Hello everyone so this is an overview of first WordPress meetup of 2020. It was 1st Feb 2020 and we were going to meet each other after first WordCamp Lahore in December 2019. After a long time this meetup was announced in morning. According to Abdullah we got a good turnaround this time. We were having 2 speakers on this meetup. Attiq Samtia was talking about usage of flutter and Fahad Mahmood (WordPress Mechanic) was talking about inspection of a hacked WordPress website. Overall it was a nice session. Information technology park could be a reason that this time we got good turnaround. We really appreciate and want to acknowledge those visionary people who gifted this landmark to us. Apart from political influences, this revolutionary center point of information technology served Pakistan tremendously in different ways.
This meet up was arranged in plan 9 floor 9 room number 21 on 1st February 2020 at 10:00 AM.
Luckily, Fahad, got his friend awoke this time as Fahad mentioned in his earlier post, Noman was sleeping on WordPress contributor day 2019. Meet
Noman Ahmad, a sophisiticated programmer, developer and a WordPress Agency owner in Lahore, Pakistan. He is dedicatedly working on WordPress projects and managing his
Fiverr profile smartly. He asked a few important questions to Fahad Mahmood (
WordPress Mechanic) including malware scripts.
Fahad started talking about inspection of hacked website around 11:45 AM. He started with a quotation of Albert Einstein “We cannot solve our problems with the same thinking we used when we created them” and he got the attention of the audience.
Unexpectedly Fahad started his session with comparison of fiverr gigs and brought some interesting statistics in front of the audience with a hot keyword “hacked website”. It was really interesting that only 43 results were there with hacked website although everybody is saying that he’s working on fiverr and almost everybody is at least aware of when our website goes down or a website got hacked. When he asked from the audience, they responded him that yes they are aware if a website got compromised so what they normally do. Most of the attendees responded, they normally refreshed the WordPress core files, theme files, plugin files, replace the complete website with the backed up version.
Fahad brought this into their attention that a hacked website is not an easy task that’s why most of the people aren’t offering this service online. Anybody can claim that he can clean your website but he cannot. The reason is lack of interest in this task and lack of inspection, he rephrased his topic and repeated it several times that he’s not going to tell about how to hack a website or how can you avoid hacking. He made it clear that he will tell some interesting aspects of a hacked website inspection process. Amazingly the gig price comparison was between $25 and $250.
WordPress Mechanic didn’t tell any story about himself regarding his hacking experience. Neither this question was being Asked from him nor he told that he hacked any website anywhere for anyone ever? His deep interest and knowledge about hacked WordPress websites was poking the minds of the audience though. He continued and started with command for comparison of a few websites server response time. He chose wordpress.com, google.com and another banking website initially. To show poor server response time, he brought 2 of his own websites as an example. According to his findings, a banking website and google.com were using good server hardware and serving the worldwide requests efficiently. He said server response time matters and a hacker normally check that how healthy is the hosting server he’s going to hit with DDoS attack. He continued and awake his audience with a simple calculation of 1 second to 1000 milliseconds.
He explained about control panel software available on hosting accounts normally we buy. A few interesting statistics are available on right hand side when you login. You can check that who was logged in last time and what is the status of physical memory and file usage. Number of processes was another interesting statistic.
He brought a bar graph on next slide with several countries from where he was getting visitors on his blog website. Interestingly United States, Pakistan China, France, India, Russia, Italy, Britain, Romania, Netherlands, Sweden, Germany, Canada, Ukraine, Nigeria, Australia, Indonesia, Chile, Vietnam, Greece, Brazil, Belgium, Estonia and Thailand were listed there with least number of hits as 60 and most with 8000+. This was an impressive outcome with 8000+ number of hits from one country he was spending only 71 MB. He explained further about the variety of IP addresses being logged in.
Another page with number of pages, number of hits, and bandwidth status.
He further introduced a script by him which was creating a smart log of query strings being recorded from the website pages and some hidden URLs like ajax requests. This inspection process was continued with interesting folds being unfolded. He came up with a complete directory structure off WordPress directories especially content directory.
He explained about a few files with suspicious names, file types and their locations. He revealed the name of that free WordPress plugin “Injection Guard” which was logging the expected injections. He said this plugin will log everything which is coming to your website and manually you can whiteflag or blacklist the querystring. He further came up with some robots.txt file insights.
He revealed a few famous posts from his website which was being accessed by number of users from worldwide IP addresses for example there was a quotation and another job description post from his team regarding artificial intelligence and a script of WordPress.
There was also pree() function which is his world famous function being used in number of websites if we can say hundreds of websites so it can not be a false statement.
Another quotation, assembly language, asynchronous, RSS feed widget and further few posts from his student life like hybrid topology, codeigniter and another recent post which was published about contributor day 2019.
