Robert Eichhorn

bcworkz – thanks for the help. Some new information for me to consider. I have become aware that there is a difference between permissions for directories and files. I definitely need some clarification on the subject of permissions.

Barnez and Dion – thanks for your help. I will ask the Apache community for their input on the issue.

I need to make a correction concerning using LibreOffice 5.3 as a text editor. I have a desktop with Windows and Microsoft Word. I have a laptop with Windows and LibreOffice 5.3 but not Microsoft Word. When I open a .htaccess file on my laptop I can open it with various apps including Notepad and Wordpad. I thought Wordpad was a LibreOffice 5.3 program. Wordpad is actually a Windows app and gave me the message about saving the document in a Text-Only format. One problem is the document is saved with a .txt extension instead of remaining a HTACCESS FILE type.

Topher – thanks for shedding some light on the benefits of a WAF. It sounds like it is a useful application, not snake oil.

Joy – good information, thanks for the help.

JNashHawkins – I figured out how to delete the folder using Filezilla. The mouse was getting stuck in a routine. I tried clicking on several folders in Documents on the local computer and the menu selection showed a option to delete. I also found a tutorial on ‘deleting folders using Filezilla’ by searching Google.

JNashHawkins – concerning a File Manager plugins support forum. I called my web host’s tech support and they didn’t have a answer for why the folder wasn’t appearing in File Manager but was appearing in Filezilla. The next step would be to contact their security department for a answer. I don’t think my web host has any support forums. I tried deleting the folder through Filezilla but wasn’t able to find a way to delete it. Do you happen to know the step to make to delete the folder using Filezilla? I tried left-clicking and right-clicking with the mouse but no step appeared to delete the folder.

George – here’s a better version of the link to the WordPress article ‘Backing Up Your Database’ at:

Backing Up Your Database

George – concerning your point that Quick (Simple) and Custom are not standard database management terminologies for types of backups. WordPress and my web host use the terms when referring to backing up the database. As a reference, from the WordPress article ‘Backing Up Your Database’ at:

Backing Up Your Database

from the section ‘Using phpMyAdmin’, from the topic ‘Quick backup process’,
“When you backup all tables in the WordPress database without compression, you can use simple method. To restore this backup, your new database should not have any tables.”
“4. Ensure that the Quick option is selected, and click ‘Go’…”

From the topic ‘Custom backup process’,
“If you want to change default behavior, select Custom backup.”

From my web host when trying to backup my database these options are given on the webpage:
Quick – display only the minimal options
Custom – display all possible options

Concerning the backup tool I’m using – it’s phpMyAdmin.
Thanks for the links to the ‘Tpo 10 Database Attack Vectors’ and ‘Hardening WordPress’.

• This reply was modified 4 years, 3 months ago by Robert Eichhorn.

Yui – thanks for your reply. I was wondering how my WP site would recognize a new database table prefix. Makes sense to change it in wp-config.php.

@macmanx (James Huff). Good idea to make a WHOIS check on the IPs. Thanks. I found a website to check the location of IP addresses. The URL is:
https://www.iplocation.net/

A useful tool you can add to your toolbox.
Thanks again for your help.

@macmanx (James Huff). I checked Google for WPScan and found the developer’s site. I was wondering why WPScan was being used to scan my site. No reason for it. Thanks for informing me about WPScan being used as a Bot. Now it makes sense. Someone is using WPScan to probe my site to find vulnerabilities. A tool that can be used for good and evil.

Also, thanks for the information concerning ‘return a 200’. My web host gave me the Apache log format but ‘return a 200’ didn’t make sense to me.

Concerning checking access logs for hacker IP addresses to block. I did find IPs making excessive number of hits on PDF files. Useful information.

@claytonjames.

Question 1: What is a WPScan script and is it a valid request or a hacker request?

Question 2: You say pay attention to theme and plugin probes that might actually return a 200. What do you mean by ‘return a 200’? I am not familiar with the term 200 in this context.

@macmanx (James Huff).

This file from File Series 2 looks like it is trying to upload a theme. Now that you mention files can’t be uploaded via HTTP I realize the request must be for a file. I am not familiar with the process of uploading themes.
1. /wp-content/themes/clockstone/theme/functions/upload.php

Thanks for the information concerning resources to check out WP files that are being hacked. I realize Bots may have 90,000 IP addresses to hack from but I decided to check my access logs anyway to check for hackers.

@macmanx (James Huff).

1. File Series 1. The IP address is from Fuzhou, China. The User-Agent is not identified as a Bot.
2. File Series 2. The IP address is from Poland. So, IP address is not my web host’s server or my IP address. No User-Agent was identified.
3. File Series 3. The IP address is from Nanning, China. The User-Agent is not identified as a Bot.

Concerning File Series 2. It appears that someone is trying to upload themes to my site and it is not me or my website designer.

Also, do you know of any resources to help identify files on a WP site that are being hit by a hacker?