delete admin users automatically in turdpress

So, Turdpress (aka wordpress) randomly gets hacker users added to the list of admin users.

This sucks.

Hence it is called Turdpress.

To fix: 

Make a folder, something like /scripts/

mkdir /scripts

inside there make two shell scripts, call them delete.sh and run_sql.sh

set up a user, e.g. john, to automatically run mysql as root without authentication (obviously put a strong password on that user). 

mysql_config_editor set --host=localhost --user=john --password

mysql_config_editor set --host=localhost --user=root --password


Script: run_sql.sh

#!/bin/sh
if [ -z "`cat $1 | grep -i drop `" ] ; then
su - john -c mysql < $1
else
echo "Dont like that sql, bye"
fi


Script: delete.sh

#!/bin/sh
for i in cat list.txt ; do (
echo $i
 cat delete.sql | sed -e s/xxx/$i/g > /tmp/delete-$i.sql 
 sh run_sql.sh /tmp/delete-$i.sql
 rm /tmp/delete-$i.sql
) ; done

Now make the basic SQL commands to run. In this SQL, leave the xxx in place but replace #1, #2, etc., with the ID numbers of your admin users stored in wp_users.


SQL file delete.sql:

use xxx
delete from xxx.wp_users where ID not in (1,#1,#2,...);

The script replaces xxx with the name/s of all your wordpress site databases.

Now make a list of your wordpress sites:

echo "show databases" | mysql -u root -p > list.txt

This will create a list of databases. Edit the list and remove those which are not wordpress.


List of databases list.txt:

wp_database1 
wp_site2
wp_site3 
wp_database2 


Lastly

run crontab -e and add a cron job so the script runs daily. This will effectively delete all unidentified users in all wordpress databases. The below syntax runs at 6:01 pm every day.

1 18 * * * /scripts/delete.sh




Popular posts from this blog

bash + python script to find wordpress malware and delete it.

OK so there are three parts to this script. 1. An exclude list 2. The script 3. A python script to check for randomness. The idea is it finds spammy-looking filenames and then runs a python entropy script to check if the file is random-ish internally. It then offers to delete. Note that real virii have an entropy in the 5.8 region, because they use code obfuscators. If the entropy is lower than that rather skip deleting and manually check the file. I know about wordfence-cli but I do not like it. Flags are -f for find and -d to delete. It prompts for each delete. 1. The script sudo mkdir -p /scripts/wordpress/ sudo vi /scripts/wordpress/find_spam_crap.sh #!/bin/bash export TERM='xterm-256color' # File containing known, safe PHP filenames to ignore IGNORE_FILE="/scripts/wordpress/find_spam_crap.ignore" # File containing all known filenames for exhaustive English exclusion EXCLUDE_FILE="/scripts/wordpress/find_spam_crap.exclude" # Function to load ignore list ...
Read more

enabling web interface updates over FTP or directly

Wordpress can be updated on the command line or the graphical side in the web browser. But in order to do that you need write permission on the server as the user www-data (the webs server), or, ftp access to upload files from wordpress.org to the server you are hosted at. Hence, you can either set the website to be owned by the webserver (and risk that vulnerabilities to the webserver affect your website), or you can enable FTP. The default is to let the webserver (www-data) have write permission: chown -R www-data:www-data /var/www/wordpress/ chmod -R 775 /var/www/wordpress/ To enable FTP, create a user specifically for the purpose on the server's FTP service and give them ownership of the wordpress folder. Put the following code into the wp-config.php file define( 'FS_METHOD', 'direct' ); define( 'FTP_BASE', 'www.myserver.com/www/wordpress' ); define( 'FTP_CONTENT_DIR', ' www.myserver.com /www/wordpress/wp-content/' ); define( ...
Read more

turning on debug mode

Turn debug mode on edit your wp-config.php file and find define('WP_DEBUG', false); change to define('WP_DEBUG', true); General causes of bugs 1. Dodgy plugins/templates. Remove them all and add them back one at a time. Same for themes 2. Config errors. Replace the config.php file with the template and reinstate it. Obviously copy/paste the login details for the database out before you do that, so when you recreate it, it asks for them again. 3. Code incompatibilities . You have some old code somewhere (e.g. an old php file) which was not upgraded and is now incompatible with the new php in the new issue of wordpress/plugin/template etc 4. Permission errors.  chmod -R 755 /var/www/mysite chown -R www-data:www-data /var/www/mysite assuming your installation is located in /var/www/mysite. On a single-site server it will be /var/www/html "There has been a critical error on your website" = problem 3 above, usually.
Read more