What’s interesting about today’s date Feb 02, 2020?

It’s a palindrome, written whichever way –
yyyymmdd: 20200202
ddmmyyyy: 02022020

Starting memberships

Hello world! 

Starting 2020, We are introducing membership based content. 

There will be 5 levels here: 

  • Public – login or registration not required; 
  • Free – free registration; 
  • Bronze – subscription – $15 per month; 
  • Silver – subscription – $30 per month; 
  • Gold – subscription – $60 per month. 


Why is Custom Site on GoDaddy Down with MySQL Error?

It looks like GoDaddy is enforcing strict password norms for the database access. Try changing the database password – a guide will popup ticking away the mandatory requirements. The problems on my clients’ customized sites on GoDaddy were solved by doing so.

#error, #godaddy, #hosting, #mysql

Stopping WordPress XXX-Hacker

Many of my WordPress sites have been attacked by this xxx-hacker. The first thing this hacker does is try to login as admin using multiple tries. Once it succeeds, the user name is changed to xxx-hacker and the password is also changed. So, now you cannot login to your site and you can’t even reset your password.

If by chance you are still able to login as admin then you are in luck, as the attack hasn’t happened yet. But, prevention is better than cure. So, immediately (as in NOW), update your WordPress installation, and install/enable the Limit Login Attempts plugin. This is the most important thing you need to do to stop this hacker, because this is somehow related to the hacker gaining access to your server files. Also, immediately after this change your server passwords – especially, ftp and mysql.

At this stage I don’t know if the ftp password is being deciphered, but I have seen strange folders and files turning up in the sites’ public/html documents area. There are at least 3 different type of actions performed by these files. (1) Phish for email passwords (2) Phish for financial passwords (3) run a script that logs in to some site(s) using series of passwords. One common thing I have noticed is that the plugins folder in all hacked installations has one new folder – helo – which contains script to send the phished data to the hacker’s mother computer. Change permissions of this “helo” folder to 777 and then delete it.

Things to do in your MySql database

If not yet attacked: stop user registration or updation using triggers. This is like a chastity belt. The filthy sucker of a hacker can tear your WP-clothes, but can’t penetrate your DB-bastion, thereby preventing spawning of further filth. Contact me for modus operandi.

If attacked: rename admin user to a word other than “admin” and change password to a 16 character word in MD5 format, then stop user registration or updation as above using triggers. Contact me for help.

If your site needs user registrations, handle them yourself, manually. If you don’t have time for that and are a very big site, then you should enlist service of someone who can provide proper security.

To be cont’d…

#abuse, #admin-hacked, #helo, #mysql-trigger, #phishing, #wp-hacked

I used a template to develop my web page on Google Sites. However when I search “visitsforkoustabh” on Google it shows the body of the template even though I have already changed the body. What should I do?

Google does not index your site as soon as you update it. The update frequency is unknown generally. However, frequently updated sites like news blogs etc., get indexed within hours or minutes and some reputed sites even get indexed instantaneously. You should wait a few days like 2 or 3 weeks and check again. If your site has facility to submit sitemap (via google webmaster tools), you should do so, which will hasten the next google crawl of your site.

#google-index, #google-site