Should I Be Worried About Cross-contamination of My WordPress Sites?

 

Regarding SiteGround AI security

Your Chat Transcript on 14/12/2019

Mitch Rezman: windycityparrot receiving following error intermittently Service Unavailable

The server is temporarily unable to service your request due to maintenance downtime or capacity problems. Please try again later. Additionally, a 503 Service Unavailable error was encountered while trying to use an ErrorDocument to handle the request. Apache/2.4.29 (Unix) mod_hive/6.27 OpenSSL/1.0.1e-fips mod_fastcgi/2.4.6 Server at www.windycityparrot.com Port 443

Mitch Rezman: This question is related to account: birdandparrot.info

Mitch Rezman: sure – spike in core usage over the past 30 minutes

Lachezar U.: it could be as the site is loading fine on my end now – url:https://prnt.sc/qalk2c

Mitch Rezman: yes – buts crashing every 5 – 10 minutes and then recovering – I’ve had the site for 17 years – something is wrong – there was no traffic spike but there was a spike in core usage over the past 30 minutes – what would cause that?

Lachezar U.: that is strange, I do not find obvious reason for the spike, so let me post a ticket to our advanced techs for further investigation

Mitch Rezman: that would be great – I am waiting for my developer to mitigate a bot attack by installing Recaptcha – this is a zencart store (trying to move it to woo – https://www.screencast.com/t/q3aBaOe9

Lachezar U.: the ticket is just posted now and will be updated with more details in 15-20 minutes

Ticket 3380418 for account birdandparrot.info
Posted: 13 Dec, 2019 18:47 CST Status: Resolved
Ticket Subject: Technical Issues

Stefan Stefanov
Support GuruPosts: 55389Posted On 13 Dec, 2019 19:01 CST
Hello Mitch,

I have checked and the issue is due to load on the server:

Code:
[Fri Dec 13 18:40:19.540403 2019] [:error] [pid 16548] Execute of /home/mitchr76/public_html/windycityparrot.com/index.php stopped because of load 35.01
[Fri Dec 13 18:40:19.640563 2019] [:error] [pid 15448] Execute of /home/mitchr76/public_html/windycityparrot.com/index.php stopped because of load 35.01
[Fri Dec 13 18:40:19.642702 2019] [:error] [pid 15448] Execute of /home/mitchr76/public_html/windycityparrot.com/index.php stopped because of load 35.01

I have reviewed the issue and noticed a high number of executions for the following files:

Code:
18479 http://windycityparrot.com/index.php /home/mitchr76/public_html/windycityparrot.com/index.php
6912 http://birdandparrot.info/wp-load.php /home/mitchr76/public_html/wp-load.php
4228 http://windycityparrot.com/min/index.php /home/mitchr76/public_html/windycityparrot.com/min/index.php
3940 http://birdandparrot.info/index.php /home/mitchr76/public_html/index.php

Please note that the number at the beginning of the number of hits for the said file.

I also checked the access logs for your domain and noticed high number of hits from the follwoing IP addresses:

Code:
8663 73.36.210.57
5994 73.74.48.105

You may block any IP addresses you do not trust using the IP Deny Manager tool in your cPanel. More information on the matter you may find on the following article from our knowledge base:

https://www.siteground.com/tutorials/cpanel/ip_deny_manager.htm

I noticed that the domain is being also crawled by bots:

Code:
17 different robots* Hits Bandwidth Last visit
Unknown robot (identified by ‘bot’ followed by a space or one of the following characters _+:,.;/\-) 97,551+2590 1.61 GB 13 Dec 2019 – 06:08
Googlebot 24,703+23 449.10 MB 13 Dec 2019 – 06:07
Unknown robot (identified by ‘robot’) 17,696+108 344.33 MB 13 Dec 2019 – 06:08
Unknown robot (identified by ‘bot’ preceded by a space or one of the following characters _+:,.;/\-) 14,518+8 304.91 MB 13 Dec 2019 – 06:08
Unknown robot (identified by ‘crawl’) 5,721+42 97.81 MB 13 Dec 2019 – 02:40
Unknown robot (identified by ‘spider’) 3,426+15 52.22 MB 13 Dec 2019 – 04:41
MSNBot 2,606+28 28.73 MB 13 Dec 2019 – 05:42

I would suggest you to check the following article from our knowledge base on how to improve the way bots crawl your site:

https://www.siteground.com/kb/how_to_use_the_robotstxt_file/

I would also suggest you to check the following thread on how to deal with bad bots:

http://www.askapache.com/htaccess/blocking-bad-bots-and-scrapers-with-htaccess.html

I would also suggest you to check the following article from our knowledge base on how to reduce the executions for your account:

https://www.siteground.com/tutorials/websiteperformance/reduce-executions.htm

You may alternatively contact a third party developer to assist you in optimizing the application. I cannot personally recommend one, but I am sure you will be able to find one easily at the popular freelancer sites.

