TimThumb.php still a problem on many sites!

Working for a web hosting company islandhosting.com I help with WordPress security and I see TimThumb.php still appearing in sites as not patched.

I use Gauntlet Security plugin to do a scan of a site and see that gaping issues need to be addressed and I find timthumb.php plugins and themes,  In the most recent instance below I found it in a plugin:

TimThumb was found somewhere in your content directory

Result

Path Version Threat
[ SITE ROOT ] /wp-content/plugins/mobile-smart/includes/timthumb.php 2.8.10 Known vulnerability

To fix it you navigate to the file as shown above and edit the file and then go to:

https://timthumb.googlecode.com/svn/trunk/timthumb.php

And cut and paste the code from here replacing the timthumb.php code and then save.

A rescan with Gauntlet Security should then show it to be patched.

As for the gauntlet security plugin,  I install it,  activate use it and then deactivate and uninstall it.  Its a security scanner and provides no active security protection so there is no need to have it remain active.

 

Apple’s El Capitan Mail Fail!

Customer support is an interesting job.  Had a customer call and his SMTP server in the Mac Mail app on El Capitan had changed to none, The screen below is not his screenshot but one I found online.  Clicking the arrows at the end of the outgoing server list should of showed the mail servers which it did but was missing the Edit SMTP Server list!!!

prefs2

I thought perhaps that Apple had added a protect to the list in the Advanced section,  so we went therein and unchecked the Maintain Account Settings,  applied that and then went back in and retried and still no go.  I advised Thunderbird as a better option and client agreed.

Hopefully a fix is coming or someone can use the discussion below and help us determine one.  Yosemite Mail also had issues where you would change account settings and they wont stick if you navigate around too much between windows.  All in All Mac Mail is frustrating in the 2 most recent releases of Apple OS and I personally would recommend Thunderbird which supports addons.  Its developed by http://mozilla.org who also have the Firefox Web Browser.

We use Chasms website to give us screenshots when providing Tech Support for customer at http://islandhosting.com,  El Capitan screenshots are at http://chasms.com/osx/elcapitan/elcapitan.htm

A christmas sweater I would actually wear.

image

Fan Page Exclusive – Get Ready For Christmas!

Order Here ===> https://teechip.com/darthxmas

Tag a friend who would wear this!

Shutdown doesn’t shuts off the laptop in Windows 10 (64 bit)- FAN, Power button Light still on

I had a customer call in who had a problem with Windows 10 which she upgraded from Windows 8 and she has had both HP support and Microsoft trying to help her resolve the issue to no avail but I found a fix and wanted to share it:

First, find out if this is your issue.

1. I installed the ‘Intel Processor Identification Utility’ directly from Intel.
2. After installation, open the program and go to the ‘CPU Technologies’ tab.
3. If it says ‘YES’ for Intel Virtualization Tehnology, proceed.

Solution.suggested by a blog post I found:

1. The next thing you have to do is go into the BIOS.  If you have not done this before, proceed at your own risk.
You need to restart the computer and enter the BIOS (for me I hit F10 at the HP screen)
2. Within the BIOS, there is an ‘Advanced Options’ section
3. In this section there is a line for ‘Intel Virtualization Tehnology’ and it will say enabled or disabled.  My computer said disabled.
4. If this is the case, change the option to ‘ENABLED’; then SAVE and EXIT from the BIOS.

The Computer will restart and from that point on Shut Down, Sleep, etc. has worked.  WOW this was a frustrating issue. Almost went back to Windos 8.  I take no credit for this solution, I pieced it together from other posts on this issue.  Hope this helps.

Talking a customer through a bios with arrow heys to move the selector around when they only know how to point and click was painful but we got there and they were very appreciative,  would love to know if it helps others.

Paypal coffee/beer money can be sent to me at robtinbc@gmail.com if it works for you.

After Win10 upgrade My Microsoft Outlook 2007/2010 wont send.

Credit for this fix to Tony and Ollie in the UK.

If Windows 10 upgrade occurs and Outlook 20xx wont allow you to send then there is a simple fix:

  • In the search box type CMD
  • Right click the Command Prompt that shows up at the top of the list and run as administrator.
  • At the command prompt type: sfc /scannow.
  • You’ll need to click Yes to allow it to make changes to the computer.
  • Once System File Checker is finished, reboot the computer.

Reinstalling or repairing the Office install, making new profiles and other common troubleshooting steps will not fix this issue.

Am I not a Christian ?

Chris·tian
noun
1.a person who has received Christian baptism or is a believer in Jesus Christ and his teachings.

 

I have been wrestling with something that was said to me by someone who I thought as a friend and now I have lost allot of respect for.

