Not a Leap Year

We saw the new Die Hard movie last Friday, “A Good Day to Die Hard.” It wasn’t terrible—the action sequences were good and the concept was there—but compared to the last movie it was disappointing, largely because (for me) the dialogue was very stilted and cliché, focusing more on the one-liners than advancing the plot or anything. Plus it didn’t really give John McClane the “nobody else is here to do this” kind of role that the character is really known for… I ended up thinking the movie is begging for a fan fiction rewrite that could really tighten things up and make it 100% better. Or a Phantom Edit-style recut.

Of course, you always have to wonder about (yet another) sequel…

Earlier this month I set up my old Commodore 64 computer system for the kids to see, just for grins. Basically their computer desk in the office has been empty since the (older) Sony Vaio all-in-one system started dying (the integrated LCD monitor light was starting to burn out, which is a huge pain) so I figured, why not? I have to say, it is amusing as hell to see that old system set up again—but other than that first day we were playing around with it, it hasn’t been turned on.

Lots of beer things are happening, too: we’re planning this second year of Central Oregon Beer Week and that has been taking up a lot of time. Maybe I’ll do some “behind the scenes” type posts for that at some point. Suffice to say, there are a lot of good ideas floating around but trying to nail down details like sponsorship packages is a chore. Hopefully we’ll have that dialed in very, very soon and can get down to the fun stuff of drinking beer! Or at least planning out events where we get to drink beer.

Incidentally, Central Oregon Beer Week is taking place from May 20 through 27 this year—the week leading into Memorial Day Weekend. It’s going to be awesome.

Anatomy of a blog hack

So, last weekend I found out that my blogs had been hacked.

Actually, it wasn’t just my blogs, nothing personal involved or anything like that: the shared server space my sites were hosted on was compromised, and a good number of other sites and files were hacked as well. Based on what I can piece together, here’s what happened:

There were a number of sites on this hosting space that were running out-of-date versions of WordPress, and some that also had various other PHP code installed (NetOffice, Gallery 2, a few others). Any software that is outdated is potentially at risk to known exploits, but more worryingly, I found an old bit of PHP code on the server that was set up to run arbitrary PHP code for (I presume) some back-end admin processing, and ultimately I think this was what had been exploited.

And until I had found and killed this code, the exploit happened at least 3 times even as I was cleaning up the server.

The exploit itself, once I knew what to look for, was fairly simple:

  • In PHP files that were writable to the Apache webserver process, the code was altered so that any line containing an opening PHP tag (which tells the server to start executing the code after it as dynamic PHP until the closing tag is reached) looked something like this:
    From <?php .....
    To: <?php     eval(base64_decode('malicious code encoded here')); .........
  • When I copied this code to a sandboxed PHP environment and decoded it, it contained fairly simple instructions:
    • If the visitor to the site was coming from a Referrer—in other words, if they had clicked on a link from another site like Google search results, Facebook, someone else’s blog—they were redirected instead to a completely different site that presumably contained spam, or malware, or whatever.
    • If the visitor was coming to the site directly—they had typed the URL directly into the browser’s Location bar, or clicked on a bookmark—then they were passed on through to the site.
Because I normally type in URLs to my blogs directly, or click the “recently visited” link in Chrome’s list, I didn’t see the exploit at first. But as I was writing a blog post on The Brew Site on Friday the 20th, I was searching out a link to a previous blog post (gotta love Google for that) and when I clicked that link to pull up the earlier post, I was redirected to some site in Poland (or at least, with a Polish country code for the top-level domain).

Fortunately, I don’t believe this hack was in place for long, since I often search out links in this manner and would have noticed sooner: Sometime in the wee hours of the morning of January 19th was when the files were first modified is the earliest I can determine.

It took me a bit of time to figure out the exploit (at first I was thinking it was the Google 302 hijacking exploit), but once I did I was cleaning up files on my blogs by Saturday morning. I hadn’t yet had the chance to address the (many) other files and old sites on the server hosting space, so unfortunately my blogs got re-infected at least once more before I was able to kill the old files and update others. Most of my weekend (and part of the following week) was spent updating, fixing permissions, cleaning, and deleting files and sites.

For reference, a handy pattern for detecting this code in grep is:

grep -R -l 'eval(base64_decode(' *

(This should always work because you should never have similar PHP running in your legitimate code…)

Now, I keep my WordPress blog software (and installed plugins) up-to-date pretty religiously, and I try to keep permissions set appropriately. But a good number of files in each blog were infected even so—how? It turns out, even though a fair number of the core files that were originally installed (manually) had the correct Unix group (“<account>:users”) and permissions of 644 (rw- r– r–) and were untouched, I was also making liberal use of WordPress’s built-in auto-updating feature, along with automatic plugin installation, and at some point the files that WordPress were updating got set to the “nobody:users” group—the Apache webserver process. It was these files that were exploitable to the “nobody” Apache process that was being exploited by the other code on the server. (Along with the few files I had set to group-writeable as well.)

So, lesson learned. I’ve battened down the hatches, fixed the permissions on all the files in my sites, and have decided to forgo WordPress’s auto-installing and update features for now for good measure. And, I’ve finished up a (long overdue) move of my blogs to a new webhost with none of the legacy code possibilities that were extant on the original server. (Nothing against the original web hosting provider, I just needed a clean break with an affordable price.)

Of course, you all let me know if you still run into any problems, okay?

Items of recent awesomeness

Some of these links aren’t as shiny-new as they were when I started this post, but even so:

The CDC’s zombie apocalypse preparedness plan: Yes, the CDC is all over the possibility of a zombie apocalypse. For real.

