How to Upload Phpshell on Ubuntu 14.04
Introduction
At this time, WordPress is the well-nigh popular CMS (content management arrangement) on the internet. Information technology allows y'all to easily set flexible blogs and websites on top of a MySQL backend with PHP processing. WordPress has seen incredible adoption and is a not bad pick for getting a website upwardly and running quickly.
In this guide, we'll focus on getting a WordPress instance ready with an Apache web server on Ubuntu 14.04.
Prerequisites
Before you brainstorm this guide, there are some of import steps that you need to complete on your server.
Nosotros volition be proceeding through these steps as a not-root user with sudo privileges, then you will demand to accept one available. Yous can find out how to create a user with sudo privileges by following steps 1-4 in our Ubuntu fourteen.04 initial server setup guide.
Additionally, you'll demand to accept a LAMP (Linux, Apache, MySQL, and PHP) stack installed on your VPS instance. If you don't take these components already installed and configured, you can use this guide to larn how to install LAMP on Ubuntu 14.04.
When you are finished with these steps, you can continue with this guide.
Step One — Create a MySQL Database and User for WordPress
The first pace that we volition take is a preparatory one. WordPress uses a relational database to manage and store site and user information.
Nosotros have MySQL installed, which tin can provide this functionality, but we demand to make a database and a user for WordPress to piece of work with.
To get started, log into the MySQL root (administrative) account by issuing this command:
mysql -u root -p You will exist prompted for the password you ready for the MySQL root business relationship when you lot installed the software. You lot will and so exist given a MySQL command prompt.
First, we tin can create a separate database that WordPress can control. You can telephone call this whatsoever you would like, but I volition exist calling it wordpress because information technology is descriptive and simple. Enter this command to create the database:
<pre> CREATE DATABASE <bridge grade="highlight">wordpress</span>; </pre>
Every MySQL statement must terminate in a semi-colon (;), so check to make sure this is present if you are running into any issues.
Next, nosotros are going to create a separate MySQL user account that we will use exclusively to operate on our new database. Creating one-function databases and accounts is a good idea from a management and security standpoint.
I am going to telephone call the new account that I'm making wordpressuser and volition assign it a password of countersign. Yous should definitely change the countersign for your installation and can name the user whatsoever you'd similar. This is the command you need to create the user:
<pre> CREATE USER <span form="highlight">wordpressuser</span>@localhost IDENTIFIED BY '<span class="highlight">password</span>'; </pre>
At this point, you have a database and a user business relationship, each made specifically for WordPress. However, these two components have no relationship yet. The user has no access to the database.
Let'due south fix that by granting our user account access to our database with this command:
<pre> GRANT ALL PRIVILEGES ON <span grade="highlight">wordpress</span>.* TO <span class="highlight">wordpressuser</bridge>@localhost; </pre>
Now the user has access to the database. We demand to flush the privileges and so that the electric current example of MySQL knows nigh the contempo privilege changes we've made:
FLUSH PRIVILEGES; We're all set now. We tin can leave out of the MySQL prompt by typing:
exit Y'all should at present be back to your regular command prompt.
Step Two — Download WordPress
Next, we will download the actual WordPress files from the project'due south website.
Luckily, the WordPress team e'er links the almost contempo stable version of their software to the same URL, so nosotros can get the about upward-to-date version of WordPress past typing this:
cd ~ wget http://wordpress.org/latest.tar.gz This will download a compressed file that contains the archived directory contents of the WordPress files to our home directory.
We can extract the files to rebuild the WordPress directory nosotros need past typing:
tar xzvf latest.tar.gz This will create a directory chosen wordpress in your home directory.
While we are downloading things, we should also get a few more packages that we need. We tin can get these direct from Ubuntu's default repositories after nosotros update our local package index:
sudo apt-get update sudo apt-get install php5-gd libssh2-php This will allow you to work with images and will besides let you to install plugins and update portions of your site using your SSH login credentials.
Step Three — Configure WordPress
Most of the configuration that we volition be doing will exist through a spider web interface afterwards. However, we do need to do some work from the command line before we can go this up and running.
Begin by moving into the WordPress directory that you only unpacked:
cd ~/wordpress A sample configuration file that mostly matches the configuration we need is included past default. However, nosotros need to copy it to the default configuration file location to get WordPress to recognize the file. Do that now by typing:
cp wp-config-sample.php wp-config.php Now that we have a configuration file to work with, we can generate some secret keys that assist to secure the installation. WordPress provides a secure generator for these values so that you do non have to endeavor to come up upwards with good values on your own. These are only used internally, so it won't hurt usability to have complex, secure values here.
To grab secure values from the WordPress hush-hush key generator, blazon:
curl -due south https://api.wordpress.org/secret-key/i.ane/salt/ You volition become back unique values that wait something like this:
Alarm! It is of import that yous request unique values each time. Practice Not copy the values shown below!
