Authorguda

Saboteur – Rules (in Bulgarian)

Saboteur by Frederic Moyersoen

Link to the English version:

Continue reading

How to clean wordpress website

This works for infection with *.buyittraffic.com and *.gotosecond2.com

If you have an ancient WordPress 4.1.1 you and your website has become a victim of cross-site scripting here is how to clean it.

First, update your WordPress to one which is not vulnerable, such version is 4.1.28 which can be downloaded from here

In my case the victim was http://www.YOURWEBSITE.com/ and links were changed to go to http://land.buyittraffic.com

Fix the Links

Go to MySQL cli or your phpMyAdmin and recover the website URL and your home page url:

UPDATE wp_options SET option_value = 'http://www.YOURWEBSITE.com/' WHERE `wp_options`.`option_name` = 'siteurl';

UPDATE wp_options SET option_value = 'http://www.YOURWEBSITE.com/' WHERE `wp_options`.`option_name` = 'home';

This will fix the links on the website and administration will start to work.

At this point, you can open your website but DO NOT CLICK on any link. All posts/pages are infected.

Fix the content

To all of them have been appended nasty javascript and you have to clean them. To find the malware code which we have to delete run a curl command to see the HTML of the webpage. Copy one page/post url and check the source with “curl”

curl https://www.YOURWEBSITE.com/page?id=123

You will see something like this at the end

<script src='https://js.greenlabelfrancisco.com/clizkes' type='text/javascript'></script>
<script src='https://dl.gotosecond2.com/clizkes' type='text/javascript'></script>

Then run those commands in the mysql console:


UPDATE wp_posts 
  SET post_content = REPLACE(post_content,
      "<script src='https://scripts.trasnaltemyrecords.com/pixel.js?track=r&subid=043' type='text/javascript'></script><script src='https://scripts.trasnaltemyrecords.com/pixel.js?track=r&subid=043' type='text/javascript'></script><script src='https://land.buyittraffic.com/clizkes' type='text/javascript'></script>",
      '');


Check to see if you have nasty code with

curl http://www.YOURWEBSITE.com/

If you don’t see the malware then it is safe to open in the browser again.

Check for Adminer

Check to see if your site contain remote administration php

grep -lri Adminer wordpress/

In my case the file was named ad.php

Delete it!

Happy 2020!

Open a pull request on github from the current branch

When you push a new branch to GitHub from the command line, you’ll notice a URL within the output which you can copy in order to quickly open a new pull request.

But if you are on old branch…then nothing will help you.

And I was tired opening the github website so…. here it is a small ruby script which opens my browser at the correct place in github.

#!/usr/bin/env ruby
output = `git branch`
selected_branch = output.split("\n").find{|element| element =~ /^\*/}
current_branch = selected_branch.split(' ').last

remote = `git remote -v`.split("\n").find{|element| element =~ /origin\s.*?push\)$/}.split(' ')[1]

githost = remote.gsub('git@', '').gsub(/.git$/, '').gsub(/^github.com:/, 'github.com/')


`chromium-browser https://#{githost}/compare/#{current_branch}?expand=1`

Update: This version supports sub-modules

 

Open current github repository in Browser

Script to open the current github repo in the browser

#!/usr/bin/env ruby
output = `git branch`
selected_branch = output.split("\n").find{|element| element =~ /^\*/}
current_branch = selected_branch.split(' ').last

remote = `git remote -v`.split("\n").find{|element| element =~ /origin\s.*?push\)$/}.split(' ')[1]

githost = remote.gsub('git@', '').gsub(/.git$/, '').gsub(/^github.com:/, 'github.com/')


`chromium-browser https://#{githost}/`

Track the current branch

The cure is the next script

#!/usr/bin/env ruby
output = `git branch`
selected_branch = output.split("\n").find{|element| element =~ /^\*/}
current_branch = selected_branch.split(' ').last

origin = `git remote -v`.split("\n").find{|element| element =~ /origin\s.*?push\)$/}.split(' ')[0]

`git branch --set-upstream-to=#{origin}/#{current_branch} #{current_branch}`

Great notes on development

https://blog.juliobiason.net/thoughts/things-i-learnt-the-hard-way/

The meaning of “phlpwcspweb3” or why you should not do abbreviations in the code

“phlpwcspweb3”  is found at the “Amazon Web Services – Tagging Best Practices

From what I see this is something related to web, and probably there are at least 3 instances of that kind.

According to AWS this should be meaningful hostname.

If you have decoded this you probably do not need to read further….

Continue reading

HTTPS Connections counting

Here is how one can setup a nginx to count the https connections made.

