Fixing Commons Hacks

Just when you think you are safe, you realize that the shared server you have all your web stuff on gives people who also share the server a little more access than you’d like, meaning that you are really only as safe as they are.

With things like WordPress and other CMS, there are files that need to remain writeable, if not for use then for automated updates. It’s these files that are vulnerable to getting edited and slipping malware, site redirects and other problems onto your website.

Well, if you have telnet access to your account, and you should. Here are a couple commands you can use to see if you’ve been hacked and which files you need to clean to fix it. Additionally, you can change the security on these files so that they are not writeable, but you’ll have to remember that and go change them back before taking advantage of some automated updates.

First up, check your PHP files for bad stuff:

grep -lr –include=*.php –exclude-dir=logs “eval(base64_decode” .

Next, do the same thing to your HTML files:

grep -lr –include=*.ht* –exclude-dir=logs “<script>s=” .

In both cases, you’ll get back a list of file names that have matched the patterns (i.e. contain “eval(base64_decode” or “<script>s=”). You should download those files, edit them to remove the hacked code, and upload them. It’s possible, though unlikely, that you may get hits on valid uses of these patterns. So be sure you know what you are doing.

Basically, what each of these is doing is either redirecting your visitors to somewhere else, or pulling code in to be displayed on your website. Of course, the most common files to get hit with these are index.php and index.htm/index.html. If you are infected and visit your own site in Chrome (I don’t know about other browsers) and you haven’t disabled the feature, Chrome will warn you that the page is doing something that might be malicious and ask if you want to proceed anyway. That’s a sure sign that you need to do some cleaning.

Anyway, that’s a quick way to clean your website or two problems. If you don’t modify the file permissions, you should probably run these weekly just to be safe and catch problems as quick as you can.

dot Tumblr dot Com

If you haven’t caught it through other social media avenues, or by the appearance of the link over to the right on the weblog, I have a tumblr now.

It’s just another stream to follow… what’ll be over there is largely going to be pictures I take on my phone and then share. I could do that through the blog here with the WordPress app, but I haven’t liked the results of blogging from the app. It always seems to be formatted weird, and I have to fix it again later.

A Week of Tweets on 2010-10-24

  • Another weekend over, another work week begins… #
  • 7 months of Google Ads = $0.00 vs 7 months of Amazon Associates Ads/links = $33.42. Good bye Google Ads. You suck. #
  • Two hours playing with new WordPress themes, ended up back to my original with a few minor tweaks. #
  • Everyone should be watching Terriers on FX. Great show! #
  • @angelaadams Sew them inside voodoo dolls, obviously. in reply to angelaadams #
  • @petterm Added! in reply to petterm #
  • In order for healthcare to be universal, it needs to be based on what you cover, not who you cover. #
  • Bawitdaba da bang a dang diggy diggy diggy said the boogy said up jump the boogy. #
  • I am uninspired… I need a subject to blog about today… #
  • If you were stranded on a desert island, which one per… — The answer that will get me in the least trouble: my w… http://4ms.me/caMBU7 #
  • Paranormal Activity 2 screening tonight. (@ Regal Cinemas Atlantic Station Stadium 16 Theatre) http://4sq.com/3eNDxk #
  • The more it stays the same, the less it changes! #
  • Submit button, I set your height and width both to zero. Why are you still visible in all browsers but IE? #
  • @jehuthehunt You'll have better luck just banging your hands on the keyboard if you want to find something that has never been used. in reply to jehuthehunt #
  • I'm at IKEA w/ @mentaljo. http://4sq.com/55OTK5 #
  • Picked up my number for next Saturday's Run Like Hell 5k through the Oakland Cemetery. Woohoo! #

Powered by Twitter Tools

If Only Spam Were True…

Having run a blog for quite some time now, I’ve seen my fair share of spam.  Since installing Akismet with whatever version of WordPress it became included with, my site has blocked over ninety-six thousand spam comments.  This number is actually low because for a period of time I also ran the Bad Behavior plug-in that would block some spam before it got to Akismet (I had to disable Bad Behavior because it was causing other plug-ins to fail – long story).

Because of this, I have seen spam evolve over the years.  You still get the usual vigra and tramadol and other pharmaceuticals, and you get the porn, but as administration and spam catching have changed, so have the spammers.

