Cpl-Shoe.com got hacked.

 Just BS  Comments Off on Cpl-Shoe.com got hacked.
Mar 052014

So, I really should check back here more often. It appears that on February 7, 2014 the FTP password for my webhost was compromised, and on the 8th the webhost reset the password for me. I never got that email.

The hacker group which identified itself as “Black CyberSec Crew” replaced my index.php file and placed one other file (that I found) with their content in the root of my site’s folder. All in all, it seemed to be a pretty benign hack, more to either underscore a weakness in the software I or my host was running, or to exploit a password that got out into the wild. (The password I had on FTP wasn’t weak, it was kind of a generic admin password I have used in the past) Whichever was the case, they appear to have just left their mark and not damaged my content (lacking as it is), or distribute malware/porn, and for that I thank them.

So, how did I recover?

I had a few concerns. First, I really have no idea how much they accomplished. Did they inject the content through a software hack? (seems possible based on the limited damage) Did they get access to FTP credentials? (seems likely because of the new file in the root of the site folder, and the web host locking the FTP account) I’ll never know for sure what they did or didn’t do. What I DO know, is that my database password, and authentication unique keys are in my wp-config.php file. Malicious or not, those had to be changed, because I don’t know if they got a look in there. Also, the FTP password is suspect, and it won’t do to leave the site admin password the same after an upgrade. But first, I need to get my site working again.

The first thing I did, was reset my database password on my host. I didn’t want the site making any changes to the database once I started fooling with it. Next I reset my FTP password, and then began investigating my site via FTP. I found the two changed files I mentioned above, and decided I’d start with replacing them. I downloaded a fresh copy of WordPress, deleted AP.php, and replaced index.php with the fresh download. Index.php normally holds no real content for wordpress site, it’s just a shell that loads your actual content. This is what I saw in mine. That seemed to fix it. An average Joe might have just called it a day, but I’m a little more paranoid than that.

Next, WordPress software had to be updated. But, being the paranoid bastard I am, I refused to log into the site yet. If the software had been compromised via FTP credentials, I wasn’t about to hand over my site admin credentials to a hacked login page. That meant two things. 1) A manual upgrade of WordPress needed to be done, and 2) I couldn’t log in to disable Plugins and Themes like they tell you to do over and over before upgrading. Ah well.

First, I followed these instructions. Once the files had all been replaced with fresh ones, I opened wp-config.php, and updated it with my new database password, and generated new secret keys at the site WordPress links to in wp-config.php. Once the password and keys had been updated, the site should have technically been up and ready to go.


A theme error is all I get when I try to load the site. Well, you can’t say no one tried to warn me. I found this page very helpful. I used the FTP method, doing this rename method to my themes AND plugins folders. I then attempted to get to my login page directly again at http://cpl-shoe.com/wp-admin/, and it worked! Next, I updated my Site Admin password to a fresh pile of garbage. Lastly, I copied new plugin/theme folders from the WordPress install I had downloaded, refreshed the page to get them to show up, and then started moving, updating, activating and testing things one by one. (Things still aren’t quite right, apologies for Lightbox not behaving)

Moral of the story is, check on your site at least every time you change the batteries in your smoke detector, or someone’s gonna have some fun with it. If the person/people responsible want to talk about the how/why of what they did, I’m interested. You gave me something interesting to do on a Wednesday night, and a good reason to make a fresh post, and for that I thank you!



Bonus material! I was confused as to why I didn’t find my page listed on their Facebook page, and for some reason the post seems to have been deleted.  But, I found it in Google’s cached pages.


Reddit<-- Share/Bookmark
 Posted by at 22:54

Explorer.exe crashes repeatedly

 How-To, Windows 7  Comments Off on Explorer.exe crashes repeatedly
Oct 082012

I was given a laptop to troubleshoot last week.  The user reported that Explorer.exe would crash and restart continually while he was logged in.  Applications would continue to run after the crash, but all Explorer windows would close and his desktop was only accessible for a few seconds between each crash.

I started with the basics. I tried disabling all non-MS services and startup items, and restarted through MSconfig. No change.  I tried safe mode, and the problem repeated.  I checked Event Viewer for additional details, but all I saw in there was a fairly vague “Event 1000, Application Error. Faulting application name: explorer.exe. Faulting Module name: OPENGL32.dll”. With the virus scanner disabled, and a few other suspicious programs removed, the problem persisted. I even gave Windows System File Checker (sfc /scannow from an elevated command prompt) a shot (it came up clean) as well as Windows Defender Offline to check for rootkits or other viral issues (nothing malicious was found). Lastly, I tried logging in as a different admin user. The problem did not repeat; interesting.

