Productivity Sync Just another WordPress weblog

October 18, 2016

Setting up a Digital Ocean Django host using latest Ubuntu LTS and Django releases. (circa Oct 2016)

Filed under: Uncategorized — admin @ 10:48 am

This is a blog of my experience working through the on line tutorials from Digital Ocean (DO).  I’ve initially set up my DO site using some canned images for ubuntu 14.04 and older python versions that I don’t want to use.  So, after getting some experience with getting things working the easy way its now time to redo things using the versions I want to use.  This will document the gotchas and type-oh mistakes made in the process of getting things working.

The source content I’m following are:

Note: I first set up a server privately last week and had a number of gotchas and issues that I managed to work around with the assorted configuration files and settings but, didn’t keep good notes.  Mostly fat finger issues but, at least one issue was because of minor changes to the way Django handles configurations WRT the version used in the DO tutorial.  This is my cheat sheet for me later if I need to set up another sever someday.

Wow, the second time was a pain in the butt too!  more fat finger issues and hard to debug logging, see end of the blog for screw up vectors.

Setting up the “Droplet”

  1. log on to your DO account
  2. create droplet
    1. I chose: Ubuntu 16.04.1 x64, 5$/month plan, SFO data center region,
    2. gotcha: do not choose to use SSH when creating the droplet.  The SSH key will be used in the root log in and I’ve had issues getting that working and had to rebuild without it.  Note: DO doesn’t seen passwords if you choose ssh key from the droplet create screen.  Its better to log in and then set up the SSH stuff by hand I think.  (well, I couldn’t log on with SSH because I don’t do SSH as root and prefer to use a non-root ssh log in and the su into root as needed)
    3. Setup gotcha, creating the initial droplet has about a 5 min latency.  so don’t be shocked if the web based console doesn’t work right away.  Just try again after 5 to 10 min.
    4. Note: the root password will be emailed to your DO registered email account.
    5. gotcha : the DO console logged me on and then seemed to crash while I was changing the default password.  I worked around this by SSH’ing using the bash shell from windows 10.
    6. Initial PW changed and I’m now logged in and ready to follow the initial server setup with ubuntu 16.06 instructions.
  3. server setup:
    1. root log in (initial PW change)
    2. user account # adduser scary
    3. set up sudo’er # usermod -aG sudo scary
    4. install ssh key to user account: ssh-copy-id scary@138.xx.xx.xxx  <– IP partial redacted to avoid attacks before I set up fire wall.
      1. test ssh log in to user account. ssh scary@138.xx.xx.xxx
      2. test sudo su works.  from the ssh console do “sudo su” check that you are root.
    5.  sudo vim /etc/ssh/sshd_config :
      PasswordAuthentication no; PubkeyAuthentication yes; ChallengeResponseAuthentication no
    6. restart sshd : sudo systemctl reload sshd
    7. test log in from new local term: ssh scary@138.xx.xx.xxx
    8. basic firewall :
      1.  1 sudo ufw app list
         2 sudo ufw enable   <-- gotcha!  I forgot to ufw allow OpenSSH first!!!!  
         3 sudo ufw status
         4 ls
         5 sudo ufw allow OpenSSH
         6 sudo ufw status
    9. change root loggin pw to something nasty using uuidgen; sudo su; passwd; to set a passwd that is hard to attack.  you won’t need to be loggin in as root anyway so turn off root log ons or set a one time passwd that is nasty and loose it.
    10. Done.  Luckily I did’t mess up things too badly and was able to recover from the ufw screw up because I kept a few ssh log-ins running while I set up the ufw.
  4. Setting up the web server. Initial Server Setup with Ubuntu 16.04
    1. apt-get packages and upgrade server:
      1.  11 sudo apt-get update
         12 sudo apt-get install python3-pip python3-dev libpq-dev postgresql postgresql-contrib nginx
         13 sudo apt-get upgrade
    2. Create PostgreSQL database and user  (don’t forget the ; at the end of the postgres commands you enter):
      1. sudo -u postgres psql
        psql (9.5.4)
        Type "help" for help.
        