This person,  someone who has a pastoral role comes into where I am and I jokingly say “Hey,  have you come to take me for coffee?” knowing full well they had not only to be hit with a response that flawed me and had been grinding at me since,  the response was…

“I only take Christian’s for coffee”.

What did that mean? I have my belief in God and the story of Jesus Christ and how he died for our sins,  I don’t read my Bible much unfortunately but I try to be pleasing to God by trying to be like Jesus in my decisions and how I deal with others.  I cannot quote scripture and know the general stories of the Bible.  I do attend Church as well but with a child with Autism I find that hard as he transitions badly in some cases and its not possible to make it.  I try to listen to sermon podcasts so I can keep up with the series.  I try to pray and ask for prayer.

I came to Christianity through my wife who attended the Salvation Army so I sometimes have a hard time going by faith alone and I did have other beliefs in the past but I am wanting to be a better person and want to believe in God and Jesus and I pray and I listen for God’s word,  I have never had God speak to me.  I will say my belief in God is not strong and unwavering but its something I want to grow.  I really want that moment where I break down in tears and my life is changed forever but that has not happened yet,  is that it?

Is it that I have not been Baptized?,  I have been holding off on that as I do waver in my Belief and I feel getting Baptized when I find having faith so hard at times is not the right thing to do or should I be Baptized and then it will all fall into place.

I suppose a man of the cloth who’s so stead fast in his believe can see wannabe Christian’s but surely if someone wants to be a Christian then they should be encouraged and built up,  not torn down and judged so quickly.

If its bothering me this much maybe its more the truth but I just am angry about it all and mystified.

Please pray for me and the person who said this to me,  I really don’t understand.

My Journey

Mike Oshiro my pastor at the Forge Church in Langford, BC challenged the congregation to put our journey into some format.

I have chosen to do it and its going to be ongoing but here it is.  I am going to cover it in 3 sections each with 3 sub section, of who I was, who I am now and who I hope to become.

Physically

Who/Where was I

I have never been in good shape but I think this is more where was I physically,  I went from living at hope with my parents until I was 19, I wanted to leave the nest earlier buy my mum was a caring mum and I stayed longer as I could tell she was not ready to see me leave,  I was ready to strike out on my own as 17.  In some ways that 2 extra years prepared me better.  I commuted to work as I had a job pretty soon after leaving school and I enjoyed my driving and the freedom it gave me,.

I found that living on my own was awesome,  I think learning to be at peace with your own self and comfortable with who you are before looking for someone else to mess things up with is important and people don’t do that.  Allot of it was not by choice and I can cover that more in my Emotional reveal. Spending time alone I found to be very good for my growth looking back, existing in my own space,  having my own independence

I lived in a few locations with other people,  generally people who also worked at IBM UK as I did was great,  I had fun and this was a party time in my life and then I moved further away in the UK from my parents which meant it was weeks sometimes months before I would go for a visit and then I found myself moving to another country.  Something that brought me to Canada and the where I am now.

Who/Where I am Now

Stuff to go here

Who(where) I want to be

Stuff to go here


Emotionally

Who was I

 

Stuff to go here

Who I am Now

Stuff to go here

Who(where) I want to be

Stuff to go here


Spiritually

Who was I

Stuff to go here

Who I am Now

Stuff to go here

Who(where) I want to be

Stuff to go here

How can I speed up my WordPress Self Hosted website?

I responded to a forum post and put so much information I thought I should post it here too,  please comment and I can flesh out the posting with information people need me to elaborate on…:

Here is my recommendations:

Fix any 404 issues. Generally you can right click in a browser, inspect element and then go to the console which will show you issues to fix.

As for plugins…:

– I would look at tinypng to optimize images in the site. It has better compression than shush.it in general and smush.it seems not to be commercial and gone to the dogs.
– Speed Booster Pack – Its relatively easy to configure and you can tell it to minify css, js and load js in footer, you can lazyload images and is relatively easy to setup.
– Use htaccess to tell web server to cache, turn on gzip compression. AskApache.com has a load of good info, I dont know where to go if your host is using NGINX… anyone?

– Use a cache plugin of some kind, I find W3 Total Cache to be overkill and to hard and if mis-configured it can be harmful.
– Optimize database after deleting revisions – A plugin that not many people think of but you can schedule a cron to run and it will clear out revisions and other crap on the database before it performs an optimize, it can clear out MB’s of data and make SQL queries run faster.
– Use a CDN, Islandhosting.com allows you to configure cloudflare in the cPanel for free and can really help.
– As your hosting provider to help you see what might be causing slow loading, at Islandhosting.com we will look into it, we can turn on newrelic stats and profile the site and find out what might be causing the slow loading. We can then determine if creating new indexes in the database structure could speed things up or if you have an offending plugin you should remove.