He asked the audience that do you know what is archive.org and audience responded in negative so he explained that you can check your website here how was it looking in previous months and even in previous years you can check that how was it looking and was that down or up? You can check your clients website that either it was live in previous month or it was down due to some database error or any other server side issues. He mentioned that you can check your clients website prior you bid to a project because it is really important to know about your clients website that you are going to bid on some project and what was the previous condition of that project and how are you going to talk about their online business because sometime it happens, website was facing some problems already and you are going to put your hands in. There were a few problems which you didn’t create, you were not responsible for but you were going to take that responsibility finally. The reason is, you didn’t talk about those things upfront. It’s better that you inspect everything carefully before you take that project.
He also explained a few more statistics from CPanel like disk usage, database usage, bandwidth usage and files usage.
On another slide he said he brought a sophisticated malware example file which was looking like some haphazard form of variables. He also asked the audience that are they aware about concatenation and base64_encode and base64_decode thing. Then he asked about echo $variable and echo $$variable so that was an interesting part where audience responded like it will echo or it will make another variable with the value inside that variable so he explained that how intelligently hacker will write a malware which will work on your website before and after being compiled/interpreted/pre-processed.
He said these are like sleeping cells sitting in your discs, in your themes, in your plugins and in your upload directory sometimes in image files, sometimes they are in your databases and you are not aware when these will be triggered when a hacker will query your website to check what is the response he will check the heartbeat of your website with server response time and if your website will respond it means this website is positive for infection. He said that an intelligent hacker will never put your website down, he will always try to keep your website running and serving his objectives, he added. He gave another perspective of thinking that hacking doesn’t mean putting a website down, hacking means make less effort and get your desired output with others’ resources either it is a usage of bandwidth, database and if it is the theft of visitors, audience or the traffic.
It was looking like Fahad was there not to explain about a hacked website only but about hacker’s brain as well. Numerous times he quoted his mentor Kamran Shafi in his session and tribute him regarding the positive and brighter thoughts towards providing services online. He displayed some malware examples, a couple of infected files and an error log file. He also explained robots.txt file infection and .htaccess file infection for example permanent redirects are infected/complex rewrite rules. He explained about his anti-malware script as well which he didn’t provide as a giveaway to the audience and nobody even noticed that he was having an anti-malware script with him.
He told everybody how can they code it for themselves but it was looking like Fahad was having good knowledge about Regular Expression Language as well because according to him he was continuously keeping this script updated regarding suspicious tags and functions which can be exploited. So he kept his anti-malware script updated from years. He said he was not working on fiverr anymore, he was working in 2014 and 2015 after that he left that platform. He was a level 2 seller at that time and his last delivery was in 2017. He was with 900+ positive reviews. If we believe that he worked only for a couple of years on fiverr and his main gig was about fixing or troubleshooting and he said that he was getting the same pay-scale which he was getting from software house so what do you think that with 900+ positive reviews what exactly he got in total. And how many projects were related to hacking or hacked websites? There were a number of questions which audience couldn’t ask him and there was a lot more which he could be asked and we could learn from him but that is the hidden part an intelligent speaker will keep hidden and will never reveal his secrets.
In the end, he talked about database error and explained the audience that how can they use database error file “db-error.php” which can be your weakness and you can turn it into your strength. He explained that he will show everybody here that how a website goes down when database got crashed. Interestingly he crashed his website with some simple parameter in the URL like /?down. According to him that URL change will make his website down with that parameter because he scripted something in configuration file “wp-config.php” and everybody was witness there that his website was down because according to him whenever his website will go down, one of his favorite posts will start appearing instead of any error page. So after a couple of questions, a round of applause when he said it’s all.
WordPress meetup series 2020 is an interesting opportunity to know the guys who are actually working on something which is hidden from us, they come and talk about something they want to talk about, we cannot find them, we’re lucky whenever we find somebody like Kamran Shafi, Fahad Shakeel or Fahad Mahmood and Attiq Samtia. Because these guys cannot be hired, these guys cannot be forced to talk about something, these guys speak naturally, these guys love to explain/help that how did they get the position they are on at that moment. Such guys either are working with full of their interest with energy or they simply don’t work. They learned how to serve at their best but they didn’t learn or maybe successfully unlearned that how to compromise with quality. I appreciate WordPress meetup organizers’ team especially Abdullah, Uzair, Attiq, Waleed, Mustafa, Salman, Zara, Zaheer, Nauman, Ali, Sarah, Talha, Raza and Farrukh who made it possible to bring some quality content so we could learn something beyond what we know, beyond what we see and beyond what we hear from our surroundings thank you so much for this exceptional start of Meetups in 2020.
Last updated: February 4, 2020