DiscountASP.NET Hosting

Reinstalling a clean version of WordPress after a compromise

How-to, Miscellaneous

Martin OrtegaIn this tutorial we will be reinstalling WordPress after it’s been compromised or “hacked.” The tutorial assumes three things: 1) The MySQL database your WordPress site was using wasn’t compromised, 2) The WordPress files were the only thing modified, and, 3) You have no other web applications installed in your site’s root directory.

These instructions are specifically for WordPress installations running on IIS, but you can use the same basic steps to reinstall WordPress on any platform.

 

Quick overview of the steps we’re about to take

  • Creating a two different directories locally on your computer.
    • One containing your hacked WordPress site.
    • The other containing your clean WordPress site.
  • Before changing anything we will be making a backup of your current WordPress site by downloading it via FTP. Yes, the current compromised WordPress site.
  • Downloading a clean copy of WordPress
  • Re-downloading your themes folder
  • Re-downloading your plugins folder
  • Copying your web.config and wp-config.php files from the old WordPress site to the root directory of your clean WordPress site
  • Restoring your images/upload files

 

Step 1 – Create two different directories on your computer

Create two different empty directories on your local computer.

CleanHackedWordPress_1

Step 2 – Create a backup of your hacked WordPress Site

First you will need to establish an FTP connection to your site. Instructions on how to connect to your site via FTP can be found in this knowledge base article.

Once the FTP connection has been made, navigate to your local directory within FileZilla where you wish to place your backup.

CleanHackedWordPress_2

Highlight all of the files and directories within your WordPress site and right click on Download to copy them to your local environment.

Important: We’re putting the files here for safe keeping, don’t open any of the files unless specified in this article.

 

Step 3 – Download a clean copy of WordPress

Go to WordPress Downloads and download the zip file.

CleanHackedWordPress_3

Next you want to extract the clean files to the clean folder directory on your local computer.

CleanHackedWordPress_4

 

Step 4 – Re-Download your theme files

Everyone uses a different theme for their WordPress site, so everyone’s case is going to be unique. If you remember where you downloaded your theme then go ahead and download it from the source and and skip to section Step 4 B.

 

Step 4a.

If you are unsure which theme you were using, navigate your \wp-content\themes directory in the hacked backup WordPress files.

WARNING: Don’t use the theme from the hacked WordPress site, it’s important to download a new copy from the source.

Within the \wp-content\themes\ directory you will see different directories. You will most likely see some of the default themes that come with WordPress:

  • Twentyfifteen
  • Twentyfourteen
  • Twentythirteen

But the other themes that are located in the \wp-content\themes\ directory will be the themes you downloaded for your WordPress site before it was compromised.

In my case I forgot the name of the theme I was using. From the list I see in the \wp-content\themes\ directory I can see that I was using the “rendition” theme.

CleanHackedWordPress_5My next step was to Google “rendition wordpress theme,” and I was able to locate the source of the theme.

 

Step 4b

Download and extract the clean theme files into the clean WordPress directory locally on your computer.

Once you have downloaded the zip copy of your theme locally on your computer, extract it to a location where you can simply copy and paste the clean theme into the \wp-content\themes\ directory within the clean copy of your WordPress file structure.

 

Step 5 Re-download your plugins

The plugins folder will be in the \wp-content\plugins directory.

If you don’t recall which plugins you had installed, you can always go into the hacked WordPress file structure to see which plugins were installed.

CleanHackedWordPress_6

Make a list of the plugins you need to download and download them manually from the WordPress plugins site.

Extract the clean plugins you just downloaded into an empty file on your computer.

Copy and paste them into the clean copy of the WordPress site’s \wp-content\plugins directory.

 

Step 6 Copy web.config & wp-config.php file

We have to copy and paste the old web.config and wp-config.php file into the clean copy of the WordPress site’s root directory.

The web.config file contains the URL Rewrite rules for your WordPress permalinks links to work correctly on the IIS server.

The wp-config.php file contains the settings needed to reestablish a MySQL database connection to the original MySQL database.

Go to the hacked WordPress site root directory where your wp-config.php file is located and open it in a text editor like Notepad. You want to check for malicious code that you don’t recognize. Basically, you just want to make sure your old wp-config.php file is clean. You can compare it against the sample wp-config.php file. If you’re not sure what it’s supposed to look like. You can always check the clean version by checking the Github sample page of the wp-config file.

CleanHackedWordPress_7

Once you have confirmed it’s clean, you’re going to want to change the password for your MySQL database.

