SitePoint Sponsor

User Tag List

Page 1 of 2 12 LastLast
Results 1 to 25 of 32

Thread: back end?

  1. #1
    SitePoint Evangelist hantaah's Avatar
    Join Date
    Jul 2011
    Location
    Birmingham, Uk
    Posts
    549
    Mentioned
    3 Post(s)
    Tagged
    0 Thread(s)

    back end?

    what does it mean when your back end is open and how is that fixed?

  2. #2
    Just Blow It bronze trophy
    DaveMaxwell's Avatar
    Join Date
    Nov 1999
    Location
    Mechanicsburg, PA
    Posts
    7,204
    Mentioned
    106 Post(s)
    Tagged
    1 Thread(s)
    It means you've got a security issue on the server side of your site. It could mean any of a number of things:

    1. Your ftp connection isn't secure
    2. Your hosts control panels security measures don't measure up
    3. Your database security is lax/missing/easily circumvented.
    4. If you're using a COTS product, there might be common problems which haven't been patched on your site.
    5. Your server side coding is lax in preventing sql injections.


    Is this a real situation, or are you looking for general ideas? If general, look at the different forums here (this one, database, whatever language your site is using)) and look there for topics which might meet your needs (the database forum has one dealing specifically with #5 above).

    If it's a situation, you might need to provide more details so someone can point you in the direction of where to look to fix your issues.
    Dave Maxwell - Manage Your Site Team Leader
    My favorite YouTube Video! | Star Wars, Dr Suess Style

  3. #3
    SitePoint Evangelist hantaah's Avatar
    Join Date
    Jul 2011
    Location
    Birmingham, Uk
    Posts
    549
    Mentioned
    3 Post(s)
    Tagged
    0 Thread(s)
    yes it's a real situation, someone told me the backend was open http://www.sakeenaheducationcentre.com
    I know ftp is locked.
    My hosting is with poweredbypenguins and I'm guessing they are up to speed with security.
    How else can I know?

  4. #4
    Just Blow It bronze trophy
    DaveMaxwell's Avatar
    Join Date
    Nov 1999
    Location
    Mechanicsburg, PA
    Posts
    7,204
    Mentioned
    106 Post(s)
    Tagged
    1 Thread(s)
    I would guess the issue is more with wordpress than your host.
    Dave Maxwell - Manage Your Site Team Leader
    My favorite YouTube Video! | Star Wars, Dr Suess Style

  5. #5
    It's all Geek to me silver trophybronze trophy
    ralph.m's Avatar
    Join Date
    Mar 2009
    Location
    Melbourne, AU
    Posts
    23,616
    Mentioned
    413 Post(s)
    Tagged
    7 Thread(s)
    Quote Originally Posted by hantaah View Post
    someone told me the backend was open
    Unless they are prepared to give you some more information, I'll tell them to shut their own backend. Your login page is password protected. WP is normally not "open" (presumably meaning "publicly accessible").

  6. #6
    Certified Ethical Hacker silver trophybronze trophy dklynn's Avatar
    Join Date
    Feb 2002
    Location
    Auckland
    Posts
    14,607
    Mentioned
    19 Post(s)
    Tagged
    2 Thread(s)
    han,

    It's likely that the one telling you that you've been hacked is trying to use social engineering to gain your login details (easier than actually hacking a website). If that's not the case, you'd better be prepared to download your entire website and match it with your local version (WinMergeU and BCompare are both good at making comparisons and noting any differences). If you've been hacked, search here for the checklist of recovery tasks I'd posted some months ago.

    Regards,

    DK
    David K. Lynn - Data Koncepts is a long-time WebHostingBuzz (US/UK)
    Client and (unpaid) WHB Ambassador
    mod_rewrite Tutorial Article (setup, config, test & write
    mod_rewrite regex w/sample code) and Code Generator

  7. #7
    SitePoint Evangelist hantaah's Avatar
    Join Date
    Jul 2011
    Location
    Birmingham, Uk
    Posts
    549
    Mentioned
    3 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by dklynn View Post
    han,

    It's likely that the one telling you that you've been hacked is trying to use social engineering to gain your login details (easier than actually hacking a website). If that's not the case, you'd better be prepared to download your entire website and match it with your local version (WinMergeU and BCompare are both good at making comparisons and noting any differences). If you've been hacked, search here for the checklist of recovery tasks I'd posted some months ago.

    Regards,

    DK

    hmmm, well the person I did the website for, it's a member of their family. They commented to say they like the website but to tell me the backend is open so to look into it. The problem is I developed this online so don't have any local version

  8. #8
    Gre aus'm Pott gold trophysilver trophybronze trophy
    Pullo's Avatar
    Join Date
    Jun 2007
    Location
    Germany
    Posts
    5,353
    Mentioned
    179 Post(s)
    Tagged
    9 Thread(s)
    Quote Originally Posted by hantaah View Post
    The problem is I developed this online so don't have any local version
    Oh man, you always need a backup.
    I really can't suggest strongly enough that you make one.

    We'll be happy to give you some pointers if you don't know how.

