Cpl-Shoe.com got hacked.

 Just BS  Comments Off on Cpl-Shoe.com got hacked.
Mar 052014
 

So, I really should check back here more often. It appears that on February 7, 2014 the FTP password for my webhost was compromised, and on the 8th the webhost reset the password for me. I never got that email.

The hacker group which identified itself as “Black CyberSec Crew” replaced my index.php file and placed one other file (that I found) with their content in the root of my site’s folder. All in all, it seemed to be a pretty benign hack, more to either underscore a weakness in the software I or my host was running, or to exploit a password that got out into the wild. (The password I had on FTP wasn’t weak, it was kind of a generic admin password I have used in the past) Whichever was the case, they appear to have just left their mark and not damaged my content (lacking as it is), or distribute malware/porn, and for that I thank them.

So, how did I recover?

I had a few concerns. First, I really have no idea how much they accomplished. Did they inject the content through a software hack? (seems possible based on the limited damage) Did they get access to FTP credentials? (seems likely because of the new file in the root of the site folder, and the web host locking the FTP account) I’ll never know for sure what they did or didn’t do. What I DO know, is that my database password, and authentication unique keys are in my wp-config.php file. Malicious or not, those had to be changed, because I don’t know if they got a look in there. Also, the FTP password is suspect, and it won’t do to leave the site admin password the same after an upgrade. But first, I need to get my site working again.

The first thing I did, was reset my database password on my host. I didn’t want the site making any changes to the database once I started fooling with it. Next I reset my FTP password, and then began investigating my site via FTP. I found the two changed files I mentioned above, and decided I’d start with replacing them. I downloaded a fresh copy of WordPress, deleted AP.php, and replaced index.php with the fresh download. Index.php normally holds no real content for wordpress site, it’s just a shell that loads your actual content. This is what I saw in mine. That seemed to fix it. An average Joe might have just called it a day, but I’m a little more paranoid than that.

Next, WordPress software had to be updated. But, being the paranoid bastard I am, I refused to log into the site yet. If the software had been compromised via FTP credentials, I wasn’t about to hand over my site admin credentials to a hacked login page. That meant two things. 1) A manual upgrade of WordPress needed to be done, and 2) I couldn’t log in to disable Plugins and Themes like they tell you to do over and over before upgrading. Ah well.

First, I followed these instructions. Once the files had all been replaced with fresh ones, I opened wp-config.php, and updated it with my new database password, and generated new secret keys at the site WordPress links to in wp-config.php. Once the password and keys had been updated, the site should have technically been up and ready to go.

error2

A theme error is all I get when I try to load the site. Well, you can’t say no one tried to warn me. I found this page very helpful. I used the FTP method, doing this rename method to my themes AND plugins folders. I then attempted to get to my login page directly again at http://cpl-shoe.com/wp-admin/, and it worked! Next, I updated my Site Admin password to a fresh pile of garbage. Lastly, I copied new plugin/theme folders from the WordPress install I had downloaded, refreshed the page to get them to show up, and then started moving, updating, activating and testing things one by one. (Things still aren’t quite right, apologies for Lightbox not behaving)

Moral of the story is, check on your site at least every time you change the batteries in your smoke detector, or someone’s gonna have some fun with it. If the person/people responsible want to talk about the how/why of what they did, I’m interested. You gave me something interesting to do on a Wednesday night, and a good reason to make a fresh post, and for that I thank you!

shoe@cpl-shoe.com
@BradSchubring

Edit:

Bonus material! I was confused as to why I didn’t find my page listed on their Facebook page, and for some reason the post seems to have been deleted.  But, I found it in Google’s cached pages.

./BL4CK E4GL3

Reddit<-- Share/Bookmark
 Posted by at 22:54
May 262010
 

This is a point of some mild irritation for me. First, I’ll explain what is installed on your computer, and their password requirements.

When you use the MSOL service, you install their Sign In tool. This tool’s purpose is to manage the various applications you have available to you as part of their BPOS suite, and to log you in automatically. It’s very similar to something like the Google Talk client when you remove the “Talk” part of the client’s function. It logs you in, and provides updates to your online service.

Next, is their password requirements:

– At least 7 characters.  [No arguments here.]