Log into Control Panel and change the password for your MySQL database within the MySQL Manage section:

Click Manage next to the MySQL database.

Click Update Password.

Next you’re going to need to update the following line in your wp-config file with the new password.

Look for:

define(DB_PASSWORD, ‘OLD_password_here);

Replace it with:

define(DB_PASSWORD, New_Password_Here);

Save the wp-config.php file and place it into the root directory of your clean copy of WordPress.

Next you want to simply copy and paste your old web.config file from the compromised WordPress site to the root of the clean WordPress site. web.config is not a file targeted in the typical WordPress compromise, so it’s usually safe to use the old version. You may want to take a look at it in any case, just to make sure it hasn’t been altered.

CleanHackedWordPress_8

 

Step 7 – Delete your old WordPress files and upload the clean WordPress site

Connect to your site via FTP and delete everything from the root of the site.

CleanHackedWordPress_9

You want to make sure you have an empty root since you will be uploading a clean copy of your WordPress site.

Once your root directory is clean go ahead and upload the clean copy of the WordPress site located on your local computer to the root of the site.

Your site should work now. Visit the site to verify that you did everything correctly.

 

Step 8 – Restore your old image and upload files

The last step is restoring your image files from your old installation of WordPress to your clean WordPress site.

CleanHackedWordPress_10

First, browse your site to make sure you don’t have any missing images. If you do find that some images aren’t displaying correctly, you can use Google Chrome’s Developer tools to troubleshoot. By using the network tab you can see which images are missing and which directory they need to be uploaded to.

CleanHackedWordPress_11

Once you find the image that is missing in the copy of your hacked WordPress backup, you can upload each image one by one.

CleanHackedWordPress_12

In the image above we can see where our missing image file will need to go into our file directory structure. Simply locate the missing file from your compromised site backup and upload it via FTP to your clean site.

Done!

An important next step is to make sure you update any outdated plugins and themes from within your WordPress admin section. You should also update the password for your WordPress admin user.

Add Martin Ortega to your Google+ circles.
Visit DiscountASP.NET to learn more about our ASP.NET hosting services.

Managed TFS 2015 Now Available

Announcements, Team Foundation Server

Takeshi EtoA few weeks ago we launched Shared TFS 2015 Hosting and today we are announcing the launch of Managed TFS 2015 Hosting in both our U.S-based and U.K-based data centers.

With Managed TFS you get your own instance of Team Foundation Server on a private VM that is not shared with any other customer. Since you’re on your own private VM, we can offer server-side customization that is not possible with our Shared TFS hosting service. And on top of that, the solution is fully managed. You can concentrate on your software development and we’ll take care of all the TFS infrastructure, security updates and patching.

As with our previous Managed TFS 2013/2012/2010 service, with Managed TFS 2015 we offer both the TFS Basic and TFS Full configurations. TFS Basic includes source control and task management just like our Shared TFS – but the TFS Full option will add SharePoint and Reporting.

If you’re interested in a Managed TFS Hosting solution, please contact us for a quote.

If you’re not completely sure if Managed TFS is for you, you can first try out our Shared TFS hosting for 30 days free for up to 5 users. You can test it out before you commit to a Managed TFS solution.

Add Takeshi Eto to your Google+ circles.
Visit DiscountASP.NET to learn more about our ASP.NET hosting services.

Shared Team Foundation Server (TFS) 2015 Launched

Announcements, Team Foundation Server

Takeshi EtoShared Team Foundation Server (TFS) 2015 hosting is now available in both our U.S. and European data centers.

Visual Studio Team Foundation Server 2015 is Microsoft’s latest update to their application lifecycle management solution.

TFS 2015 brings a wide range of improvements. Some of the new enhancements in TFS 2015 include the ability to rename team projects, quick code editing through the web portal, ability to display bugs in the task board, backlog and Kanban board management improvements, customizable cards, better identity control and Git integration improvements.

We offer a 30 day FREE trial of our shared TFS 2015 hosting solution for up to 5 users, so you can take it for a spin today.

Add Takeshi Eto to your Google+ circles.
Visit DiscountASP.NET to learn more about our ASP.NET hosting services.

Publishing an ASP.NET 5 (vNext) Application

How-to, Technical

Ray HuangNote that some of the information presented here regarding .NET 5 is no longer valid, due to fundamental changes made on the way to .NET 5 becoming ASP.NET Core 1.0. You can read more about those changes in the article, “Revisiting ASP.NET Core 1.0.”