        postgres=# CREATE DATABASE scary-stuff;
        ERROR: syntax error at or near "-"
        LINE 1: CREATE DATABASE scary-stuff;
         ^
        postgres=# CREATE DATABASE scarystuff;
        CREATE DATABASE
        postgres=# CREATE USER scary WITH PASSWORD 'xxxxxx-xxx-xxx-xxxx-xxxxxxx';
        CREATE ROLE
        postgres=# ALTER ROLE myprojectuser SET client_encoding TO 'utf8';
        ERROR: role "myprojectuser" does not exist
        postgres=# ALTER ROLE scary SET client_encoding TO 'utf8';
        ALTER ROLE
        postgres=# ALTER ROLE scary SET default_transaction_isolation TO 'read committed';
        ALTER ROLE
        postgres=# ALTER ROLE scary SET timezone TO 'UTC';
        ALTER ROLE
        postgres=# GRANT ALL PRIVILEGES ON DATABASE scarystuff TO scary
        postgres-# \q
    3. Set up python virtual environment for my progect:
      1.  sudo pip3 install virtualenv
        scary@scary-1604-512mb-sfo2-01:~/myproject$ virtualenv venv
        scary@scary-1604-512mb-sfo2-01:~/myproject$ . venv/bin/activate
        (venv) scary@scary-1604-512mb-sfo2-01:~/myproject$ python
        Python 3.5.2 (default, Sep 10 2016, 08:21:44)
        [GCC 5.4.0 20160609] on linux
        Type "help", "copyright", "credits" or "license" for more information.
        >>>
        (venv) scary@scary-1604-512mb-sfo2-01:~/myproject$ deactivate
    4. install Django, gunicorn, psycopg2:
      1. scary@scary-1604-512mb-sfo2-01:~/myproject$ . venv/bin/activate
        
        (venv) scary@scary-1604-512mb-sfo2-01:~/myproject$ pip install django gunicorn psycopg2
        ...
        Successfully installed django-1.10.2 gunicorn-19.6.0 psycopg2-2.6.2
    5. set up an configure default Djanog project “django-admin startproject myproject; vim myproject/myproject/settings.py” :
      1. DATABASES = {
        
         'default': {
        
         'ENGINE': 'django.db.backends.postgresql_psycopg2',
        
         'NAME': 'scarystuff',
        
         'USER': 'scary',
        
         'PASSWORD': '12345678-1234-1234-1234-1234567890ab',   <-- bogus pword
        
         'HOST': 'localhost',
        
         'PORT': '',
        
         }
        
        }
      2. STATIC_URL = '/static/'
        
        STATIC_ROOT = os.path.join(BASE_DIR, 'static/')
    6. Complete django initial project setup:  (if you screw this up you’ll loose a day to debugging gunicorn and nginx cofigs)
      1.  django-admin startproject myproject     <-- this is where I fucked up! missing period at the end
         35 vim myproject/myproject/settings.py
         36 history
         37 ls
         38 cd myproject/
         39 ls
         40 ./manage.py makemigrations
         41 ./manage.py migrate
         42 ./manage.py createsuperuser
         43 ./manage.py collectstatic
         44 sudo ufw allow 8000
         45 ./manage.py runserver 0.0.0.0:8000
      2. test by hitting the test server from a browser.  Be sure to test both main page and /admin page.  You need to look for any css issues and fix them if you have em…  (when I set up on my local test image I messed up settings.py around the static files and had to fix things up. this time things are going better… fewer fat finger events)
    7. Testing gunicorn note admin site should be missing its css data when served when run this way:
      1.  gunicorn --bind 0.0.0.0:8000 myproject.wsgi:application
        [2016-10-17 15:04:52 +0000] [30271] [INFO] Starting gunicorn 19.6.0
        [2016-10-17 15:04:52 +0000] [30271] [INFO] Listening at: http://0.0.0.0:8000 (30271)
        [2016-10-17 15:04:52 +0000] [30271] [INFO] Using worker: sync
        [2016-10-17 15:04:52 +0000] [30274] [INFO] Booting worker with pid: 30274
        Not Found: /static/admin/css/base.css
        Not Found: /static/admin/css/dashboard.css
        ^C[2016-10-17 15:05:23 +0000] [30271] [INFO] Handling signal: int
        [2016-10-17 15:05:23 +0000] [30274] [INFO] Worker exiting (pid: 30274)
        [2016-10-17 15:05:23 +0000] [30271] [INFO] Shutting down: Master
        (venv) scary@scary-1604-512mb-sfo2-01:~/myproject/myproject$ deactivate
    8. create gunicorn systemd service file:
      1. sudo vim /etc/systemd/system/gunicorn.service
        [sudo] password for scary:
        $ cat /etc/systemd/system/gunicorn.service
        
