Tech | Page 4
Sort by:
  • Home
  • Archive by Category "Tech"
  • (  »   Page 4)

Category: Tech
Tech | Page 4

Another Craigslist Wacko

It’s always interesting to see what oddball douchebags come out of the woodwork when posting shit on CL.  As usual I have a ton of stuff posted for sale on the site, but for some weird reason I have been getting a ton of weird responses to my posting of my MSI GT70 gaming laptop for sale/trade.  Maybe it’s because the only people interested in it are computer nerds with extremely limited social skills, but whatever the reason I have received some interesting emails about it.
Tech | Page 4

Want to Learn to Program?

If you are anything like me, you are interested in all things tech.  Maybe you have struggled with wanting to learn more about programming in any sort of language, and done some web design among other things.  Well in my travels on the internet, I have compiled a pretty decent list of learn-to-program resources.  These are some of my favorite sites that I think are great tools to help teach you the basics of programming.


I happened to luck out on Reddit and come across a really cool guy who was offering programming help to anyone who was interested.  Turns out he’s a developer in Dubai who was laid off from his job, and was just looking to help people out while he had some free time.  Super cool guy, and if you are interested, leave me a comment and I’ll talk to him because I know he’s interested in helping more people out.  We just do lessons using Skype screen sharing and it works out great.


I’ve been doing most of my development using the tools I got from Microsoft Dreamspark.  If you haven’t heard of this, you need to check it out.  If you have a .edu email address, you can sign up for this and receive full registered versions of Microsoft development software for free from their website.  This is awesome!  I’ve been using Visual C++ Express for a while, and then started to learn about Visual Studio using the free full version I got of Visual Studio 2010 Premium from Dreamspark, and then finally just upgraded to Visual studio 2011 Beta that was just released on the site.  Hey, you can’t be the price of FREE!  Thank god I still had access to my .edu address from Redlands!


Anyway, on to my recommendations! Here are some of the best sites I’ve found:


I hope these help someone else like they have helped me.  Good luck learning to code!
Tech | Page 4

WordPress TimThumb.php Exploit is a complete Bitch to Remove!

So I hate to admit it, but most of the sites that we host were affected by what is to-date the gnarliest wordpress exploit I have ever seen.  We have been harrassed a few times by script douches who dick around with the most common wordpress exploits (namely, outdated versions of the software), but we just recently went through and made sure that ALL instances of WP were running current versions.  Well out of nowhere we realize that most of our sites are redirecting to russian spam porn URL’s from search engine results.  If you go directly to the site URL’s, however, they resolve fine.

Upon some investigation into the .htaccess files, it turns out there was tons of malicious code being added to control the redirects.  The first thing I thought was: easy, just remove this junk code and we’re good.  So I spend 30 minutes editing .htaccess files on all my instances, and think that the problem is solved.  I come back a few hours later to find that ALL of my changes have been overwritten, and the malicious code is back in place.  Fucking frustrating!

Now Evan and I spent hours and hours digging through blog posts, and wordpress forums to find some help here.  even our web host (hostmonster) was absolutely no help, and most of the forum posts were just people referring others back to the same typical bullshit “how to clean your hacked wordpress site” posts that share the same general logic but don’t address the specific issue here.

So, back to more and more digging.  Couldn’t find anything on the specific URL we were redirecting to.  Grepp’d all of our sites to find it and its only mentioned in the .htaccess files.  Then, I stumble across a sliver of information that mentions the redirect is being handled by a script that may reference “Web Shell by oRb” OR a script called “FilesMan“.  I set to grep’ing for these references, and what do you know – we found FilesMan.  It was hidden in a php file hidden deep in a Joomla install (/modules dir if I remember correctly) and was called something like wp-12487372.php.

This little bastard had all of the code in it to handle the redirects and rewrites of EVERY .htaccess file on my server.

After finding that, we resolved the issue by deleting the file, and cleaning out every .htaccess file back to their original states (backups!) and installing a wordpress plugin on every site that addresses the TimThumb.php vulnerability.  Its called Tim Thumb Vulnerability Scanner, and I suggest you use it.  It will find any instance of the file and upgrade them to the latest versions that don’t have the exploit.  Then I started installing the Bulletproof Security WordPress Plugin that pretty much locks down your .htaccess files.  I’m determined to make sure this never happens again!

Here are some additional notes that I found from researching across the web on ways to resolve this .htaccess redirect issue:

  • These dirtbags will leave backdoors so that they can re-infect you hours after cleaning this out in the form of the following files: _wp_cache.php sm3.php or wp.php.  If you look at these files you'll see they start with something like this:
  • <?php # Web Shell by oRb
    $auth_pass = "";
    $color = "#df5";
    $default_action = 'FilesMan';
    $default_use_ajax = true;
    $default_charset = 'Windows-1251'
  • In my particular case, I had to search for “FilesMan” in order to find it.  YMMV
  • So the prudent thing to do would be to scan all .php files(or all files in general if yuo were really wanting to be careful) and search for something unique about this file, ie: Windows-1251 or Web Shell by oRb like so:  find . -name “*.php” -exec grep -H ‘Web Shell by oRb’ ;\ -exec rm {} \;
  • Use that TimThumb plugin to fix all your vulnerabilities!  OR:
  • Grab the updated timthumb: wget
  • find . -name “*thumb*.php”  -exec grep -H timthumb {} \; -exec cp timthumb.php {}

A few other resources to help in your un-hacking 🙂


%d bloggers like this:

Powered by