<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">This is the main issue with Wordpress,
and other similar systems, its not the core platform that's the
issue, it is the first time developers and the rubbish ones that
don't know how to write code properly, so you end up with bloated
websites with security issues, and a bunch of people who think
those broken plugins are awesome, as they don't know about the
security issues so they go and install them. <br>
This is why any decent managed hosting provider won't allow
customers to install random plugins into systems such as
Wordpress. <br>
Regards Chad. <br>
<br>
On 1/30/2017 11:55 PM, Paul Wilkins wrote:<br>
</div>
<blockquote
cite="mid:CAMmROT+8yitZ0Y7+Spe6evX89JayPCK-k5MM3dhP+tT-KThZ_g@mail.gmail.com"
type="cite">
<div dir="ltr">
<div>
<div>Pretty sure most everyone is aware that security is
easier said than done. When someone with the resources of
Google can be hacked, it's not lack of knowledge that's the
problem. It's that the industry is generally in denial as to
how bad the situation is, and business process steamrollers
over the cracks. Business development sells the customer a
service, project managers push timeframes for a solution on
time and under budget, and everyone knows any hack will be
down the track, and be someone else's problem. The problem
is failure to build security integral to IT systems, and
that's not really possible with an internet that's been
built on an open architecture. Every month I'm wondering who
will be the high profile hack this month and this will
probably continue without a fundamental rethink of how
security is integrated and end to end delivered.<br>
<br>
</div>
Kind regards<br>
<br>
</div>
Paul Wilkins <br>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On 30 January 2017 at 23:04, Nathan
Brookfield <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:Nathan.Brookfield@simtronic.com.au"
target="_blank">Nathan.Brookfield@simtronic.com.au</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">
<div id="m_-2724271659312263812divtagdefaultwrapper"
style="font-size:12pt;color:#000000;font-family:Calibri,Arial,Helvetica,sans-serif"
dir="ltr">
<p>After <span>Macquarie Media apparently had 2GB.com
and 4BC.com hacked this morning, also on WordPress
it seems there is a big lack of knowledge on this
stuff out there.</span></p>
<p><br>
</p>
<div id="m_-2724271659312263812Signature">
<div id="m_-2724271659312263812divtagdefaultwrapper"
style="font-size:12pt;color:#000000;background-color:#ffffff;font-family:Calibri,Arial,Helvetica,sans-serif">
<p class="m_-2724271659312263812x_MsoNormal"
style="margin:0cm 0cm
0.0001pt;font-size:12pt;font-family:'Times New
Roman',serif;color:rgb(33,33,33)">
<span
style="font-size:10pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)">Kindest
Regards,</span></p>
<p class="m_-2724271659312263812x_MsoNormal"
style="margin:0cm 0cm
0.0001pt;font-size:12pt;font-family:'Times New
Roman',serif;color:rgb(33,33,33)">
<span
style="font-size:10pt;font-family:Calibri,sans-serif;color:rgb(54,95,145)">Nathan
Brookfield (VK2NAB)</span></p>
<p class="m_-2724271659312263812x_MsoNormal"
style="margin:0cm 0cm
0.0001pt;font-size:12pt;font-family:'Times New
Roman',serif;color:rgb(33,33,33)">
<span
style="font-size:10pt;font-family:Calibri,sans-serif;color:rgb(54,95,145)"> </span></p>
</div>
</div>
<div style="color:rgb(0,0,0)">
<div>
<hr style="display:inline-block;width:98%">
<div id="m_-2724271659312263812x_divRplyFwdMsg"
dir="ltr"><font style="font-size:11pt"
face="Calibri, sans-serif" color="#000000"><b>From:</b>
Chad Kelly <<a moz-do-not-send="true"
href="mailto:chad@cpkws.com.au"
target="_blank">chad@cpkws.com.au</a>><br>
<b>Sent:</b> Monday, 30 January 2017 10:44 PM<br>
<b>To:</b> Nathan Brookfield<br>
