Blog

RSS WordPress Blog
  • WordPress 5.8 Tatum July 20, 2021
    Introducing 5.8 “Tatum”, our latest and greatest release, named in honor of the legendary jazz pianist Art Tatum. This release includes an all new widget editor powered by blocks, major technical tools for building block themes, as well as newly streamlined workflow tools.
    Matt Mullenweg
  • WP Briefing: Episode 13: Cherishing WordPress Diversity July 19, 2021
    In this episode, Josepha Haden Chomphosy discusses the importance of Diversity, Equity, and Inclusion to the fabric of the WordPress project and how we can move from a place of welcoming it to cherishing it. Have a question you’d like answered? You can submit them to [email protected], either written or as a voice recording. Credits […]
    Chloe Bringmann
  • WordPress 5.8 Release Candidate 3 July 14, 2021
    The third release candidate for WordPress 5.8 is now available! WordPress 5.8 is slated for release on July 20, 2021, and we need your help to get there—if you have not tried 5.8 yet, now is the time! You can test the WordPress 5.8 release candidate 3 in any of these three ways: Install and […]
    Jeffrey Paul
  • WordPress 5.8 Release Candidate 2 July 7, 2021
    The second release candidate for WordPress 5.8 is now available! 🎉 WordPress 5.8 is slated for release on July 20, 2021, and we need your help to get there—if you have not tried 5.8 yet, now is the time! You can test the WordPress 5.8 release candidate 2 in any of these three ways: Install […]
    Jeffrey Paul
  • WP Briefing: Episode 12: WordPress – In Person! July 5, 2021
    In this episode, Josepha Haden Chomphosy talks about WordPress – In Person! The WordPress events that provide the dark matter of connection that helps sustain the open source project. Have a question you’d like answered? You can submit them to [email protected], either written or as a voice recording. Credits Editor: Dustin Hartzler Logo: Beatriz Fialho […]
    Chloe Bringmann
  • The Month in WordPress: June 2021 July 2, 2021
    Once you step into contribution time, your main concern is the users of WordPress, or new contributors, or the health of the WordPress ecosystem as a whole or the WordPress project. So you get all this subject matter expertise from competitive forces, collaborating in a very “us versus the problem” way. And when you do […]
    Hari Shanker R
  • WordPress 5.8 Release Candidate June 30, 2021
    The first release candidate for WordPress 5.8 is now available! 🎉 Please join us in celebrating this very important milestone in the community’s progress towards the final release of WordPress 5.8! “Release Candidate” means the new version is ready for release, but with thousands of plugins and themes and differences in how the millions of […]
    Jeffrey Paul
  • WordPress 5.8 Beta 4 June 25, 2021
    WordPress 5.8 Beta 4 is now available for testing! This software is still in development, so it is not recommended to run this version on a production site. Consider setting up a test site to play with it. You can test the WordPress 5.8 Beta 4 in three ways: Install/activate the WordPress Beta Tester plugin (select […]
    Jeffrey Paul
  • WordPress 5.8 Beta 3 June 23, 2021
    WordPress 5.8 Beta 3 is now available for testing! This software is still in development, so it is not recommended to run this version on a production site. Consider setting up a test site to play with it. You can test the WordPress 5.8 Beta 3 in three ways: Install/activate the WordPress Beta Tester plugin (select […]
    Josepha
  • WP Briefing: Episode 11: WordCamp Europe 2021 in Review June 21, 2021
    In this episode, Josepha Haden Chomphosy does a mini deep dive into WordCamp Europe 2021, specifically the conversation between the project’s co-founder, Matt Mullenweg, and Brian Krogsgard formerly of PostStatus. Tune in to hear her take and for this episode’s small list of big things. Have a question you’d like answered? You can submit them […]
    Chloe Bringmann
RSS Sucuri Blog
  • Vulnerable Plugin Exploited in Spam Redirect Campaign July 21, 2021
    Some weeks ago a critical unauthenticated privilege escalation vulnerability was discovered in old, unpatched versions of the wp-user-avatar plugin. It also allows for arbitrary file uploads, which is where we have been seeing the infections start. This plugin has over 400,000 installations so we have seen a sustained campaign to infect sites with this plugin […]
    Ben Martin
  • An Overview of Basic WordPress Hardening July 14, 2021
    We have discussed in the past how out-of-the-box security configurations tend to not be very secure. This is usually true for all software and WordPress is no exception. While there are a plethora of different ways that site owners can lock down their website, in this post we are going to review the most basic […]
    Ben Martin
  • Magecart Swiper Uses Unorthodox Concatenation July 7, 2021
    MageCart is the name given to the roughly one dozen groups of cyber criminals targeting e-commerce websites with the goal of stealing credit card numbers and selling them on the black market. They remain an ever-growing threat to website owners. We’ve said many times on this blog that the attackers are constantly using new techniques […]
    Ben Martin
  • Online Credit Card Theft – A Brief Overview of Online Fraud and Abuse – Part 2 June 30, 2021
    In my previous post about ecommerce credit card swipers I described the general overview of the online ecommerce environment as well as some of the reasons behind why websites become compromised with this type of malware. In this post I will go into some more detail of the taxonomy of web-based credit card swipers, review […]
    Ben Martin
  • Online Credit Card Theft – A Brief Overview of Online Fraud and Abuse – Part 1 June 23, 2021
    Many clients that we work with host and operate ecommerce websites which are frequent targets of attackers. The goal of these attacks is to steal credit card details from unsuspecting victims and sell them on the black market for a profit. The online ecommerce environment is diverse, constituting many different content management system (CMS) platforms […]
    Ben Martin
  • Malicious Redirects Through Bogus Plugin June 17, 2021
    Recently we have been seeing a rash of WordPress website compromises with attackers abusing the plugin upload functionality in the wp-admin dashboard to redirect visitors and website owners to malicious websites. The payload is the following bogus plugin located here: ./wp-content/plugins/plugs/plugs.php At first glance these appear to be very unorthodox domains: hxxp://xn--o1aofd[.]xn--p1ai hxxp://xn--80ady8a[.]xn--p1ai hxxp://xn--80adzf[.]xn--p1ai hxxp://xn--g1aey4a[.]xn--p1ai […]
    Ben Martin
  • Password Attacks 101 June 11, 2021
    According to the 2020 Data Breaches report by Verizon, 25% of all breaches involved the use of stolen credentials. And for small businesses, that number hit 30%. Brute force attacks have a similar share, accounting for 18% of all breaches, and 34% of those for small businesses. Why are password attacks like brute forcing so […]
    Cesar Anjos
  • WordPress Redirect Hack via Test0.com/Default7.com June 4, 2021
    Malicious redirect is a type of hack where website visitors are automatically redirected to some third-party website: usually it’s some malicious resource, scam site or a commercial site that buys traffic from cyber criminals (e.g. counterfeit drugs or replica merchandise). Types of Malicious Redirects There are two major types of malicious redirects: server-side redirects and […]
    Denis Sinegubko
  • WooCommerce Credit Card Skimmer Hides in Plain Sight May 28, 2021
    Recently, a client’s customers were receiving a warning from their anti-virus software when they navigated to the checkout page of the client’s ecommerce website. Antivirus software such as Kaspersky and ESET would issue a warning but only once a product had been added to the cart and a customer was about to enter their payment […]
    Ben Martin
  • Object Injection Vulnerability Affects WordPress Versions 3.7 to 5.7.1 May 17, 2021
    If you haven’t updated your WordPress website since October 2013, this wouldn’t affect you, but we strongly hope that is not the case! There’s a new object injection vulnerability which affects WordPress versions 3.7 to 5.7.1. Be sure to get updated to 5.7.2 as soon as possible! According to WPScan, the new object injection vulnerability […]
    Ben Martin