Preparation

Create a new folder

mkdir ~/docker_ssl_proxy
cd ~/docker_ssl_proxy

Put a dummy entry in your /etc/hosts file

127.0.0.1 YOURDOMAIN.com

Steps

First generate certificate

openssl req -subj '/CN=YOURDOMAIN.com' -x509 -newkey rsa:4096 -nodes -keyout key.pem -out cert.pem -days 365

create a new file something.conf with the following content

server {
  listen 4000 ssl;
  ssl_certificate /etc/nginx/conf.d/cert.pem;
  ssl_certificate_key /etc/nginx/conf.d/key.pem;

  # access_log /dev/stdout;
  access_log  /var/log/nginx/access.log;
  error_log /var/log/nginx/error.log;

  location / {
      return 200 'With style!';
      add_header Content-Type text/plain;
  }


}

Then run the docker with

docker run --rm -v `pwd`/logs:/var/log/nginx -v `pwd`:/etc/nginx/conf.d -p 4000:4000 nginx

Get the cacert

echo quit | openssl s_client -showcerts -servername server -connect YOURDOMAIN.com:4000 > cacert.pem
curl --cacert cacert.pem https://YOURDOMAIN.com:4000/ -d 'hello world'

And finally do some connections

go-wrk  -c=400 -t=8 -n=10000 -m="POST" -b='{"accountID":"1"}'  -i https://YOURDOMAIN.com:4000

 

Abbreviations lower our performance

I don’t know why people started doing abbreviations, maybe in the past, the bytes were expensive. I suppose life was harsh and there was no enough food for all and the way they named their programs and variables is mirroring their life. Nowadays we have enough goods and time and free space everywhere and we still name our variables/etc. like we are at the dark ages.

My point is that when we are solving some problem is good to have all neurons of our brain to work solving the problem. If we have to decrypt variables, our project structure is not good, we haven’t used with our editor then we are putting bariers which block us of seeing the best solution because our brain is dedicating 5-10% of its power for nonsense.

I am not saying that we should use full sentences of naming the variables/methods/classes/packages/programs. Only that we do not need to spent time decrypting the abbreviation.

I would love to see an operating system where there is no hackish syndrome.

In the cloud

AWS give examples in their documentation with hackish. How it is possible AWS to have so high expectations for hiring developers and let them act as a woodcutter.

The load balancer names in AWS have a size limit in their names so you that you can have YOUR-APP-us-east-1-production load balancer. You have to name it Your-APP-us-east-1-prod.

At Home

My son is learning his computer language and yesterday he asked me what do the method Intn(n Int) – I can’t answer.

“Mom brg me sndwch!”

At Work

Here are some very popular examples

  • dev > development
  • prod > production
  • ctx, ctx > context vs
  • obj > object

Linux

Do you know why we write “mount” to mount some file system, and “umount” to unmount? Why?

The opposite command “mount” is not abbreviated to “mnt” or even “mt”. This inconsistency is crazy!

For RobotsFor Humans
lsblkblock-devices
mountunmount

Running chef test-kitchen with newer vagrant

If you get

VBoxManage: error: The specified string / bytes buffer was to small. Specify a larger one and retry. (VERR_CFGM_NOT_ENOUGH_SPACE)

This means that the virtual machine needs a shorter name for the VM.

---
driver:
  name: vagrant
  customize:
    name: pdcsmb
    memory: 4144
    cpus: 4
  network:
    # - ["forwarded_port", {guest: 3000, host: 3000}]
    # - ["private_network", {ip: "192.168.33.33"}]

Bonus tip:

If you get

No live threads left. Deadlock?

Then remove all gems and reinstall chefdk.

Export database tables, fields comments as markup with Ruby on Rails

When you have to export the comments from the database you can use this short snippet to get the schema as markup.

content = ""
database_name = "DATABASE_NAME"
ActiveRecord::Base.connection.tables.each do |table_name|
  content << "h5. #{table_name}\n"
  rows = ActiveRecord::Base.connection.execute("SELECT table_comment 
    FROM INFORMATION_SCHEMA.TABLES 
    WHERE table_schema='#{database_name}' 
        AND table_name='#{table_name}';");
  puts rows.to_a.inspect
  content << rows.to_a.first.first << "\n"

  rows = ActiveRecord::Base.connection.execute("select table_name, column_name, DATA_TYPE, column_comment from INFORMATION_SCHEMA.COLUMNS where 1 AND TABLE_SCHEMA='#{database_name}' AND TABLE_NAME = '#{table_name}'")
  rows.each(:as => :hash) do |row| 
    puts row.inspect
    j = [ row["column_name"], row["DATA_TYPE"], row["column_comment"] ]

    content << "|#{j.join('|')}|\n"
  end
end; ''
puts content

The output should be something like

Table name

table description

column name, type, description

….. the next table

Running chef kitchen with cookbook dependencies

Berksfile

source 'https://supermarket.chef.io'

metadata

group :test do
  cookbook 'company_firewall', path: "../company_firewall"
  cookbook 'company_nginx', path: "../company_nginx"
  cookbook 'company', path: "../company"
  cookbook 'data-incoming', path: "../data-incoming"
  cookbook 'aws', path: "../aws"
end

metadata.rb

name             'data-listener'
maintainer       'Company'
maintainer_email 'sd@company.com'
license          'All rights reserved'
description      'Installs/Configures data-listener'
long_description IO.read(File.join(File.dirname(__FILE__), 'README.md'))
version          '0.2.32'

depends 'sysctl', '~> 1.0.5'
depends 'copany_firewall'
depends 'company_nginx'
depends 'aws'

 

© 2020 Gudasoft

Theme by Anders NorénUp ↑