        [Unit]
        Description=gunicorn daemon
        After=network.target
        
        [Service]
        User=scary
        Group=www-data
        WorkingDirectory=/home/scary/myproject
        ExecStart=/home/scary/myproject/venv/bin/gunicorn --workers 3 --bind unix:/home/scary/myproject/myproject.sock myproject.wsgi:application
        
        [Install]
        WantedBy=multi-user.target
      2.  sudo systemctl start gunicorn
        sudo systemctl enable gunicorn

        1. I get errors here: “Failed to execute operation: Invalid argument.
        2. I found a cut and paste issue in the gunicorn.service file. duh first line was buggered…<<fixed>>
        3. silent failure after fixing this problem  with gunicorn not finding wsgi.py  (because of screw up on django-admin command line used that dropped the period at the end of the line.)
        4. run systemctl to see the daemons and noted that gunicorn was having problems.
          1. grep gunicorn /var/log/syslog to see some clues.
    9. configure Nginx to proxy pass to gunicorn
      1.  83 sudo vim /etc/nginx/sites-available/myproject
         84 sudo ln -s /etc/nginx/sites-available/myproject /etc/nginx/sites-enabled/
         85 sudo nginx -t
         86 sudo systemctl restart nginx
         87 sudo ufw delete allow 8000
         88 sudo ufw allow 'Nginx Full'
        
        scary@scary-1604-512mb-sfo2-01:~$ cat /etc/nginx/sites-available/myproject
        server {
         listen 80;
         server_name 138.68.13.110;
        
         location = /vavicon.ico { access_log off; log_not_found off; }
         location = /static/ {          <-- the equals sign is wrong!!!!!
         root /home/scary/myproject;
         }
        
         location / {
         include proxy_params;
         proxy_pass http://unix:/home/scary/myproject/myproject.sock;
         }
        
        }
      2. errors after getting this far:
        1. 502 Bad Gateway
    10. Debug:  I have 2 issues.  gunicorn is complaining on systemctl activate, and ngix is serving a 502 🙁
      1. tripple check I followed instructions well.
        1. found a cut and paste issue in the gunicorn.service file. <<fixed>>
      2. look at the error logs:
        1. [crit] 2597#2597: *1 connect() to unix:/home/scary/myproject/myproject.sock failed (2: No such file or directory) while connecting to upstream, client: 50.53.49.126, server: 138.68.13.110, request: “GET / HTTP/1.1”, upstream: “http://unix:/home/scary/myproject/myproject.sock:/”, host: “138.68.13.110”
        2. myproject.sock is a file created by gunicorn.  but gunicorn isn’t putting out errors.
        3. Runs systemctl see a list of services.  note that gunicorn is still bad.
          1. ● gunicorn.service loaded failed failed gunicorn daemon
          2. grep /log for gunicorn shows:
            1. /var/log/syslog:Oct 18 16:13:16 scary-1604-512mb-sfo2-01 gunicorn[1731]: ImportError: No module named ‘myproject.wsgi’
              1. root cause of this was the django-admin line I used where I left off the period at the end.
        4. type-oh’s in nginx config :
          1. location = /static/ is wrong.  The equals sign is bogus.
    11. done now it works !

Holy shit there are all sorts of ways to fat finger the setup of a server!

  1. forgot the period at the end of the django-admin.py command line that results in an extray myproject subdirectory that confuses things.
  2. I inserted an = in the nginx config file messing up static file serving
  3. had a bogus cut and paste line in my initial gunicorn.service file.

 

September 29, 2016

making time laps mp4’s

Filed under: Uncategorized — admin @ 4:06 pm

I copied this URL’s info: http://mahugh.com/2015/04/29/creating-time-lapse-videos/

watch out or type-oh’s like a space between a dash and a n option.

The command line I used was:
ffmpeg -r 5 -start_number 668 -i DSC_0%d.JPG -s 1280×720 -vcodec libx264 dawn-moon-rise-9-28.mp4

July 31, 2016

More ubuntu-bash on Windows 10.0.14393

Filed under: Uncategorized — admin @ 10:30 am

Second impressions:

Its been a few weeks since I’ve played with bash on windows and now that we are close to the Aug release of the “anniversary edition” and the fact that I just got my 2014 yoga 2 pro back from my daughter, I am re-trying the feature.