At this point, I was running short on time. The user needed his laptop back, and I needed to make progress. I decided that since it was just affecting the single user account, it was likely a problem with their profile. I decided to back up his data and delete the profile.  During the backup, Explorer crashed multiple times as admin- but NOT continually. It only crashed occasionally. Now, I was certain I was dealing with bad data in his account. I finished backing up only the data that was essential for him, deleted the profile, recreated it, and copied his data into the new profile. Crash.

Now, I started looking closely at individual files. This is when I noticed that it was whenever I attempted to copy the contents of his desktop that the crashes occurred.  A 500MB .JT file (CAD related format containing 3D CAD data) caused the crash whenever I accessed it via copy, mouse click, etc. A-ha!  I deleted this file via the command prompt (it could not be deleted via Windows’ GUI as it would crash as soon as you selected the file) and the problem went away!

I’m still not certain what about that file caused the crashes, but the short story was that since the file was on his desktop, each time Windows reinstated explorer.exe and redrew his desktop, it had to access this file and explorer would crash again.  Once the file was removed, the problem was solved!  If you run into this issue, look closely for bad data, and explore the contents of the user’s heavily accessed directories closely. It could be as simple as a bad bit of user created data. The profile deletion ended up being unnecessary, and ultimately would have been futile if the bad data was backed up and replaced to his desktop.

Mar 142012

I’m going to write a few articles on this topic I think, to avoid writing a word wall. The topic of this article is First Impressions. The file installation portion of Windows 8 is very similar to Windows 7.  It’s fast, streamlined, and simple. Most of the same menus are there, and the process felt very familiar.  That is where my familiarity with Windows Setup, a history that goes back to Windows 3.1, came to a screeching halt.

Pardon the first two ‘screenshots’, they were taken by camera on a LCD screen. I didn’t want to run this in a VM for various reasons. Mostly because I had a laptop I wanted to install it on dangit! Anyways, on with the show.

After the initial installation finishes, you are greeted by this. The idea of a ‘Local’ account is dying. What you’re creating here is a local account that is deeply tied with an online Windows LIVE account.  It will be used to sync your data between the cloud and this machine, and even your desktop settings, data, (and apps perhaps) across multiple machines. Gone also is the ‘password reminder’ field. After logging in with a LIVE account, you can set up your mobile phone to receive password reset requests.

Once you are logged in, you will be placed at your new desktop replacement.  Owners of an XBOX 360 or Windows Phone probably probably won’t be as shocked as others will be. It is a step away from the traditional Windows Desktop the same way the moon was a step for mankind.  This is a concept that will take MUCH convincing to get diehard desktop users to convert. I can see what they’re going for here though. Instead of a desktop full of icons and documents, you have a task-oriented plate of things. “What do you want to do?” instead of “Where is the file?”.  I’m not sold yet, but I’m keeping an open mind.

Apps now run Full Screen in a beautiful F11 kind of way. (If you don’t know what that means, hit F11 in your browser right now, and again to revert the change) No task bar. No context menus lining the top. I haven’t yet been able to shake the feeling that I’m missing something, like there’s not enough places to click. The two screenshots in this paragraph have not been trimmed. WYSIWYG.  Also, Apps now ‘drag’ much like you might expect in a touch interface.  For example, here is me dragging right in the Weather App. Start, A little Right, More Right.

Overall, I’m cautiously excited by this big change in Windows.  The one thing many people may be asking is ‘How do I access the normal desktop?” Click the ‘Show Desktop’ tile, and you’re there.  It’s a little different though. Notice the complete lack of the start menu. I have to admit, this is the thing I have the most trouble letting go. I truly love Vista/7’s method of hitting start, typing the first few letters of what I want and up it comes. That functionality still exists, and I’ll cover it next time when I write about the Apps Menu, the PC settings menu, and how exactly you move around in Windows 8.

Apr 112011

Well, it’s been ten months since my last post on this topic.  I believe if my site was The Consumerist, their response would fall into the ‘Taking it Seriously’ category.  For those of you interested in this topic, the  transcripts are below. (edited for the removal of sensitive or redundant information. Emphasis (bold) is mine.) If you’re not interested in the topic, skip this post if you know what’s good for you because I’m posting customer service correspondence. There will be a captioned cat at the bottom, so this post has THAT going for it.

Short version: If you’re logged into more than one computer with their Single Sign On (SSO) tool and you change your password at one of those computers the other SSO tool stays signed in, stops working, and offers no notification that this has happened. Outlook just shows you this lovely popup that explains everything very eloquently.

As I have been with this service for a while, we’ve had a chance to experience the password change cycle, and would like to ask for a change in function for the process.

