The other day, this showed up in my e-mail:
A file change was detected on your system for site URL http://dfarq.homeip.net. Scan was generated on Tuesday, November 3rd, 2015 at 5:25 am
A summary of the scan results is shown below:
The following files were removed from your host:
/var/www/wordpress/wp-content/cache/supercache/dfarq.homeip.net/wordpress/index.html (modified on: 2015-11-03 03:23:52)
The following files were changed on your host:
/var/www/wp-content/themes/twentyfourteen/functions.php (modified on: 2015-08-19 22:24:04)
/var/www/wp-content/themes/twentyfourteen/header.php (modified on: 2015-08-19 22:24:04)
Login to your site to view the scan details.
I didn’t make those changes. Fortunately fixing it when changes appear in functions.php and header.php that you didn’t make is pretty easy.
Aug 2016 update: Back in 2015, some kind of spam bot wormed its way into my site. I quickly cleaned it up, then decoded the attack and posted details here. Not long after, the spambot started directing traffic to this post, because it contains enough of the magic words, I guess. Only instead of serving up spam, it’s serving up my analysis. I’d rather you read this than spam, so I’ve left this page up.
On to the original post…
A few minutes ago I received an alert that some files had changed on my site (thanks to All-In-One WP Security). But I hadn’t changed anything and WordPress hadn’t updated itself.
Here’s what I found, and how I fixed it.
I was doing some scanning with a new vulnerability scanner at work. It found something listening on a lot of servers, described only as Apache and OpenSSL listening on port 2381. The versions varied.
Luckily I had another scanner at my disposal, and scanning with the other tool solved the mystery for me quickly. It turned out to be the HP System Management Homepage, a remote administration/diagnostic tool that, as the title says, lets you manage HP server hardware. It runs on Windows, Linux, and HP-UX. Read more
Neocities has decided to do something about Net Neutrality–shunt the FCC into the slow lane, and post the code for doing it so the rest of us who run web sites can do it too. The original was written for Nginx; I need to give serious thought to implementing the Apache version.
Net neutrality has nothing to do with the political bent of the content–the people you may hear talking about it on the radio are wrong, which is why they’re yakking on the radio and aren’t working at ISPs or IT departments–and everything to do about raising prices. What we’re seeing now is telecommunications companies, who are already ultra-profitable, gouging companies like Netflix. And Netflix is doing exactly what a company that suddenly has to pay new taxes would do–raising prices.
The difference is that it’s old-line companies doing the taxing in this case rather than a government. That’s all.
The other objection I hear is that lots of innovation happened on the Internet without regulation, so why regulate now? The difference is that the environment in the late 1990s, when the seeds of all of this were planted and started to sprout, was very different. Back then we had hundreds of ISPs, all of whom participated in building out what we have now. None of them wanted to charge both subscribers and content providers, and none of them could have anyway. If Earthlink had tried to shake down Ebay and Amazon and make them slow, people would have switched to someone else–one of any number of regional providers, or equivalent services run by companies like IBM and the old AT&T (prior to its re-merger with Southwestern Bell). Today, many people live in areas only serviced by one broadband provider. Most people have two, but that’s not like the old days.
If I could have anything, I’d like more competition. I’d love it if the average U.S. citizen had a choice of a dozen or so broadband providers. Then we could have a truly free market. Instead, we have duopolies, a situation much like the situation with electricity and natural gas in most municipalities, and broadband providers face far less regulation than power companies do, even though as they grow in importance.
Here’s some stuff I’ve found in recent weeks that I never got around to posting, so I’ll just round it all up briefly. Read more
If you’re asking how long does a hard drive last, I found this study on hard drive longevity last week.
I take issue with the opening paragraph but the rest of the article is very good. The opening paragraph is a bit deceptive—hard drives were anything but common 30 years ago. Even 25 years ago, they were a serious status symbol. I remember in 1988, a classmate told me his dad had just bought a computer with a hard drive, and swore me to secrecy. Why? Because in today’s dollars, a computer with a hard drive in 1988 cost around $2,000, minimum, and given that his dad was working towards his master’s degree at the time, he probably had a really hard time affording that. If you had a hard drive even in the late 1980s, you were either very rich, or you took your computing very seriously and were willing to make some serious sacrifices somewhere else.
But, like I said, the rest of the article is very good. I’m being a curmudgeon. Read more
Both Libre Office and Open Office released new versions this week, and the changelog indicates a good amount of shared code between the two, at least in this go-round. The animosity between the two—Libre Office is a fork of Open Office, dating to before the time Oracle spun the project off to Apache—may thus be overstated. Read more
I’ve worked several different shops now that seem to have a misconception about computer burn in. So I’m going to explain it.
I think there’s a misconception that if you let a computer run with a light load for a while, it somehow gets stronger, and ready to handle a big workday load.
I’m 5’9″ and weigh about a buck-fifty, so trust me, I know a non-bodybuilder when I see one. And computers aren’t bodybuilders. Read more
No OS is 100% secure if there’s enough desire to get in. There’s a web server exploit targeting Apache, Nginx, and Lighttpd running on Linux–a first of its kind, in at least one regard. Ars Technica has the details, including where to get a script to check to see if your server is infected.
According to this page, if you execute this command:
strings /usr/bin/apache2 | egrep opentty
you’re clean if nothing comes up, and your infected if you see one or more matches. If your system stores its httpd elsewhere, change the first parameter to match.
Tom Gatermann told me about a nice tool for Debian (and presumably Ubuntu) called checkrestart. Sometimes, even though you did an apt-get update and apt-get upgrade to bring your system up to date, you can still be running the out-of-date version of something. That’s the problem checkrestart helps you solve.