FWIW Everything seems to work from the ubuntu 14.04 repo’s.  The only problem I still have is installing openjdk8 using the ubuntu 15.10 deb files following the source.android.com instructions for setting up a build host.  The Java8 seems to get stuck in a loop and I needed to purge the related openjdk8 packages.

Other than Java8 things are looking really great.  Note: without Java8 I cannot use this configuration to build Android.

Tmux works!, SSH works, scp works, git works, vim works, irssi works, fetchmail works, mutt works… pretty much all the command line tools I need seem to be good.

I’m even getting used to the power shell cut and paste support.  The only gripe I have is the power shell does not support CTL-+ or CTL– to change the font sizes easily.

There where a few configuration and setup items that I will capture as notes below but, I’m liking what MS has done for the developers.

Setting up the windows subsystem for linux (beta) on the new version of Windows.

Setup / configuration notes:

  • SSH defaults to looking for id_rsa where I have id_markgross keys on my linux boxes.  After copying id_markgross to id_rsa SSH worked as expected for me and the servers I connect too.
  • edit the /etc/apt/sources.list file to include deb-src items:
  • deb http://archive.ubuntu.com/ubuntu trusty main restricted universe multiverse
    deb http://archive.ubuntu.com/ubuntu trusty-updates main restricted universe multiverse
    deb http://security.ubuntu.com/ubuntu trusty-security main restricted universe multiverse
    
    deb-src http://archive.ubuntu.com/ubuntu trusty main restricted universe multiverse
    deb-src http://archive.ubuntu.com/ubuntu trusty-updates main restricted universe multiverse
    deb-src http://security.ubuntu.com/ubuntu trusty-security main restricted universe multiverse
  • apt-get setup commands:
    • sudo apt-get install vim-gnome tmux cscope ctags vim-doc minicom git-core curl mutt ca-certificates ssmtp msmtp fetchmail procmail ssh sshfs openssl nmap manpages-dev manpages-posix manpages-posix-dev quilt subversion mercurial ipython gcc-avr gcc avr-libc gcc-avr binutils-avr avr-libc avrdude python-numpy python-matplotlib graphviz python-scipy python-numpy-doc python-pip python-virtualenv laptop-mode-tools powertop latencytop libncursesw5-dev gitk rar libav-tools git gnupg flex bison gperf build-essential zip curl libc6-dev g++-multilib mingw32 tofrodos python-markdown irssi irssi-scripts
    • sudo apt-get build-dep linux-image-4.4.0-31-generic

May 1, 2016

More notes about Bash on Windows 10

Filed under: Uncategorized — admin @ 8:00 am

How to clean out the root file system and start over:

  • start a “power shell” that is not bash and run “lxrun /uninstall /full /y”  : This wipes the root FS and your HOME directory for bash.
  • know about searching for “Turn Windows features on or off” in the settings search box. : use this to load/unload or enable /disable the WLS. (Windows Linux Subsystem)

So I so lxrun /uninstall /full and then turn off wls to remove my bash on windows.   (reboot)

Then I turn on WLS  (reboot) and then run bash from a power shell and answer y to the prompt to down load the latest root file system and re-enable the ubuntu 14.04 bash.

Note: It seems my home directory did not get wiped when I did these steps.  The command line prompts indicate that they will be wiped.  Bug?

I’m no longer a root user to bash and sudo works.

Where is the root file system stored in the Windows FS?  And where is $HOME in the windows FS?

  • windows directories are found under the mount point /mnt/c/  from within the bash shell
  • the ubuntu root FS is located at c:/Users/<windows-login>/AppData/Local/lxss/rootfs
    • note: AppData, lxss and rootfs are hidden directories but, you can type the path in the explorer window to get to them anyway.
  • Your $HOME directory under bash is located at c:/Users/<windows-login>/AppData/Local/lxss/home/<bash username>
    • note: AppData and lxss are both hidden directories but, you can type the path into an explorer window to get to them anyway.

 

April 30, 2016

France Attacks! …. or my website got hacked again.