You may count on us for any changes on our end as per the developer’s suggestions.

You may alternatively add additional resources for your server via Add Services > Upgrade section in your User Area.

If you have further questions do not hesitate to contact us

Best Regards,

Stefan Stefanov
Senior Technical Support

You
Posted On 13 Dec, 2019 21:47 CST
the site is down again now a 403 not a 502 error

https://www.loom.com/share/2110ee6366a448a5838339a958fe77c2

Stefan Stefanov
Support GuruPosts: 55389Posted On 13 Dec, 2019 22:15 CST
Mitch,

I have followed the instructions on the provided video and was able to edit the page “What would it be like to have a large parrot?” without any issues as you may see on the following screenshot:

https://snipboard.io/HUYIDA.jpg

Please clear your browser’s cache and verify on your end.

If I am missing something – please provide us with detailed instructions (step by step) on how to recreate the issue on our end, so we can review it and provide you with further information.

For your convenience I am leaving this ticket open.

Best Regards,

Stefan Stefanov
Senior Technical Support

You
Posted On 13 Dec, 2019 22:37 CST
All browser cache has been cleared

I can not access any site on the server. WindyCityParrot.com is 2 sites a zen cart and a WordPress site – birdandparrot.info is a WordPress site – there are 3 databases on the server – I can access none

I have 2 highspeed internet accounts with Comcast on this building – 2 unique IPs – I just went thru 4 PCs and a tablet on 2 IPs and get the same error

here’s what it looks like https://www.loom.com/share/31abd4574ef6467684eb0432a5ea57ae

You
Posted On 13 Dec, 2019 22:38 CST
please navigate to here and tell me what you see – https://www.windycityparrot.com/

Stefan Stefanov
Support GuruPosts: 55389Posted On 13 Dec, 2019 23:07 CST
Mitch,

I have checked and it seems you have blocked your IP address 73.36.210.57 as there was the following rule in the .htaccess at /home/mitchr76/public_html:
Code:

deny from 73.36.210.57

I have removed the said rule and you should not experience 403 Forbidden error on your website.

Please clear your browser’s cache and verify on your end.

If you have further questions do not hesitate to contact us.

Best Regards,

Stefan Stefanov
Senior Technical Support

Posted: 12 Jan, 2020 20:54 CSTStatus: Answered
Ticket Subject: Technical Issues

You
Posted On 12 Jan, 2020 20:54 CST
On behalf of client: Please help me fix this error

PHP.Generic.BadPattern.5

This code pattern is often used to run a very dangerous shell programs on your server.

The code in these files needs to be reviewed, and possibly cleaned.

2020-01-12_2037

Also I have that issue
https://www.screencast.com/t/vVEVqDC2pY

had 3 days of bots from Hong Kong blocked about 2 million Honk Kong IPs – literally

Petar Krastanov
Support GuruPosts: 28942Posted On 12 Jan, 2020 21:17 CST
Hello Mitch,

Thank you for contacting our Help Desk.

I scanned your account for potentially malicious files and the following files were detected:
Code:
[HEX]reversed_base64_decode [11/07/19] /home/mitchr76/public_html/wp-content/cache/object/028/8c8/0288c8310bc1ad477e12c03ab1b7a5ff.php
[HEX]reversed_base64_decode [11/07/19] /home/mitchr76/public_html/wp-content/cache/object/70d/41c/70d41c58ba6fce14e17487e950251fef.php

Since these are cache files I have now removed them. Aside from them, no other suspicious or malicious files were found.

As for the warnings in your User Area, it seems as though your site has been blacklisted by McAfee. In order to remove the site from their blacklist you should review the following article:
https://sucuri.net/guides/how-to-remove-mcafee-siteadvisor-blacklist-warning/

Let us know if there is anything else we can help you with on our end.

Best Regards,

Petar Krastanov
Technical Support Team

You
Posted On 13 Dec, 2019 23:09 CST
its fixed the 2 high traffic IP’s that I blocked thinking they might be bots were me & my wife now – unblocked – thank you for your time

Stefan Stefanov
Support GuruPosts: 55389Posted On 13 Dec, 2019 23:12 CST
Mitch,

Thank you for the update.

I am glad the issue has been resolved.

I will now close this ticket as no actions are required on our end.

If you have further questions do not hesitate to contact us.

Best Regards,

Stefan Stefanov
Senior Technical Support

Your Chat Transcript on 14/01/2020
Mitch Rezman: windycityparrot and birdandparrot are on the same cloud server I need to separate them for security reasons (cross-contamination) I can configure private hosting on the server but I would have had to shut down windycityparrot for a day which would cost too much revenue. as birdandparrot.info is under development with little to no traffic can I put it on a fresh “startUp” hosting account until we push live?

