WS FTP site .ini file location

I use an older version of WSFTP (8.0). I wanted to backup the .ini file that holds all the site configurations. I was unable to locate it, but eventually search enough and found it.

WS support says the path is:

C:\Users\<username>\AppData\Roaming\Ipswitch\WS_FTP\Sites

Here is the path I needed to get the file.

C:\users\<username>\AppData\local\VirtualStore\Program Files(x86)\Common Files\Ipswitch\WS_FTP\Sites\WS_FTP.ini

I hope this helps someone.

More info on the Joomla Sejeal attack

I have another client’s site attacked by Sejeal. Again I found a “sejeal.JPG” file in the root directory. Client called me saying the hyperlinks don’t work. Browser was giving back 404 error.

I found this article that shed some light on the matter. One of my main tools “JCEditor” has a vulnerability that attackers are exploiting.

http://www.prolateral.com/news-section/news-news/289-has-your-joomla-website-been-hacked.html

 

 

Coupon Companion Plugin – adware / malware removal.

I recently installed a audio driver to fix a problem with the “what you hear” input device. Shortly after that when browsing hyperlinks would throw pop-up window linking to an ad for something. Here is an example.

At the bottom of the window was “Coupon Companion Plugin” banner. With some research I found this is adware.

http://malwaretips.com/blogs/remove-coupon-companion-ads/

I followed the steps to remove the adware. Hoping this works. I doing this I also discovered my machine also had “InfoAtoms” on it . More adware. I followed the following article to remove this as well.

http://www.uninstallgeek.com/programs/infoatoms-1-0-10-0-uninstall-tool.html

It seems we can expect more of this in the future. Stay safe my friends.

Clients site hacked by sejeal…

Today I went to a client site and only saw “o” on the screen. Called the client thinking it was a hosting problem like maybe it didn’t get renewed. Client called hosting, and hosting told him the directories were empty. I used FTP to see for myself. I noticed a few things:

  • index.php file has a 2009 date, but a index_old.php has a date from just week ago. I was sure no one had made any changes to it recently. Downloaded index.php and it seemed okay. I had a back up of the site from a few months ago and this index_old.php wasn’t in my backup…strange.
  • a jpg file called “sejeal.jpg”. Again not in my backup. Downloaded it and opened it. Probably shouldn’t have. Looked it up in Google and found it was a related to a hacker taking out data centers.

Here is what the  page looked like.

In the directory was this image.

Cont…
Found out Sejeal got hack of the day on Jan 31, 2013 from this site.

http://belsec.skynetblogs.be/archive/2013/01/31/hack-of-the-day-webshopawards-website-as-an-example.html

Installing PacketTracer on a Linux VirtualBox

Download PacketTracer from the Cisco network Academy.

The download should go into your downloads folder unless otherwise specified by you.

Open Terminal and locate your Downloads folder using “ls -s” to list the files and directories in a directory. “CD ” to navigate to the directory you want.

When you find the directory that houses your file you want to change it’s permissions to allow you to execute apon it. You would use:

chmod -x Packet*.bin

Next you can execute the file with:

sudo bash Packet*.bin

After you agree to the EULA(end user license agreement) the package will install.

Installing guest additions in Virtualbox on Linux

Here is a link I found to work from me. I am running Windows 7. I have VirtualBox installed and a copy of Ubuntu 11 something. I wanted to use terminal to install guest additions.

http://tinyurl.com/cfgnbk2

Basicly I ran two lines:

sudo apt-get install dkms
-A package will install itself. Won’t take long.

sudo apt-get install virtualbox-guest-additions
-Guest additions download and installs itself. This will take some time.

Joomla security issue on free hosting

I moved a Joomla 1.5 site to free hosting site. I got a security error.

I contacted the hosting company and they sent me to a link to fix it. I added “@” before these three lines in the Libraries >> Joomla >> Sessions folder sessions.php file.

// You find these first two around line 105
//set default sessios save handler
@ini_set(‘session.save_handler’, ‘files’);

//disable transparent sid support
@ini_set(‘session.use_trans_sid’, ‘0’);

//This one is on around line 685
//sync the session maxlifetime
@ini_set(‘session.gc_maxlifetime’, $this->_expire);

Extract one file using tar

  • I needed to extract a single file from a tarball or tar file. The following line is what I used to complete this.

sudo tar -C subdir_1/ -zxvf my_etc.tar etc/aliases

The break down:

  • tar – the command
  • -C – tells the command that you want to put it someplace else. In this case a existing directory called “subdir_1”.
  • -zxvf – tells the command to z (unzip, because this was compressed when the tar was created), x (extract), v(verbose, repeat back what process was performed), f(file, the object is will be working with)
  • my_etc.tar – the compressed tarball I am pulling the file from
  • etc/aliases – the file “aliases” I want to extract is in the “etc/” directory.

Wamp – PHPmyAdmin Root Password Setup

Wamp Server – PHPMyAdmin error:

Your configuration file contains settings (root with no password) that correspond to the default MySQL privileged account. Your MySQL server is running with this default, is open to intrusion, and you really should fix this security hole by setting a password for user ‘root’.

or

#1045 – Access denied for user ‘root’@’localhost’ (using password: NO)

Here is one way to fix that. Under C:\wamp\apps\phpmyadminXXX. “XXX will be your MySQL version. Look for “config.inc.php”. Open in NotePad or Wordpad. Look for where the “$cfg[‘Servers’][$i][‘password’] = ”;”, and put your the password you want between the single-quotes. Example:

$cfg[‘Servers’][$i][‘password’] = ‘mypassword’;

 

Changing perrmissions on your Linux www folder

For local testing purposes I installed Apache2, PHP5 and MySQL on a copy of Linux Mint. Using the Software Manager I was able to install everything quickly. Being new at this I needed to find out where localhost or the www folder was exactly. It is located off the root in the var folder.

I wanted to put my own quick “Hello world.php” file in there but did not have permissions. Here is the command line I used to fix that. Open Terminal and type in the following command.

sudo chmod -R 777 /var/www

This means Super User do change there permissions in reclusive order to read, write and execute on the root slash www folder.