Filed under: Uncategorized — admin @ 10:29 am

This time it was not my WP site.  Rather somehow they managed to attack my html/* directory directly.  I thought I had locked up access but it seems I missed something somewhere.

The attacker installed a new directory and some php files and a directory of files with sha’s for names into my account and added an .htaccess file to my html-root to invoke the php.

  • blackbirds-hurricane.php : has a reversed string to eval (base64_decode) <some big long string I guess I need to decode> .
  • dir.php :
  • gdform.php
  • gdform_prevv1.php
  • iioqbejo.php
  • webformmailer.php

Fortunately I have my account backed up in a git project locally so I can quickly diff what the heck is going on by scp-ing my site over my local copy and run “git diff” to see the new files and changes.  This attack did not change existing files.  It added files .htaccess and the php files commented above.

I don’t know how they got access to my http document directory yet.  But, I’ve restored the site to what was there before and closed up an old django prototype I had running on my site (just in case that was the attack vector)

 

But, some interesting notes:

  • in python to revers a string use something like my-long-string[::-1]  (worked great)
  • to decode use base64 –decode.  (cat decode.me | base64 –decode > decoded.file)
  • The decoded attack was a php file that had the following URL hidden in it f.gghijacktest.com
    • when I went to this url the page is an empty document.
    • http://wa-com.com/gghijacktest.com shows that the attackers are from France.  Wow, that’s a change from the Slavic attacks I’m accustom too.

 

Thanks to google for flagging the attack!

April 9, 2016

Checking out building Android on Windows using Windows 10 (redstone?) beta

Filed under: Uncategorized — admin @ 8:03 am

I’m taking my old-ish HP envy17 I got new Jan 2012.  Its a beefy box with quad core i7 with 16GB of ram and multiple SSD’s.  I got it for building Android.  FWIW other than being a power pig its still a good performing laptop.  Its been running Ubuntu versions since I got the thing.  Now I’ve been reading that MS Windows 10 will have the bash shell and access to all of ubuntu 14.04 user mode.  So, my first thought was “cool, I wonder if I can build Android with that?”  My next thought was “finally, Microsoft is doing something for the developers that don’t give a shit about visual studio or .net.  I bet they where fed up with all the nerd conferences (even Linux conferences) being awash in Macintosh laptops.  Good on Microsoft.

I like the direction and I hope the ubuntu support within it is good enough for what I like to do.

Lets find out.

Step 1: restore factory settings.  Uhg what pain in the ass / slow install.  I had the recovery DVD’s already so that was a a plus.  But, wow it takes a long time to run the recovery install.  It feels like 2 hrs to me (but it might be only 1).  It did give me time to vacuum a few rooms in my house between DVD’s.  Sadly my first attempt failed, and the thing still grubbed into ubuntu on me.  so I dd if=/dev/zero of=/dev/sda   and /dev/sdb.  Just to be safe.  Then I re-started the recovery install.  Sucks to be me.

Goddamnit!  I’m on my 4th attempt to install the DVD’s.  OMG, who knew you need to get the bios in the default settings otherwise you are wasting your 2hrs.  4 tries then I set the bios to default settings and then the 5th try looked like it worked.  but, did not.

Ok I gave up on the envy17 ever installing windows from the recovery DVD’s.  (Damn it HP!  Your recovery media I paid 25$ for doesn’t work AND it takes 2+hrs to find out for each try…)

 

  1. Switching to a newer Lenovo  T540 laptop I got from work that still has the original HD with all the factory install on it.
  2. go through the Windows 10 setup for a new laptop including taking an update and registering it with my gmail email.
  3. setup up a windows insider account so I can get access to the beta programs  https://insider.windows.com/Home/Index 
  4. Get the beta version and install it… go to the advanced tab for the Windows upgrade (settings/update&security/windows update/advanced options/get insider preview builds and do the setup stuff as requested.   Note after you have yourself registered for insider updates you need to set the “update level”  to fast (or slow) and then (maybe after a reboot to set up your PIN code for logging on) go back into windows update and click on “Check for updates”  where hopefully you’ll be asked if you want the lastest beta version of Windows 10 to come down the wire.  Now you have Windows 10 home insider preview Evaluation copy. Build 14316rs1_release. 160402-2217 (or newer)
  5. install the ubuntu root file system and start trying stuff.  https://blogs.msdn.microsoft.com/commandline/2016/04/06/bash-on-ubuntu-on-windows-download-now-3/
  6. type bash in the Cortana (aka start) text box.  Boom, you are running bash in a strange terminal window as what looks to be root.
  7. try to setup for building AOSP (fails on installing openjdk)
  8. file bugs in the issue tracker for using bash on windows.   Notice your problem is already logged.
  9. figure out how to clean up messed up apt-get databases after the java/openjdk install blows chunks.  (apt-get purge <whatever is failing>; apt-get install -f)