I allowed my password to expire to experience how often the user would be notified, and how they would be notified. I tested on XP and Win7 desktops, which performed pretty much the same in this task. I received a systray notification about once per day telling me my password was expiring.

When my password expired, I did NOT get a ‘Hey, you’re expired now’ popup. Email just stops working when it expires. Outlook displays ‘Need Password’ in the bottom right, and you will get the credential popup from Outlook. The former is easy to miss, and the latter is VERY confusing in appearance to a user since the server name is nearly unidentifiable to them. Many people think they are now supposed to log into that popup box in Outlook, and never look at the Sign-In tool again!

Worst of all, the Sign In tool box still shows you as being signed in (solid blue, no red x)! We have trained our users that a solid blue Sign in tool means they are properly signed in. This behavior also occurs if a user changes their password at home, then arrives to work and wonders why their email isn’t working despite the sign-in tool saying they are signed in.

I would like to request that the sign in tool does a better job of checking its current credentials, and that its icon change in a way that notifies the user that they are no longer properly signed in. Also, either a systray popup notifying them that their password has expired/changed, OR disabling the Sign-In tool’s Auto-minimize feature when the password is expired (since many users seem to just click systray balloons away)
Thank you for your consideration.

We take the issue very seriously and understand the inconvenience. However, at this time the design of the system is to warn users only when their password is about to expire. Single Sign On will stay signed in even after the password expires, until the user signs off. Once the user signs off, it will prompt them to change their password. I do understand the inconvenience with programs like Outlook that constantly check for credentials every time it query’s the server.

I see that this issue has been submitted to the Development Team and is being considered for a future release of the BPOS Service. It may have an improvement when Office 365 is released later this year.

I recognize what you said in your previous communication: “However, at this time the design of the system is to warn users only when their password is about to expire.” I hope it IS being strongly considered for a change in behavior. A SSO tool that doesn’t track the user’s current authentication status across multiple machines is lacking in my opinion. Part of the utility in your service is the ease with which we can set users up with their work email at a desktop at work, a laptop, and their home computer. This advantage becomes a headache as soon as a user changes their password at one of these locations, and the other locations fail to automatically notice they are no longer authenticated.

Take the Google Talk application as an example. I have it installed on three machines. If I change my password for Gmail at any location, when I log into another location I’m nearly immediately shown a prompt to enter my current password. This is the kind of behavior I’d expect from a SSO tool.

Thank you for your response. We greatly appreciate feedback with issues like this from our customers, as it helps us tailor the product into a more user friendly, streamlined product. I apologize that we do not have an immediate fix for you, but it is being strongly considered for future updates and versions, including Office 365.

Well, if you made it this far, you’re either very interested or you fell asleep and your nose is on the Down arrow key. I promised a captioned cat picture, and I’m following through dammit!

This information about the Sign in tool is true as of v 1.0.1427.040.

Apr 072011

This one had me chewing my teeth for a few days, but it looks like it’s been worked out.  The issue is that a user will try to insert a PDF into a PowerPoint file (any version 2003/2007/2010), and they receive the following error:

The Server Application, source file, or item cannot be found, or returned an unknown error. You may need to reinstall the server application.

PDF to PPTX Error

You can try to insert via Insert Tab—>Object—>Adobe Acrobat PDF or dragging and dropping the PDF directly into the PowerPoint file.  The fix for this I found after posting to the Adobe forums. Disable Protected mode if you are running Adobe Reader X. (this is accurate as of v 10.0.1)

Disable protected mode manually by choosing Edit > Preferences > General tab and deselecting Enable Protected Mode. The fix wasn’t immediate for me oddly enough.  It made the “Create New” button work for inserting, but not “Create From File”.  This behavior ended after a day, perhaps a reboot is in order after changing the setting.  Either way, it worked!

Let me know if you’ve had a different experience. More importantly, update the Adobe forum threads discussing this if you have additional info to add.

Jan 272011

The Operation Failed: Outlook 2007

So, I had a lot of fun troubleshooting this one. The user has a new HP ProBook laptop running Windows 7 and Office 2007. The symptom is that they can not consistently send an email with more than one addressee. When the user sends an email with more than one address, as soon as they hit Send, they receive the error “The operation failed.” This symptom persists on both email accounts associated with the Outlook profile. (A POP3 and an Exchange account)

Searching on this error, I found many variations to its cause, and a lot of proposed solutions. What worked for me, was uninstalling the entire HP ProtectTools suite, and then performing a Repair operation on Office from Add/Remove Programs. I think that approach might be a bit heavy handed, but I was short on time at the moment, and the suite was only interfering with the user’s work, not augmenting it.

