Clients site hacked by sejeal…

Today I went to a client site and only saw “o” on the screen. Called the client thinking it was a hosting problem like maybe it didn’t get renewed. Client called hosting, and hosting told him the directories were empty. I used FTP to see for myself. I noticed a few things:

  • index.php file has a 2009 date, but a index_old.php has a date from just week ago. I was sure no one had made any changes to it recently. Downloaded index.php and it seemed okay. I had a back up of the site from a few months ago and this index_old.php wasn’t in my backup…strange.
  • a jpg file called “sejeal.jpg”. Again not in my backup. Downloaded it and opened it. Probably shouldn’t have. Looked it up in Google and found it was a related to a hacker taking out data centers.

Here is what the  page looked like.

In the directory was this image.

Cont…
Found out Sejeal got hack of the day on Jan 31, 2013 from this site.

http://belsec.skynetblogs.be/archive/2013/01/31/hack-of-the-day-webshopawards-website-as-an-example.html

Installing PacketTracer on a Linux VirtualBox

Download PacketTracer from the Cisco network Academy.

The download should go into your downloads folder unless otherwise specified by you.

Open Terminal and locate your Downloads folder using “ls -s” to list the files and directories in a directory. “CD ” to navigate to the directory you want.

When you find the directory that houses your file you want to change it’s permissions to allow you to execute apon it. You would use:

chmod -x Packet*.bin

Next you can execute the file with:

sudo bash Packet*.bin

After you agree to the EULA(end user license agreement) the package will install.

Installing guest additions in Virtualbox on Linux

Here is a link I found to work from me. I am running Windows 7. I have VirtualBox installed and a copy of Ubuntu 11 something. I wanted to use terminal to install guest additions.

http://tinyurl.com/cfgnbk2

Basicly I ran two lines:

sudo apt-get install dkms
-A package will install itself. Won’t take long.

sudo apt-get install virtualbox-guest-additions
-Guest additions download and installs itself. This will take some time.

Joomla security issue on free hosting

I moved a Joomla 1.5 site to free hosting site. I got a security error.

I contacted the hosting company and they sent me to a link to fix it. I added “@” before these three lines in the Libraries >> Joomla >> Sessions folder sessions.php file.

// You find these first two around line 105
//set default sessios save handler
@ini_set(‘session.save_handler’, ‘files’);

//disable transparent sid support
@ini_set(‘session.use_trans_sid’, ‘0’);

//This one is on around line 685
//sync the session maxlifetime
@ini_set(‘session.gc_maxlifetime’, $this->_expire);

Extract one file using tar

  • I needed to extract a single file from a tarball or tar file. The following line is what I used to complete this.

sudo tar -C subdir_1/ -zxvf my_etc.tar etc/aliases

The break down:

  • tar – the command
  • -C – tells the command that you want to put it someplace else. In this case a existing directory called “subdir_1”.
  • -zxvf – tells the command to z (unzip, because this was compressed when the tar was created), x (extract), v(verbose, repeat back what process was performed), f(file, the object is will be working with)
  • my_etc.tar – the compressed tarball I am pulling the file from
  • etc/aliases – the file “aliases” I want to extract is in the “etc/” directory.

Wamp – PHPmyAdmin Root Password Setup

Wamp Server – PHPMyAdmin error:

Your configuration file contains settings (root with no password) that correspond to the default MySQL privileged account. Your MySQL server is running with this default, is open to intrusion, and you really should fix this security hole by setting a password for user ‘root’.

or

#1045 – Access denied for user ‘root’@’localhost’ (using password: NO)

Here is one way to fix that. Under C:\wamp\apps\phpmyadminXXX. “XXX will be your MySQL version. Look for “config.inc.php”. Open in NotePad or Wordpad. Look for where the “$cfg[‘Servers’][$i][‘password’] = ”;”, and put your the password you want between the single-quotes. Example:

$cfg[‘Servers’][$i][‘password’] = ‘mypassword’;

 

Changing perrmissions on your Linux www folder

For local testing purposes I installed Apache2, PHP5 and MySQL on a copy of Linux Mint. Using the Software Manager I was able to install everything quickly. Being new at this I needed to find out where localhost or the www folder was exactly. It is located off the root in the var folder.

