Over the last few months I have been seeing a rise in automated exploit scans of the WordPress based sites I manage. So I have decided to squash this annoying exploit by writing an .htaccess directive.
The exploit scanner I was seeing across my managed sites were looking for a vulnerability in the followings directories and/or themes:
http://example.com/wp-content/themes/awake/lib/scripts/dl-skin.php
http://example.com/wp-content/themes/myriad/lib/scripts/dl-skin.php
http://example.com/wp-content/themes/modular/lib/scripts/dl-skin.php
http://example.com/wp-content/themes/construct/lib/scripts/dl-skin.php
http://example.com/wp-content/themes/dejavu/lib/scripts/dl-skin.php
http://example.com/wp-content/themes/method/lib/scripts/dl-skin.php
http://example.com/wp-content/themes/elegance/lib/scripts/dl-skin.php
http://example.com/wp-content/themes/fusion/lib/scripts/dl-skin.php
http://example.com/wp-content/themes/persuasion/lib/scripts/dl-skin.php
http://example.com/wp-content/themes/echelon/lib/scripts/dl-skin.php
http://example.com/wp-content/themes/infocus2/lib/scripts/dl-skin.php
http://example.com/wp-content/themes/infocus/lib/scripts/dl-skin.php
...
I know I could just write a redirect just to look for dl-skin.php, and called it a day. But instead, I didn’t want to revisit when the next exploit came knocking. So I created a directive that will drop any requests for all themes folders – except for the theme directory I declared – a whitelist of themes if you would.
I can do this, because I use a custom themes on these site and I also know what that theme’s folder name will be – usually something along the name of the site. So if you change your theme a lot or don’t know what your themes’ folder name is You May Not Want To Use This. This is meant for people using custom themes or sites that are managed by an Agency or Developer(s).
The Code
# Blocks requests to other themes with possible security holes
# Only Themes directory names starting with __ThemeNameHere__ are valid.
<IfModule mod_alias.c>
RedirectMatch 403 (?i)(__subFolder__/)?wp-content/themes/(?!__ThemeNameHere__)
</IfModule>
How it Works?
This will only allow requests to http://example.com/__subFolder__/wp-content/themes/__ThemeNameHere__/* while return an HTTP/403 to any other folder in the Themes Directory. The __subFolder__ is optional – this is to allow for WordPress installs that are located in a sub-directory from the site root.
The Technical Explanation: Redirect to 403 If Match Regular Expression of (?i) Case Insensitivity, Capture Group of subFolder/ but is optional, followed by wp-content/themes/ then a negative (or negated) look ahead for ThemeNameHere that is a word (\w) and more (+).
How to Use It?
To implement this, place the code in your site’s .htaccess below the WordPress Section. Don’t forget to update the following variables:
__subFolder__ # The Sub Folder where your WordPress site lives
__ThemeNameHere__ # The Folder Name of your theme, could Be beginning or whole name
Example
Assuming your WordPress Site is in a folder named blog and you access it via http://example.com/blog/ and your theme is the default ‘TwentyFifteen’ Theme, which is stored in a folder name ‘twentyfifteen’, the code you would use would look like this:
<IfModule mod_alias.c>
RedirectMatch 403 (?i)(blog)?wp-content/themes/(?!twentyfifteen)
</IfModule>
If your WordPress site is stored in root of your site – http://example.com/ the code you would use is:
<IfModule mod_alias.c>
RedirectMatch 403 (?i)wp-content/themes/(?!twentyfifteen)
</IfModule>
Try it out and Feedback
Have you seen this exploit scanner or another like it? Trying out this little redirect or having problems with it? Lets continue the discussion in the comments below…
Update – 2015-03-17: Dropped \w+ declaration after the theme name – this would not match requests with hyphens in then.
I recently needed to open a Samsung SyncMaster XL2270 (aka Samsung SMLX2270) for repair, because it would randomly have horizontal lines that run through it and I wanted to check the connections and capacitors.
When you check the monitor for screws or any other fasteners you won’t find any, so how do you get into it?
I’ll tell you how…
NOTICE: The Below Information is Provided for Informational Use Only. The Use of the Information May Result in: Damage, Injury, or Death. You agree not to hold anyone liable for any results of using this information. If you break it or hurt yourself – YOU MAY NOT HOLD ME OR ANYONE ELSE LIABLE.
Be Careful, if in doubt contact a Professional
Short Answer: Push/Pull the front bezel off starting in the corners.
The longer answer…
- First thing is disconnect any cables – power and video cables.
- Next remove the base plate by unscrewing it on the bottom of the plate
- Here comes the fun! You are going to place the display facing away from you (you are facing the back and see the words Samsung).
- Starting in the corners, push on the front edge (bezel) that borders the screen – I suggest starting on the top. See image for locations.
Places To Push on Screen Edge
- The front bezel will POP off in that corner go to each corner and repeat. Warning – When the display is about open, be careful of some wires that connect to the front bezel. The back is what comes off completely.
- The Back will Pop Off and you may set it aside to inspect and/or repair the display.
In order to reassemble the display you line up the back and you pop it back on by applying pressure.
Also you may want to use Plastic Opening Tools or Guitar Picks to assist in opening the display.
I hope this was informative and useful.
After apparently two years of work (no not really), I just now deployed my new theme. Hopefully with this new theme I will be more likely to post articles and other content.
Also I found out I posted a sneak peak at the new theme TWO years ago, which make me very sad. I really meant to have it out just a few weeks later, but this thing called life decided to butt in – anyway.
In this new theme I have applied some of the new stuff and technologies I have learned since the last version. Just a quick summary of some of these new things include: responsive design, SASS CSS Design, Modular CSS, CSS3 Features, Web Fonts, Gulp.js build process, Modernizr, flat design and some other stuff.
Beside the new workflow and tech, I have some new features. Some of the new features include link posts, custom post types for both my projects and portfolio to make it easier to manage the data. With the ability to do link post, I should have even more content to share.
I hope you like the new design, if you have any feedback on the design or find a problem – I would greatly appreciate it.
Note I have found some issues already and I’m working on them. The known issues are:
- Custom Web font for the logo isn’t not working on Mobile
- WordPress SEO and Caching Plugins need some tuning
- Need to update some libraries (jQuery)
- Missing my Google Analytics Code
- Portfolio is currently empty
- Some code cleanup
Share your thoughts in the comments below.
Update (February 6): Typos and Grammar
I know this topic has been discussed before, especially after the death announcement of Google Reader, but RSS is still around. (more…)
A few weeks back I noticed an interesting trend, the new flatter design of Apple iOS 7 has began a migration to Android Devices.
(more…)
I have been working on a refresh of this site over the last week, and I’m getting ready to convert the mockup from the basic code to a finished WordPress Theme. But before I do that, I want to share a little bit about the change of direction that this theme will cause for the site. (more…)
Back on October 23, Apple released the all new iPad Mini to the world, but they also updated another device – The iPad. Most people in the rumor mill suggested that Apple may re-release the iPad 31 with an Lightning Connector but no major spec bump until the usual March-April time frame. But lo and behold, Apple released the iPad 4, only seven months after the iPad 3. So, if you bought an new iPad 3 in the last few months I found an interesting quote for you to think about – from Steve Jobs. (more…)