One of the more common spam protections is to simply force all comments to be moderated.  Then, when a valid comment comes in and you approve it, that poster, assuming they use the same credentials, will bypass the moderation queue from that point forward.  To that end, more than half of my spam these days are attempts to get approved.  They say things like “Love your site. Adding it to my bookmarks!” and “I never thought of it that way, but now I am. Thank you for posting this!” and other similar things.  They almost look real.  In fact, if you dig through my comments you’ll probably find one or two that I’ve let slip through.  Of course, I don’t use that level of moderation, I use Akismet, so being approved once doesn’t mean you are approved in the future, and the ones that have slipped through are likely early spams before Akismet learned it was spam.

According to my feedburner and a few other tools, there are about 100 people who are not bots (as far as I and my tools can tell) who read this site.  Less than a dozen have probably ever commented.  Perhaps that is because I’m not writing things that are comment worthy.  Or it could be when people agree they are less likely to reply than if they disagree.

In any event, one of the things I am going to try to do in the future is to comment on the blogs that I read.  Maybe not every post, but at least every once in a while just to say “Hey, enjoyed reading this!” or something.  Because, you know, it is kind of lonely when only the spam tells you you are doing a good job.  Heh.

RSS and Advertising

Yesterday I decided to go through and make sure my RSS feeds in my reader were up to date.  I ended up dropping a couple where they haven’t posted anything in a while (a year), and decided that while I was doing it I’d try to see if feeds were available for some websites that I visit frequently.

Out of all the web comics that I added to the feed reader, only one (xkcd) actually had the comic in the feed.  The rest, at best, gave you a feed item letting you know that a new comic had been posted and you needed to visit the site to see it.

Now, I am not stupid.  I know exactly why they do this… advertising.  See, most of these sites, in order to offset the cost of hosting the comic (bandwidth and all that), have advertisements.  And as is the trend of ads on the web these days, most sites don’t manage their own advertising directly, they sign up with a banner providing site and then throw snippets of code on their site that will request an ad from the ad provider.  They do have some control over the ads, usually the ability to block ads they don’t wish to support, and overall I suppose they do a good job of keeping the ads “on message” with the rest of the site.

My problem is… well, why can’t the code snippets live in the RSS parser as well and tack on an ad at the bottom of a feed item.  Same banner image (though not the Flash “punch a monkey”/”you’ve just won two free ipod nano” ads), a line of text and a link/url to follow.  The capability exists.  WordPress has a plugin that does exactly that by putting a footer on RSS items.  Of course, not all web comics are using WordPress, but if it exists for one system it has to be possible for other systems.

Anyway, the result is, after adding a bunch of comics to my feed reader, I then removed all of them except xkcd.  For all the ones I removed, I’ll go back to visiting them when I remember to, which is usually once a month.  Just think, if they put the comic and an ad in their feed, they’d make me a daily reader of both their comics and their ads…

An Upgrade Is Coming

At some point during this week, once I’m sure none of my needed plugins will be broken, I will be upgrading to WordPress 2.5.  This is an apology in advance for when I screw it up…

It does certainly appear to have a number of new features and fixes (read about them here), and I’m excited for it.  However, in the past, while bug fix releases have always gone smoothly, full releases have always taken down some esoteric plugin I had built my site around causing me to have to redesign the whole damn thing.  I’m hoping that’s not going to happen this time.

Even if it does though, I’ll work through it.  WordPress has been the best blogging software I’ve come across, so unless someone just blows them out of the water with cool useful features, it is here to stay.

Keeping Track

A long time ago, I picked up a plugin for WordPress called Now Reading and it was good. But then I ran into two issues: 1) My webspace provider had my PHP locked at 8MB of memory for processing, and 2) An upgrade of WordPress came out that broke something.

I forget what broke, but I just remember getting annoyed, and then the 8MB limit started hitting me alot and I had to start dropping plugins. Now Reading was one that didn’t make the cut, and I started just doing my own book selection by hand.

Well, my provider finally started allowing me to up the memory on the PHP and so I began looking to add back in a few plugins. I came across Now Reading again thanks to Kevin, and its been updated and fixed and whatever that I can use it again. Anyway, I spent the last few days digging out my reading history and updating the plugin and I’ll be using it from here on out.