There are 159,000 files on the site last time I looked

Mitch Rezman: This question is related to account: birdandparrot.info

Alexander I.: Thank you for the details above. Do you wish to purchase a new hosting account and move one of your websites to it ?

Mitch Rezman: I’m thinking about it

Alexander I.: The start up plan covers 10 GB of space so if your website is within this size that can be easily set up

Mitch Rezman: where would i see my “space”?

Alexander I.: You can check your space in your cPanel on the left side menu and also when you go to the disk space usage tool you can see how much space each folder takes

Mitch Rezman: it says 130 gb for the 2 sites so I’ll need at least 70gb for the one

Alexander I.: Our shared plans do not have this much space , only our cloud plans cover from 40 GB to more which can be added if needed

Mitch Rezman: ok I’ll look at the cloud plan – If I pay SG to migrate will they move the woocommerce too?

Alexander I.: Yes a new hosting plan comes with a free website transfer so our technical experts will be able to do this for you and set everything up

Mitch Rezman: any idea on time lines?

Alexander I.: It depends on the website itself but usually when moving from the same host as in this case it can take from a few hours to 24 hours at most so everything can be set up on the new hosting plan and servers

Mitch Rezman: great – I’ll start now thank you

Your Chat Transcript on 15/01/2020

Mitch Rezman: Am I able to have 2 cpanels for the same account/server?

Hristian S.: I understand you’re looking to set up a second account for your cPanel?

Mitch Rezman: if possible windycityparrot is a hybrid zen cart for ecomm and WP for blogging here’s what we are trying to do – I can not put wordpress on another server because of the customization –

Hristian S.: Alright, then let’s make this quick, I see you are on our Cloud hosting plan, a separate cPanel can be setup for certain domain, this will provide the user with access to the tools in cPanel for that domain only

Mitch Rezman: ok so 1 domain – 1 cpanel correct

Mitch Rezman: ?

Hristian S.: Exactly, we can set this up right away

Mitch Rezman: no it will not work because of the customization – the blog can not be on a separate server – here’s the site – please click on “blog” at the top you will have moved from zen cart to Word press – that cannot be done on 2 servers

Mitch Rezman: https://www.windycityparrot.com/

Hristian S.: Alright, should we look to setup more domains for the new cPanel in user in that case?

Hristian S.: Multiple domains can be included through the WHM and your devs will have access to the needed tools

Mitch Rezman: hmmm – let me see what my dev says – we are trying to prevent cross-contamination until we migrate to woo

Hristian S.: I understand, take your time in that case, consult with the dev

Mitch Rezman: So this is achievable? – Second windycityparrot.com/blog should have its own cPanel account, to avoid cross-site contamination. This way, https://www.windycityparrot.com/blog/ will become https://blog.windycityparrot.com

Mitch Rezman: on the same server as windycityparrot.com

Hristian S.: I’ll need a moment to check on what’s the setup currently, be right back

Mitch Rezman: FYI there are 2 databases I’ll need to know how to back up and restore both

Hristian S.: Alright, I see the domain is pointed to the cloud account so we can setup a separate cPanel user for that one, where’s the second website hosted at?

Mitch Rezman: I’m not being clear https://www.windycityparrot.com/ <-zencart on birdandparrot.info account https://www.windycityparrot.com/blog <-WordPress on birdandparrot.info account

Hristian S.: We can set it up this way, a second cPanel will be setup for https://www.windycityparrot.com, so the devs can copy the website over to a subdomain – https://blog.windycityparrot.com , would this work?

Mitch Rezman: OK – let me run this by my dev – thank you for all your help
System: Mitch Rezman has ended the chat

 

Editors note: I was also getting a message from the SG Site (security) Scanner – BirdandParrot.info had been blacklisted by McAfee, most likely from the recent Hong Kongbot attack on WindyCityParrot.com which defined cross-contamination for me. Endnote

 

From Adrian from Magefix <[email protected]>

 

1:32 PM (1 hour ago) to me Mitch,

I’m sure there are several alternatives to make your site more secure ( windycityparrot.com ).

1. First I would perform a full backup, to make sure we have all PHP and JS files intact – including database.

In case something bad would happen, we’ll have a safe backup to restore from.

2. Second windycityparrot.com/blog should have its own cPanel account, to avoid cross-site contamination. This way, https://www.windycityparrot.com/blog/ will become https://blog.windycityparrot.com

3. Lastly, I would implement a country block, in order to allow only relevant traffic to your shop ( either a local one or a Cloudflare based one ), If I manage to make Cloudflare work, then I would implement several custom security rules which should dramatically lower the attack rate.

Let me know what you think.

