Babiato Resources getting hacked or malicious codes? Do THESE NOW!

Escanor64

Escanor64

Active member
Jul 4, 2022
133
215
43
ganjafama said:
Hi @Escanor64, thank you for pointing us in the right direction.
If it's not too much trouble, would you kindly share the links to the plugins you found?

Many Thanx
Click to expand...
Yeah, will do. I actually realized that some of the plugins are not exactly ideal as they block some important parts of your website's functionality. I should create another thread with a proper walkthrough today.
 
Escanor64

Escanor64

Active member
Jul 4, 2022
133
215
43
zane09 said:
All Security plugins are USELESSSSS, depending on who is targeting you.. Yea that's right!
Learn how to use Cloudflare to protect your website and sleep with your 2 eyes closed 😴
Click to expand...
All of my site's are routed through Cloudflare. I still didn't prevent them from getting hacked.
 
RoninHood

RoninHood

Shadowy Coder & Security Engineer
GiveAway Master
Null Master
Trusted Seller
Trusted Uploader
May 2, 2022
639
641
100
0.0.0.0/32
Escanor64 said:
All of my site's are routed through Cloudflare. I still didn't prevent them from getting hacked.
Click to expand...
You need to bind your VPS to Cloudflare through IPTables rules by creating a rules set for a tunnel, this way crawlers like censys.io etc aren't able to see your real IP address in very first place!

BTW I've nulled WP Hide Security Enhancer Pro v4.4 a few minutes ago for those who use it: https://babiato.tech/threads/wp-hide-security-enhancer-pro.13969/post-1055750
 
  • Like
Reactions: Escanor64
Escanor64

Escanor64

Active member
Jul 4, 2022
133
215
43
RoninHood

RoninHood

Shadowy Coder & Security Engineer
GiveAway Master
Null Master
Trusted Seller
Trusted Uploader
May 2, 2022
639
641
100
0.0.0.0/32
zane09 said:
All Security plugins are USELESSSSS, depending on who is targeting you.. Yea that's right!
Learn how to use Cloudflare to protect your website and sleep with your 2 eyes closed 😴
Click to expand...
Not properly so, what about HTTP Request Smuggling attacks? :) Plugins are useful, a good web server configuration following proper hardening best practices even more (i.e. IPTabes Rules, Strict CSP, etc.), especially while using HTTP/3 QUIC. ;)
 
Last edited:
  • Like
Reactions: amit338
T

thambyz

Active member
Mar 18, 2021
99
41
28
falconIV said:
What the purpose of xmlrc file? Can you please share how did you delete that file?
Click to expand...
I use apache include file to block at server level, so xmlrpc will be blocked in all sites.


Code: 
<Files xmlrpc.php>
Order allow,deny
Allow from 192.0.64.1/192.0.127.254
Deny from all
Satisfy All
ErrorDocument 403 http://127.0.0.1/
</Files>

The allowed IP addresses are related to Jetpack plugin.
 
bluvia

bluvia

Active member
Feb 6, 2021
236
81
28
Actually I have installed wordfence and until now I didnt face any issue .
 
RoninHood

RoninHood

Shadowy Coder & Security Engineer
GiveAway Master
Null Master
Trusted Seller
Trusted Uploader
May 2, 2022
639
641
100
0.0.0.0/32
Escanor64 said:
All of my site's are routed through Cloudflare. I still didn't prevent them from getting hacked.
Click to expand...

And if you need the perfect scanner to check the security of your website, use Sudomy: https://github.com/screetsec/Sudomy - it uses many services like the following:

Code: 
https://censys.io
https://developer.shodan.io
https://dns.bufferover.run
https://index.commoncrawl.org
https://riddler.io
https://api.certspotter.com
https://api.hackertarget.com
https://api.threatminer.org
https://community.riskiq.com
https://crt.sh
https://dnsdumpster.com
https://docs.binaryedge.io
https://securitytrails.com
https://graph.facebook.com
https://otx.alienvault.com
https://rapiddns.io
https://spyse.com
https://urlscan.io
https://www.dnsdb.info
https://www.virustotal.com
https://threatcrowd.org
https://web.archive.org

It works directly from your CLI, it provides you with a list of Matches found after each scan in order to patch them, it's open-source and well documented!

Additionally, if you use WordPress, you can check for vulnerabilities to patch using one of this tools:
  • WPScan (CLI Tool)
  • WPSec (SaaS with Free Tier for your own website)
Enjoy :D
 
Last edited:
  • Like
Reactions: amit338
You must log in or register to reply here.

Similar threads

F
is there a forum like babiato, but for drupal resources?
Replies
1
Views
1K
General Tech Discussion
tugster
tugster
Morehere
Tricks to recover lost contents after Babiato lost DB data
Replies
14
Views
1K
General Tech Discussion
Morehere
Morehere
inliadev
Does anyone have another option for Babiato
Replies
3
Views
645
General Tech Discussion
MrSam_1
MrSam_1
blow
  • Poll
[Poll] Would You Like To See A Wordpress Discussion Section Added To Babiato?
Replies
3
Views
513
General Tech Discussion
frizzel
frizzel
sectaofire
How Babiato fights Spam?
Replies
4
Views
714
General Tech Discussion
ELLIO7
ELLIO7

Latest posts

Forum statistics

Threads
66,807
Messages
893,200
Members
217,232
Latest member
abhimanyuthakur

Share this page

Share this page

About us

  • Our community has been around for many years and pride ourselves on offering unbiased, critical discussion among people of all different backgrounds. We are working every day to make sure our community is one of the best.

Quick Navigation

Forums Contact us

User Menu

Login
Community platform by XenForo © 2010-2022 XenForo Ltd.
Top Bottom