Output
define('AUTH_KEY', '1jl/vqfs<XhdXoAPz9 DO NOT COPY THESE VALUES c_j{iwqD^<+c9.k<J@4H'); define('SECURE_AUTH_KEY', 'E2N-h2]Dcvp+every bit/p7X DO NOT Re-create THESE VALUES {Ka(f;rv?Pxf})CgLi-iii'); define('LOGGED_IN_KEY', 'W(fifty,{W^,OPB%PB<JF Practise NOT Copy THESE VALUES ii;y&,2m%iii]R6DUth[;88'); define('NONCE_KEY', 'll,4UC)7ua+8<!4VM+ Exercise NOT Re-create THESE VALUES #`DXF+[$atzM7 o^-C7g'); define('AUTH_SALT', 'koMrurzOA+|L_lG}kf Do NOT COPY THESE VALUES 07VC*Lj*lD&?3w!BT#-'); define('SECURE_AUTH_SALT', 'p32*p,]z%LZ+pAu:VY DO NOT COPY THESE VALUES C-?y+K0DK_+F|0h{!_xY'); ascertain('LOGGED_IN_SALT', 'i^/G2W7!-1H2OQ+t$3 DO Non Re-create THESE VALUES t6**bRVFSD[Hi])-qS`|'); define('NONCE_SALT', 'Q6]U:One thousand?j4L%Z]}h^q7 Practice Not COPY THESE VALUES ane% ^qUswWgn+half-dozen&xqHN&%'); These are configuration lines that we can paste directly in our configuration file to set secure keys. Copy the output yous received now.
Next, let's open the configuration file in a text editor:
nano wp-config.php Find the section that contains the dummy values for those settings. It will look something like this:
. . . #define('AUTH_KEY', 'put your unique phrase here'); #define('SECURE_AUTH_KEY', 'put your unique phrase here'); #define('LOGGED_IN_KEY', 'put your unique phrase here'); #ascertain('NONCE_KEY', 'put your unique phrase here'); #define('AUTH_SALT', 'put your unique phrase here'); #define('SECURE_AUTH_SALT', 'put your unique phrase hither'); #define('LOGGED_IN_SALT', 'put your unique phrase here'); #define('NONCE_SALT', 'put your unique phrase here'); . . . Delete those lines and paste in the values y'all copied from the control line:
/var/world wide web/html/wp-config.php
. . . define('AUTH_KEY', 'VALUES COPIED FROM THE Command LINE'); define('SECURE_AUTH_KEY', 'VALUES COPIED FROM THE Control LINE'); ascertain('LOGGED_IN_KEY', 'VALUES COPIED FROM THE COMMAND LINE'); define('NONCE_KEY', 'VALUES COPIED FROM THE COMMAND LINE'); define('AUTH_SALT', 'VALUES COPIED FROM THE Control LINE'); define('SECURE_AUTH_SALT', 'VALUES COPIED FROM THE Control LINE'); define('LOGGED_IN_SALT', 'VALUES COPIED FROM THE COMMAND LINE'); define('NONCE_SALT', 'VALUES COPIED FROM THE Control LINE'); . . . After that, the but modifications we need to brand are to the parameters that agree our database information.
Nosotros will demand to observe the settings for DB_NAME, DB_USER, and DB_PASSWORD in order for WordPress to correctly connect and authenticate to the database we created.
Fill in the values of these parameters with the information for the database you created. It should look like this:
<pre> // ** MySQL settings - You tin get this info from your web host ** // /** The proper noun of the database for WordPress */ define('DB_NAME', '<span class="highlight">wordpress</span>');
/** MySQL database username */ ascertain('DB_USER', '<bridge grade="highlight">wordpressuser</span>');
/** MySQL database password */ define('DB_PASSWORD', '<span class="highlight">password</span>'); </pre>
These are the just values that you lot demand to alter.
When you are finished, save and close the file.
Footstep Four — Copy Files to the Certificate Root
Now that nosotros have our application configured, we need to copy it into Apache's document root, where it can be served to visitors of our website.
One of the easiest and nearly reliable way of transferring files from directory to directory is with the rsync command. This preserves permissions and has skilful data integrity features.
The location of the document root in the Ubuntu 14.04 LAMP guide is /var/www/html/. We tin can transfer our WordPress files there by typing:
sudo rsync -avP ~/wordpress/ /var/www/html/ This will safely re-create all of the contents from the directory you unpacked to the certificate root.
Nosotros should at present move into the document root to make some final permissions changes
cd /var/www/html You will need to change the ownership of our files for increased security.
We want to give user buying to the regular, not-root user (with sudo privileges) that you plan on using to interact with your site. This tin be your regular user if you wish, merely some may propose that yous create an boosted user for this process. It is upwardly to yous which yous cull.
For this guide, we will use the same account that nosotros ready during the initial server setup guide, which we called demo. This is the account I am performing all of the actions of this guide equally.
The group ownership we will give to our web server process, which is world wide web-information. This will allow Apache to interact with the content as necessary.
We can apace assign these ownership values by typing:
<pre> sudo chown -R <span class="highlight">demo</span>:www-data * </pre>
This will ready the ownership backdrop that we are looking for.
While we are dealing with buying and permissions, we should also look into assigning correct ownership on our uploads directory. This will allow us to upload images and other content to our site. Currently, the permissions are too restrictive.