You could try turning off all the plugins and then turn then on one at a time to see when the site starts to crawl, there are also plugins that will let you profile performance of the site.

– Make sure you don’t have spam user registrations and/or comment spam building up in the back, check your users section in the dashboard and turn off user registrations if you don’t need them and use a plugin like “disable comments” if you don’t need comments on.
– Make sure your site is not getting slammed by spam bots or brute force attacks which can put load on the server and make the site perform slow.
– Check the resources in your account, make sure your on a plan that gives you enough entry processes, bandwidth etc, we can help our customers with this at islandhosting.com
– malscan your site, if you have malware it can cause unpredictable results, Islandhosting can run a maldet and a clamscan detection on your site for free and help you if you have malware. You can also use securi to scan your site and they also have a plugin for wordpress.
– Make sure you don’t have any plugins that keep logs that have been building over time and have not been purged. I had a site using 404 redirected and the log file tables got massive and the site crawled.
– disable wp-cron in the wp-config.php file (google it to find out how) and then add a cron in your web hosting control panel to run periodically, wp-cron runs on every page load and can be an overhead you don’t need. Some hosts wont even allow wp-cron.php to run.

– WordPress Heartbeat can also be a performance problem, I have seen it in some sites before. See http://wptavern.com/how-to-take-control-of-the-wordpress-heartbeat-api, there is a plugin that can help therein.

I think I have covered all the things I have faced that effect performance, had to help allot of customers with performance issues in the past and I have learned a few things!

Thanks,
Rob Turner
Islandhosting.com cPanel Managed Web Hosting

Delete sample-post & sample-page when starting a WordPress site.

Spam bots like to look for /sample-post/ to spam it, we have seem instances where peoples hits sky rocket, stats get skewed and all because they don’t either delete sample-page and sample-page when starting a WordPress website or change them to something else by editing the permalink that appears just under the page title when you edit the page/post.

If you don’t want comments in your site disable them, I have used a plugin called “disable comments” sometimes but you can also change WordPress and disable the comment system internally.

Useful article here on disabling comments in WordPress too: http://www.wpbeginner.com/plugins/how-to-turn-off-or-disable-comments-in-wordpress-pages/

Hide your web statistics (eg public webalizer folder)

Working for a web hosting provider providing 2 services (islandnet.com – Web Hosting and Web Design and islandhosting.com – cPanel Managed Web Hosting and Web Design) as I do I have seen in instances on hosting services where for example webalizer stats are in a folder accessible via the website domain, be it for example http://www.mydomain.com/webalizer/ or /stats/ etc.

We recommend ultimately password protecting these folders or at least using a robots.txt entry to tell search engines not to index them.

Why you should protect your Webalizer or other web statistics folder.

the reasons are due to people trying to build backlinks to sites, If your site has a good page rank you may become more of a target as spammers try to inflate a sites page rank.

To get in Webalizer stats you have to be in the top 30 URL’s by default unless your webalizer installation is customized to show more or less. A spam bot will request your site as many times as it can making itself the referring URL. If your stats are wide open and indexable then they have in effect created a backlink from your site with its possibly high page rank back to them.

This basically makes the stats useless to you as they harbor no useful data.

How do I Password Protect my stats folder?

If you password protect your public stats folder with .htaccess this will probably stop this and your stats will give you a better representation of your site traffic, using robots.txt will stop google and most other search engines that obey/consult robots.txt but may not stop the spambot who is only checking to see if webalizer exists.

I would use the tool provided by Dynamic Drive to generate the required files to make this happen.

Alternatively you can use robots.txt to stop search engines from indexing folders.

If for some reason your host does not support htaccess or you cant get it to work them either move to islandhosting.com (Promo code: 1MONTHFREE) or use a robots.txt file in the root folder of your site.

If your webalizer/stats are accessed by http://domainname.com/webalizer/ then in the folder that the domain points to create or edit your robots.txt to include:

Disallow: *
/webalizer

A real life example of messed up stats

I just found on google Stats for Pillar Construction and as you see there they have in the top 30 Referrers many .ru sites and they have a page rank of 3 so spammers are trying to build pagerank of of this legitimate site, see: http://www.pillarconstruction.com/webalizer/usage_201506.html

 

I hope this is useful to many, working for a smaller local hosting provider called islandnet.com we were really aware of the workings of sites and hosting, saving bandwidth, making sites faster, compressing images and generally making things as efficient as possible.

Moving to offer cPanel hosting now we can keep this mentality and offer a better cPanel experience than most and advise customers how to squeak that little bit more out of things.