Wednesday, 29 May 2013

How to recover your hacked Wordpress blog ?




WordPress
is one of the most popular content management systems at present. and at same time it is Most targeted as well. so today i will teach you some tips and Methods on how to patch/recover your site when your website is hacked (which is hosted on WP) and this post is also for those who want to keep there wordpress sites safe.

How to recover Hacked Wordpress website
if your WP website is attacked then follow these steps and get your site back.

Backup - if your website is infected to a small extent then it is still much necessary for you to secure the backup of your website before waiting to see your things changing to worse.you can use Plugin called BackupBuddy for this purpose but, i advice you to use UpdraftPlus Backup because it is free plugin and best alternate of Backupbuddy.

Change Login Details and Secret Access Keys – at the time you feel or see that your site is defaced then immediately check whether your login details are changed or not because some hackers didnt change login details in hurry. so if hacker did'nt changed your login details then quicky change login details and Wp-config secret access keys too.

Running scanners - The scanner are basically used to identify compromises at database level You can try out Cloud Sites WP Scanner plug-in or Sucuri Malware Scanner. After running the scanner you can proceed to next step.



Installing Your WordPress Again – Next important step involves Deleting all the files existing in the directory of WordPress except wp-config.php file and wp-content directory. After that you need to download and install a totally fresh copy of WordPress.

Review content folder - check all the folders in wp-content directory if you feel some folder does'nt belong to your site or seems sespicious then remove it , dont worry if you mistakenly removed any folder which is part of your blog and is not suspicious then you can get it back through backup files after even removing.

Review Plug-ins - Now this is time to analyza all your plug-ins simply remove all plug-ins from your Panel which you did'nt use and other plug-ins which you need should be uninstalled and INSTALLED again for security purposes.

Check your .htaccess file for hacks- Hackers can use your .htaccess to redirect to malicious sites from your URL. Look in the base folder for your site, not just your blog's folder. Hackers will try to hide their code at the bottom of the file, so scroll down. They may also change the permissions of the .htaccess file to stop newbies from editing the file. Change the permissions back to 644.

Now analyze your theme-
task of removing the extra themes which are not in use currently. Next task again involves reviewing your activated theme. Look through the PHP or Javascript code to find out any suspicious activity there. Most of the time hackers make such malicious changes in header.php or footer.php files.

Posted by R2blog. R2blog auto post for blogspot. Download at http://R2blogger.blogspot.com


Continue lendo

How to get thousands of Instagram Likes and Hundreds of followers ?





Personally i did'nt use INSTAGRAM but due to request of our daily visitor i am writing this article by this method you will get 150+ likes on All or several of your Pics and 150+ followers on any INSTAGRAM Account.

Tool we will use : Instahoot/Gramhoot This Online tool is created by Indian Developer Abhishek Luthra.

So let's start.

1- Get on your phone and make one fake INSTAGRAM account (new).

2-When fake account is created now add profile picture to your fake account and Upload five random pictures on your this fake instagram account and edit BIO of fake account (atleast of 7 words)

3-Go to http://www.instahoot.com
4-click on new Register button.


5-now click 'How to get authorization url'


6- Scroll down and click on the 'Click Here' link, that will log you out of any Instagrams account you may be logged in on the browser, now close that tab.

7-Now click on Authoriza gramhoot button.


8-now click on 'ok' and then on new tab of INSTAGRAM login with your Fake account you just created.


9-when loggined it will be written 'AUTHORIZE' click it.

10- now after authorizing you will be redirected to website name GRAMFEED now copy whole link
11-and paste that url in Authorization url feed . ^^^^

12-now click yes.

13-now enter fake account information in USERNAME and PASSWORD and there is a field INSTAGRAM REAL username now here enter the USERNAME of your real account where you want to get likes or followers.
It will take a little while (10-30 Seconds) to register.

14-when registered come back to www.gramhoot.com and now login here. with fake account and password.

15-when you are loggined in gramhoot you are done :) now click on any INSTALIKE photo and check results.


special Thanks to ABHISHEK LUTHRA for creating such a Helpfull tool for INSTAGRAM users.
Having any problems ? Comment below.

Posted by R2blog. R2blog auto post for blogspot. Download at http://R2blogger.blogspot.com


Continue lendo

how to change '404 not found' page of your Blogger blog. ?


Today i will be teaching you a Small but cool method on
how to change '404 not found' page of your Blogger blog. ?
404 Not found is the error which occurs when you try to visit page which does not occur
default 404 page of BLOGGER is not that well
This will allow to keep visitors engage on your blog for little longer and decrease bounce rate.


