these are stored in the header.php and footer.php files and only shows such information like the blog name, title, and dynamic links to resources pulled up every time. By removing these database calls and hardcoding the links we can not only streamline and quicken webpage loading, we can also reduce the number of database calls a page needs.
Note that several themes will update automatically occasionally. This will remove any changes you’ve made. The best suggestion is to copy your preferred theme to a new theme directory and call it a different name, then make the new theme your active one that you’ll streamline.
Here is the Header.php file from the “life-is-simple” WordPress Theme. This is a pretty simple and generic theme so it makes a good example.<html xmlns="http://www.w3.org/1999/xhtml" > <meta http-equiv="Content-Type" content=" ; charset=" /> <meta name="generator" content="WordPress " />
@import url( ); <link rel="shortcut icon" href="/icon.png" type="image/x-icon" /> <link rel="pingback" href="" /> <body >
I highly suggest changing one line at a time and testing it before going on to the next. This will help find any errors that popup through misplaced tags.
In the WordPress world, <?php denotes a database lookup of some sort. These are the lines that we want to try to remove as much as possible, but there are a few other locations we can clean up also.<html xmlns="http://www.w3.org/1999/xhtml" > <meta http-equiv="Content-Type" content=" ; charset=" />
can be streamlined to:
All we did was remove the database lookup by hard coding the variables that would have been found. It’s critical to note that the charset maybe different for your blog depending on the language of the blog. The exact charset you should use is beyond the scope of this post, if you want to know more about charsets, here are some good links:
WordPress Database Charset and Collation Configuration
How to Avoid Character Encoding Problems in PHP
Seeing Weird Characters On Your Blog? Here’s How To Fix Your WordPress Character Encoding (Latin1 to UTF8)
For SEO reasons, we probably want to keep the next php lookup:<meta name="generator" content="WordPress " />
But the title lookup can streamlined drastically
As the blog author we know what the page title (wp_title,) and bloginfo already are – in fact when first setting up WordPress these were likely two of the very first things entered. Just in case it’s needed, these are under General -> Settings. The page title is “Site Title,” and bloginfo is the “Tagline” field.
So we can minimize this line to:
Pacific Northwest Photoblog - Travel Photos and History from the Pacific Northwest
The next line we can remove is the favicon, this is the 16×16 pixel icon that shows in the address bar and is saved when a page is bookmarked. The actual name can change from theme to theme, but it will always be located in the theme directory under wp-content. So this line:<link rel="shortcut icon" href="/icon.png" type="image/x-icon" />
The icon may also have an .ico extension, or it can be something called favicon.png.
The next database lookup finds the pingback url. Note that this is an href= link that is looking for an html link, the database lookup simply grabs the webpage url, then appends /xmlrpc.php to it. All we do is add the link ourself.<link rel="pingback" href="" />
In the original code above, the next database lookup is a critical one. This brings up the actual “body” of the blog. This could a static page, or a list of posts, depending on what settings were chosen in the blog. Either way, skip over the following database lookup because it is hugely critical.<body >
In the header wrapper though, we have another familiar line:
This is almost exactly the title line from above, but with an href link to the home page in it.
Travel Photos and History from the Pacific Northwest
At this point the header.php file is streamlined quite significantly. Next we go to the footer.php file as there is a couple more database lookups we can hardcode here also.
Original footer.php file:
As you can quickly see there is another “bloginfo” lookup here including an HTML link, just like the title lookup had in header.php.Pacific Northwest Photoblog . <?php _e('"Life is Simple" is a simple theme for WordPress, powered by Chereshka.', 'life-is-simple'); ?>
Some people would suggest removing the link to the Theme artist if it exists, along with other “useless” information. Personally I prefer to leave it to give credit to the people who provided the theme for free, but it does take a little resources to serve up. Every line removed decreases the load time slightly and will make a big difference if a blog is getting thousands of hits at once.
