Tag: Directory

What is the best way to create default page when access to a protected directory is Cancelled through onclick?

I have a protected directory on an hosted IONOS server. It correctly works when the correct credentials are entered, but when a user hits cancel, it redirects that user to the hosting provider’s promo default page.

eg. https://initiostar.co.uk/ticker/OmniTicker.7z

eg current htaccess 

AuthUserFile /path/to/the/password/file/.htpasswd AuthType Basic AuthName "Protected Page"  <Files "index.php"> Require valid-user </Files>

If the user hits cancel you are redirected to the host’s default page. Tried adding a default, but I doubt this is the way to it.

DefaultIndex [filename]

Preferred outcome: popup box opens in a small window on the web page and where cancel is executed, it closes the popup and stays on the same page.

For anyone working with Apache I assume this is standard stuff, but not for me.

Recovery of files from a zip containing a directory (unencrypted) and 3 files (encrypred – ZipCrypto Deflate), possibe use of bkcrack?

I have a zip file, Example.zip consisting of a directory Example and three files *.dat. I can see the names of all 3 files. The dat files are encrypted (ZipCrypto Deflate). I’m interested to know if I can use bkcrack, and am aware of the required:

at least 12 bytes of contiguous plaintext.

My system has a modern 6c/12t CPU, and an older GPU.

  1. Can I use anything about the directory or filenames themselves for the required plaintext?
  2. If 1 is not possible what hints/course of action can I take to derive the 12 (or more) bytes.

I just need the files.

How to write a file from a theme to the “Site Address” directory?

I recently came across a theme which creates a sitemap and attempts to add it to the Site Address directory/root, so https://example.com/sitemap.xml. I believe the way this theme does it makes some bad assumptions about file paths and uses ABSPATH.

$  fp = fopen( ABSPATH . 'sitemap.xml', 'w' ); fwrite( $  fp, $  sitemap ); fclose( $  fp );

In most cases, this might work without incident. However, I’m actually using Bedrock which means sitemap.xml ends up in https://example.com/wp/sitemap.xml with /wp/ added and so visiting the expected URI (https://example.com/sitemap.xml) results in a 404.

I’d like to correct this via a child theme or by PR but I frankly have no clue where to begin, so I’ve currently just made some symlinks, but something tells me there’s a more thorough approach.

Conditionally check if page is using template from plugin directory

I am having trouble loading the script conditionally in my plugin.

I have a DataTables page and want to load datatables scripts only for that page. So I made a page template called datatables-template.php and loading dynamically so can set the template in page attribute.

The template path is my-plugin/public/templates/datatables-template.php

So far so all is working fine. However, when I try to load script explicit fore that template using is_page_template()

When I have checked with get_page_template() that returning theme current page template which is page.php in my case.

Note: is_page working fine, of course, since it will check the current page, that would work. I have also checked my path using file_exists and that returns true. That means I am giving a correct path for the template. So no idea how to check it.

Additionally: I have tried with global $ template which returns the correct plugin template but that doesn’t work in conditional check in my plugin file.

global $  template;  if('datatables-template.php' == $  template){     //load script }

Question: How can I check if the page has set the specific page template in page attributes, in my case datatables-template.php and load script explicit for that page?

Can a PHP shell uploaded to a WordPress directory have access to an entire Linux machine?

I run a few WordPress instances. I had one new one that I had not configured and left sitting, so the installation was on the 1st step awaiting for the database name, username, password, and host. When I went to finish the install after letting it sit like that for a week, I had noticed that someone had found the site, and inputted their own database information, and “took the site over”. It was a blank slate, so not much to it.

I removed the wp-config.php file and re-ran the installation with my own values. I then looked around for anything suspicious in the WordPress directory. I had found a shell plugin they installed, labeled “UBH console”. I couldn’t get the console to run, I got a 404 error.

I assume this shell couldn’t get them access out into the machine past the www directory the website was installed in?

In the past, I’ve always set the WordPress directory permissions with the following command:

chown -R www-data:www-data directory/

Is this the right way to set these directories? Upon further research, a lot of people run this and stay like this, but I’ve heard to change your permissions after running the installation. Running Debian on my machine.

Bootstrap & what for building a directory like website ?

Hi guys,

I am not particularly active here because I am more or less capable to find and solve my wordpress/SEO related problems just by googling or searching through these forums but here am I looking for some help.

To make a long story short, I would like to build a "directory" like website similar to "freetechbooks" where users can filter and search for specific items. It is written that "freetechbooks" was build with Bootstrap but isn't Bootstrap front-end CSS framework only and when…

Bootstrap & what for building a directory like website ?

can one obtain a file listing from a protected directory when one has not authenticated

I am monitoring a webdav service that has been probed repeatedly since the beginning of February. The Apache 2.4 httpd server hosts just this one application. Access to the application is only possible over https and is controlled by an .htaccess file. Various directories in the web site directory tree are further restricted by an .htgroup file.

The probes have not actually retrieved any files. All attempts to GET result in a 401 Forbidden code. However, the probe is using actual file names found in the directory tree.

There is no ssh service to this host available except when explicitly manually enabled; and then only to internal private ip addresses.

My question is: what technique is/was used to discover the file names and directory structure? I have been trying to find a way to accomplish this and I cannot discover it. But clearly, there must be some way this information was obtained by the probing party.