WordPress Security: Nulled Scripts and the CryptoPHP Infection

wflogoIt seems that our good friends at Wordfence Security have come across some very important security information from Fox-IT in the Netherlands about WordPress (also affecting Drupal and Joomla), Nulled Scripts, and a security hole dubbed CryptoPHP included in infected themes and plugins. This security hole effectively turns infected websites into botnet slaves, it’s really very fascinating. Take a look, if you work with WordPress, Joomla, Drupal or PHP at all or are just curious you ought to read it. It’s a well written article and very interesting, check it out.

Quickly backup files with this bash script

Bash ScriptThis is something that I use on a regular basis on all of my servers. How many times have you been ready to edit a file and either don’t make a backup copy or make one but by now are real tired of typing out copy one file to another name with a date stamp and blah blah blah. It’s not hard to do, but it gets old quick typing the same thing over and over again, plus you might not always name them the same thing or the same way, so now your backup files have different naming patterns and whatnot.

Don’t worry, I have an easy solution. I created a simple script to backup the file specified and append a time and date stamp to the end of it. I symlink this to the command ‘bu’ in someplace like /usr/bin so it’s always in the path of whatever user I might be (myself, root, backup, whoever?), and then POW, it’s easy to backup files plus they are always named the same way – you just type “bu filename”. Now, if you don’t like the way I name my file copies, feel free to customize this to suit your needs. Also, I currently have the script make the copy right next to the original file, but it would be easy to always copy the files to a backup directory somewhere if you wanted, the possibilities are endless!

OK, on to the script goodness:

#!/bin/bash
 
if [ "$1" == "" ]; then
  echo "No input given, stopping"
  exit
fi
 
YEAR=`date | awk '{print $6}'`
MONTH=`date | awk '{print $2}'`
DAY=`date | awk '{print $3}'`
TIME=`date | awk '{print $4}' | awk -F: '{print $1"-"$2"-"$3}'`
 
echo -n "Backing up the file named $1 ... "
/bin/cp -p $1 $1_${YEAR}.${MONTH}.${DAY}_${TIME} > /tmp/bu_run.log 2>&1
echo "done."

There you have it, a simple file backup script it bash that can save you time and many, many keystrokes. Drop me a comment and let me know what you think, or if you have any suggestions or improvements.

Use PowerShell To Find Resource Hogs

Tools IconHere’s a quick tidbit for any and all Windows jockeys out there. Need to figure out what is chewing up all of your system resources? Need to do it quickly and easily? Have no fear, Laz and the PowerShell are here. Some of you may know this already, so let those who don’t have some air!

OK, bring up the PowerShell (*note, this is different from the DOS “like” Command Prompt and can usually be installed through Windows Update). Once the PowerShell is open, you can use the ‘ps’ command to get a list of the currently running pr0cesses, but believe you me there are a lot of them and they scroll by all unformatted and hard to read and stuff. All in all you get a bunch of info that is hard to understand!

“So, what are we doing here?” you ask. Well, this is where just like with the ‘ps’ command (and the PowerShell in and of itself too), Windows takes some inspiration from UNIX and not only adds some nifty commands to help wrangle all that information that goes scrolling by, but also the idea of “piping” commands or a more simpler analogy, a way to link commands together. Making them talk to each other, work together and share information like never before. You pipe commands together with the ‘|’ character, and it allows you to run a command and take that output and send it to the next command. You will see this in the final command we will use, take a look:

ps | sort -desc cpu | select -f 20 | ft -a;

So, let’s take a look at what this command or set of commands really, does. First off the ps command gets the current list of processes running on the machine along with certain information about each and every one of them like the ‘Process ID’, the ‘ProcessName’ and the amount of ‘CPU’ time it’s using to name just a few. We then take all of that ‘ps’ data and “pipe” or feed it into the ‘sort’ command, telling sort to … well, sort that information by the ‘CPU’ column in “Descending” order. We then take all that sorted data and use the ‘select’ command to only grab or select the top ’20’ items in the list. Last but not least, we use the ‘ft’ command to “format” the list that we have now, which has been cut down to just the top 20 processes sorted by how much of your CPU they are using starting with the most at the top of the list and then listing the top 20 going down from there.

Ultimately, you run this command just like you see it above and you will get a list of the top processes that looks like this:

PS C:\temp> ps | sort -desc cpu | select -f 20 | ft -a;

Handles NPM(K)   PM(K)   WS(K) VM(M)   CPU(s)   Id ProcessName
------- ------   -----   ----- -----   ------   -- -----------
    197     14    6700   11456    92 1,008.66 2744 AODAssist
    422     15    6272   11572    53   886.27 1112 svchost
   2398   1032  115224   10804   420   863.37 2020 AvastSvc
    827     48  253744  247248   371   641.55 1388 svchost
   1132    106   86252  118472   421   575.07 3596 explorer
    140     69   45028   49456   173   572.51 5012 Everything
    485     47   46612   69228   284   565.83 9608 explorer
   1535     90   33912   49260   433   453.93 1460 svchost
    717     52   29416   27460   124   451.45 1352 svchost
    363     43   41048   11472   176   370.32 4436 svchost
    909     63   94836  129776   726   366.38 6388 dopus
    596     54   24476   26196   248   364.06 5136 avastui
    684     44   22172   23564   241   352.66 1048 svchost
    140     13  119472  113980   183   328.48 6972 vmware-usbarbitrator64
    300     13    9940   14796    64   306.90 6516 WmiPrvSE
    346     31   35176   29280   203   302.42 4688 tlbHost
    225     24 1431016 1339160  1460   263.47 1500 stacsv64
    865     81   27488   36708   149   216.86 1420 svchost
    202     16    7300   15020    96   215.45 1744 WHSTrayApp
    110     10    7144   10368    58   200.74 3252 BitMeterCaptureService

There you go, a nice handy little list of your top offenders! If you keep a PowerShell handy, it can be a very fast way to take a quick look at what’s going on under the hood of your PC. Enjoy!