EXAMPLE

Here we go.
1-go to Blogger Dashboard settings and then click on Search preferences
2-click on Edit in front of custom page not found.
3-now in this area Paste this whole thing.


<!-- MBW 404 Page -->
<div class='MBW-404-box'>
<p style='line-height: 1.6em'><strong>
<font color='red' size='6'>
Oops!!!
</font> <font color='#666666'>
<!-- mybloggersworld.blogspot.com -->
Looks like you are trying to access page that does not exist or has been deleted. Please do any of the followings:
</font></strong></p>
<ol style='line-height: 25px'>
<li><a href='javascript:history.go(-1)'>&#171; Go Back</a> </li>
<li>Report the Problem By <a href='http://www.mybloggersworld.blogspot.com'>Clicking Here</a>&#160;&#160;&#160; (<i>This will help us serve you better</i>) </li>
<li>Go To Homepage by <a href='http://www.mybloggersworld.blogspot.com/contact'>Clicking Here</a>
<br/></li>
</ol>
<p><br><br></p><p align='center'><font color='#159b24' style='font-size: 135px'><strong>404</strong></font></p>
<p align='center'><font size='5'>Error Page Not Found</font></p>
</div>


4- Replace first url in this ^ whole with your blog link
5-replace second url with your blog contact section or you facebook account url
6-save the changes.
7-click dashboard then template and then on edit html
8-click anywhere inside that big BOX containing your HTML
9-press CTRL+F collectively
10-find
]]></b:skin>
11-Paste this whole code under
]]></b:skin> .
<b:if cond='data:blog.pageType == &quot;error_page&quot;'>
<style type='text/css'>
.status-msg-wrap {
font-size: 100%;
margin: none;
position: static;
width: 100%;
}
.status-msg-border {
display:none;
}
.status-msg-body {
padding: none;
position: static;
text-align: inherit;
width: 100%;
z-index: auto;
}
.status-msg-wrap a {
padding: none;
text-decoration: inherit;
}
.MBW-404-box {
background:#FFFFFF;
width:96%;
margin:10px 0px;
padding:15px 15px;
border:1px solid #b9b6b6;
-moz-border-radius:10px;
-webkit-border-radius:10px;
border-radius:10px;
box-shadow: 6px 6px 6px #e3e3e3;
}
</style>
</b:if>


12-save changings in template and you are done.
13-now check if it is working fine just open your website like
www.yourwebsite.com/lolololololol.

Posted by R2blog. R2blog auto post for blogspot. Download at http://R2blogger.blogspot.com


Continue lendo

how to send colourfull messages in facebook chat or messages ?



There are some codes which we have to copy paste (without removing any character or numbers) instead of writing ABC.. to get colourfull effect.
[[107015582669715]] = A
[[116067591741123]] = B
[[115602405121532]] = C
[[112542438763744]] = D
[[115430438474268]] = E
[[109225112442557]] = F
[[111532845537326]] = G
[[111356865552629]] = H
[[109294689102123]] = I
[[126362660720793]] = J
[[116651741681944]] = K
[[115807951764667]] = L
[[106596672714242]] = M
[[108634132504932]] = N
[[116564658357124]] = O
[[111669128857397]] = P
[[107061805996548]] = Q
[[106699962703083]] = R
[[115927268419031]] = S
[[112669162092780]] = T
[[108983579135532]] = U
[[107023745999320]] = V
[[106678406038354]] = W
[[116740548336581]] = X
[[112416755444217]] = Y
[[165724910215]] = Z
step : 1
copy the code in back of the word you want to write


step 2 : paste it in chat box and if you want to write the whole word like ‘danish’ in chat then copy codes of D , A , N , I , S , H and paste them in chat box and hit enter.
and you are done

Capture

Posted by R2blog. R2blog auto post for blogspot. Download at http://R2blogger.blogspot.com


Continue lendo

how to get more likes on facebook pages ? [tips]



1-customize your facebook page url
:
it is the best way through which the url of your page can be remembered by fans so they can like in future and also easy to find , choose the coolest and simplest in first time because it cant be changed again.2-A picture says thousand words.
choose a timeline cover which shows the reason of creation of page or the business use online photo editors like timeline cover maker because timeline cover is the reason of attraction of visitors of you page to like it3-put a facebook like widget on your site (if you got one) :

The ‘Like Box’ is a social plugin that enables page owners to attract and gain Likes from their own website. The Like Box enables users to:
- See how many users already like this Page, and which of their friends like it too

- Read recent posts from the Page
- Like the Page with one click, without needing to visit the Page
Place this in your blog/website sidebar but when you do this, make sure you set the options to include ‘Facepile’. That way, you’re ‘Like box’ will show your readers how many of their friends like the page as well.

