Affiliates
TuxTweaks Got Hacked
Today I was trying to debug why my Feedburner feed would not display properly in Google's Chrome browser. What I discovered was that there was some code creating errors in my site's original RSS feed. After a bit of searching on the offending code, I ran across a post on my hosting provider's support forum.
According to the response from the forum mod,
This is an issue that's going all around the Internet. These 'hackers' are not getting your FTP information from us - they are logging into our server with your FTP credentials, so they had to have gotten them from somewhere else first.
Well, that sounds like a nice story. However, a quick search of the internet yields results pointing to websites hosted by the same provider (confirmed by doing a whois search on the domain name).
What happened was that my index.php file got overwritten/modified. Here's what the hacked file looked like. The code shown in bold is what I had to remove.
<?php @register_shutdown_function("__sfd1252523454__");function __sfd1252523454__() { global $__sdv1252523454__; if (!empty($__sdv1252523454__)) return; $__sdv1252523454__=1; echo <<<DOC__DOC
<!-- [55cdd10ce02d4e8abf6256391a917480 --><!-- 4543252521 --><div style="overflow:auto; visibility:hidden; height: 1px; "><ul><li><a href="http://2309h34b34b34b.cc/sl">.</a></li></ul></div><!-- 55cdd10ce02d4e8abf6256391a917480] -->
DOC__DOC;
} ?>
<?php
/**
* Front to the WordPress application. This file doesn't do anything, but loads
* wp-blog-header.php which does and tells WordPress to load the theme.
*
* @package WordPress
*/
/**
* Tells WordPress to load the WordPress theme and output it.
*
* @var bool
*/
define('WP_USE_THEMES', true);
/** Loads the WordPress Environment and Template */
require('./wp-blog-header.php');
?>
<?php error_reporting(0); echo "\n"; @__sfd1252523454__(); ?>
The lesson here I guess is that I'll have to be more vigilant about checking the files on my site. According to the time stamp on my index.php file, it had been changed on Sept. 11! That stinkin' hack had been on my site for a month!
It's unclear to me what problems this might have caused for any of my readers. My deepest appologies to anyone who may have experienced any problems due to this hack.
Microsoft Releases Free Antivirus
Today, Microsoft released a new, free (free as in Free Beer) antivirus program called Microsoft Security Essentials. This new program is available for Windows XP 32-bit, Windows Vista and Windows 7 32-bit, and Windows Vista and Windows 7 64-bit operating systems.
I decided to give this new antivirus program a try on my installation of Windows 7 Release Candidate. The download was straight forward and the installation was almost straight forward. My first attempt at installation failed due to my Windows 7 OS not being activated. After downloading updates from Windows Update and rebooting, I was back in business. Here's some screen shots of the installation.
MSE Installation Step 1
MSE Installation Step 2
MSE Installation Step 3
MSE Installation Step 4
MSE Installation Step 5
MSE Installation Step 6
MSE First Run Update
After the update was complete MSE launched into a system scan.
MSE First Run Scan
I didn't stick around to see how long the scan took. Either way, your mileage will vary based on the size of your system.
Overall, the interface looked clean and straight forward, unlike some of the other free alternatives. (Yes, I'm talking about you, avast!)
MSE has scored well in independent benchmarking for virus detection, so it appears that it may be a good choice for users who don't want to fuss with settings and scan schedules.
It's too bad Microsoft chose to only offer their antivirus to validated versions of Windows, but I understand their reasoning. If they did remove this restriction it could help make the internet safer for everyone considering the number of botnet zombies in the world. There are common hacks to make a pirated Windows installation appear to be properly validated, so the validation check may prove to be moot anyway.
I applaud Microsoft for making this software available to their users for free. It's a good step toward making the Windows OS more secure.