Boot Partition Space

Posted by on 7:04 am in Server Administration | 0 comments

If your /boot partition is mounted separately , it is always a small compare to other partitions on the server. If the older kernels are not removed, then it gets full quickly.  In order to remove the older kernels safely we can use the package manager. For REHL/CentOS systems you can use below command. sudo yum install yum-utils && sudo package-cleanup --oldkernels --count=2 For the Debian and Ubuntu systems you can use below commands. First, check your kernel version, so you won’t delete the in-use kernel image, running: uname -r Now run this command for a list of installed kernels: dpkg --list 'linux-image*' | grep ^ii and delete the kernels you don’t want/need anymore by running this: sudo apt-get remove linux-image-VERSION Replace VERSION with the version of the kernel you want to remove. When you’re done removing the older kernels, you can run this to remove ever packages you won’t need anymore: sudo apt-get autoremove And finally you can run this to update grub kernel list: sudo...

read more

Bash Cases Statement

Posted by on 9:14 am in Bash Script | 7 comments

The case construct in bash shell allows us to test strings against patterns that can contain wild card characters. Bash case statement is the simplest form of the bash if else then condition statement. The simple example for this is if you are expecting different inputs from a user and want to execute specific command sets on the choice used.     case $variable in pattern1 ) statements ;; pattern2 ) statements ;; * ) statements ;; … esac   We can see the common use of the case statement in the init scripts of the services which has the options like start, stop, restart and status.  ...

read more