Mon, Jan 13, 5:42 AM (5 days ago)

 

I can sort your current McAfee blacklist issue.

Site also needs an update, security check and a firewall installed.

If you’re interested in better security, I recommend you this plan:

https://members.magefix.com/product/platinum/

 

Service will include:

  • malware cleanup
  • blacklist removal
  • ongoing protection and monitoring.

 

I’m also able to perform a free thorough file check – if needed.

If you require further information, contact me anytime.

 

Best regards,

 

Adrian

 

Hi Mitch,

 

Thank for your recent order.

 

Please provide cPanel login information for birdandparrot[.]info

Login URL: https://c5xxxxxxxx.net:2083/

 

You can fill out this secure form:

https://members.magefix.com/success/

 

Regards,

Adrian

 

Adrian from Magefix

Jan 13, 2020, 1:09 PM (5 days ago)

to me

 

Hi Mitch,

 

Let me know if it’s ok to temporarily disable windycityparrot.com (

aprox. 24 hours ). I’ll install a temporary HTML page for it:

https://www.magefix.com/temp/

 

This website should have its own private hosting space ( cPanel ) in

order to avoid cross-site contamination.

More about cross-site contamination:

https://blog.sucuri.net/2020/01/what-is-cross-site-contamination.html

 

We can configure a private hosting account for this website and I won’t

charge you extra.

This way birdandparrot[.]info and windycityparrot.com will be separated.

 

Let me know.

Mitch Rezman <[email protected]>

Jan 14, 2020, 2:14 PM (4 days ago)

to Adrian

 

No – windycityparrot is live and yes probably contaminated birdandparrot.info

that will cost me $1000 for the day

let me see about putting birdandparrot on a separate server and then we’ll talk about windycityparrot

I’ll get back to you asap

 

Adrian from Magefix

Jan 14, 2020, 2:32 PM (4 days ago)

to me

 

Mitch,

 

Let me know if it’s ok to move birdandparrot.info to a separate cPanel – I’ll create a new one myself since you have VPS with WHM access.

This way windycityparrot.com will remain in the same location.

Currently cross-site contamination risk is high, it’s very important to separate these two sites.

 

Regards,

Adrian

 

Adrian from Magefix

Jan 14, 2020, 2:42 PM (4 days ago)

to me

 

PS: Also https://www.windycityparrot.com/blog/ should be moved to :  https://blog.windycityparrot.com/ ( on a separate cPanel ).

 

Currently, there are three major scrips within the same cPanel, which is very insecure:

 

  1. birdandparrot.info /home/mitchr76/public_html/
  2. windycityparrot shop /home/mitchr76/public_html/windycityparrot.com/
  3. windycityparrot blog /home/mitchr76/public_html/windycityparrot.com/wordpress/

 

For the best security, each should have its own cPanel.

 

Keep me posted.

 

Regards,

Adrian

 

Mitch Rezman <[email protected]>

Jan 14, 2020, 2:54 PM (4 days ago)

to Adrian

 

I will move birdandparrot.info to its own server now

FYI birdandparrot.info will soon become windycityparrot.com/ which I want to circle back to once we resolve birdandparrot.info

  windycityparrot.com/ is a highly customized site with zencart for eCommerce and WordPress as the blog which is why there 3 scripts for 2 sites

I’ll have new credentials for you by this time tomorrow

 

Adrian from Magefix

Jan 14, 2020, 3:01 PM (4 days ago)

Mitch,

 

Even the two scripts inside the same cPanel is not recommended ( Zen

Cart and WordPress ).

 

Blog for windycityparrot.com should be moved to its own cPanel, to avoid

a cross-site contamination.

 

WordPress, as you may know, it’s prone to malware infections and might

affect your shop too.

 

You can use blog.windycityparrot.com subdomain and redirect old /blog

links using 301 redirects – SEO will not be hurt.

 

This switch will not be charged extra and will improve your overall

security.

 

Keep me posted.

 

Regards,

Adrian

 

On 1/14/2020 10:54 PM, Mitch Rezman wrote:

> windycityparrot.com is a highly customized site with zencart for

> eCommerce and WordPress as the blog which is why there 3 scripts for 2

> sites

 

Mitch,

 

If you provide credentials from the new server, I’ll perform the

migration myself – this will save you some time.

Also, I have already a clean version ready to upload for

birdandparrot[.]info.

 

Keep me posted.

 

Regards,

Adrian

 

On 1/14/2020 10:54 PM, Mitch Rezman wrote:

> I will move birdandparrot.infoto its own server now

 

Mitch Rezman <[email protected]>

Jan 14, 2020, 4:13 PM (4 days ago)

to Adrian

 

let me see if I can cancel the SiteGround transfer – sit tight

 

Mitch,

 

If you provide credentials from the new server, I’ll perform the

migration myself – this will save you some time.

