Tuesday, February 15, 2011

OSCommerce Hacked, Eval Base64 Decode attack

Recently one of my OSCommerce site is being banned by Google as malicious and harmful for your computer so I was forced to take a look at the code.  I had experience with Drupal and Joomla, but not too much with OSCommerce, this was a site that a friend of mine had setup and now it is kinda in my hands.  It was also a site that had a lot of customization and it was setup on shared hosting, so there were a lot of unknowns for me.  I found that part of the code that were trying to load malicious code was in fact based on a Eval Base64 command that can be easily found by using either UltraEdit or PSPad.  Just try to find 'base64' in the whole directory and it will be quite obvious which ones are legit and which ones are not.

However, the problem comes when similar code keeps poping up in my header.php file day after day.  So I had to look at my site again.  I then later found out that in my catalog/image/ and /catalog/admin/image directory there are a few suspected php, and looking into them shows signature of hackers claiming "... was here".  So it was again quite obvious,  since you probably don't expect anyone to put php files into image directory.

As after this I have implemented a few of the steps listed here .  It is recommended in the previous listed article about the base64 that you should at least change the admin path, install a few security add-ons for my site.  I hope I will never find those attack on my site ever again.

Hope this helps anyone out there who is having the same problem.

Tuesday, October 19, 2010

How to add Google Analytics to Diferior Torrent Tracker CMS.

Diferior is a new breed of Open Source Tracker Content Management System(CMS).  It has built in support for Blog,Forum,Tracker and User Management, basically all you need to get your own Torrent site going.  You can also incorporate different Tracker configuration based on your needs, it is easy to setup and very powerful.  I got the site up and running but one thing is missing, it is not as straight forward to get Google analytic working with it.  The main reason is because this is not a simple CMS with the use of HTML and PHP, it uses a template system called Smarty.  This makes installation of the Google Analytics script non-function if you install it as other websites. 
There is workaround for that.  Simply goto the template file of index.tpl.php and add the normal google code, but make sure the code is wrap around by the tag
{literal}
Google Code
{/literal}

and you are good to go.

Tuesday, September 21, 2010

Zotac H55ITX-A-E Snow Leopard 10.6.4 Install Guide Using tonymacx86 iBoot and MultiBeast 2.0



This is a Guide that shows how to install Snow Leopard on Zotac, H55ITX-A-E.  This is the perfect setup for a MiniHack Pro.  This board supports up to i7 of the 1136 socket, depending on what kind of case you are getting, it is possible that this setup can out perform some of the current generation Mac Pro.   On the other hand you can install a low power consumption i3, with dual boot into W7 it can take advantage of the Intel HD graphics.  The current generation i3 can match the Atom CPU power consumption in idle, making it a great setup for a HTPC in your living room.

Advantage of using a Zotac H55ITX-A-E
- Small form factor, Mini-ITX size board
- Lots of positive review on the build quality and versatility of this board.
- 10 USB 2.0 port (H55ITX-C-E has USB 3.0 support)
- Built-in Wireless card (US version gets the Atheros chipset which works out of the box, for with the RALink chip, it supports with kext, but not in n mode)
- Has an extra PCIe slot for a medium to high-end Video card, then you have yourself a decent gaming system.
- SpeedStep, LAN, Sound and Wifi all works in snow leopard, refer to TonyMac's general guide on how to install.
- Sleep doesn't quite work

Thanks to TonyMac and InsanelyMac this guide provides the most comprehensive instruction on the installation of Snow Leopard on Zotac's board.  This is indeed one of the best board on all builds of SL.


Neil's Post in Insanelymac should be the best place to ask further question.

Saturday, June 12, 2010

How to fix 'suexec command was not found on your system.' in Virtualmin

I ran into this error message in Virtualmin when I want to disable Bind and Mail for Domain, I searched around for answers and I couldn't find it.  Finally I found out that Suexec was not installed correctly, so I reinstalled again with the command

apt-get install apache2-suexec-custom

And then it changed to another error message, where it shows.



The Suexec command on your system is configured to only run scripts under /var/www, but the Virtualmin base directory is /home. CGI and PHP scripts run as domain owners will not be executed.

 The above  link also shows the solution to that problem.

Enjoy.




Wednesday, June 09, 2010

How to install webmin for Ubuntu 10.04 LTS Server

It is actually very easy to install webmin on the new Ubuntu 10.04 LTS Server.  Here is what you will need to type

Login to your server and update your server

apt-get update
apt-get upgrade
apt-get dist-upgrade

Then you can get the and install webmin

wget http://downloads.sourceforge.net/project/webadmin/webmin/1.510/webmin_1.510-2_all.deb
sudo dpkg -i webmin_1.510-2_all.deb

Then if there are errors then type the following commands


sudo apt-get install -f

Then you are good to go.  Make sure you have noted your IP address so that you can login from your browser at 


http://yourip:10000/


Enjoy



Tuesday, May 11, 2010

SOLVED: Http 500 error caused by .htaccess in CMS Ubuntu

A recent move of my server from a public server to a self hosted server in Ubuntu had turned into a problem solving challenge.  I had build a new Ubuntu server with webmin as a hosting manager.  A current live version of Joomla was moved over to this server, and all of a sudden the SEF stopped working.  I am currently a user of SH404 with JoomFish, and everything worked before.  Now I got 500 error even in the admin screen.  I made sure the naming convention is right, .htaccess was typed correctly.  The main error was that by default apache does not turn on mod_rewrite, to do that in a Ubuntu or Redhat server all you have to do is type

sudo a2enmod rewrite
 
and restart the apache server by typing 

sudo /etc/init.d/apache2 restart

This should fix all those errors when migration a CMS to a new Ubuntu server.

Enjoy

Monday, May 10, 2010

How to load MYSQL Database from Command Line in Linux and XAMPP

To load a Mysql file from the command line to a certain database you can use the following command


mysql -u root -p joomla < backup.mysql


This works in linux environment where joomla is your database name.  Best to be in the same directory as the mysql file and you can load it without typing the path to the file.


If you are hosting in your own Xampp in Windows, there is also a way to load your mysql file from the command line, in my example I would assume that you have installed Xampp in 


c:\Xampp,


 thus the directory for mysqld would be


c:\Xampp\mysql\bin


then if you put your mysql file in the same directory, you can load it directory from that directory if you haven't had your path set.  Type


mysql --user root --password joomla < backup.mysql


It will prompt you for a password then your mysql will be loaded depending on how big your backup is. you could add a -f flag if your database is very big, it will prevent it from stopping if there is error. 


mysql -f --user root joomla < backup.mysql


Enjoy