I wanted to put my own quick “Hello world.php” file in there but did not have permissions. Here is the command line I used to fix that. Open Terminal and type in the following command.

sudo chmod -R 777 /var/www

This means Super User do change there permissions in reclusive order to read, write and execute on the root slash www folder.

 

Removing Twitterfeed from FaceBook

I was using NinjaRSS to send to twitterfeed to clients facebook wall. It all worked, but we had a flash in one of the post I didn’t want to show. Took forever to figure out how to remove.

Log into facebook  account. Click on view page if your wall is not the current page. As you rollover each post a X will show in the top right corner of the post. Click on this and you will see all the options you have with each post.

twitterfeed facebook

Adding Flash in a Joomla Article and Flash Vars

Here is an example of adding Flash in Joomla. In this case one Flash movie reads 5 different picture lists in 5 different XML files. Which XML file to read is passed in a  “flash var” that is read by the Flash movie.

http://www.grimeyphoto.com/index.php/portraits

Here is how I did it.

  1. Download and install HTMLMod, so you can add custom php to you Joomla site. http://extensions.joomla.org/extensions/edition/custom-code-in-modules/5435
  2. I used dreamweaver to give me the initial Flash embed code.
  3. You will need to FTP the “Scripts” folder to the root directory of your Joomla install.
  4. Create the HTMLmod with the parts of code below that you need, and give it a position like “user6”. You may have to add the position manually.
  5. Load the module in the article by using {loadpostion user6} in the article where you want the Flash element to show up.

The code in the module:

<?php

$xml = “gallery_kids.xml”; // the name of the XML document
$movie = “photo_gallery.swf”;  // the flash file
$moviePath = “where ever you want to place the flash “;
$width = “550px”;
$height = “350px”;

?>
<p>
<object id=”FlashID” classid=”clsid:D27CDB6E-AE6D-11cf-96B8-444553540000″ width=”<?php echo $width; ?>” height=”<?php echo $height; ?>”>
<param name=”movie” value=”<?php echo $moviePath. $movie; ?>” />
<param name=”quality” value=”high” />
<param name=”wmode” value=”opaque” />
<param name=FlashVars value=”<?php echo ‘my_xmlList=’ . $xml; ?>” />
<param name=”swfversion” value=”8.0.35.0″ />
<!– This param tag prompts users with Flash Player 6.0 r65 and higher to download the latest version of Flash Player. Delete it if you don’t want users to see the prompt. –>
<param name=”expressinstall” value=”Scripts/expressInstall.swf” />
<!– Next object tag is for non-IE browsers. So hide it from IE using IECC. –>
<!–[if !IE]>–>
<object type=”application/x-shockwave-flash” data=”$moviePath. $movie; ?>” width=”<?php echo $width; ?>” height=”<?php echo $height; ?>”>
<!–<![endif]–>
<param name=”quality” value=”high” />
<param name=”wmode” value=”opaque” />
<param name=FlashVars value=”<?php echo ‘my_xmlList=’ . $xml; ?>” />
<param name=”swfversion” value=”8.0.35.0″ />
<param name=”expressinstall” value=”Scripts/expressInstall.swf” />
<!– The browser displays the following alternative content for users with Flash Player 6.0 and older. –>
<div>
<h4>Content on this page requires a newer version of Adobe Flash Player.</h4>
<p><a href=”http://www.adobe.com/go/getflashplayer”><img src=”http://www.adobe.com/images/shared/download_buttons/get_flash_player.gif” alt=”Get Adobe Flash player” width=”112″ height=”33″ /></a></p>
</div>
<!–[if !IE]>–>
</object>
<!–<![endif]–>
</object>
</p>
<script type=”text/javascript”>
<!–
swfobject.registerObject(“FlashID”);
//–>
</script>