 

Also, I have already a clean version ready to upload for

birdandparrot[.]info.

 

Keep me posted.

 

Regards,

Adrian

 

On 1/14/2020 10:54 PM, Mitch Rezman wrote:

 

Please move the site when you can

 

New account name – mitchr1.sg-host.com

Same login details to Siteground as before

 

WHM/cPanel Username: mitchr18

WHM/cPanel Password: set it through your Customer Area

 

I appreciate the input and I get it

 

I am in the process of moving/merging windycityparrot (both sites) into birdandparrot.info

 

I am in the final stages of SEO

 

I don’t want to add 1200 redirects 30 – 45 days prior to the planned move which would be an additional layer of redirects – 

 

Our blog gets 80% of our traffic

 

thus I want to put windycityparrot.com to sleep asap

 

The new cloud server is set up 

 

Once we stabilize that site we’ll talk about what you might be able to to to mitigate any attacks for windycityparrot.com on a temporary basis

 

I appreciate your professionalism and concern

 

Best – MitchR

 

Adrian from Magefix

Jan 14, 2020, 4:32 PM (4 days ago)

 

Mitch,

 

Thanks, I’ll let you know when the transfer is complete.

 

For your next projects I will recommend also Knownhost which is specialized in managed VPS hosting.

They have a solid reputation.

 

You can research more here: https://www.webhostingtalk.com/showthread.php?t=1373022

 

Regards,

Adrian

 

Mitch Rezman <[email protected]>

Jan 14, 2020, 4:53 PM (4 days ago)

to Adrian

 

You might say I have opinions about Hosts:-)

 

I’ve been on 14 hosts (I think) in 18 years with windycityparrot and other sites

 

Here’s just some 

https://superezsystems.com/2018/05/29/why-you-dont-know-jack-about-wordpress-migrations/  

 

I’ve been on siteground for about 2 years

 

Siteground support has an accuracy rate of 60% – 70% – higher than any host I’ve seen

 

  Next time you log in, take a look at geekwindycityparrot.com  

 

Currently, these are my hobby sites but I’m about to turn 68 and decided to launch a freelancing practice.

 

https://www.fiverr.com/mitchrezman?

 

https://www.upwork.com/freelancers/~0173634360d7d52f54 

 

I’m not opposed to a new host – just not until I get windycityparrot.com fully moved to woo

 

I’ve also just onboarded with https://northwestindiana.score.org/

 

I’m about to take over their marketing team – stay tuned

 

Adrian from Magefix

Tue, Jan 14, 4:55 PM (4 days ago)

Mitch,

 

Please change the nameservers for birdandparrot.info as follows:

 

from:

ns1.c54875.sgvps.net

ns2.c54875.sgvps.net

 

to:

carlos.ns.cloudflare.com

sloan.ns.cloudflare.com

 

This way I’ll be able to implement a firewall ( WAF ). Also I’ll apply

custom security rules designed specifically for birdandparrot site.

 

Mail will work as before with no interruptions.

 

Regards,

 

Adrian Stoian

Founder & Malware Specialist | Magefix.com

Transylvania, Romania

Tel: +40-740-141-609

 

 

Mitch Rezman <[email protected]>

Tue, Jan 14, 5:51 PM (4 days ago)

to Adrian

 

waiting for propagation

 

here’s what the home page looks like

 

after the move please let me know if it looks corrupted 

 

The site is built with https://elementor.com/ which does not play well with Cloudflare

 

some rules may have to be added

 

 

Transylvania, Romania

Tel: +40-740-141-609

 

Adrian from Magefix

Wed, Jan 15, 8:34 AM (3 days ago)

to me

 

Hi Mitch,

 

Malware cleanup is now complete for birdandparrot[.]info.

 

I also reached McAfee today, there’s an opened ticket #VKN-954-71242.

Domain should be removed from the blacklist in aprox. 24 hours from now

or less.

 

Best regards,

Adrian Stoian

Founder & Malware Specialist | Magefix.com

Transylvania, Romania

Tel: +40-740-141-609

 

Mitch Rezman <[email protected]>

Wed, Jan 15, 8:55 AM (3 days ago)

to Catherine, Adrian

 

Thank you Adrian

 

On Wed, Jan 15, 2020 at 8:34 AM Adrian from Magefix <[email protected]> wrote:

Hi Mitch,

 

Malware cleanup is now complete for birdandparrot[.]info.

I also reached McAfee today, there’s an opened ticket #VKN-954-71242.

Domain should be removed from the blacklist in aprox. 24 hours from now

or less.