You’ll see it over on the right, there it’ll show the book or books I’m currently reading along with the last few books I’ve finished, and a link to the library that will show all the books I’ve read since about April of 2005. Its not completely accurate because I’m using my book reviews on the blog here to make the list and there were a few books I didn’t review.

Anyway, now that its there I should be able to keep track of my book a week adventure. We’ll see how that goes…

The Plague

Normally I reserve Wednesday posts for discussions of all things Zombie. This week, despite the title of this entry, I will not be speaking of zombies, unless you count the fact that I have felt like one.

One of the wicked cool things about WordPress, which is what I use to do this blog, is that you can post entries in advance. When I’m in my rhythm, I run about 3 entries ahead, so that on Monday I’m writing Thursday’s post while you are reading the post I wrote on Friday. Now, this isn’t always true, sometimes I just can’t think up or find stuff to write about, other days I’ll sit down and crank out a week’s worth of entries. The best part about this is that it allows (forces) me to think about what I’m writing. Often times I’ll write up an entry and then during the next two or three days while it waits in queue, I’ll think up new thoughts on the subject and go edit my entry. The bad part about this is that if I’m away from the PC for a few days and I’ve accidentally “published” items I wasn’t really finished with, they make it to the front page while I’m not paying attention.

So, a little over two weeks ago, I started feeling a tad under the weather. I wrote up a post for the 5th and one for the 7th, and then I vanished into a cloud of illness and phlegm.

There is nothing so oppressive as not being able to breath. There were days that I felt like someone was stepping on my chest. Of course, that didn’t stop me from trying to go see some free movie screenings. However, not being able to take a full breath and hearing a disturbing rattle in my lungs if I exhaled too deeply was just bad… when I realized that the never-ending pounding in my skull was actually from lack of caffeine, I felt like a complete idiot. Thankfully, the fine folks at Papa Johns will deliver Cokes along with pizza. Also, NyQuil works much better if you get the kind with the alcohol still in it. Its hard to feel sick when you are asleep.

However, illness does have its upsides. We did watch all of season three of 24. Now I’m only three seasons behind. I also played a lot of Dead Rising (hey, look! zombie games!) working my way toward the Zombie Genocider achievement (you have to kill 53,594 zombies, enough to equal the stated population of the town).

There comes a point, though, when you’ve missed all the work you can miss and slept all the sleep you can sleep and driven over all the zombies you can drive over… okay, driving over zombies never gets tiring, but there comes a point where you get sick and tired of being sick and tired. My point is at about 10 days.

Sometimes, a person just needs a break. I got sick, and I let myself be sick because I needed to be sick. Ten days of sick and I was ready to rejoin the world. I’m all better now, and I’m more certain than ever before that attitude and outlook affect your physical state.

What was the point of all this? Oh, likely just so that later I can justify to myself why I failed to reach 50,000 words for the NaNoWriMo by pointing and saying “I was sick!” But then again, I do still have ten days… 5,000 words a day. Maybe…

A New Theme

As you might have noticed, there is a new theme to the blog. Normally when I change the site around I just say “Please excuse the mess” and make changes. I never talk much about what exactly I’m doing to the site (except that one time I went in to detail about switching to WordPress from Coranto).

However, I really want to throw some credit out this time because this new theme is just all kinds of cool.

The base theme for WordPress is called The Sandbox. Its a theme built specifically to support templates. You might be thinking “But isn’t that just what WordPress does?” and in a way you are sort of correct. However, while WordPress just provides functions that you can plug in to your themes, the Sandbox theme is a skeleton design for all those functions that can then be inherited and manipulated by the “skins” of the Sandbox. This is really where the Sandbox shines. Now I’ve got one theme that handles the nitty gritty page code, and then I have about a dozen different skins that supply new images and a CSS file, along with any other enhancements. If your webspace has size or file limits, file reusability is important.

So, now to the usual… things may change around a bit now and then here, so bear with me… Please excuse the mess. 🙂

Pirates!

Avast! Yarrr! Yes, it is once again Talk Like A Pirate Day. And yes, I have installed the annoying Pirate Speech plugin for WordPress, so suffer!

I’ve already managed to make it through one meeting this morning saying things like “Aye” and using as much pirate speech as I can, but luckily there aren’t many meetings scheduled today.

So, enjoy the day, talk like a pirate, and have fun.