First impressions:

  • The terminal is annoying.
    • It has awkward copy and paste mechanisms from windows 3.11.
    • I can’t easily change font sizes (I miss ctrl-+ and ctrl–)
    • I can’t easily change the color scheme.
  • tmux doesn’t work
  • Ubuntu thinks I’m root.
  • The location of my home directory is : c:\Users\mark\AppData\Local\lxss\root
  • The location of the ubuntu root file system is located: c:\Users\mark\AppData\Local\lxss\rootfs
  • I was able to run apt-get dep build-dep linux-image-3.13.0-24-generic successfully and most of my new system setup apt-get’s  (except for the java stuff)
  • I had to get better at cleaning up screwed up apt data bases after failure in installing.
    • apt-get purge <whatever is failing>; apt-get install -f
  • git clone git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git  works.  (seems to be a lot slower than I’m used too.  Not sure if its the network or the environment)
  • building the kernel:
    • make menuconfig looks fugly but seems to work
    • make -j8 seems ok.
      • builds 4.6.0 RC2 with the default config in 3m 59 seconds
    • cscope -Rk works perfectly.  (so does ctags -R)
  • Vim works ok.  But, the color scheme sucks and I have not figured out how to change it so my terminal is easy to read while running vim.  (putty does this shit to me too)
  • irssi works after editing the .irssi/config file to set my user name and nick name to something other than “root”

 

Why am I trying this at all?

Well, I work in an organization pregnant on using MS-Windows/outlook/Lync(or skype for office)/MS-Office and I spend 1/2 my day in phone calls over the soft-phone sharing desktops with power point documents.  Its true that we also use goolge drive or docs but, its the soft-phone that kills me.   Sure, I’ve giving running a windows VM a good try but, the soft-phone never works well and I’m always getting messages about how my system was causing audio quality issues.

Now I use the stock system and a putty window to a tmux session on a proper linux workstation.  i.e. I’m using Windows as a thin client when I’m working on Android and all other times I use it as a phone, conferencing client and email client.  Even when I ran Linux on the laptop I use the workstation for builds because its got 16 physical cores compared to the 4 in the laptop.  So the work laptop is mostly used as a thin client anyway.

I hope Microsoft and Ubuntu get this feature working well and address the issues I ran into.  Then I will be pretty happy to use Windows 10…on my work laptop anyway.   I’m still running native ubuntu on my other laptops and computers.  But, if it becomes easy to do all the command line base work I’m used to doing with out having to wipe a system and install Linux (and risk not having the ability to go back to Windows even if its for a bios update) then I think I would just leave Windows 10 on the thing.  Assuming it “just works”…

Random links:

 

January 31, 2015

Cleaning my WP from spam and attempts to harden my web service from hacking

Filed under: Uncategorized — admin @ 8:09 am

This week I noticed I had a redirect.js malware injected into my this word press application hosted on my godaddy hosting.  (what you are reading now)

I used free / demo-were sucuri labs scanner plugin “Sucuri Security” to identify the signature:
“””write(‘<‘+x[0]+’ ‘+x[4]+’>.’+x[2]+'{‘+x[1]+’}’);}xViewState()”””

Its a very nice plug in.  They make there money by offering cleaning services http://sucuri.net/website-antivirus/signup .  Not bad but, I chose to try to go it alone.

I ssh-ed into my web site and grep -ir xViewState and found a few (2) files with this string and then edited them with VIM. The first thing I noticed was that the lines around this xViewState string had ^M (where DOS based strings created on a windows box) As those where the only ones with the ^M’s I nuked those lines I’m pretty sure those were the trouble makers.

Then I re-ran the scan and my site was clean.  And my blog still works.