For those tech gurus who just love to work with the latest Microsoft programming technologies, here’s a simple tutorial on how you can publish an ASP.NET 5 (vNext) application to DiscountASP.NET.

Please note that ASP.NET 5 (vNext) is still in Beta, so the instructions given today may or may not be valid in the future. The Release Candidate will not be available until November with the final release being slated for some time in the first quarter of 2016. More information can be found at Microsoft’s Roadmap. You’ll also want to go to the Official Website to read up on the new features as the file structure is very different from traditional web forms and MVC programming.

Another key feature is that vNext has been designed for maximum portability, allowing you to deploy your code to a Mac or Linux operating system. This guide is meant for developers who want to try it out now and only covers the publishing aspect, using the sample ASP.NET 5 Preview Template as an example.

Publishing the application locally and then uploading it using FTP:

In order to create a vNext application, you’ll need to obtain a copy of Visual Studio 2015 Professional or higher. Install it and then launch the program.

1) Select File -> New -> Project…

FileNewProject

2) Under Visual C#, select Web and to the right, select ASP.NET Web Application. I’ll give this project a name vNextDemo.

NewProjectWindow

3) Now in the New ASP.NET Project window, select Web Application for the ASP.NET 5 Preview Template. You can also uncheck Host in the cloud under Microsoft Azure. Click the OK button to continue.

ASPNET5PreviewTemplate

4) Notice the new file structure in the Solution Explorer window. All the configuration files are now stored as JSON (JavaScript Object Notation) format. I won’t go into details regarding any programming aspects as this is not the purpose of this guide but wanted to point out a few things that you should be aware of. References are now added to your project using NuGet, and an ASP.NET vNext application publishes two folders, an approot folder containing all your assemblies, runtime libraries, and source code and a wwwroot folder which contains the static content of your website (e.g. html, images, css, etc.). This is important to know as it must be maintained in order for your application to work properly.

SolutionExplorer

5) Since the sample application is already complete, let’s start the publishing process. Select Build -> Publish from the menu bar.

BuildPublish

6) Click on File System.

FileSystem

7) Give the profile a name.

ProfileName

8) Find a path on your local machine to target the publishing. I created a vNextDemo folder under the Downloads folder. Click the Next> button.

TargetDirectory

9) On the Settings page, choose Release for Configuration. For the Target DNX Version, you should be able to choose any, but it should match the framework your application is written in. For more information about DNX and what it is, the official documentation can be found here.  If you plan to use the 64-bit versions, you will need to open up a support ticket to request that support for 32-bit applications to be disabled in order for it to work properly.  You can uncheck Publish using Powershell script. Click on Next>.

Settings

10) Click the Publish button to start.

Publish

11) After your project has been published, you should see the two folders approot and wwwroot.

PublishedFiles

12) Open up the web.config file in the wwwroot folder and add the following XML markup in the <configuration> section to enable Full trust:

<system.web>
    <trust level="Full" />
</system.web>

Upload these two folders to your hosting account. You can ignore the other files. Now, mark the wwwroot folder as a Web Application using the tool in the DiscountASP.NET Control Panel.

WebApplicationTool

13) That’s it. Your application now works but only from a sub-directory (i.e. http://www.mysite.com/wwwroot).

wwwrootDeployed

Publishing the application to the root of the site:

If you want it to work in the root, you just need to make a few modifications after publishing. First, modify the project.json file in /approot/src/projectname directory by changing the first line from “webroot”: “../../../wwwroot” to “webroot”: “../../../htdocs”.  Upload the contents of the wwwroot folder directly to the root of the hosting account along with the approot folder. Open a support ticket and request that we move the approot folder one level up (i.e. on the same level as the htdocs folder). And voila, your application is now working from the root.

nowwwrootDeployed

Publishing Directly Using FTP within Visual Studio:

You can also publish directly using FTP within Visual Studio by creating and using a publishing profile. Open up Notepad, copy and paste the following markup (contents) into Notepad:

<?xml version="1.0" encoding="utf-8"?>
<publishData>
  <publishProfile profileName="FTP" publishMethod="FTP" publishUrl="ftp://ftpaddress" userName="username" userPWD="password" destinationAppUrl="http://wwwaddress" />
</publishData>

replacing ftpaddress, username, password, and wwwaddress with the appropriate values. Save the file and name it ftp.publishhsettings without the .txt extension. Now at Step 6 above, instead of choosing File System, select Import instead and use the ftp.publishsettings file. The rest of the instructions that follow should apply when configuring the application.

Please note that Web Deploy publishing is not supported at this time and to run an ASP.NET 5 (vNext) application requires it to be deployed to an IIS 7.5 or higher server.

