Wisetechie Blog : Ctrl your Tech Life

I am a part time moderator/web administrator on our unofficial college website. Last year our website had been hacked and some malicious script had been placed on it which was causing redirection of some Google referred traffic. It would not resend all Google referred traffic though, it even placed its own cookie in the malicious script to ensure that people are not sent to the offending site every time but only once every 86400 seconds.

For days I searched the internet desperately to find out if it was a known thing, most sites suggested it was a .htaccess attack, but I had already suspected that and our .htaccess file was squeaky clean. Just to be sure I also checked all the .htaccess files above and below out root level and they were clean. So I was sure it was a script. If your site is hacked via the .htaccess method, there would be entries like :

RewriteEngine On
RewriteCond %{HTTP_REFERER} .*google.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} .*aol.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} .*msn.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} .*altavista.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} .*ask.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} .*yahoo.*$ [NC]
RewriteRule .* http://newaddress [R,L]

After the .htaccess files were found clean, I tried some workarounds to prevent the redirection, like setting server referrer variable to null and trying to make all URLs 301 redirects but that didn’t work since the script was still able to detect the referrer as Google and redirect the website to tinyurl4.info which probably paid them a lot to get this done. It would be sent to random addresses on the tinyurl4.info site. Since the site may be hosting malware, I would request you not to go there. So this method of cloaking the referrer at my side clearly wasn’t working.

Next I created a zip file from the offending folder of the site and downloaded the whole thing using my 3G connection photon+ connection (wanted to finish it off ASAP). Once the folder was downloaded, I ran a McAfee scan of the whole thing hoping that the anti virus would be able to detect the offending code as it would be obfuscated. But I was wrong McAfee was terribly incompetent. So it was plan B , I started searching for strings like .js and tinyurl4.info to try and find the redirecting code. Windows search wasn’t very helpful here and couldn’t even find base64 which was one of the strings I searched for and was a part of the offending code.

So now it was plan C , this one worked. I listed all files in the site which had been modified within the past one year. Here is where I was able to find the culprit. One PHP file global_lang.php  had been edited in 2009 while all its peers were not listed. I grew suspicious and opened the file. To my shock, horror and relief I found the following piece of code :

which when translated turned out to be malicious code. I am not displaying the malicious code here should you get any ideas. What it was doing was checking if the person was referred by Google, Yahoo etc. and if that was true and there existed no cookie it would redirect that person after setting a cookie. The cookie ensured that once a person was redirected to the fake site, he wouldn’t be redirected for some time.

I have listed these steps here so that webmasters might be able to get a hint of how to recover from this particular type of  injection on their sites. Ofcourse, always take backups, backups ensure you can just dump them on and the malicious code is removed.

Future Proofing

There is probably no way to protect yourself from the super hackers , however you can always take precautions. First and foremost, always take backups and multiple backups. you should ideally have 12 backups from the past 12 months.

Apart from backups, ensure that the permissions on your website are always set correctly. 777 is really the devil .Never grant write permissions to outside users. 755 for folders and 644 for .php files usually works. Incase you suspect hacking, contact your host at the earliest.

Also turn off all directory listing.

Hoping you found this article helpful

A video showing you how to replace/upgrade/remove/add RAM to your DELL Inspiron Laptop. The laptop in the video is the DELL Inspiron 1525 in which i am replacing the original Kingston RAM with Crucial high performance RAM memory. If you too are looking to replace your RAM, please look at the video carefully :

There is really only 1 way to install the Realtek HD Audio drivers properly. No matter what all other forums say. Service Pack 3 is the main culprit as the drivers see that its above SP2 and dont install. I personally face this situation and was really distressed because it looked like either i will have to reinstall Windows Xp or have my new supercool and super monster computer without sound. Imagine having a monster PC with a motherboard with HD Audio and your driver doesnt install.

Both scenarios were something which i would never have approved of. Anyway so i Googled. I got 10s of solutions but most didnt work. Only 1 worked and i will put it here hoping that Google dear will catch it and people who face this problem installing the Realtek HD Audio 0xE000027.

