iframe
Forum Replies Created
-
Forum: Themes and Templates
In reply to: [Hueman] Header to fullsizeYour workaround didn’t work for me.
There are 5 instances of
'min_max_step'in theme-options.phpWhich one did you change?
Could you please be more specific?
Thank you.
That little tweak put a smile on my face too 🙂
Thank you!
Forum: Themes and Templates
In reply to: [Custom Community] Kiss Custom Community GoodbyeThanks, Andrew.
That was my intention to find out how you guys determine whether the particular theme is good or bad.
Thanks again.
Forum: Fixing WordPress
In reply to: Cannot verify wordpress.org's certificateMarked as resolved.
Thanks again.
Forum: Fixing WordPress
In reply to: Cannot verify wordpress.org's certificateThanks, Otto.
Forum: Fixing WordPress
In reply to: Cannot verify wordpress.org's certificateModerator, is there a way to reach a wordpress.org webmaster to address this issue?
It’s all about security, right?
Thank you.
Forum: Fixing WordPress
In reply to: Cannot verify wordpress.org's certificateLooking further, just found that Firefox on wordpress.org ‘Page Info’: ‘Security’ reads:
This website does not supply ownership information
What’s going on with wordpress.org?
Forum: Plugins
In reply to: [Login Lockdown & Protection] Monitor XMLRPC attempts?Guys, I feel miserable.
Turns out, I have been testing another plugin against xmlrpc attacks, not Login LockDown.
Everything what I wrote earlier, doesn’t refer to Login LockDown.
Sorry.
Forum: Plugins
In reply to: [Login Lockdown & Protection] Great Plugin, some unused database tablesGuys, stupid me.
In April 2013 I deactivated and deleted this plugin and switched to another plugin, Limit Login Attempts.
wp_lockdowns and wp_login_fails tables just left unused in the database.Sorry.
Forum: Plugins
In reply to: [Login Lockdown & Protection] Great Plugin, some unused database tablesThanks Michael.
Just sent an email from xxx 2000 at yahoo dot com
Forum: Plugins
In reply to: [Login Lockdown & Protection] Great Plugin, some unused database tablesMark this topic as resolved.
Thank you.
Forum: Plugins
In reply to: [Login Lockdown & Protection] Monitor XMLRPC attempts?Hey everyone interested.
I solemnly swear this plugin blocks requests to xmlrpc.php
I was attacking my own site playing with curl and reading the raw access log to get the idea how that ‘wp.getUsersBlogs’ payload is being exploited.I didn’t open my site in the browser. I played with the command line in the terminal, hitting xmlrpc.php with POST requests.
To my surprise, I found myself blocked out for 24 hours.
Once again, I was hitting only xmlrpc.php and got blocked out.
Great plugin!
Thanks to the developer.
M.
Removed all BBQ instances.
Problem solved.
Unsubscribed.
Sure, it’s easy to add ‘curl’ to array and check it out.
What I found that when I clear cache (WP Super Cache) and send curl, it gives 403.
curl -I http://xxxx
HTTP/1.1 403 ForbiddenAs soon as a site being viewed in a browser and a cached file has been created, it gives 200.
curl -I http://xxxx
HTTP/1.1 200 OKI was able to duplicate such pattern on other sites running WP Super Cache as many times as I tried.
I played with another site without WP Super Cache at all, ‘curl’ was blocked all the time.
I removed ‘curl’ from the array and continued sending requests using
‘–user-agent <agent string>’ to check the rest of $user_agent_array.Sure enough, BBQ blocks whatever is in the array.
curl -I –user-agent “casper” http://xxxx
HTTP/1.1 403 ForbiddenJeff, could you please explain why a cached file makes such a difference like there is no BBQ?
Thank you.
Sorry, Jeff.
There are tools.
I can’t agree with you as long as curl with BBQ banned user-agents dumps everything from the site like BBQ doesn’t exist.
The access log proves that the banned user agent has reached the site and hasn’t been denied.