 

Adrian Stoian

Founder & Malware Specialist | Magefix.com

Transylvania, Romania

Tel: +40-740-141-609

 

 

Adrian Stoian

Founder & Malware Specialist | Magefix.com

Transylvania, Romania

Tel: +40-740-141-609

 

Mitch Rezman <[email protected]>

Wed, Jan 15, 8:55 AM (3 days ago)

to Catherine, Adrian

 

Thank you Adrian

 

Mitch Rezman <[email protected]>

Wed, Jan 15, 12:32 PM (3 days ago)

to Catherine

 

new creds for new site

 

———- Forwarded message ———

From: Mitch Rezman <[email protected]>

Date: Wed, Jan 15, 2020 at 8:55 AM

Subject: Re: malware cleanup: birdandparrot[.]info

To: Adrian from Magefix <[email protected]>

Cc: Catherine Tobsing <[email protected]>

 

Thank you Adrian

 

Mitch,

 

Please provide the latest version for: WooCommerce Email Customizer

to get it, check https://woocommerce.com/my-account/downloads/

 

Also try to reduce the number of plugins. The less – the better.

Many plugins can generate conficts, security vulnerabilities and faults.

 

Here’s an article you might find interesting:

https://torquemag.io/2018/02/wordpress-plugins-many-many/

 

As you have noticed, several plugins are now disabled.

 

Examples:

 

  1. https://wordpress.org/plugins/all-meta-stats-yoast-seo-addon/

This plugin has been closed as of September 19, 2019 and is not

available for download. Reason: Licensing/Trademark Violation.

  1. https://wordpress.org/plugins/keyword-stats-addon-for-yoast-seo/

This plugin has been closed as of September 19, 2019 and is not

available for download. Reason: Licensing/Trademark Violation.

  1. https://wordpress.org/plugins/meta-description-stats-addon-for-yoast-seo/

This plugin has been closed as of September 19, 2019 and is not

available for download. Reason: Licensing/Trademark Violation.

  1. https://wordpress.org/plugins/express-checkout/

https://www.premiumdev.com/product/paypal-express-checkout-for-woocommerce

This plugin has been closed as of June 22, 2019 and is not available for

download. Reason: Security Issue.

 

  1. PayPal Express Checkout for WooCommerce

https://www.premiumdev.com/product/paypal-express-checkout-for-woocommerce

This plugin has been closed as of June 22, 2019 and is not available for

download. Reason: Security Issue.

 

That’s all for now.

 

Best regards,

 

Adrian Stoian

Founder & Malware Specialist | Magefix.com

Transylvania, Romania

Tel: +40-740-141-609

 

Mitch Rezman <[email protected]>

Wed, Jan 15, 12:30 PM (3 days ago)

to Adrian

 

Thank you for that Adrian.

 

I’ve been told that by developers for 18 years 🙂

 

If you revisit you’ll see I had 4 PayPal plugins with one active

I needed to see which worked best – that has now been tested so the other 3 will get deleted

I also use what I call “scaffolding” plugins ie import/export or data migration that will longer be needed after we change the domain

I hit a 2.3-second page load speed on GTMetrix last fall with 98 live plugins after spending 3 days activating and deactivating until I got everyone to play nice

a final plugin review will happen after I’m done with SEO but I will remove all the ones you have recommended above today

 

I don’t share this with a lot of people but after 18 years and millions of web visitors there are certain functionalities I need for better conversions

 

I have to update the sheet but you’ll get the idea https://docs.google.com/spreadsheets/d/1SnmQ5mI-CUiwRV1THjFlGfvivYepmxpQfo8sYAZTe20/edit?usp=sharing

 

2 followup questions

 

1) How do I access Cloudflare?

 

2) windycityparrot is a ticking time bomb – the ecom side is zencart

 

zencart is on PHP 5.XX

 

To upgrade to 7.XX I would need to upgrade 60 plugins – at a cost of about $1000

 

I’m about to abandon the site so I’m not going to invest that kind of money

 

Last Wed we had a bot attack from Hong Kong

 

I blocked 2,000,000 IP’s  (took 5 hours) because you can’t block countries on Zencart or siteground

 

I have WordFence (paid) for the WordPress side of the site with a handfull of blocked countries

 

I would invest $144 for the short term if you think you can help protect that site

 

It’s a fragile customization and I’ve tried Cloudflare and Stackpath – both shut the site down in spite of a lot of support intervention from both

 

Please let me know if you can work your magic

 

Best – MitchR

 

And thank you for the follow-up – it is rare today

 

Attachments area

 

Adrian from Magefix

Wed, Jan 15, 12:34 PM (3 days ago)

to me

 

Mitch,

 

https://dash.cloudflare.com/login

email:

password: 

 

Regards,

Adrian

 

Adrian from Magefix

Wed, Jan 15, 1:32 PM (3 days ago)

to me

 

Mitch,

 

I’m sure there are several alternatives to make your site more secure (windycityparrot.com).