<b>Cc:</b> <a moz-do-not-send="true"
href="mailto:ausnog@lists.ausnog.net"
target="_blank">ausnog@lists.ausnog.net</a><br>
<b>Subject:</b> Re: [AusNOG] Borrowed addresses,
data retention, court orders</font>
<div> </div>
</div>
</div>
<div>
<div class="h5">
<font size="2"><span style="font-size:10pt">
<div class="m_-2724271659312263812PlainText"><br>
I should of provided the following link with
my previous post but <br>
Sucuri.net offer a paid service for cleaning
Malware and they offer a <br>
free scan for websites as well.<br>
<a moz-do-not-send="true"
href="https://sitecheck.sucuri.net/results/theispguy.com"
id="m_-2724271659312263812LPlnk770587"
target="_blank">https://sitecheck.sucuri.net/<wbr>results/theispguy.com</a><br>
It looks like a bit of a mess.<br>
<br>
Regards Chad.<br>
<br>
On 1/30/2017 6:48 PM, Nathan Brookfield
wrote:<br>
> Schooled!<br>
><br>
> Nathan Brookfield<br>
> Chief Executive Officer<br>
><br>
> Simtronic Technologies Pty Ltd<br>
> <a moz-do-not-send="true"
href="http://www.simtronic.com.au"
id="m_-2724271659312263812LPlnk319819"
target="_blank">http://www.simtronic.com.au</a><br>
><br>
> On 30 Jan 2017, at 18:45, Chad Kelly
<<a moz-do-not-send="true"
href="mailto:chad@cpkws.com.au"
target="_blank">chad@cpkws.com.au</a>>
wrote:<br>
><br>
>> On 1/30/2017 10:34 AM, <a
moz-do-not-send="true"
href="mailto:ausnog-request@lists.ausnog.net"
target="_blank">ausnog-request@lists.ausnog.<wbr>net</a>
wrote:<br>
>> Apparently so... screw Wordpress...
bloody nightmare to manage.<br>
> Not if you have the right tools in
place.<br>
><br>
> Generally now a days you can automate
the security updates for Wordpress so you
don't even need to think about it.<br>
><br>
> Plus you should be using other security
measures such as Mod_security and things
like Fail 2 Ban.<br>
><br>
> <a moz-do-not-send="true"
href="https://modsecurity.org/about.html"
id="m_-2724271659312263812LPlnk11242"
target="_blank">https://modsecurity.org/about.<wbr>html</a><br>
><br>
> and <a moz-do-not-send="true"
href="http://fail2ban.org" target="_blank">fail2ban.org</a><br>
><br>
> Those two tools alone with decent
configs will nuke anything that tries to
hack in.<br>
><br>
> For extra security on top of that you
can use CXS, which will scan for things like
scripts containing malware and quarantine
them so that if something does manage to get
in it doesn't affect your online presence.<br>
><br>
> <a moz-do-not-send="true"
href="https://configserver.com/cp/cxs.html"
target="_blank">https://configserver.com/cp/<wbr>cxs.html</a>
i've been using the Config Server tools for
years now.<br>
><br>
> With those tools and Mod_security
configured properly you don't need the extra
security plugins for Wordpress specifically.<br>
><br>
><br>
> When I checked a few hours ago the ISP
Guy site was still infected and was
redirecting to another site.<br>
><br>
> Regards Chad.<br>
><br>
><br>
><br>
<br>
<br>
-- <br>
Chad Kelly<br>
Manager<br>
CPK Web Services<br>
web <a moz-do-not-send="true"
href="http://www.cpkws.com.au"
target="_blank">www.cpkws.com.au</a><br>
phone 03 9013 4853<br>
<br>
</div>
</span></font></div>
</div>
</div>
</div>
</div>
<br>
______________________________<wbr>_________________<br>
AusNOG mailing list<br>
<a moz-do-not-send="true"
href="mailto:AusNOG@lists.ausnog.net">AusNOG@lists.ausnog.net</a><br>
<a moz-do-not-send="true"
href="http://lists.ausnog.net/mailman/listinfo/ausnog"
rel="noreferrer" target="_blank">http://lists.ausnog.net/<wbr>mailman/listinfo/ausnog</a><br>
<br>
</blockquote>
</div>
<br>
</div>
</blockquote>
<br>
<p><br>
</p>
<pre class="moz-signature" cols="72">--
Chad Kelly
Manager
CPK Web Services
web <a class="moz-txt-link-abbreviated" href="http://www.cpkws.com.au">www.cpkws.com.au</a>
phone 03 9013 4853</pre>
</body>
</html>