– A combination of Upper and Lower case letters. [yay!]

– At least one number or symbol. [Perfect. More secure than my bank which actually disallows symbols]

– Cannot change your password more than once in 24 hours. [Eh?  I know this is to defeat people who change their passwords multiple times to get back around to their original password. But read the next bullet…]

– Cannot re-use your previous 25 passwords. [TWENTY FIVE??? With the previous bullet item in effect, this rule effectively just tracks your ability to track your progress through 25 combinations of Password01 through Password25. This adds nothing but trouble for IT who has to explain why their email password is impossible to remember. My prediction: Everyone in the company has a Post-It note stuck to their monitor with a number between 1 and 25 written on it… If we’re lucky.  In reality, it’ll probably be the whole password.

I thought I’d take some time and add a few more helpful rules.

– You may not use any letter or number that you used in your previous eleven password changes.
– Submit your identity for a background check and home inspection so we can be sure you’re not using a family member/pet name or birthday.
– Hold the laser in your mouse up to your eye for a retina scan

Ok, I’m feeling a little better. Moving on to a new complaint. We all know how users can be about changing their passwords.  They wait until the very last day, often only changing it when Windows refuses to let them log into their computers without doing so.  (I certainly do this with my domain login.) With the Sign In tool, you receive daily notification at about two weeks out that your password is expiring. No problem there. My problem lies in what happens when your passwords DO expire.

  1. Your email just stops sending/receiving.
  2. The icon in your system tray that reports that you are signed in still says you are signed in, and never provides a popup letting you know your password has expired.
  3. Outlook throws the following helpful box up at you:

Ah, good old RED001.local.  Users know what to do with that, don’t they?  Don’t get me wrong here, users had to ignore 10-20 notifications that this day was coming in order to get here, but that is what users do. Software needs to be tolerant of this. I have a request in with Microsoft to improve how their tool works and I’ll update this when I get their response.

Open commenting!

 Just BS  Comments Off on Open commenting!
Apr 222010
 

I’ve made commenting open to anonymous commenters if you care to leave your thoughts. (who the hell is going to make an account on MY sad little chunk of real estate anyways?) I’m going to try various CAPTCHAs, and see how well they do. I came across this first one, Resisty on HACK A DAY. It’s neat in concept, but I’m not sure it will work well with my dark background.  I had to update the explanation text around it to make it more clear how the CAPCHA works.  Maybe that’s all the proof I needed? :)

Enabling new regional themes in Windows 7

 How-To, Just BS, Windows 7  Comments Off on Enabling new regional themes in Windows 7
Mar 292010
 

Win7ThemeDir Did you know that Windows 7 shipped with at least four regional themes that you can’t see by default? Me either until this week!  It’s pretty simple to install each one, you’ll be done in seconds.

Paste each of the following lines into the address bar of a windows explorer window, and hit enter. (see pic to the left for clarification) Once you are inside the folder, double click the XX.theme file in there to install it. If you browse the folders manually instead of using these links, you will need to disable hidden files and folders.

%windir%\Globalization\MCT\MCT-AU\Theme
%windir%\Globalization\MCT\MCT-CA\Theme
%windir%\Globalization\MCT\MCT-GB\Theme
%windir%\Globalization\MCT\MCT-US\Theme
%windir%\Globalization\MCT\MCT-ZA\Theme

I’ve also seen that some of the following country themes exist, though I don’t have access to them on a US licensed version of Home Premium. If you want to see everything you have available, just browse back to the MCT folder, and see what’s in there!

%windir%\Globalization\MCT\MCT-DE\Theme
%windir%\Globalization\MCT\MCT-JP\Theme

Each time you double click a theme file it will open your personalization control panel, so you may as well leave it open until you’re done. Once all your themes are installed, enjoy all of your new choices!

SATheme

Windows 7 sleeps like a newborn… It wakes up every few hours.