But we can do one other thing – remove the year lookup as defined by this piece of code:
I wanted to add my copyright blurb here so changed the code to:Pacific Northwest Photoblog Copyright Rick Hamell 2006-2014. <?php _e('"Life is Simple" is a simple theme for WordPress, powered by Chereshka.', 'life-is-simple'); ?>
Some blogs will have an RSS feed link in this area. For posts this typically look like
And for comments the RSS Feed typically looks like this
My rss feed is http://PNWPhotoBlog.com/feed/ . But RSS Feeds can look a little different, especially if you use Feedburner. So be sure to check the exact link before editing the code.
Personally I do not care if people subscribe to my comments via RSS, but I would like more readers to subscribe to my general RSS feed. My full code now looks like this:Pacific Northwest Photoblog Copyright Rick Hamell 2006-2014. Subscribe via RSS
<?php _e('"Life is Simple" is a simple theme for WordPress, powered by Chereshka.', 'life-is-simple'); ?>
By these directions we’ve removed sixteen full database lookups! This halved the loading time of my webpage, PNWPhotoblog.com. That is quite a difference, don’t you agree?
Thanks to Joost de Valk “Yoast” for his very informative blog post “Clean up you theme” that inspired this post. If you have any comments, suggestions, questions, or want to correct my code, please leave a comment below.
How to: Erase Hard Drives at Linux Command Line
The simplest way is the dd command. Simply type:
dd if=/dev/zero of=/dev/
This process takes a while but it will write zeros to the whole hard drive. The DD command can also be used to write zeros to just one partition, and should work on just about any Unix or Unix like system. But this may not be the end all and you’ll want a bit more security. Luckily several utilities exist for just such an occasion.
Wipe is one of the better ones I’ve seen. It claims to use the Gutmann method as one of it’s processes.
Another method is one of the simplest and makes reading man pages profitable. The good old rm command with -P does a three time wipe on each file, by (according to the man page) writing “first with the byte pattern 0xff, then 0x00, and then 0xff again.
Secure rm or “srm” is a fancy remove program that overwrites the files it deletes much like rm -P command. By default it overwrites, renames, then truncates the file(s) before unlinking and removing them. Two flags can be specified for the really paranoid, -m does “overwrite the file with 7 US DoD compliant passes (0xF6, 0x00, 0xFF, random, 0x00, 0xFF, random)” and -z which zeros the files after overwriting. So srm -rf -m -z /dev/<drive name>/ would do a pretty good job of killing everything on the hard drive.
Another trick I picked up from the FreeBSD mailing list is: split -b 200m /dev/random randomdata ; sync && rm randomdata* This uses part of my preferred method of splitting the hard drive into multiple partitions then writing random data over each piece. If can be ran as many times as needed and by changing the -b flag’s size could make most data very unreadable.
And last but not least, Techrepublic has a post about using Shred to delete files and filesystems.
How to: Enable disabled USB in Windows
Note: This assumes you have administrator rights on the Windows PC in question. Valid for all version of Windows I was able to test it on. (XP, 2000, Windows 7)
Note #2: This command edits the Registry. Doing so incorrectly can severely mess up your machine. If you do not feel comfortable editing the Registry, contact your IT department or local Computer Shop.
Some Virus and Malware will disable the USB ports in Windows to keep themselves from getting “cleaned” off the machine. Note that this does not affect the USB Keyboard or Mouse in any way.
1. Click Start, and then click Run.
2. In the Open box, type “regedit,” and then click OK.
3. Locate, and then click the following registry key: HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesUsbStor
4. In the right pane, double-click “Start”.
5. In the Value data box, type “3” without quotes
6. Click Hexadecimal if it is not already selected, and then click OK.
6. Quit Registry Editor
7.) Restart Computer
To re-disable, in step 5 use “4” instead.
If you do not have administrative rights to the computer, contact your IT department, or your local Computer Repair Shop.