 

  1. First I would perform a full backup, to make sure we have all PHP

and JS files intact – including database.

In case something bad would happen, we’ll have a safe backup to restore

from.

 

  1. Second windycityparrot.com/blog should have its own cPanel account,

to avoid cross-site contamination.

This way, https://www.windycityparrot.com/blog/ will become

https://blog.windycityparrot.com

 

  1. Lastly, I would implement a country block, in order to allow only

relevant traffic to your shop ( either a local one or a Cloudflare based

one ),

If I manage to make Cloudflare work, then I would implement several

custom security rules which should dramatically lower the attack rate.

 

Let me know what you think.

 

Adrian from Magefix

Wed, Jan 15, 1:55 PM (3 days ago)

to me

 

Mitch,

 

You are right – if the results and performance are great, then you’re

doing really good.

 

Just be aware that there are security risks that may arise.

And there are many plugins out there with nice names but with really

poor coding.

 

In your particular case there were two plugins with security risks:

express checkout and paypal express checkout for woocommerce.

 

Keep up the good work!

 

Best regards,

Adrian

 

PS: If the “scaffolding” plugins are no longer needed, it will be safe

to deactivate them after use.

 

malware cleanup: birdandparrot[.]info

Inbox

 

Adrian from Magefix

Wed, Jan 15, 8:34 AM (3 days ago)

to me

 

 

 

 

Adrian Stoian

Founder & Malware Specialist | Magefix.com

Transylvania, Romania

Tel: +40-740-141-609

 

Mitch Rezman <[email protected]>

Wed, Jan 15, 8:55 AM (3 days ago)

to Catherine, Adrian

 

Mitch Rezman <[email protected]>

Wed, Jan 15, 4:37 PM (3 days ago)

to Adrian

 

This was the (end) result of a 40 min chat with SiteGround

 

Hristian S.: We can set it up this way, a second cPanel will be setup for https://www.windycityparrot.com, so the devs can copy the website over to a subdomain – https://blog.windycityparrot.com , would this work?

Mitch Rezman: OK – let me run this by my dev – thank you for all your help

 

I’m now going to reach out to Chu @  https://zucando.com/ who did the customization to see if there is an issue with breaking the customization when adding the 2nd cpanel – he’s in Vietnam so it will be a few hours

 

Then I have to reach back out to SiteGround to check on how to backup and restore both databases, again without things falling apart.

 

don’t mean to be so problematic

 

On the bright side, I mentioned I’m a volunteer with  https://www.score.org/ – I just became their digital marketing guy – turns out non profits get a free $10,000 per month AdWords credit

 

This is gonna be fun

 

I’ll circle back when I get the rest of the info

 

Adrian from Magefix

Thu, Jan 16, 1:38 AM (2 days ago)

 

Mitch,

 

I know that windycityparrot.com is very important for you, so I would leave it as it is, inside the current cPanel.

The only thing I would move, for the sake of better security, would be windycityparrot.com/blog – which is WordPress based. Shouldn’t be a problem to move it.

 

Actually, you will be able to test it after the migration and both blog sections will work simultaneously:

windycityparrot.com/blog and blog.windycityparrot.com

 

After running some tests, we will redirect /blog and all subpages to blog. subdomain, to avoid any 404s.

 

That would be it for now.

 

Keep in touch.

 

Regards,

Adrian

 

Mitch Rezman <[email protected]>

Fri, Jan 17, 2:39 PM (1 day ago)

to Adrian

 

I’m still turning this over have not heard from Chu

 

If the customization of the 2 merged sites breaks I have no one to fix it as Chu is now working full time for a US corporation

 

I am working very hard to finish birdandparrot.info – when I am done the domain birdandparrot.info will become windycityparrot.com and all the redirects will have to be undone because I can matchup permalinks 

 

I’m still struggling with a redirect strategy for 4000 product pages – I’m hand mapping category pages because we are reducing many for a better UX

 

We’re going to step out and party all day and night Saturday

 

I’ll have clarity on Sunday

 

Thank you for your persistence it is most welcome

 

Adrian from Magefix

3:35 AM (17 hours ago)

to me

 

Mitch,

 

If you will switch windycityparrot.com to WordPress anytime soon, then

you can stick with the current configuration.

 

Otherwise, make sure WordPress is getting regular updates for:

https://www.windycityparrot.com/wordpress/wp-login.php

 

We can still find ways of reducing the risks of getting a contamination

for windycityparrot.com.

 

First thing: apply a country-based filter. If you don’t get orders from

countries like: China, Russia, Ukraine, France, Netherlands, Germany – I

would apply a filter for these.

Attack rate will be reduced dramatically.

 

Second, I would make a safe backup, just to have something to compare

with, in case something bad happens ( database, JS and PHP files ).

 

And third: I would apply a set of custom security rules, to prevent any

attacks.