If zombies did start roaming the streets, CDC would conduct an investigation much like any other disease outbreak. CDC would provide technical assistance to cities, states, or international partners dealing with a zombie infestation. This assistance might include consultation, lab testing and analysis, patient management and care, tracking of contacts, and infection control (including isolation and quarantine).

Tintin: The Secret of the Unicorn move trailer: I knew Steven Spielberg and Peter Jackson were making a Tintin movie, but I didn’t realize just how OMGAWESOME it was going to be until I saw the trailer:

The Javascript PC emulator: pure amazing geekery. This is an x86 processor being emulated in Javascript inside a browser. And it’s running Linux. To be clear: what is essentially a full computer is running independently inside the browser. Which theoretically means you could run, well, anything inside of it.

PHP contest: Texas Holdem

I thought this sounded interesting considering how popular poker is these days (you know who you are): PHP Editors is holding a PHP programming contest for a Texas Holdem game. I might try it out. It wouldn’t be anything like most commercial poker sites out there, but it would be an interesting programming project.

…Not unlike being back in school, writing a program for whatever computer course I’d be in. Those were the days; they were still teaching Pascal at the time. I remember writing a Hangman game (it mostly sucked), and an algorithm for storing shuffling a deck of cards (which might have been a precursor for a poker program).

Of course, handling and “shuffling” a deck of cards that only exists in a computer program is trivial. You simply need to have a structure representing the cards, and draw them randomly. (And a method for keeping track of what’s been drawn.) Each subsequent “shuffle” is simply a different random number set selecting the cards.

Interactive fiction

Every once in awhile, I duck into the world of interactive fiction (IF; also known as the world of “text adventures,” for those of you who are appropriately old-school), one of my all-time favorite computer game genres, to get an idea of what’s new in the field and what’s been happening. (If you don’t know what I’m talking about, go read that Wikipedia link; it gives a much better summary than I could and goes into fantastic detail.)

I love interactive fiction, going way back—we had a bunch of Infocom games when I was a kid and for my money, those were some of the best computer games around, bar none (still are, to a large extent). My two favorite Infocom games are “Planetfall” and “The Lurking Horror,” though of those two I only ever finished “Planetfall”… but I digress.

Infocom games were the shizzle (who says that anymore?), but I even enjoyed simpler text adventures, and even crafted a few of my own, in Commodore 64 BASIC. I actually designed, on paper, many more text adventures than ever made it to the computer; this is the same love of creating/world building that drives my desire to write fiction for a living, among other things.

Anyway, back to the here and now. Interactive fiction exists today in a kind of unique space; here’s what the Wikipedia article says about it:

…interactive fiction no longer appears to be commercially viable, but a constant stream of new works is produced by an online interactive fiction community, using freely available development systems… these systems allowed anyone with sufficient time and dedication to create a game, and caused a growth boom in the online interactive fiction community.

Today, the games created by enthusiasts of the genre regularly surpass the quality of the original Infocom games, and a number of yearly competitions and awards are given out to the best games in the field….

Yes, strange to say, there is a small but thriving community surrounding this arcane game form. None of them do it for the money—okay, maybe some who enter the competition for the cash prize ($500) do—which is what makes it truly remarkable (nearly everything about it is free—the games, the programs to play them, the authoring tools, the documentation—everything). They do it for a love of the craft.

What’s weird is this week, the Wall Street Journal Online published an article on text adventures: Keeping a Genre Alive. Total coincidence; in fact, I was checking out the IF sites before I saw the article. That’s kind of a freaky wavelength. At any rate, it’s a bit of a look-down-the-nose take on the genre and IF community, but it’s not all bad.

So, having “rediscovered” interactive fiction (and downloading and checking out the latest authoring tools), writing some will be added to my perpetual list of Things I’d Like To Do But Don’t Have The Time For. This like many other interests will fall off the list at some point (probably in the near future) and then be re-added when I rediscover it again. It’s a big list. I’ll post it sometime.

Geekiest. Music. Ever.

Okay, this will permanently brand me as the geekiest dork ever (I fully expect a “geek” comment from Shannon), but perusing WinAmp’s SHOUTcast Radio list today, I found the ultimate station:

…wait for it…

Commodore 64 remixes. From SLAY Radio.

Yes, you read that correctly. Commodore 64 remixes.

I’ve been letting it play in the background. It totally kicks ass.

This strikes me as being a real Long Tail kind of thing.

Master Builder user interface – poor

A couple of months ago I blogged a bit about Intuit Master Builder software and some of the problems that come with it. One of the things I wrote was, “It’s got a low barrier-to-entry user interface that makes it easy to learn and use for non techie types.”

While that statement is (for the most part) true, it’s also true that the UI for Master Builder is completely ridiculous—especially for a Windows application in this day and age. Just how ridiculous it truly is struck me last week when we were at a user group meeting for Master Builder (they don’t happen often), and the consultant/expert was showing off some of the newest features.

So, here are two examples of the poor UI that plagues this program. Both are from the “Equipment” screen, and are completely typical of every screen in the system. Click them for full-size images.

Thumbnail image of the Equipment screen in Intuit Master Builder

Thumbnail image of the Equipment screen in Intuit Master Builder

Pretty horrible. But my particular favorites are the totally non-standard menu bar at the top (“Exit” is the first item?) and the garish, circa-Windows 3.1 toolbar buttons, also in a totally non-standard layout and position.