IndoXploit – a peek inside.

Last week a new file appeared on one of my servers. It was in an upload folder and was called indoxploi.php. I decided to play around with it and see what it does. It’s quite a thorough set of website exploits, specializing in defacing WordPress websites, but with capabilities of doing a lot more. If you find this file, delete it!

indoxploit deface page
Specialised in WordPress installations, IndoXploit has a range of uses.

Continue reading IndoXploit – a peek inside.

Rescuing Amazon EC2

I’ve recently been trying to install OpenVZ on an Amazon EC2 instance. It’s a process fraught with peril and I’ve locked myself out of the server more than once. Here are the steps to recover control:

  • Find the instance X1 that is not responding, make sure it is stopped. Note which volume is attached to the instance (look in the lower section of the page, click on the ‘Root Vol’ device and note the number).
  • Go to the Volumes section, find the volume V1 that is attached to that instance and detach it from the instance.
  • If you don’t have a spare instance to spin up, then go to the AMI section and spin up a small instance of whatever-you-fancy. It’s only temporary for fixing the disk.
  • Stop this instance, go to the Volumes section, select the volume to fix V1 and attach it to the spare machine, usually on /dev/sdf but this may vary.
  • Now back to the Instances section, spin up our spare temporary instance and, when running, login through SSH
  • Now we have the troublesome volume, V1, attached to /dev/sdf (or /dev/xsdf more likely) and we can mount that on /mnt/ (sudo mount /dev/xsdf /mnt) and make whatever changes we need to make.
  • Now we unmount it (sudo umount /mnt) and back in the Amazon control panel, go to the Volumes section and detach the volume from the instance.
  • Next reattach it to the original instance X1 and spin that up.
  • Pop the champers!
You can of course avoid all this if you take a snapshot before making potentially destructive changes to the system!

Let’s Encrypt and let’s go

Last week saw the start of the Public Beta period for Let’s Encrypt and the start of a more secure internet for all. For free. The project has been in development for at least a year, was due in the summer and has just now finally been cleared for public usage. This is something of a game changing moment but not something the public is aware of. It means that any site that wants to have that little green padlock up in the location bar can now easily install one. And given that Google (and presumably other search engines) are starting to penalise sites that are not running over HTTPS, this will become a greater issue over time. I decided to try it out on a few domains… Continue reading Let’s Encrypt and let’s go

Setting up a basic Meteor framework

Once you’ve worked through a few Meteor tutorials and simple apps, there comes the time to create your very own killer app!

But where to start? There is a lot to be said for creating the app from scratch and that is definitely a valid starting point. There is still the question as to what is the best practise for file and folder layout and where to put what. I did a bit of surfing and here are some notes on what I found. [Updated 16/06/15 to include Iron Meteor]

Continue reading Setting up a basic Meteor framework

Getting started with Meteor

These are some notes I’ve made while following through the Meteor tutorial (which is the simple to do list). This is more so that I can remember the overview of the basic process rather than a general set of instructions. If you want to learn Meteor, then this tutorial is an excellent, 1 hour overview of how simple it can be. Including deploying it to the cloud! Continue reading Getting started with Meteor

Drupal malware – Farbtastic exploit, only in Google

I was contacted by a client last night, very concerned because, when you enter his site into Google, it comes back with a warning that ‘This site has been hacked’. And yet, when the site is viewed in the browser, there is no sign of any bad links or anything. What can be happening? Why does Google think the site is hacked?

I took a look at the site and he was correct, there was no sign of any bad links, and yet in Google there was a couple of pages of links to various pharmacy products. Which when clicked on led to a 404 page not found error. But when I asked Google for the cached version, there the links were, proudly displayed at the top of the page, bold as can be.

Continue reading Drupal malware – Farbtastic exploit, only in Google

A new dual sim smartphone: Xiaomi Hungmi

I travel a lot and it’s always a hassle changing out the SIMs whenever I need to check for calls and messages. A friend of mine, in a similar situation, brought a nice dual HTC SIM phone although he had to order it from Dubhai and it was £500. That’s a bit steep I thought… and decided to see what else might be available in my price bracket.


Continue reading A new dual sim smartphone: Xiaomi Hungmi

the codeworks weblog