  9. #9
    SitePoint Evangelist hantaah's Avatar
    Join Date
    Jul 2011
    Location
    Birmingham, Uk
    Posts
    549
    Mentioned
    3 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Pullo View Post
    Oh man, you always need a backup.
    I really can't suggest strongly enough that you make one.

    We'll be happy to give you some pointers if you don't know how.
    Please if you could. I have backupafobia. I have a plug in called duplicate. Is that any good?

  10. #10
    Gre aus'm Pott gold trophysilver trophybronze trophy
    Pullo's Avatar
    Join Date
    Jun 2007
    Location
    Germany
    Posts
    5,353
    Mentioned
    179 Post(s)
    Tagged
    9 Thread(s)
    Nah, that plugin allows you to clone a post or page, or edit it as a new draft.

    To back up your site, basically you need to do two things:

    1. Backup your database(s)
    2. Backup all of the assets (e.g. images, theme files etc.)

    Let's start with point 1.
    You can either do this by loging into your hosting company's admin area and using whatever functionality the offer you (probably PHPMyAdmin)
    Or, installing a plugin, such as this one, which will do it for you.
    You might also want to read: http://codex.wordpress.org/Backing_Up_Your_Database

    After that, the easiest way to get to your files, is to connect to your webspace, via FTP, find your root WP folder (it will contain folders such as "wp-admin" and "wp-content"), then just copy this to your local PC.
    If you don't have FTP access for whatever reason, there is a plugin that claims to do it for you.
    You might also want to read: http://codex.wordpress.org/WordPress_Backups

    And that's it.

    Personally, I do both of these things by hand, so I can't recommend the plugin as I simply haven't used it.

    Anyone else?

  11. #11
    SitePoint Evangelist hantaah's Avatar
    Join Date
    Jul 2011
    Location
    Birmingham, Uk
    Posts
    549
    Mentioned
    3 Post(s)
    Tagged
    0 Thread(s)
    oh that sounds easy. I'll wait for a recommendation on that plug. Otherwise where do I go in phpadmin to back up?

    To copy my root do I copy the public_html and all inside that?

  12. #12
    Gre aus'm Pott gold trophysilver trophybronze trophy
    Pullo's Avatar
    Join Date
    Jun 2007
    Location
    Germany
    Posts
    5,353
    Mentioned
    179 Post(s)
    Tagged
    9 Thread(s)
    Quote Originally Posted by hantaah View Post
    Otherwise where do I go in phpadmin to back up?
    In PHPMyAdmin, select the db, click the tab marked "Export", keep the defaults, but choose "Save as file" (this might be hidden under "Advanced options" or something), and that's it.

    Quote Originally Posted by hantaah View Post
    To copy my root do I copy the public_html and all inside that?
    It can't hurt to have a backup of everything on the server.
    Strictly speaking all you need is the directory titled "wp-content", but I would go one level above that, then you've got a copy of everything related to the WP install.

    HTH

  13. #13
    SitePoint Evangelist hantaah's Avatar
    Join Date
    Jul 2011
    Location
    Birmingham, Uk
    Posts
    549
    Mentioned
    3 Post(s)
    Tagged
    0 Thread(s)
    easy peezy! I didn't even need to access phpmyadmin as they had a backup button in my control panel so I clicked that and it saved to my pc in a .txt ( hope that's right )
    Plus now in the process of transfering all files via ftp...

    Thanks I'm now backed up and about to do the same for all my other sites!

  14. #14
    Gre aus'm Pott gold trophysilver trophybronze trophy
    Pullo's Avatar
    Join Date
    Jun 2007
    Location
    Germany
    Posts
    5,353
    Mentioned
    179 Post(s)
    Tagged
    9 Thread(s)
    Quote Originally Posted by hantaah View Post
    they had a backup button in my control panel so I clicked that and it saved to my pc in a .txt ( hope that's right )
    Yup, it should be a plain text file.
    It is probably worth opening it and searching for a string that you know you added to the site recently.
    E.g. When I back up my DB after updating my blog, I open the backup file and search for the title of my last blog post. that way you know that you have got the latest version.

    Quote Originally Posted by hantaah View Post
    Thanks I'm now backed up and about to do the same for all my other sites!
    Good on you!

  15. #15
    Certified Ethical Hacker silver trophybronze trophy dklynn's Avatar
    Join Date
    Feb 2002
    Location
    Auckland
    Posts
    14,607
    Mentioned
    19 Post(s)
    Tagged
    2 Thread(s)
    Don't forget to password protect your "backend"!!! Use the password your host can generate for you OR use a strong one from strongpasswordgenerator.com.

    Regards,

    DK
    David K. Lynn - Data Koncepts is a long-time WebHostingBuzz (US/UK)
    Client and (unpaid) WHB Ambassador
    mod_rewrite Tutorial Article (setup, config, test & write
    mod_rewrite regex w/sample code) and Code Generator

  16. #16
    SitePoint Wizard webcosmo's Avatar
    Join Date
    Oct 2007
    Location
    Boston, MA
    Posts
    1,436
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Your host has nothing to do with the security of your backend; by being open it means it`s vulnerable to attacks, so you should be looking for an upgrade to the CMS you`re using.