If I have the opportunity to work on this again, I’m going to start with HP’s Privacy Manager that hooks into Outlook and installs a toolbar.  Many of the posts I read seemed to have the common theme of killing a third party application that was trying to augment Outlook. If you have this problem, and come across a more elegant solution than nuking HP ProtectTools from orbit, let me know!

Aug 112010

I recently had cause to need the MAC address of a Windows XP machine on my network that was logged into by another user, so I couldn’t do my usual laborious Remote Desktop—> CMD —> Ipconfig /all.  That’s right. I had to learn how to get it the easy way, and I thought I’d share it with the class.

It involves using the ARP (Address Resolution Protocol) command, which I’m dreadfully unfamiliar with. If you open a command shell and just type ARP, the results aren’t all that fascinating. I get the IP and MAC addresses for my internal DNS servers, and my gateway.

Now, ping the computer you need the MAC for.  You can ping it by name, or by IP. Do ARP –a, and the same servers are listed, but in addition you get the server you just pinged in the list. Handy! Depending on your recent network activities, multiple computers besides the ones I specified may be included in this list.

Thanks to ‘UberGeek316’ for the tip!

May 262010

This is a point of some mild irritation for me. First, I’ll explain what is installed on your computer, and their password requirements.

When you use the MSOL service, you install their Sign In tool. This tool’s purpose is to manage the various applications you have available to you as part of their BPOS suite, and to log you in automatically. It’s very similar to something like the Google Talk client when you remove the “Talk” part of the client’s function. It logs you in, and provides updates to your online service.

Next, is their password requirements:

– At least 7 characters.  [No arguments here.]

– A combination of Upper and Lower case letters. [yay!]

– At least one number or symbol. [Perfect. More secure than my bank which actually disallows symbols]

– Cannot change your password more than once in 24 hours. [Eh?  I know this is to defeat people who change their passwords multiple times to get back around to their original password. But read the next bullet…]

– Cannot re-use your previous 25 passwords. [TWENTY FIVE??? With the previous bullet item in effect, this rule effectively just tracks your ability to track your progress through 25 combinations of Password01 through Password25. This adds nothing but trouble for IT who has to explain why their email password is impossible to remember. My prediction: Everyone in the company has a Post-It note stuck to their monitor with a number between 1 and 25 written on it… If we’re lucky.  In reality, it’ll probably be the whole password.

I thought I’d take some time and add a few more helpful rules.

– You may not use any letter or number that you used in your previous eleven password changes.
– Submit your identity for a background check and home inspection so we can be sure you’re not using a family member/pet name or birthday.
– Hold the laser in your mouse up to your eye for a retina scan

Ok, I’m feeling a little better. Moving on to a new complaint. We all know how users can be about changing their passwords.  They wait until the very last day, often only changing it when Windows refuses to let them log into their computers without doing so.  (I certainly do this with my domain login.) With the Sign In tool, you receive daily notification at about two weeks out that your password is expiring. No problem there. My problem lies in what happens when your passwords DO expire.

  1. Your email just stops sending/receiving.
  2. The icon in your system tray that reports that you are signed in still says you are signed in, and never provides a popup letting you know your password has expired.
  3. Outlook throws the following helpful box up at you:

Ah, good old RED001.local.  Users know what to do with that, don’t they?  Don’t get me wrong here, users had to ignore 10-20 notifications that this day was coming in order to get here, but that is what users do. Software needs to be tolerant of this. I have a request in with Microsoft to improve how their tool works and I’ll update this when I get their response.

Open commenting!

 Just BS  Comments Off on Open commenting!
Apr 222010

I’ve made commenting open to anonymous commenters if you care to leave your thoughts. (who the hell is going to make an account on MY sad little chunk of real estate anyways?) I’m going to try various CAPTCHAs, and see how well they do. I came across this first one, Resisty on HACK A DAY. It’s neat in concept, but I’m not sure it will work well with my dark background.  I had to update the explanation text around it to make it more clear how the CAPCHA works.  Maybe that’s all the proof I needed? :)

Apr 142010

Associating Javascript in Command ShellI ran across this error a few days ago while setting up a PHP server on my Windows XP Pro SP3 box for testing purposes.  As part of this setup, a script needs to be run that associates the .php extension with php-cgi.exe. Here is the script:

cscript %windir%\system32\inetsrv\fcgiconfig.js -add -section:"PHP" ^
-extension:php -path:"C:\PHP\php-cgi.exe"

The problem, is that when I tried to run the script, I got the error: Input Error: There is no script engine for file extension “.js”. It took me quite a bit of searching before I found the fix that worked for me on this IBM forum. Hopefully, if you’re facing this issue, you find my article before the 100 other articles talking about the 99 other fixes that didn’t work for me. :) Continue reading »