Category Archives: General

Stuff that can’t get stuffed in other cats.

IndoXploit – a peek inside.

Last week a new file appeared on one of my servers. It was in an upload folder and was called indoxploi.php. I decided to play around with it and see what it does. It’s quite a thorough set of website exploits, specializing in defacing WordPress websites, but with capabilities of doing a lot more. If you find this file, delete it!

indoxploit deface page
Specialised in WordPress installations, IndoXploit has a range of uses.

Continue reading IndoXploit – a peek inside.

Rescuing Amazon EC2

I’ve recently been trying to install OpenVZ on an Amazon EC2 instance. It’s a process fraught with peril and I’ve locked myself out of the server more than once. Here are the steps to recover control:

  • Find the instance X1 that is not responding, make sure it is stopped. Note which volume is attached to the instance (look in the lower section of the page, click on the ‘Root Vol’ device and note the number).
  • Go to the Volumes section, find the volume V1 that is attached to that instance and detach it from the instance.
  • If you don’t have a spare instance to spin up, then go to the AMI section and spin up a small instance of whatever-you-fancy. It’s only temporary for fixing the disk.
  • Stop this instance, go to the Volumes section, select the volume to fix V1 and attach it to the spare machine, usually on /dev/sdf but this may vary.
  • Now back to the Instances section, spin up our spare temporary instance and, when running, login through SSH
  • Now we have the troublesome volume, V1, attached to /dev/sdf (or /dev/xsdf more likely) and we can mount that on /mnt/ (sudo mount /dev/xsdf /mnt) and make whatever changes we need to make.
  • Now we unmount it (sudo umount /mnt) and back in the Amazon control panel, go to the Volumes section and detach the volume from the instance.
  • Next reattach it to the original instance X1 and spin that up.
  • Pop the champers!
You can of course avoid all this if you take a snapshot before making potentially destructive changes to the system!

Let’s Encrypt and let’s go

Last week saw the start of the Public Beta period for Let’s Encrypt and the start of a more secure internet for all. For free. The project has been in development for at least a year, was due in the summer and has just now finally been cleared for public usage. This is something of a game changing moment but not something the public is aware of. It means that any site that wants to have that little green padlock up in the location bar can now easily install one. And given that Google (and presumably other search engines) are starting to penalise sites that are not running over HTTPS, this will become a greater issue over time. I decided to try it out on a few domains… Continue reading Let’s Encrypt and let’s go

Drupal malware – Farbtastic exploit, only in Google

I was contacted by a client last night, very concerned because, when you enter his site into Google, it comes back with a warning that ‘This site has been hacked’. And yet, when the site is viewed in the browser, there is no sign of any bad links or anything. What can be happening? Why does Google think the site is hacked?

I took a look at the site and he was correct, there was no sign of any bad links, and yet in Google there was a couple of pages of links to various pharmacy products. Which when clicked on led to a 404 page not found error. But when I asked Google for the cached version, there the links were, proudly displayed at the top of the page, bold as can be.

Continue reading Drupal malware – Farbtastic exploit, only in Google

A new dual sim smartphone: Xiaomi Hungmi

I travel a lot and it’s always a hassle changing out the SIMs whenever I need to check for calls and messages. A friend of mine, in a similar situation, brought a nice dual HTC SIM phone although he had to order it from Dubhai and it was £500. That’s a bit steep I thought… and decided to see what else might be available in my price bracket.

redmi
Redmi

Continue reading A new dual sim smartphone: Xiaomi Hungmi

Ubuntu upgrade from 12.04 to 14.04

I’ve recently upgraded my Ubuntu 12.04 to 14.04, using the release upgrade tool. Normally I would do a clean installation, especially with a major release upgrade like this. But I heard good things from others in doing an in-place upgrade so went with that. Reinstalling packages and setting them up again is time consuming. Anyway, all went well with only a few gotcha’s on the way. I’ve listed them below. Continue reading Ubuntu upgrade from 12.04 to 14.04