Add Ray Huang to your Google+ circles.
Visit DiscountASP.NET to learn more about our ASP.NET hosting services.

SQL Database Backup Added to Website Cloud Backup Solution

Announcements

Takeshi Etocloud backup solutionI’m excited to announce that our Website Cloud Backup service will now automatically back up your SQL databases off-site to the Amazon cloud. So Website Cloud Backup has you covered for your website, SQL and MySQL databases.  You are in full control of when backups are made and how many versions to keep.

Automated SQL backups is a feature that many customers have been asking for over the years and we are happy to be able to deliver this solution to you.

And that’s not all….

While we were working on enhancements, we added Blacklist Monitoring as well. With this feature, we will monitor Google to detect if they ever flag your site for being compromised. If we detect a Blacklist event, we’ll alert you and stop the backups of your site and databases so that you are not making backups of compromised files. This should help you recover your clean backups more easily.

The “peace of mind” Website Cloud Backup solution starts at $1.75/mo. You can order Cloud Backup in Control Panel.

Add Takeshi Eto to your Google+ circles.
Visit DiscountASP.NET to learn more about our ASP.NET hosting services.

July Updates

Announcements

Ray HuangHere’s a list of our Web Application Gallery updates for July:

  • Acquia Drupal 7.37.43
  • BlogEngine.NET 3.1
  • DotNetNuke 7.4.0 Community Edition
  • Joomla 3.4.1
  • mediaWiki 1.24.2
  • mojoPortal 2.4.0.9
  • MonoX 5.1.40.5150
  • nopCommerce 3.50
  • Orchard 1.9
  • phpBB 3.1.4
  • phpMyAdmin 4.4.7
  • SilverStripe CMS 3.1.12
  • Umbraco CMS 7.2.5
  • VevoCart 6.2.0 *NEW*
  • WordPress 4.2.2
Add Ray Huang to your Google+ circles.
Visit DiscountASP.NET to learn more about our ASP.NET hosting services.

How to use SendGrid for your newsletters or marketing emails

How-to, Technical

Ray HuangLately I’ve been evaluating some companies that offer email communication solutions and was introduced to SendGrid by a coworker.  I found it offers a lot of great features to help someone reduce the time to create marketing emails, customer communication emails, newsletters, etc.

SendGrid offers a free account that you can use to send 12,000 emails every month. You’ll need a SendGrid account for this tutorial, so if you don’t already have one, take a minute to set up an account now.

In many cases you can start using SendGrid very quickly simply by changing the SMTP connection string in your application to use SendGrid’s SMTP server. But in this post I will show you how easy it is to create emails from start to finish, highlighting a couple of the features SendGrid offers.

A Simple Contact Form

Here are instructions on how you can create a simple contact form and send the results to yourself using SendGrid’s API.

1) Startup Visual Studio (in this demo, I am using Visual Studio 2013 and C# for my example).

2) Select File -> New -> Project…

FileNewProject

3) Select the Web template and give your project a name.  In my example, I named it SendGridExample.  Hit the OK button to continue.

ProjectName-720

4) Select Empty template and hit OK.

WebForms-720

5) Add the SendGrid C# Library (or whatever programming language you prefer to use) using NuGet.  Under Tools, select Library Package Manager -> Manage NuGet Packages for Solution…

NuGet

6) Select the Online menu item on your left and in the upper right search text box, type in “sendgrid”.  Hit the Install button to install the library(ies) you need.

NuGetInstallSendGrid-720

7) Now let’s add a Web Form for the project.  Under Solution Explorer, right click on the project name and select Add -> Web Form.

AddWebForm

8) We’ll give the form a name like ContactUs.

ContactUs

9) Now go to Design View and using the Toolbox on your left, create a form using tables, text boxes, and text and add a submit button (e.g. Contact Us) as shown below.

DesignerView-720

10) Double click on the Contact Us button to bring up the code behind (ContactUs.aspx.cs) file and in the submit button Click Event, paste and modify the code below to your liking.  In this example, I am using SendGrid’s proprietary mail class, so you’ll need to add a using SendGrid statement to your list of includes at the top.  If you prefer and want to simplify your code a bit, you can just use .NET’s built-in libraries (i.e. System.Net and System.Net.Mail) to compose the email instead, and we provide sample code here.