 

Enjoy the weekend!

 

Keep in touch.

 

Ticket 3421059 for account birdandparrot.info
Posted: 18 Jan, 2020 14:03 CSTStatus: Answered
Ticket Subject: Other Technical Issue

You
Posted On 18 Jan, 2020 14:03 CST
birdandparrot.info hosts windycityparrot.com

windycityparrot.com is a customized hybrid consisting of 2 databases – a zencart database and a wordpress database

I know I can backup and restore in cpanel but I don’t think the regular backup restore function will work for dual databases

we need to do this dual back up so we can add a separate cpanel for wordpress for better security making this problem go away – thank you

Aleksandar Dimitrov
Support GuruPosts: 40324Posted On 18 Jan, 2020 14:23 CST
Hello Mitch,

If I understand you correctly windycityparrot.com consists of 2 separate applications a zencart and a WordPress website which you would like to move to a separate cPanel account. In this case you should just create two separate backups of the zen cart and the WordPress websites then migrate the websites to a new cPanel account which you can create via:

WHM > Create Account

Please note that if you would like to create cPanel account for windycityparrot.com you need to first remove it from the cPanel of birdandparrot.info. You can create backup of the files and folders of the website via SSH of you can download them locally via FTP. The databases can be exported via SSH or via:

cPanel > phpMyAdmin

If you would like us to transfer the websites into new cPanel account for you, this can be ordered as a service via:

User Area > Support > Request assistance from our team > Advanced Technical Services > Transfer Website

If you need additional information, feel free to contact us again.

Best regards,

Aleksandar Dimitrov
Senior Technical Support

 

Mitch Rezman <[email protected]>

12:59 PM (8 hours ago)

to Adrian

 

re:  Otherwise, make sure WordPress is getting regular updates for:

https://www.windycityparrot.com/wordpress/wp-login.php

 

Yes I check daily – haven’t found an automated system I like

 

re: First thing: apply a country-based filter. If you don’t get orders from

countries like: China, Russia, Ukraine, France, Netherlands, Germany – I

would apply a filter for these.

Attack rate will be reduced dramatically.

 

Neither Zencart nor SiteGround have country based filters – WordPress has many countries blocked with wordfence (pro)

windycityparrot has all HongKong IPs blocked on site ground 

re: Second, I would make a safe backup, just to have something to compare

with, in case something bad happens ( database, JS and PHP files ).

 

Siteground backs up everything on the server daily with easy rollback by the day so birdandparrot is easy

 

windycityparrot is 2 databases so I’ll confirm with SG on backup restore protocol – and respond back to you once I hear

 

I’ll reach out to Chu again

 

Thank you for all your help

 

Mitch Rezman <[email protected]>

1:41 PM (7 hours ago)

to Zucando

 

Greetings Chu

 

Help all is well

 

I needed to reach out and ask if the following will break your zencart/Wordpress customization for windycityparrot.com

 

I have a developer who will do this – just seeking your feedback

 

Best MitchR

 

PS: Also https://www.windycityparrot.com/blog/ should be moved to :  https://blog.windycityparrot.com/ ( on a separate cPanel – same server).

 

Currently there are two major scripts within the same cPanel, which is very unsecure:

 

  1. windycityparrot shop /home/mitchr76/public_html/windycityparrot.com/
  2. windycityparrot blog /home/mitchr76/public_html/windycityparrot.com/wordpress/

 

For the best security, each should have its own cPanel.

 

Keep me posted.

 

Regards,

Adrian  

 

Mitch Rezman   CMO/SEO, Windy City Parrot where the sun never sets empire

 

 

Zucando Support

6:40 PM (2 hours ago)

to Mitch

 

Dear Mitch,

 

I’m here and I will try to help if you need anything.

Best Regards,

 

Chu

 

 

I just need to know if we move forward with 1 cpanel for zencart and 1 cpanel for wordpress – would that “break” the integration?

 

thanx 

 

Chu replied

I think it is normal. You can:

 

  1. Create a new wordpress with the current database on a new cpanel.
  2. Cancel the integration.

 

And yes, you will must use a new theme for wordpress or create a new theme with the current design.

 

Best regards,

 

Chu

 

Mitch Rezman <[email protected]>

8:43 PM (31 minutes ago)

to Zucando

 

can I do this without canceling the integration?

 

Mitch Rezman   CMO/SEO, Windy City Parrot where the sun never sets empire

  

 

Zucando Support

8:55 PM (19 minutes ago)

to Mitch

 

Yes sure.

 

On Jan 19, 2020, at 7:58 AM, Mitch Rezman <[email protected]> wrote:

 

Terrific – thank you!

 

Your zygodactyl footnote

Adrian is now under contract to put windycityparrot.com on 2 cPanels

 

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.