All posts by Patrick Brückner

Fix Mailpoet / WYSIJA break in

A WordPress instance that I maintain was affected by a security vulnerability recently discovered in Mailpoet. As so often, Mailpoet was not even being used on that page, but was installed and active anyways.

Through the vulnerability attackers managed to store about 10 new files all containing similar code on the server and in addition, manipulated all php files that they had write access to (good thing the server isn’t running as root or anything – that would have been a real problem).

I discovered that all files were manipulated in a similar way, some obfuscated code was injected into the first line, always containing the keyword “yhvobwawyd”. This might be specific to our instance, or apply globally.

Since the attackers managed to manipulate several thousand files, I quickly wrote a script that would remove these “infected” first lines:

$ grep -l yhvobwawyd * -R | xargs -i sh -c "echo {} && sed -i '1 s/^.*$/<?php/' \"{}\";"

The script searches for the keyword and replaces the first line of all matching files with a standard <?php opening tag. Please add your comments here or on the gist on github.

Thought, someone might find this useful.

Microsoft Natural Keyboard 4000 Scroll up/down instead of Zoom in/out (Ubuntu 12.10)

(Picture taken from here)

My ergonomical M$ Keyboard has this zoom button in between the two key blocks, and it is by default bound to a zoom functionality (which I do neither need nor is it avaliable on my Ubuntu Linux by default). Since scrolling long texts can be cumbersome with the mouse, I looked for a way to reassign this slider to scrolling.

In the gentoo wiki I found a very simple solution: I just needed to change one line (for me it was line 32) in the /lib/udev/rules.d/95-keymap.rules file:

Change it from

ENV{ID_VENDOR}=="Microsoft", ENV{ID_MODEL_ID}=="00db", RUN+="keymap $name 0xc022d zoomin 0xc022e zoomout"

to

ENV{ID_VENDOR}=="Microsoft", ENV{ID_MODEL_ID}=="00db", RUN+="keymap $name 0xc022d pageup 0xc022e pagedown"

And you’re done!

SSD TRIM Ubuntu Linux 12.10

On Ubuntu Linux 12.10 TRIM on filesystem level is not enabled by default (for a good reason!) but also batched discard is not enabled by default.

The German ubuntuusers wiki suggests running a script every day or week. Since I decided that I only wanted this to run if my load is low, because queued TRIM will only be avaliable in SATA 3.1 and running TRIM can block the system.

I decided to run TRIM daily since that would make it run shorter.

So I wrote this little script (Python this time, no other dependencies but the little script mentioned above and a file /var/opt/trim which needs to be existing and non-empty), which will be executed every 3 hours (using cron).

#!/usr/bin/python

import os, time

TRESH = 1.0
RUN_FILE = "/var/opt/trim"

load_1, load_5, load_15 = os.getloadavg()
last_run_file=open(RUN_FILE,'r')
last_run=int(last_run_file.read())
last_run_file.close()
now=int(time.time())

#print last_run

if now - last_run > 86400 and load_5 < TRESH:
        run=1
        try:
                run=os.system('/opt/trim.sh')
                last_run_file=open(RUN_FILE,'w')
                last_run_file.write(str(now))
                last_run_file.close()
        except Exception, e:
                import traceback
                print traceback.format_exc()

Moving to a new machine/setup with Ubuntu Linux (or Debian)

Today, as I got my new harddrive (which is a Samsung 830 SSD), I decided to re-install my copy of Ubuntu (for whatever reason). Copying my home folder, some configfiles and so on is an easy task, but what about all these little programs, that were installed with some manual Installer (like QPilot, VMware, …) because they don’t provide a APT-Installer? I do not do any bookkeeping about those, so I wrote a little script, that checks populates a list of files on my root filesystem and checks them, if they belong to some debian package.

It took a while on my old spinning harddrive, probably there is a more efficient way, instead of calling dlocate for every single file.

My little script:

#!/bin/bash
FILELIST=/tmp/findonapt_filelist.lst
FRESHLIST=0

populatelist() {
    echo "Creating fileslist"
    eval "/usr/bin/find / -xdev -type f > $FILELIST 2>/dev/null"
}

if [ ! -f $FILELIST ]
    then
        populatelist &
        FRESHLIST=1
        sleep 5;
fi

exec 0<$FILELIST
value=0
while read LINE

do
    if [[ $LINE != *var\/cache* ]]
        then 
            if [ $(dlocate -S $LINE | wc -l) == 0 ]
                then
                    value=`expr $value + 1`;
                    echo $LINE;
            fi

    fi
done

if [ $FRESHLIST == 1]
    then
        wait
fi

echo "****$value Non-APT Files found";

Sharkoon Fireglider Back/Forward Buttons Linux

Because of my RSI-Syndrome, I got myself a supposedly good mouse. I chose a Sharkoon Fireglider, which is actually a gaming mouse, but looks office-ish enough for me.

Like usual everything worked out of the box on my Ubuntu Linux, no need to install any driver, just the back/forward buttons were not working as expected. Seems Sharkoon mapped their buttons differently than usual.

This simple command on the terminal made it work:

xinput set-button-map 12 1 2 3 4 5 0 0 9 8

It maps the key-event 9 to event no 8 and vice versa. (12 is the ID of my mouse, you can get yours by executing “xinput list”) Read this wiki if you need to know more details.

Done. [EDIT 2012-09-10] These changes were not permanent. To make them permanent, I created a file 50-sharkoon-fireglider.conf at /usr/share/X11/xorg.conf.d/ containing:

Section "InputClass"
        Identifier      "Sharkoon Fireglider USB"
        MatchProduct    "A4TECH USB Device"
        MatchDevicePath "/dev/input/event*"
        Option "ButtonMapping" "1 2 3 4 5 6 7 9 8"
EndSection

restarted X and it works! [/EDIT]

Applying CodeIgniter Modular Separation / HMVC 5.4 on an existing project with a custom core controller

For my current job at the University of Kassel, I am currently modularizing an existing PHP project that is using the CodeIgniter Framework (which I like very much, by the way)

I found this very helpful “extension” to CodeIgniter, called “Modular Extensions – HMVC version 5.4” whichs documentation is a little chaotic and incomplete.

One problem that I stubled upon, was that we created our own core controller, having our controllers not extend CI_Controller, but our own controller (which is called MY_Controller) in most setups. BUT: We set the $config[‘subclass_prefix’] to something like ‘OwnPrefix_’. I thought the whole extension would not work, but i found out, that you will have to rename the two files MY_Router.php and MY_Loader.php in the application/core/ ‘MY_’ prefix to your own prefix.

Then I had my OwnPrefix_Controller extend MX_Controller and everything seems to work so far!

Windows Vista DRM

I just crawled to trought the web, when I found an article, writing about the new protection methods and so on in Windows Vista. Here a short quote:

[…] I don’t think anyone’s under any illusions that Vista PCs won’t be crawling with malware shortly after the bad guys get their hands on them (there were already Vista exploits up for sale before the OS even hit the shelves). But what if the Vista content-protection technology had instead been applied towards malware protection? Instead of a separate protection domain for video playback, we might have a separate protection domain for banking and credit card details. […] What a waste. What a waste. […] As a user, there is simply no escape. Whether you use Windows Vista, Windows XP, Windows 95, Linux, FreeBSD, OS X, Solaris (on x86), or almost any other OS, Windows content protection will make your hardware more expensive, less reliable, more difficult to program for, more difficult to support, more vulnerable to hostile code, and with more compatibility problems.

So that’s what expecting us in the future. Even more expensive hardware, even if you don’t use Windows.
Looking forward to it…
Link: read the orignal article