Next I went about hardening my site with updating passwords created using uuidgen. (I put the passwords in a text file that is gpg encrypted and uploaded to the cloud and a few other locations)
I updated my godaddy passwords, removed all the ftp accesses I could and change the ftp access I couldn’t delete to have a uuidgen’ed passwd too.

I removed extra WP logins and now I’m down to just one admin login with a nasty uuidgen based passwd.

Next I followed a few blogs advising the nuking of unused logins and themes. As although WP claims there are no known vulnerabilities if you upgrade with a attack already installed that attack vector compromises your installation anyway. 🙁

Some useful links that helped me (pretty much all from a google search on “wordpress redirect trojan” ):
http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/

http://ottopress.com/2009/hacked-wordpress-backdoors/

https://wordpress.org/support/topic/cant-get-rid-of-a-redirecting-trojan

https://wordpress.org/support/topic/exploits-and-godaddy#post-1065779

https://wordpress.org/plugins/search.php?q=malware+scanner

https://wordpress.org/support/topic/website-hacked-trojan-redirect

https://www.google.com/?gws_rd=ssl#q=wordpress%20redirect%20trojan

http://www.serverschool.com/shared-hosting/how-to-remove-trojan-js-redirector-cq-from-your-wordpress-site/

http://premium.wpmudev.org/blog/wordpress-security-tackling-backdoors-pharma-hacks-and-redirects/

http://premium.wpmudev.org/blog/wordpress-security-tackling-backdoors-pharma-hacks-and-redirects/

 

Lets see how long before I get hacked again 🙁

November 2, 2014

Debian Wheezy (debian v7) on a c710 with coreboot bios.

Filed under: Uncategorized — admin @ 7:29 pm

Tweaks:
fix random wake ups after suspending:
https://forums.opensuse.org/showthread.php/499032-Don-t-wake-up-on-lid-open — yeah its a yoga2pro tweak that helps with the c710.

I put the following in my rc.local file:

echo deadline > /sys/block/sda/queue/scheduler
 echo 1 > /sys/block/sda/queue/iosched/fifo_batch
powertop --auto-tune
# Disable wake up on anything for Yoga Pro 2, otherwise it sometimes wakes from suspend
cat /proc/acpi/wakeup |
    grep '*enabled' |
    cut -f 1 -d ' ' |
    xargs -n 1 -I {} sh -c 'echo Disabling wake up on {}... && echo {} > /proc/acpi/wakeup'

 

fix brightness keys:
https://wiki.debian.org/InstallingDebianOn/Acer/C710-2615-Chromebook

Installed xbackliight and hooked up to the crtl-f6 and ctrl-f7.   I have not yet figured out how to get the keys to work with fn-f6 and fn-f7 yet 🙁

Getting ubuntu-like tab completion:

source ./etc/bash_completion

Add my login to the sudor group

update volume key mapping to work with crtl-f8, ctrl,-f9, ctrl-f10

put the following into my fstab file:

UUID=1c917fc1-f9be-4f2f-9018-cdd00a3d6c20 /               ext4    noatime,nodiratime,errors=remount-ro 0       1
 # swap was on /dev/sda5 during installation
 UUID=ac7db340-7602-47ec-9686-9fee177cb079 none            swap    sw              0       0
 /dev/sdb1       /media/usb0     auto    rw,user,noauto  0       0
 /dev/sdb2       /media/usb1     auto    rw,user,noauto  0       0
tmpfs /tmp tmpfs mode=1777,size=2500m 0 0
 tmpfs /var/log tmpfs mode=0750,size=250m 0 0

 

April 25, 2014

Hacking coreboot, using dediprog to re-flash C710 and discovering SSD FW updates matter

Filed under: Uncategorized — admin @ 10:19 pm

3 weeks ago I buggered up my C710 after trying to get coreboot with a grub2 payload to boot on my laptop with an older Intel SSD.  I’ve been having issues with the SSD not getting seen by the coreboot payloads without some funny busyness (more on this issue later.)  Anyway after bricking it I put things aside for a few weeks and got back to it last night.  I’m now back to running the prebuilt coreboot from John Lewis that does both GRUB2 and SeaBIOS and finishing up the installation tweaks for ubuntu 14.04 LTS (64 bit)  It was booting a little goofy.