4-Tag other well-trafficed pages on your page post :
for example i am posting a status on my business page that we have doone a deal with ‘yyy’ company then if i will write this post with tag ‘@yyy’ then the likers of that yyy page will be also come to us after seeing our post in that page side. hope you understand.

5-offline promotion :
do some offline promotion man add your fb link on TV ads , business cards etc or tell your friend about your page offline so they can help you in promotion

6-Ask your fans for help :
for example if your pae is on 950 likes then ask your fans to help reaching 1000 give them a target and you will observe great results and also promise them some gift .

7- use cross-channel promotion :
means use one social network to promote the content of other you can use youtube , twitter , myspace etc to promote it !

8- Create something worth Liking :
post the content related to topic of page the stuff that others want in this way you will get awesome likes + response

Posted by R2blog. R2blog auto post for blogspot. Download at http://R2blogger.blogspot.com


Continue lendo

how to find xss cross site scripting vulnerability in website



how to find xss cross site scripting vulnerability in website xss scripting

Today we will discuss how to find Cross site scripting XSS in common website. As I am security Researcher I have found many Cross site scripting XSS Vulnerabilities in website. So cross site scripting XSS is find not a difficult task but if you are newbie so May you have face some problems to Find xss scripting in starting .
But if you read my previous article that what is cross site scripting XSS and its types then you just have idea about how to find Cross site scripting XSS. and I have also share a tutorial how to find vulnerable website so now then you have to able to find cross site scripting . So let’s start
First of all you have to find the input filed like search bar, Login page, subscribe by email and Contact us page. If you find input then we can inject over payload in the input field.

The question is that what is Payload or vector?

Payload or vector is a JavaScript code which we can insert in input field to find XSS scriptin.

So here I have taken a one example of vulnerable website

I have searched my news on website and I am searching a news for nomanramzan but as you seen in below picture no news found on nomanramzan and after that you just right click on the anywhere of website and click on View page source
 xss scripting xss


Then press CTRL + F for search nomanramzan and Note the location where the input is placed. as you seen in below picture website taken an input and search value for nomanramzan . so now the important step is that we have put out nomanramzan from “ ”
xss cross site scripting bug

Now I am going to check whether the server sanitize the input or not . If I am giving the input this <> in input field . Sometime server sanitized the code and then code look like this &lt;&gt;.

So now in this condition website server not sanitize our input and this indicate that the website is vulnerable to XSS Now finally I have put a Payload

"><img src=x onerror=prompt(1);>

In the search bar then you have seen below picture. Now it will display pop-up box. So finally we have successfully find a cross site scripting XSS
 cross site scripting vulnerability

Then again right click on website and then press CTRL + F for search for the payload "><img src=x onerror=prompt(1);> or value and finally you have checked that over payload put out from “” .
how to find xss cross site scripting vulnerability in website

Finally we have find a cross site scripting XSS vulnerability . Hopefully you enjoyed this tutorial. If you have any problem so you can comment below

Posted by R2blog. R2blog auto post for blogspot. Download at http://R2blogger.blogspot.com


Continue lendo

How to find vulnerable website for XSS SQLI LFI RFI


How to find vulnerable website for XSS | SQLI | LFI | RFI

Most of the people search in Google or other search engine to check the vulnerable website and in the end some are successful and some are not. This is also problem for newbie who don’t know how to check the vulnerable website.in starting When I was also found vulnerable website. so its very difficult for me and then later on I have researched on it and Now i make some Google Dorks for check vulnerable website for you.

google dorks xss sqli

So in my previous article I have explained that the top vulnerabilities and also tutorials on Cross site scripting. So it’s very easy to find vulnerable website with the help of search engine.

There are lot of dorks to check the website is it vulnerable or not. So you think that the lot of people use these Google dorks already. So you have to use your mind and check some another technique also. When you search in Google you have to check below of search bar some tools. so use these tools also like I give you one example the website update in 24 hours before . I have also search like below

google search engine tricks

Check website for Cross site scripting XSS:

inurl:".php?search="

inurl:".php?searchstring="


inurl:search.php?q=


inurl:com_feedpostold/feedpost.php?url=


inurl:/poll/default.asp?catid=


inurl:/search_results.php?search=

inurl:scrapbook.php?id=

inurl:headersearch.php?sid=

Check website for SQL injection SQLI:


inurl:"id=" & intext:"Warning: mysql_fetch_assoc()

