I’m receiving many and many bruteforce attempt to the Administration page, now I have to make some hack to this blog theme :p
Some people were smart enough to took or use the username from a post, and use it to try to loging in to the Administartion page. So I give you a credit 🙂
This is some hack to the Radius Theme to remove the author tag :p
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 |
<div id="post-<?php the_ID(); ?>" <?php post_class(); ?>> <?php $entry_title = ( 'page' == get_post_type() && radius_post_edit_link() == "" )? 'entry-title entry-title-page' : 'entry-title'; ?> <h2 class="<?php echo $entry_title; ?>"><a href="<?php the_permalink(); ?>" title="<?php printf( esc_attr( 'Permalink to %s' ), the_title_attribute( 'echo=0' ) ); ?>" rel="bookmark"><?php the_title(); ?></a></h2> <?php if ( 'post' == get_post_type() ) : ?> <div class="entry-meta"> ---> <?php echo radius_post_date() . radius_post_comments() . radius_post_author(); ?> <--- Dilakukan sedikit pembuangan sehingga menjadi : <?php echo radius_post_date() . radius_post_comments(); ?> <?php if ( is_sticky() ) : printf( '<span class="entry-meta-sep"> ⋅ </span> <span class="entry-meta-featured">%1$s</span>', __( 'Featured', 'radius' ) ); endif; ?> <?php echo radius_post_edit_link(); ?> </div><!-- .entry-meta --> <?php elseif ( 'page' == get_post_type() && radius_post_edit_link() != "" ) : ?> <div class="entry-meta"> <?php echo radius_post_edit_link(); ?> </div> <?php endif;?> <div class="entry-content"> <?php radius_featured_image(); ?> <?php radius_post_style(); ?> <?php echo radius_link_pages(); ?> <div class="clear"></div> </div> <!-- end .entry-content --> <div class="entry-meta-bottom"> <?php if ( 'post' == get_post_type() ) : ?> <?php echo radius_post_category() . radius_post_tags(); ?> <?php endif; ?> </div><!-- .entry-meta-bottom --> </div> <!-- end #post-<?php the_ID(); ?> .post_class --> |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 |
<div id="post-<?php the_ID(); ?>" <?php post_class(); ?>> <h1 class="entry-title entry-title-single"><?php the_title(); ?></h1> <div class="entry-meta"> <?php if ( 'post' == get_post_type() ) : ?> <?php echo radius_post_date() . radius_post_comments() . radius_post_author(); ?> <?php if ( is_sticky() ) : printf( '<span class="entry-meta-sep"> ⋅ </span> <span class="entry-meta-featured">%1$s</span>', __( 'Featured', 'radius' ) ); endif; ?> <?php endif; ?> <?php echo radius_post_edit_link(); ?> </div><!-- .entry-meta --> <div class="entry-content"> <?php the_content(); ?> <div class="clear"></div> </div> <!-- end .entry-content --> <?php echo radius_link_pages(); ?> <?php if ( 'post' == get_post_type() ) : ?> <div class="entry-meta-bottom"> <?php echo radius_post_category() . radius_post_tags(); ?> </div><!-- .entry-meta --> <?php endif; ?> </div> <!-- end #post-<?php the_ID(); ?> .post_class --> <?php radius_author(); ?> <?php comments_template( '', true ); ?> |
Gunakan username yang berlainnan daripada nama authornya mas. 😀
Hehehe… Ini kesalahan pada waktu pembuatan pertama dan juga belum ngedit themesnya mas 😀
Kang, coba deh bruteforce http://serverborneo.com/wp-admin, saat submit nanti akan lari ke https, nah https cuma bisa diakses oleh IP saya, jadinya tidak ada kesempatan untuk bruteforce administrator login…
Btw, mantap dah contoh script hacknya kang Erwan 🙂