Posted by ljmacphee on July 7, 2008 under security, things you should know | 
I. Take your site offline.
You can do this with a temporary redirect in your .htaccess file.
RewriteCond $1 !site-offline\.html$
RewriteRule ^(.*\.php)$ http://www.yourwebsite.com/site-down-message.html [R=302,L]
2. Download everything on your website to a safe computer at home. You will want to see what went wrong and it’ll serve as an emergency backup.
3. Check all your CMS ( content managment software ) for new versions and load new, clean versions on to the site.
4. If you have a clean back up of your site upload it now, taking care not to over write the new CMS.
5. Check everything, then check it again. Make sure everything is clean and you’ve prevented future attacks by what ever method the attacker entered.
6. Check Google Webmaster tools to see if you’ve been banished and check Stop Badware. Let them both know your site has been attacked, cleaned, and it back up again.
— Many of the newer attacks plant things in your MySQL database to reinfect your site once you’ve cleaned it so be sure to wipe them too.
— But since no one is ever thinking I’ll be hacked today I think I’ll do a back up, you might not have a clean backup. Contact your hosting company, they might if you don’t.
— If there are no clean back ups you’ll have to do it by hand. This means you must find a corrupted file and see what the attacker added. Usually it will be in an iframe. If you have a Mac or Linux box you can go to the root directory of the website files and type
grep -R ‘iframe badStuff’ *
and get a list of every file that has the bad stuff in it. Replace badStuff with what ever string the attacker placed in your files. Do this also with the directory holding your MySQL backups. MySQL backups are text files and easily edited by hand.
If you have Windows you will need to download a copy of grep from WinGrep.
If you use
grep -Rn ‘bad stuff’ *
it will also give you the line number the bad stuff is found on each file.
Keep grepping for corrupted files and cleaning until you have a clean copy of your website.
Next check with all the content management systems you are using for updates. Very likely there has been an update to what ever software was hacked. Upload new, clean copies of the blogging, photo or other software. Then upload your cleaned files and restore your cleaned databases.
Download everything and check again to make sure you were not re-infected.
Now if you can run cron jobs on your webhost you will want to run the following script daily
find . -mtime -1 -print | ls -lt
And have it email you the results. This will send you a list of every file that has been changed in the last 24 hours. This way you can keep a close eye on your site until you are sure everything is locked down and secure.
And remember you can’t have too many backups.
Lastly contact Google to let them know your site is clean again
More information:
Know your enemy: web application threats
Posted by ljmacphee on July 1, 2008 under wordpress template |
I’ve been using this theme on my websites long enough that it’s been tweaked and gotten crufty and it’d be a major pain to change it.
But I really like the new image gallery browsing in WordPress 2.5.1.
Turns out all you need to do is to add one file ‘images.php’ to your theme. You can download image.php.txt and just drop the .txt off it. Upload it to the directory of your current theme. It should work on all themes.
Example: BirdsTX
Or just cut and paste the text below into a file named images.php in your current theme gallery.
<?php get_header(); ?>
<div id="content" class="widecolumn">
<?php if (have_posts()) : while (have_posts()) : the_post(); ?>
<div class=”post” id=”post-<?php the_ID(); ?>”>
<h2><a href=”<?php echo get_permalink($post->post_parent); ?>” rev=”attachment”><?php echo get_the_title($post->post_parent); ?></a> » <?php the_title(); ?></h2>
<div class=”entry”>
<p class=”attachment”><a href=”<?php echo wp_get_attachment_url($post->ID); ?>”><?php echo wp_get_attachment_image( $post->ID, ‘medium’ ); ?></a></p>
<div class=”caption”><?php if ( !empty($post->post_excerpt) ) the_excerpt(); // this is the “caption” ?></div>
<?php the_content(’<p class=”serif”>Read the rest of this entry »</p>’); ?>
<div class=”navigation”>
<table><tr>
<td><?php previous_image_link() ?></td>
<td><?php next_image_link() ?></td>
</tr></table>
</div>
<br class=”clear” />
</div>
</div>
<?php comments_template(); ?>
<?php endwhile; else: ?>
<p>Sorry, no attachments matched your criteria.</p>
<?php endif; ?>
</div>
<?php get_footer(); ?>
Posted by ljmacphee on June 30, 2008 under how to |
I started using Awstats to track website activity. It came with cPanel and does a nice job.
However it was tracking my IP number as well. So I read the Awstats directions which tell you to put your *.conf file in your /etc directory. That doesn’t work. You must put your *.conf file in /tmp/awstats.
Ok so we got that far but every night the *.conf files were overwritten by Awstats removing the
SkipHosts=”111.111.111.111″
entry.
It turns out you must also change the file permissions to 0444 to prevent Awstats from overwriting your file each night.
So
1) edit your config file and change the SkipHosts=”" to contain your IP number
SkipHosts=”111.111.111.111″
2) Put this file in /tmp/awstats
3) Chmod the file to 0444
Posted by ljmacphee on June 23, 2008 under cgi, how to, perl, php |
The original TimesToCome site was created in 1997. The web has changed a great deal since then but my scripts hadn’t. I just hacked my blogs to use the PERL scripts. Converting them to work in your blog without using PERL or CGI is actually quite simple.
The first thing to do is convert your old CGI scripts to PHP. Your forms will remain the same except for the name of the script they are calling. ( <form method=”post” action=”new-script-url”> ) I found that User Friendly Forms in PHP, and PHP Form Handling gave me enough information to convert the forms from PERL to PHP. Most of what works in PERL, works in PHP, you’ll find very little needs to be changed. ( ‘PHP Black Book’
is the best book I’ve found so far. )
Once you have a working PHP form you need to incorporate it into your blog. To do this you need to create a page template. The easiest way is to copy an existing page template in your theme. The archives.php page usually works well.
Remove the archives information from the page. I deleted everything after <div id=”content” class=”pages”> down to the matching </div> tag for that division. Your template may be slightly different.
Now copy and paste your PHP form - everything between <body> and </body> into that space between <div id=”content” class=”pages”> and </div>.
Rename the page to something useful, and don’t forget to change the ‘Template Name: xxxx ‘ in the template.
Now log into your Wordpress or other blog. Create a new page, name it something useful. Then go to the templated drop down menu (’Templates’) and select your newly created template from the menu. Save and publish.
If you wish to use multiple pages for your form just create multiple pages. If you wish it to reload the same page when the script runs, call yourself in the action= and place a hidden check that lets you know if this page is being loaded or if the form is filled out and submitted.
Put the hidden check if form submitted in the form:
<input type=”hidden” name=”submit_check” value=”1″ />
The check for it in the part of the form you do your calculations:
if ($_POST['submit_check'] == 1 ) { /*do something*/ }
See example: Calorie calculator
Download example: Calories example php form in a WP blog