Check out this cool service – Pastebin

I just recently found this, and I know, a bunch of you probably already know about it and maybe have for a long time. But hey, I just found out about it and it is so cool I just had to tell everyone! The site is called Pastebin and it’s a cool site (the site is very well done!) and service for anytime you are working with code, log files, and/or other gobs of strangely formatted text.

We all know how tough it is to try and past the source of our scripts, or contents of config files or log files into regular forum input boxes. Heck, for that matter, let us not forget how tough it is getting that kind of stuff posted correctly in WordPress itself. This Pastebin site allows you to past your copious amounts of text there, where it has all of the magic juju to display it properly, even formatting code correctly with syntax highlighting. All you have to do, once you paste your text into the bin, is add the link to your post or article or whatever. Then anyone reading it can go check it out at Pastebin and not try and decipher the text in whatever manner it would have gotten mangled on the screen in the first place.

I think this is going to be a great headache save for lots of us as more and more communication goes online, especially in the tech crowd.  Go check out Pastebin [link]now and see for yourself.  They have a Pro option with extra goodies, but you most certainly can use the service for free too.  If you like it, tell your friends too and help ’em out!

VMware Virtual Machine Startup Shortcuts

I am going to share a VMware tidbit with you, something that some of you may already know, but for those of you that don’t, it might help out a little bit. This is particularly aimed at the VMware Workstation crowd. OK, first let me setup the background here. I have a virtual machine that I use for development all the time. It’s running on my laptop, along with my dev tools. I can open VMware workstation and then select the machine I want and fire it up and then close Workstation (since it is set to keep VM’s running when Workstation closes) and all that, but this is time consuming and somewhat aggravating if I am in a hurry. The point is, I am lazy and nit picky and making all those clicks and waiting for programs to load is tedious, especially when I sometimes do it several times a day.

So, I found a nifty little command in the directory where VMware Workstation is installed called vmrun.exe. This command allows you to manipulate your VM’s on the command line. With it you can start and stop, pause, take snapshots of your VM’s, plus many, many more actions. Look at the bottom of this article for more information, I have included the output of vmrun.exe’s usage text, and there is a bunch of stuff there!

Now, back to the article here and my purpose for writing it, what I wanted was a quick and easy way to fire up or start that virtual machine so I could use it when needed, but not have to go through all of the above mentioned steps and wait times. What I came up with was a quick little batch file that when executed, uses that vmrun.exe command to start my virtual machine, easy as pie.

Continue reading

Bash function for making locate find exact matches

This is one of the coolest and most useful things to add to my UNIX/Linux profile that I have come across in a long time. I use the locate command a lot (slocate naturally) as I am sure all of us command line monkeys do. How many times have you been frustrated by the billions of lines of results flying by your screen, piping through more or less, trying to find the one nugget of goodness that you really need? Especially when you actually know the correct name of it, just not where it lives? This is where this comes in handy (this is where this? man I am eloquent)! Add this function to your bash profile (for some that’s .bash_profile and for others it might be .bashrc, depending on your nix flavor) and you can stop all of that. I haven’t tried this with other shells aside from bash, but I don’t see why it wouldn’t work.

Basically, this function uses the locate command to find whatever you are looking for just like you do, only it uses a bit of scriptology to filter it down to the exact match of what you are looking for. Yep, that’s right, the exact match! This little tidbit can really help out when you are looking for something, take a look:

## BASH locate function for exact match
## Thanks Dark_Helmet : http://solarum.com/v.php?l=1149LV99
function flocate
{
  if [ $# -gt 1 ] ; then
    display_divider=1
  else
    display_divider=0
  fi

  current_argument=0
  total_arguments=$#
  while [ ${current_argument} -lt ${total_arguments} ] ; do
    current_file=$1
    if [ "${display_divider}" = "1" ] ; then
      echo "----------------------------------------"
      echo "Matches for ${current_file}"
      echo "----------------------------------------"
    fi

    filename_re="^\(.*/\)*$( echo ${current_file} | sed s%\\.%\\\\.%g )$"
    locate -r "${filename_re}"
    shift
    (( current_argument = current_argument + 1 ))
  done
}

It’s just that easy! Copy and paste this into your profile and add a cool helper addon companion function thingy 🙂 I wish I could say I came up with this myself, but I didn’t, I found it in some forums posted by someone named Dark_Helmet (just like the attribution link in the script). I don’t know who you are Mr. Helmet, but I thank you for your sharing this with us all, and I am passing it on! Enjoy!