 Just BS, Windows 7  Comments Off on Windows 7 sleeps like a newborn… It wakes up every few hours.
Mar 272010
 

It wakes up whenever it feels like it, and offers me no answers on why.  When checking the event viewer, I see the following entry:

The system has resumed from sleep.
Sleep Time: ‎2010‎-‎03‎-‎27T06:09:43.164534500Z
Wake Time: ‎2010‎-‎03‎-‎27T10:03:03.591291200Z
Wake Source: Unknown

Continue reading »

Mar 252010
 

Backup error Some of you (that have a specific setup) might have noticed that you have an extra profile in your Windows 7 C:\Users directory.  MCX1-%COMPUTERNAME%. I noticed mine when it started adding the following line into my backup results:

The backup completed but some files were skipped.

Backup encountered a problem while backing up file C:\Users\Mcx1-CPL-SHOE\Contacts. Error:(The system cannot find the file specified. (0x80070002))
Backup encountered a problem while backing up file C:\Users\Mcx1-CPL-SHOE\Searches. Error:(The system cannot find the file specified. (0x80070002))

I wasn’t sure why that profile existed in the first place, and didn’t appreciate it mucking up my backups. I was poised to just delete it, when I realized that might be a silly move. Research twice, delete once. (see item #9 under ‘Set up Xbox 360 as a Windows Media Center Extender’)

So the profile was legit, it was created when I connected Media Center to my Xbox 360. So how do I make my backups quit complaining? What if I just made the folders? Would that satisfy it?  It turns out it does.  I created two empty folders named C:\Users\Mcx1-CPL-SHOE\Contacts and C:\Users\Mcx1-CPL-SHOE\Searches, and it was happy.

After all this, I ran across this Microsoft article which goes into much more detail about why backup wants to back up those folders despite their non-existence. But in my humble opinion, just create the folders and move on unless you want to spend your weekend optimizing your registry.

Chinese Domain Name Watchdogs are my friends!

 Just BS  Comments Off on Chinese Domain Name Watchdogs are my friends!
Mar 232010
 

I had this little gem sent to me today (not actually for cpl-shoe.com though).  It is silly on many levels, but I can see how this could trick someone.  It has frightening words. Someone out there wants to be you!!! Let me hit a few bullet points on this piece of garbage:

  • There is NOT a Chinese organization out there that watches for anyone purchasing domain names that are similar to honest hard working American domains, and then warning us about the impending purchase.
  • It is perfectly legal for anyone to buy and sell domain names that are the same as yours, but with a different TLD. (TLD = .com, .net, etc)
  • Legal issues can come into play if they try to actually impersonate you and your business, but once again, “The department of Asian Domain registration” will not take part in this legal action, or at least they won’t be on YOUR side of the courtroom.
  • Glad to see my future acquisition of cpl-shoe.biz.uk.cn is still safe.
Disclaimer- this spam is posted as it was received by me. Go to any of the sites listed below at your own risk. It’s spam!

From: Bill Xu [mailto:bill.xu@ds-mail.asia]
Sent: Tuesday, March 23, 2010 7:12 AM
Subject: URGENT Pending Application About cpl-shoe
Importance: High

(It’s very urgent, Please transfer this email to your CEO or appropriate person, thanks)
Dear CEO, Continue reading »

Time?

 Just BS  Comments Off on Time?
Mar 222010
 
Temporal Paradox

Temporal Paradox by PatsPiks.

Odd, the time represented in my posts has been off by hours (showing UTC time instead of my chosen time zone) I threw this post up to get a sample time difference to quote them… and it’s right.  What’s your game WordPress??? :)

(Picture is from an article where it is much more relevant)

“Detroit Wants to Save Itself”

 Just BS  Comments Off on “Detroit Wants to Save Itself”
Mar 092010
 
Detroit blight

Carlos Osorio / AP

I’ve been reading alot about this recent push to clear miles of decaying residential property in the city of Detroit.  I wonder how something like this goes down?  How do you forcefully relocate so many families across such a large area?  Does the city give them new houses?  Do they have to accept, or can they demand cash value and leave altogether? What would that cash value be? The value of their current home (surrounded by blight with a value next to zero), or the value of the home the city is offering?

Something like this, as necessary as it appears to be, has the potential for social disaster written all over it. If you run across my little chunk of internet, and would like to voice your opinion, please do so. I’m very curious to hear the opinions of people who might have to deal with the consequences of the decision.