1. First Step is to make sure all instances Realtek Audio and its associative softwares are uninstalled from add remove programs and device manager. This includes Intel High Definition audio.
2. On your PC change the CSDVersion registry key to Windows XP SP2:
   HKLM\SYSTEM\CurrentControlSet\Control\Windows\CSDVersion value=200

This problem arises as the patch thinks that SP3 includes a better version of the patch itself and hence doesn’t install itself.

3. Download the latest drivers from the Intel website, navigate to the KB888111 patch.

4. But before installing the patch, goto your device manager and disable the UAA. Now uninstall the UAA.

5. Install your patch now.

6. Install the Realtek drivers now and things should work.

7. Change the SP version to 300 again.

If it didnt work, try once again. I can enjoy 7.1 channel high definition sound from my Intel Original motherboard now. Realtek HD Audio now works fine. Hopefully Error 0xE000027 is fixed now.

If this helped solve your problem, consider making a small donation($1 even ) via paypal button below towards the maintenance of this website (hosting + domain name). All proceeds will be directly spent on bringing you more such helpful posts.

Disclaimer : Advice on as is basis, this worked for me, may or may not work for you, but it should

  Well if you have a Windows Mobile based Bluetooth phone and love exchanging files among your friends , then there are 2 questions you must have asked yourself or a friend.

1. How to receive incoming files via bluetooth , most windows mobile users find that by default the incoming file feature is disabled in Windows Mobile phones.

2. How to ensure that files received via bluetooth are saved directly onto your memory card. Most smartphones and Pocket PCs have limited internal memory, often just enough to support the default Windows Mobile installation.

The straight answer is a software called Obex Inbox (3rd party software, research before use). Install the software and reboot your Windows Mobile phone.

Now goto settings on your Windows Mobile phone and Just give the path as Storage Card/folder in your Obex settings and all incoming bluetooth beams will be stored in your storage card.

For more Windows Mobile tips and tricks keep watching the blog . The screenshots are taken on the Asus P320 smartphone with Windows Mobile 6.1 Professional.

Well these are general facts about using bluetooth on your windows mobile mobile phones, most people complain that that they are able to send files and images via bluetooth but when receiving they receive errors like “Unable to Connect” or unable to send files. Most think that this error is caused due to their Windows Mobile Phones, but it isnt so (technically), Imate, HTC, Asus etc. wont make phones with bluetooth not able to receive files.  The trick is basically the same for windows mobile 5 and windows mobile 6, i have taken the screenshots from windows mobile 6.1 on my Asus p320 phone, but i remember it was more or less the same on my Imate and its windows mobile 5.

These are the steps needed to setup your windows mobile device to receive photos/music/data files:

Step 1: In Settings click on Bluetooth, select the mode tab and switch on bluetooth and make this device visible to other devices.

Step 2: In Settings , click on Beam and check receive all incoming beams.

After you complete these 2 steps all of your bluetooth incoming beams should reach your mobile phone and you should be able to share photos, files and music with your friends and receive it from them.

But another problem, all incoming files are stored in my documents, how do you ensure that these are stored in storage card ? Answer to that next week

Well, we had made these videos a few months ago telling people how to secure their Wifi connections quite frankly because many people use other people’s internet without their knowledge. We had made the videos to prevent pranks where kids use other people’s networks to save some money.

But the recent blasts in India opened a new picture. Terrorists used the Wifi connection of an American citizen living in Navi Mumbai to send threatening emails and emails taking responsibility for blasts. As an Internet user, its your responsibility to secure your connection and make sure criminals are not using it. The following 2 videos will help you secure your Wifi connection. I will also make another video, showing you how to implement MAC address filtering to further strengthen your Internet security.

These videos are for Linksys WRT54G series, if you have some other router, refer to your user manual to see how this is done or search youtube, someone might have made a video for your model too.

Securing your Wifi connection (WPA security , only people will passphrase will be able to logon to it wirelessly)

Password protect your Router also

This post is issued in public interest