Web – New Java Code Infection

April 8th, 2010


The Symptoms And The Cure



We noticed strange java code patterns inside some of our website files (usually in index.php). This injection can be easily noticed if you view source of your pages and watch the very beginning and the very end. If you notice a suspicious looking piece of JS code, your site might be infected.

The current attack has a code that starts with this:

var i;if(i!=”){i=’f’};var P=new String();

In most cases, these patterns were calling php scripts from some webserver.

We thought that it was some virus that we uploaded to server from our workstations while updating files, but then we discovered ftp uploads from unknown places. We were using pure-ftpd.

Since pure-ftpd was logging its activities in syslog, this is how we found suspicious ftp connections and extracted originating ip addresses:

cat /var/log/messages | grep your_ftp_username | grep -v your_ipaddress | grep uploaded | awk ‘{print $6}’ | cut -d “@” -f2 | cut -d “)” -f1 | sort -u >> ban_list

If your ftp daemon has different logging form, you will have to make some adjustments.

With this list you can do whatever you want (ban listed ip addresses, inform their owners…).

After this we replaced ftp server.
For purging malicious code from infected files on server side, we used this useful program.

Cool Ginger Margarita

March 31st, 2010


Popular Cocktail With Interesting Aroma





* 3/4 cup sugar
* 1 1/2 cups water
* 1 large hand ginger, peeled and cut into 1/2-inch coins/chunks
* Bar sugar
* Freshly grated nutmeg
* 2 ounces good quality tequila or reposado (recommended: Cabo Wabo)
* 1 lime, juiced, plus lime wedges for garnish



Bring sugar and water up to a light simmer and cook until all of the sugar is dissolved. Add ginger and steep for 30 minutes. Pour ginger-simple syrup into blender and puree. Strain out pulp and store in a tightly sealed jar or bottle. Will keep for several weeks in the refrigerator.

Pour some bar sugar onto small plate and grate a pinch of nutmeg on top, mix well.

Add tequila, lime juice, 5 ounces ginger-simple syrup and ice to cocktail shaker and give it a good shake. Run lime wedge around rim of glass and dip in sugar/nutmeg mixture, add ice and pour in contents of shaker, grate a little nutmeg on top and serve with a wedge of lime.



Tweaking WordPress – Sitemap

March 31st, 2010


Way To Improve Your Content Overview




I was looking for some site map solution that would satisfy my picky needs (to be seen as wp page not as wp post and to show list of categories with posts inside them). Sitemap is cool webmaster tool. It helps visitor to easy navigate through your site. It shows page structure and also, some sitemap WordPress plugins create sitemap.xml file that is very useful when search engines map your site. I found couple that were partially good enough. First was WP-Archives by Jim Penaloza Calixto (more info at http://blog.unijimpe.net/, wp plug-in download url – http://downloads.wordpress.org/plugin/wp-archives.zip). It was easy and simple to install and configure. It is installed as post and it shows posts in chronological order (but not what category they belong) with day/month info. The second was PS Auto Sitemap by Hitoshi Omagari (more info at http://www.web-strategy.jp/wp_plugin/ps_auto_sitemap/, wp plug-in download url – http://downloads.wordpress.org/plugin/ps-auto-sitemap.zip). It had visually all that I wanted (categories with list of posts that belong to them), but it was implemented as a post. I didn’t want that (yes, I know I could easily put it in sidebar as a link, but I wanted it to be on the top with other page links). So I was using the WP Archives plug-in for a while. It looked like this:

Old Sitemap


When I managed to find more free time, I decided to fix this. I used PS Auto Sitemap plug-in and did some simple code change in php.

After plug-in installation, I edited header.php of my current theme and I put something like this at the place where pages are being listed:

<li <?php if($post->ID == xxx) echo ‘class=”current_page_item”‘; ?>><a href=”http://yoursite/post-name-xxx”>Post Name</a></li>

Here, xxx is ID of your plug-in post that you can find in your post URL at the end, or in _posts table of your WordPress database. In my case ID was 391, table name was wp_posts, page url was www.geekwidget.com and post name was Sitemap Widget, and it looked like this:

Header Tweak


Now, it was still a post. In some themes, like in one that I am using, it had previous post and next post links whenever a post was separately opened. Since I was picky, as mentioned, I wanted to change that, too. I edited single.php in same folder and put something like this:

<?php if ($post->ID != xxx) { ?>

<div><?php previous_post_link(‘&laquo; %link’) ?></div>
<div><?php next_post_link(‘%link &raquo;’) ?></div>

<?php } ?>

The xxx part was again plugin post id. In my case it looked like this:

Single Tweak


After that I had what I wanted:

New Sitemap