It seems that the older Intel SSD (INTEL SSDSA2M160G2GC (2CV102HD) circa 2009 ) isn’t visible to SeaBIOS unless GRUB2 attempts to probe it and fails.  I suspect there is a quirk I need to do or maybe a SSD FW upgrade I need and that this issue is almost certainly unique to my setup. And, if I swap in a normal HD or a different SSD I’m confident it will just work.  (Hmm, lets try that FW upgrade and see…. sonava@#@%!  after running the Intel® SATA Solid-State Drive Firmware Update Tool  and updating the FW now that strangeness does not happen.  I bet my build of coreboot will work just fine no too!  Lets find out… ok it almost works.  my build boots but losses the mouse pad.  I probably have a config option messed up.)

Ok, well to flash a buggered C710 using a clip and a dediprog wire the clip to the pins on the dediprog the so:

pin 1 === CS
pin 2 === mso
pin 3 === I/O2
pin 4 === gnd
pin 5 === msi
pin 6 === clk
pin 7 === N/C
pin 8 === 3.3v

Follow the instructions from last years OSCON tutorial on coreboot hacking.  (based on the c710)  Every screw except the 2 holding the heat pipe to the main board needed to come out.  (I think it was more like 21 screws)

done.

FWIW I did try to use by buspirate 4.5 to do this as well.  But, it failed the read test.  It was able to see the windbound spi chip but it seemed to fall over / hang when reading the 8MB.  Maybe I need to update its FW too?

http://www.nexflash.com/hq/enu/ProductAndSales/ProductLines/FlashMemory/SerialFlash/W25Q64FV.htm

 

Now I just need to get the brightness controls to work right again (not a coreboot issue.  I re-installed ubuntu 14.04 and need to re-enable the key mappings I had in my 13.10 install I guess I’ll look at the post install instructions now.)

 

February 1, 2014

post 14.04 install configs

Filed under: Uncategorized — admin @ 5:12 pm
Assuming a 64 bit install I like to have the following packages on all my systems

sudo apt-get install vim-gnome tmux cscope ctags vim-doc minicom git-core curl mutt \
  ca-certificates ssmtp msmtp fetchmail procmail ssh sshfs xchat openssl \
  nmap manpages-dev manpages-posix manpages-posix-dev quilt subversion \
  mercurial ipython gcc-avr gcc avr-libc gcc-avr binutils-avr avr-libc \
  avrdude python-numpy python-matplotlib graphviz python-scipy \
  python-numpy-doc python-pip python-virtualenv laptop-mode-tools powertop \
  latencytop libncursesw5-dev gitk rar gimp synaptic libav-tools openjdk-7-jdk
sudo apt-get install git gnupg flex bison gperf build-essential \
  zip curl libc6-dev libncurses5-dev:i386 x11proto-core-dev \
  libx11-dev:i386 libreadline6-dev:i386 libgl1-mesa-glx:i386 \
  libgl1-mesa-dev g++-multilib mingw32 tofrodos \
  python-markdown libxml2-utils xsltproc zlib1g-dev:i386


sudo ln -s /usr/lib/i386-linux-gnu/mesa/libGL.so.1/usr/lib/i386-linux-gnu/libGL.so

sudo apt-get build-dep linux-image-3.13.0-24-generic linux-image-3.13.0-24-lowlatency

sudo apt-get install linux-image-3.13.0-24-lowlatency
sudo dpkg-reconfigure dash (answer no) 

Now the system is acceptable for use and ready for configuring assorted dot-files the way I like them. 

sudo apt-get install unity-tweak-tool ubuntu-restricted-extras indicator-multiload 

sudo sh -c 'echo "deb http://archive.canonical.com/ quantal partner" >> /etc/apt/sources.list' 
sudo apt-get update sudo apt-get install skype 
sudo apt-get install gstreamer0.10-plugins-ugly libxine1-ffmpeg gxine mencoder libdvdread4 \
totem-mozilla icedax tagtool easytag id3tool lame nautilus-script-audio-convert libmad0 mpg321 \
libavcodec-extra 

If you are rocking a C710 running Seabois then you'll want to add the following to your /etc/modules file:
i2c_i801
i2c_dev
chromeos_laptop
cyapa

then install google chrome form their site.

For skype correct behaviour with the notifier icon don't forget to:
sudo apt-get install sni-qt:i386

	
Older Posts »

Powered by WordPress