Both cases require the .NET mail libraries.

var message = new SendGridMessage();
List<String> recipients = new List<String>
{
  @"Contact <[email protected]>",
  @"Marketing <[email protected]>",
  @"Test <[email protected]>"
};
message.AddTo(recipients);
message.From = new MailAddress("[email protected]", "Contact Us Form");
message.Subject = subjectTextBox.Text;
message.Html += "<strong>Name</strong>: " + nameTextBox.Text + "<br />";
message.Html += "<strong>Address</strong>: " + addressTextBox.Text + "<br />";
message.Html += "<strong>City</strong>: " + cityTextBox.Text + "<br />";
message.Html += "<strong>State/Province</strong>: " + stateTextBox.Text + "<br />";
message.Html += "<strong>Country</strong>: " + countryTextBox.Text + "<br />";
message.Html += "<strong>Zip Code</strong>: " + zipCodeTextBox.Text + "<br />";
message.Html += "<strong>Telephone</strong>: " + telephoneTextBox.Text + "<br />";
message.Html += "<strong>Email Address</strong>: " + emailAddressTextBox.Text + "<br /><br />";
message.Html += messageTextBox.Text;

var credentials = new NetworkCredential("apikey", "API_Key");

var transportWeb = new Web(credentials);

transportWeb.DeliverAsync(message);

Response.Redirect("ContactSuccess.html");

SendGrid recommends that you create and use an API key to authenticate and send email, but you can also use your SendGrid username and password. If you use the API key, use “apikey” for the SMTP username.

11) That’s it. Press F5 to build and test your code.

A Marketing Email or Newsletter

SendGrid offers a wide variety of features that allow you create, manage, and perform analysis on marketing emails or newsletters such as Click Tracking, Google Analytics, Open Tracking, and Subscription Tracking just to name a few.  I’ll demonstrate some of these features in the program below.

1)    In the same project, add a new web form and name it SendNewsLetter.  Open the code behind file and in the Page_Load Event Handler, paste and/or modify the following code to your liking.

var message = new SendGridMessage();
List<String> recipients = new List<String>
{
  @"Contact <[email protected]>",
  @"Marketing <[email protected]>",
  @"Test <[email protected]>"
};
message.AddTo(recipients);
message.From = new MailAddress("[email protected]", "Postmaster");
message.Subject = "November ACME Newsletter";
message.Html += "Here is your ACME Newsletter for the month of November.  We have a number of exciting deals this month<br /><br />";
message.Html += "ACME Toy Cars are now just $29.99 and will make a great gift for kids for the holidays.<br /><br />";
message.Html += "ACME Christmas Trees ornaments, only $59.99 for a box of 20.  Click <a href=\"http://www.troubleshootingcenter.com\">here</a> for more details.<br /><br />";

var username = "sendgridusername";
var password = "sendgridpassword";
var credentials = new NetworkCredential(username, password);

var transportWeb = new Web(credentials);

transportWeb.DeliverAsync(message);

Response.Redirect("ContactSuccess.html");

2)    Now go to your SendGrid Account, expand the Settings node on the menu to your left, and click on Tracking.  Enable Click Tracking, Open Tracking, and Subscription Tracking.  If you notice in the code above, I’ve added an HTML link to a webpage.  Click Tracking will track if the user clicks on that link which is embedded into your newsletter.  Open Tracking will track if a user opens an email, and Subscription Tracking will automatically add a unsubscribe link to your email so that it complies with the CAN-SPAM Act.  The beauty of these features is that no extra coding is needed to implement them.  SendGrid automatically does that for you with the flip of a switch.  Hit F5 to build and test the code.  Once you receive the email, try clicking on the HTML and Unsubscribe links and proceed to the next steps.

Tracking-720

3)    To check if someone has clicked on a link in your newsletter or unsubscribed, just go to the Dashboard or click on the Stats menu item.

Stats-720

4)    To check the status of an email such as Delivered, Opened, etc. click on the Activity menu item.

Activity-720

5)    That’s it for these features.  You can use these tools (and combine them with others offered) to help you gauge the effectiveness of your marketing campaign and customer engagement and make adjustments if need be to improve your program.  If you’re not a developer and find coding hard to understand, then you’re in luck.  SendGrid provides a Marketing Email wizard and WSIWYG interface with templates to help you draft very professional looking marketing emails.

MarketingDesigns-720

Other features you will want to explore include white labeling, alerts, spam checking, and webhooks.  Using SendGrid, you can fine tune your marketing campaigns to get a better ROI.

Add Ray Huang to your Google+ circles.
Visit DiscountASP.NET to learn more about our ASP.NET hosting services.

   RSS Feed

   Blog Archive

   Community Forum