Question: |
What do we decide?I don`t do spam, and I don`t have and are unlikely to be reasons for doing it is neither here nor servers which are specially designed for this purpose.The fact that I have at the moment, users are unable to register on the site, some content is hidden from bots, and some users in error are bots, they need to register to have access to the full content. |
Answer: |
it`s not that you are personally doing is spam or not. but the fact that spam was engaged through your site . you wrote that the spam went through right, but the shell itself does not appear, you found the cause, what actions were made that this would again. here`s an example report office office which audited one of the sites List of procedures 1. The site is scanned for all types of malicious code, viruses, and hacker scripts. Detected and terminated hacking scripts and insert malicious code in the following files: • ./wp-includes/wp-undreamed.php • ./wp-content/plugins/lnc.php 2. Closed vulnerability in the script recepty/wp-content/themes/BlogPost/timthumb.php 3. On the website is protected from hacking “cms hardening" ("cementing" of the site) closing a vulnerability in the scripts and eliminates the possibility of hacking the website via attack through the web. Details of the protection can be read on the page http://revisium.com/ru/clients_faq/#q4 in particular performed the following: • to enhance security, denied entry to all directories, also upload, image, tmp, cache, backup. All the cms files and templates made “read only”. This measure protects against unauthorized file changes and load into the system catalogs of hacker scripts and shells. • all directories allowed on the entry, placed a special .htaccess file that blocks access the scripts. The measure eliminates the possibility of unauthorized execution of the script .php loaded in the directory upload/image/tmp, etc. • From the server, removed all the unused text files .txt, .log, which contain the version of cms and plugins. The information contained in these files helps the hacker to identify which version of the CMS and, as a result, vulnerability and plugins. So leave such files on the server unsafe. • in the root .placed htaccess code to prevent model hack attack: XSS, SQL injections, remote file downloads, attempts read system files, dump files, and configured protection automatic download of content and a number of other safety regulations. • in the config file wp-config.php added site settings to prevent changes to system files and templates through administration panel of the CMS. 4. Access to the CMS administration console protected by an additional password protection. This measure closes a number of vulnerabilities in control panel administrative directory, and not allows you to log attacker even knowing the username and password of the administrator. |