inurl:"id=" & intext:"Warning: mysql_num_rows()

inurl:"id=" & intext:"Warning: session_start()

inurl:"id=" & intext:"Warning: mysql_fetch_array()

inurl:"id=" & intext:"Warning: session_start()

inurl:"id=" & intext:"Warning: getimagesize()
inurl:"id=" & intext:"Warning: is_writable()
inurl:"id=" & intext:"Warning: getimagesize()
inurl:"id=" & intext:"Warning: Unknown()
inurl:"id=" & intext:"Warning: require()
inurl:"id=" & intext:"Warning: mysql_result()
inurl:"id=" & intext:"Warning: pg_exec()
inurl:"id=" & intext:"Warning: mysql_result()
inurl:"id=" & intext:"Warning: mysql_num_rows()
inurl:"id=" & intext:"Warning: mysql_query()
inurl:"id=" & intext:"Warning: array_merge()
inurl:"id=" & intext:"Warning: preg_match()

How to check Sub domain :

If you want to find vulnerabilities of website . so you should go for sub domain. The best dork for searching subdomain is below
Site: URL –inurl:www
Like if I want to find the subdomain of Google . so it’s like below and don’t add Http and www with the domain
Site: google.com –inurl:www

check subdomain dorks


Hope you like my tutorials. If you want to ask any question you can ask me thanks

Posted by R2blog. R2blog auto post for blogspot. Download at http://R2blogger.blogspot.com


Continue lendo

what is cross site scripting XSS and types of cross site scripting XSS


what is cross site scripting XSS and its types

Today I will explain you what is cross site scripting. In my previous article I have explained that the top security flaw in a website. According to the open web application security project cross site scripting XSS is very common security flaw in the website. This threat very dangerous for the website. Most of my fans and followers ask so many questions about cross site scripting XSS. As I am security researcher I have also found 100 Cross site scripting XSS on website.so I am going discuss with you complete guide of cross site scripting So guys lets

what is cross site scripting

If you want to find Cross sitescripting XSS so you have to learn following prerequisite

Basic Knowledge in Hypertext markup language (HTML)
Strong Knowledge of JavaScript
Basic knowledge of HTTP client server Architecure
Basic knowledge of (PHP, ASP.NET)

What is cross site scripting XSS?

Cross site scripting XSS is one of the common website security flaws that allow a Hacker | Attacker to run his client side scripts like JavaScript’s payload into website that is viewed by others. with the cross site scripting bug may be hacker bypass access control .if hacker successfully exploit cross site scripting XSS so then hacker easily do steal account, phishing attack and many more. In simple word with the help of cross site scripting XSS hacker inject his malicious JavaScript payload into website then a user visit the website link then it will execute the malicious JavaScript payload.

Types of Cross site scripting XSS:

There are two types of Cross site scripting XSS
1. Persistent XSS ( Stored XSS)
2. Non persistent XSS ( Reflective XSS)

noman ramzan cross site scripting

Persistent Cross site scripting XSS:

The persistent XSS also known as stored XSS. As shown with the name of stored XSS and this Cross site scripting XSS stored somewhere. When attacker used Cross site scripting XSS malicious code inject into the website and then this payload saved by the server in the database and then is will run in the normal link of website.

Example of persistent XSS

There are so many website which support the forum and where the user register and ask a question like answer.yahoo.com. if the Hacker post a message with the malicious JavaScript payload then if the server fail to sanitize the payload and then code execute easily. So whenever user read to this post and open a link then inject code cookie stealing of a user and then hacker easily bypass his account.

NON persistent Cross site scripting XSS:

Non persistent also known as reflected XSS. This is very common vulnerability discover by security Researchers. And this is find in the search filed like search, contact page and subscribe email. in this attack hacker inject payload will send to the server with the request of HTTPrequest and then server embed with html file and then return HTTPresponse to the browser. When the browser execute the file and then it’s also execute the scripts. so it’s a reflective XSS.

DOM based Cross site scripting XSS:

In the addition to these types DOM based XSS also third type of cross site scripting XSS. This is very important part of XSS. Most of the big website like Microsoft, PayPal, Nokia, eBay and many more website. Later on IN SHA ALLAH I will explain more about DOM based XSS.

XSS attack cross site scripting

so in my next tutorials . i will tell you about how to find Cross site scripting XSS. and if you have any problem or any quary so you can ask me

Posted by R2blog. R2blog auto post for blogspot. Download at http://R2blogger.blogspot.com


Continue lendo
 

My Geek Tricks Copyright © 2011 | Template design by O Pregador | Powered by Blogger Templates