Offset, permit's manually create the uploads directory beneath the wp-content directory at our document root. This volition exist the parent directory of our content:
mkdir /var/www/html/wp-content/uploads We have a directory now to house uploaded files, however the permissions are however too restrictive. We demand to allow the spider web server itself to write to this directory. We can do this by assigning group ownership of this directory to our spider web server, similar this:
sudo chown -R :www-data /var/www/html/wp-content/uploads This volition allow the web server to create files and directories under this directory, which will permit the states to upload content to the server.
Pace Five — Consummate Installation through the Spider web Interface
Now that you accept your files in identify and your software is configured, you lot can complete the installation through the web interface.
In your web browser, navigate to your server'south domain name or public IP address:
<pre> http://<span class="highlight">server_domain_name_or_IP</span> </pre>
You will see the WordPress initial configuration folio, where you will create an initial administrator account:
Fill out the information for the site and the administrative account you wish to brand. When you are finished, click on the install button at the bottom.
WordPress will confirm the installation, and and then enquire you to log in with the account you lot just created:
Hit the push at the bottom and so fill out your business relationship data:
Yous will be presented with the WordPress interface:
Step Six (Optional) — Configure Pretty Permalinks for WordPress
Past default, WordPress creates URLs dynamically that look something like this:
<pre> http://<span class="highlight">server_domain_name_or_IP</bridge>/?p=1 </pre>
This isn't exactly the most useful interface for visitors or search engines, so near users want to modify this. WordPress has the ability to create "pretty" permalinks which will clean up the URL into a more than human-friendly format.
There are a few things we need to do to get this to work with Apache on Ubuntu 14.04.
Modifying Apache to Allow URL Rewrites
First, we need to modify the Apache virtual host file for WordPress to allow for .htaccess overrides. Y'all can practise this past editing the virtual host file.
By default, this is 000-default.conf, but your file might exist unlike if you created another configuration file:
sudo nano /etc/apache2/sites-available/000-default.conf Within of this file, we want to set up up a few things. We should set the ServerName and create a directory section where nosotros allow overrides. This should await something like this:
<pre> <VirtualHost *:80> ServerAdmin webmaster@localhost DocumentRoot /var/www/html <span course="highlight">ServerName server_domain_name_or_IP</span> <span class="highlight"><Directory /var/www/html/></span> <bridge grade="highlight">AllowOverride All</span> <bridge form="highlight"></Directory> . . . </pre>
When yous are finished, save and close the file.
Next, nosotros need to enable the rewrite module, which allows y'all to modify URLs. Yous can exercise this by typing:
sudo a2enmod rewrite After you have made these changes, restart Apache:
sudo service apache2 restart Create an .htaccess File
At present that Apache is configured to allow rewrites through .htaccess files, we need to create an actual file.
Y'all need to place this file in your document root. Type this to create an empty file:
impact /var/www/html/.htaccess This volition be created with your username and user group. We demand the web server to be the group owner though, then we should adjust the ownership past typing:
sudo chown :world wide web-information /var/www/html/.htaccess Nosotros now take the correct ownership of this file.
We may demand to accommodate the permissions however. This depends on how y'all prefer to work. WordPress will generate the necessary rewrite rules for yous. If it has write permissions to this file, it tin can implement the rules automatically. If it does not, you will have to manually edit this file to add together the right rules.
Which configuration you choose depends on how much yous value convenience over security. Assuasive the spider web server write access to this file will definitely exist more convenient, but some say that it is an unnecessary security risk.
If you desire WordPress to automatically update this file with rewrite rules, you lot can ensure that it has the correct permissions to do so past typing:
chmod 664 /var/www/html/.htaccess If you want to update this file manually for the sake of a small security gain, you can let the web server only read privileges by typing:
chmod 644 /var/www/html/.htaccess Modify the Permalink Settings in WordPress
When you are finished doing the server-side changes, you can hands accommodate the permalink settings through the WordPress administration interface.
On the left-hand side, under the Settings menu, you can select Permalinks:
You tin choose any of the preconfigured settings to organize URLs, or you tin create your own.
When you accept made your choice, click "Save Changes" to generate the rewrite rules.
If you allowed the web server write access to your .htaccess file, yous should see a bulletin like this:
If you did not let the web server write access to your .htaccess file, yous volition be provided with the rewrite rules you need to add to the file manually.
Copy the lines that WordPress gives y'all and and then edit file on your server:
nano /var/world wide web/html/.htaccess This should requite you the same functionality.
Conclusion
You should at present have a WordPress case up and running on your Ubuntu 14.04 VPS. There are many avenues you tin take from here. Below we've listed some options:
- Configure Secure Updates and Installations for WordPress
- Utilise WPScan to Test for Vulnerable Plugins and Themes
- Manage WordPress from the Control Line
- Set Upward Multiple WordPress Sites (non-multisite)
- Fix Multiple WordPress Sites with Multisite
mcconnellonat1989.blogspot.com
Source: https://www.digitalocean.com/community/tutorials/how-to-install-wordpress-on-ubuntu-14-04
0 Response to "How to Upload Phpshell on Ubuntu 14.04"
ارسال یک نظر