  17. #17
    SitePoint Evangelist hantaah's Avatar
    Join Date
    Jul 2011
    Location
    Birmingham, Uk
    Posts
    549
    Mentioned
    3 Post(s)
    Tagged
    0 Thread(s)
    I see, will mke sure I keep updating!

    @pullo if I want to take this back up I did of the database and files and put it onto a sub directory, how do I do thast? Do you know of a tutorial that I can follow?

  18. #18
    Gre aus'm Pott gold trophysilver trophybronze trophy
    Pullo's Avatar
    Join Date
    Jun 2007
    Location
    Germany
    Posts
    5,353
    Mentioned
    179 Post(s)
    Tagged
    9 Thread(s)
    Quote Originally Posted by hantaah View Post
    @pullo if I want to take this back up I did of the database and files and put it onto a sub directory, how do I do thast? Do you know of a tutorial that I can follow?
    Not sure I follow you.
    Could you elaborate a little on what you are trying to do.

    On a separate note, I almost didn't see this question.
    If you want to get someone's attention you can mention them by writing an at sign "@" followed by the user name "pullo" a space " " and a semicolon ";"

    Like this: @hantaah ;

    This will then show up in that person's notifications when they log in.

  19. #19
    Life is not a malfunction gold trophysilver trophybronze trophy
    TechnoBear's Avatar
    Join Date
    Jun 2011
    Location
    Argyll, Scotland
    Posts
    5,386
    Mentioned
    218 Post(s)
    Tagged
    5 Thread(s)
    Off Topic:

    Quote Originally Posted by Pullo View Post
    On a separate note, I almost didn't see this question.
    If you want to get someone's attention you can mention them by writing an at sign "@" followed by the user name "pullo" a space " " and a semicolon ";"

    Like this: @hantaah ;

    This will then show up in that person's notifications when they log in.
    Or you can just type [mention][/mention] tags round the name. It does the same thing (and I find it easier to remember ).
    Don't be arrogant. Be kind to a koala that thinks it's a bear.

  20. #20
    SitePoint Evangelist hantaah's Avatar
    Join Date
    Jul 2011
    Location
    Birmingham, Uk
    Posts
    549
    Mentioned
    3 Post(s)
    Tagged
    0 Thread(s)
    @Pullo ; I see thanks for that @TechnoBear and thank you also

    you helped me make a back up ( above ) so I have a plain text file of the data base and all the files from the public_html. So I now want to take all this and place it on my new url but on a sub directory. I though to do this so that if any of muy clients don't keep their hoting going then I can still link to my work ( fully working )

    so for example I'd have my url http://organicwebdesigns.co.uk and then another wordpress site on a sub directory like this http://organicwebdesigns.co.uk/my-first-project and so on. So How do I get this back up above to work on my sub directory. I tried just uploading it into the sub directory but that didn't work.

  21. #21
    Gre aus'm Pott gold trophysilver trophybronze trophy
    Pullo's Avatar
    Join Date
    Jun 2007
    Location
    Germany
    Posts
    5,353
    Mentioned
    179 Post(s)
    Tagged
    9 Thread(s)
    Hi,

    Have you installed a second WP instance at http://organicwebdesigns.co.uk/my-first-project?

  22. #22
    SitePoint Evangelist hantaah's Avatar
    Join Date
    Jul 2011
    Location
    Birmingham, Uk
    Posts
    549
    Mentioned
    3 Post(s)
    Tagged
    0 Thread(s)
    not yet as not sure of the proper way but if I need to will install. Should I?

  23. #23
    Gre aus'm Pott gold trophysilver trophybronze trophy
    Pullo's Avatar
    Join Date
    Jun 2007
    Location
    Germany
    Posts
    5,353
    Mentioned
    179 Post(s)
    Tagged
    9 Thread(s)
    Well you either need to do this, or to go with multisite.
    For testing purposes, it's probably easier to install a second WP.
    For production, I would look into multisite.

  24. #24
    SitePoint Evangelist hantaah's Avatar
    Join Date
    Jul 2011
    Location
    Birmingham, Uk
    Posts
    549
    Mentioned
    3 Post(s)
    Tagged
    0 Thread(s)
    I can install wordpress fine on my subdomains but I need to know how to get the backed up files I made for say sakeenaheducation.com onto say organicwebdesigns.co.uk/sakeenah-education

    So far I installed wordpress onto a subdomain and via ftp I uploaded the backup files I have from themes folder upwards. nothing and when I log onto the new subdomain admin ( I thought perhaps uploaded theme needs to be activated ) it says the theme is there but there is an error as it needs css files etc but looking in the files all the files css etc are there.

  25. #25
    Gre aus'm Pott gold trophysilver trophybronze trophy
    Pullo's Avatar
    Join Date
    Jun 2007
    Location
    Germany
    Posts
    5,353
    Mentioned
    179 Post(s)
    Tagged
    9 Thread(s)
    Sorry for the quick reply, I'm just on my way out.

    You also need to reimport the database backup you made of your original site (presuming you want the page structure and content to be available).
    If you don't know how let me know and I'll post more later on.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •