Tags: spam

01/23/13

  12:05:00 am, by The Dreamer   , 493 words  
Categories: Software, b2evolution

Somehow my site got hacked....

...to inject bad SEO and links into Google. And, possibly collect info on my visitors?

Not entirely sure how it got in...the timestamp of the affected files is Apr 1, 2012. But, that was also the date that I upgraded to version 4.1.3, previous version was 4.1.2 done on January 16th....before that I was on 3.3.3 (Feb 14, 2010).

I do weekly backups of my site, so I narrowed down the alteration to having taken place between May 21st and May 28th.....though it wasn't easy...since I expire stored backups after 6 months....though fortunately I still had backups of my backups, so I could go back to before April 1st...and see that the file did change between March 26th and April 2nd, but php code wasn't prepended until later.

Perhaps I need to keep up on updates closer...

In the 4.1.0 line, the release dates were:

2011-09-08 - 4.1.0
2011-10-03 - 4.1.1-beta
2011-11-02 - 4.1.2
2012-03-02 - 4.1.3
2012-04-03 - 4.1.4
2012-07-24 - 4.1.5b
2012-11-23 - 4.1.6

Currently anything less than 4.1.6 isn't recommended. I see that 4.1.4 contained fixes against SQL and JS injection. Hmmm....

Wonder if I need to do some kind of change detection to my backup process....

Its hard to upgrade when there aren't diff bundles (which is why I stayed at 3.3.3 for so long), though I'm getting better at keeping my customizations out of the core (or fixing bugs on my own...) Plus discovering Meld has helped as well. Was interesting that one time, it showed diffs between releases, but no diff between latest release and my version. The bug I fixed got fixed the same way.... Though I think I have Meld ignoring differences in end of line and white space.... since the distribution files are CRLF, and I'm on Linux/FreeBSD...and the files are apparently such that vim can't figure out if its DOS and hide the ^M's or not.

Hopefully the upgrade to 5.0 will be simple...

In the history of my site...I was on 0.9.2 on June 7th, 2006 (released May 22)....from 0.9.0.12 on July 23rd, 2005 (released May 6). And, then finally upgrading to 2.4.1 on April 27, 2008 (released Mar 16), though prompted in part because I switched hosting providers....worked up to 2.4.7 on September 6, 2009 (released May 27)....and then to 3.3.1 on September 8, 2009 (released August 8). I did the upgrades to 3.3.2 and 3.3.3 on February 14, 2010 (3.3.2 was released Nov 9, 2009 and 3.3.3 was released Dec 15, 2009).

Guess it was good that I have my sites with Google's Webmaster tools...so that it could send me a "Notice of Suspected Hacking on ..." and stopped crawling my site until I address the problem.

And, looks like only my sites that are b2evolution were affected, my other sites are also 4.1.3 and hadn't been upgraded since.... Though its strange, since those sites were setup with fewer customizations with the intent that upgrading them would be easier. But, I had been thinking of shutting down the sites....

Pages: 1· 2

01/16/12

  05:18:00 pm, by The Dreamer   , 417 words  
Categories: b2evolution

Blog Software Update to 4.1.2

Link: http://b2evolution.net/news/2011/11/05/b2evolution-4-1-2-stable

So, following the upgrade of my other b2evolution site from 3.3.3 to 4.1.2, and having the burst of wakefulness when I should be going to bed...I decided to start updating this site to 4.1.2.

I think I was almost done, except for updating my custom skin...but I forgot. If that's all I had left or if there was something else. But, I uploaded what I had done. And, figured I'd get some sleep and switch over in the morning....

:zz:

Well, I switched in the morning...and it didn't go as well.

I had forgotten to update my skin, plus not all parts of the site (only one), was actually using my custom skin. The rest was pointed at the former custom-custom skin. Which had been updated when I overlaid 4.1.2...so it wasn't right. I switched everything else over...and that kind of go things working.

But, I wanted my customizations to the current custom skin....so I noted the diffs, and applied them to the new skin. Some of it worked, some of it didn't...the rest of it was just a mess.

Turns out some of the div classes/ids had changed, so my dynamic elements couldn't find the elements it needed to make things work. At least it didn't blow up. Also the css changed...so I had to figure out how to remake the tweaks I had done before. The stock custom skin is a fixed width skin, while my custom skin is a variable width skin. So, there were css elements that don't work in a non-fixed situation.

Now that I had upgraded, I wanted to check out some new-ish plugins. Main two, reCaptcha & socialbuttons. The old captcha image plugin had broke a long time ago...and I don't know why I didn't replace it. I turned off the broken parts at least.... Don't know how well the new reCaptcha works or doesn't work... registered users are exempted &#59;D Hmm, I seem to have fewer smilies, I only added back in the ones that I had added...didn't diff to see what had changed between 3.3.3 & 4.1.2....perhaps I need to now.

But, next up was the socialbuttons plugin....that required a bit more work to get working .. you can read about it here.

Meanwhile, now that the twitter plugin is working, wonder if I should turn off twitterfeed? The new b2evolution, does a sort of url shortening, but its internal...doesn't use my Yourls service, like twitterfeed does.

And, it seems notification is or something core is broken.... because I'm getting emails from cron_exec.php

Now instead of subjecting some poor random forum to a long rambling thought, I will try to consolidate those things into this blog where they can be more easily ignored profess to be collected thoughts from my mind.

Latest Poopli Updaters -- http://lkc.me/poop

bloglovin

There are 20 years 2 months 1 day 7 hours 47 minutes and 53 seconds until the end of time.
And, it has been 4 years 10 months 27 days 6 hours 15 minutes and 3 seconds since The Doctor saved us all from the end of the World!

Search

November 2017
Mon Tue Wed Thu Fri Sat Sun
 << <   > >>
    1 2 3 4 5
6 7 8 9 10 11 12
13 14 15 16 17 18 19
20 21 22 23 24 25 26
27 28 29 30      
Google

Linkblog

  XML Feeds

Who's Online?

  • Guest Users: 0
This seal is issued to lawrencechen.net by StopTheHacker Inc.
multi-blog

hosted by
Green Web Hosting! This site hosted by DreamHost.

monitored by
Monitored by eXternalTest
SiteUptime Web Site Monitoring Service
website uptime