Scripting

Ramblings and links to interesting snippets


How to Package cordova app

Just a simple step by step reference for packaging a cordova app:

  1. CD to the directory containing your app in the console
  2. export PATH=$PATH:”/cygdrive/P/Programs/Android/SDK/tools”
    export PATH=$PATH:”/cygdrive/P/Programs/Java/jdk1.8.0_121/bin”
    export PATH=$PATH:”/cygdrive/P/Programs/Android/SDK/build-tools/25.0.1″
    export ANDROID_HOME=/cygdrive/P/Programs/Android/SDK/
    export PATH=${PATH}:$ANDROID_HOME/tools:$ANDROID_HOME/platform-tools
    This is specific to my system, you may not need to do something like this
  3. cordova build –release android
    This will create platforms\android\build\outputs\apk\android-release-unsigned.apk
  4. CD and copy your keystore to platforms\android\build\outputs\apk
  5. jarsigner -verbose -sigalg SHA1withDSA -digestalg SHA1 -keystore your.keystore android-release-unsigned.apk keystorename
    sign it with your keystore, you may need to use a different signing method
  6. zipalign -v 4 android-release-unsigned.apk android-release-signed.apk

All done!

Permalink » No comments

How to clean up a File Inclusion attack

I recently helped out a friend clean up an infection from their website.  A hacker took advantage of some outdated plugins to sneak in some malicious code to their website.  Following these steps I was able to find all the infected files, fix the vulnerability, and block the attackers IP.

Find infected files

Hop on the shell, and run this script to review all recently added files:

1
find ~/websitedirectory/ -name "*.php" -type f -ctime -30  | less

That will list all php files added to the server in the past 30 days.

Also, if you have webalizer or awstats available through your host, go through the logs and search for all files ending in php, any core files or files with random strings for names should be reviewed.

Open one of the infected files, it may be including another file they slipped into your account so track that down and delete it.  Also, try to find something particular in the code so you can use it as another method to track down any infected files.  In the shell this code with search the contents of all php files for SOMETHING:

1
find ~/websitedirectory/ -name "*.php" -exec grep -l "SOMETHING" {} \;

Make a list of all the locations of backdoor files that the hacker created, we’ll be using those later.

Clean the infection

If possible, delete the entire website and upload from an earlier version before the attack.  If you can’t delete everything, delete and re-upload as many folders as you can.  And for any folder you can’t delete, take whatever steps you need to fix the infected files, this will vary based on the malicious code.

Prevent further infection

Update all your software and plugins to the latest version, if you’re running something out of date that’s likely where they got in. Also, make sure your files all have the proper permissions, these lines will set the proper CHMOD for all files and folders:

1
2
find ~/websitedirectory -type f ! -perm 644 -exec chmod 644 {} \;
find ~/websitedirectory -type d ! -perm 755 -exec chmod 755 {} \;

Reset all FTP and CMS account passwords.

And, as an added bonus, use that list of backdoor files to record the IP of the attackers.  If you were able to get correct IP addresses from webalizer and awstats then you can simply block those.  If you’re running cpanel you can block IPs in Security > IP Deny Manager.  If they didn’t record the correct IPs or you don’t have those services, you can use that list of backdoor files to capture the hackers IP.  Replace the code in those files with something like this:

1
2
3
<?php
$line = date('Y-m-d H:i:s'). " - $_SERVER[HTTP_X_FORWARDED_FOR] - $_SERVER[REMOTE_ADDR] - $_SERVER[SCRIPT_FILENAME]";
file_put_contents('/home/websitedirectory/hackers.log', $line . PHP_EOL, FILE_APPEND);

That will record the IP of anyone who visits those files in a hackers.log file so you can block them and stop them from fishing around in the future.

Hopefully, that’ll do it!

It may not work in all infections, but it did the trick in this case. You’ll want to replace ~/websitedirectory and /home/websitedirectory/hackers.log with URLs that are relevant to your web server.  Good luck!

Permalink » No comments

Send Rails Email from console

I’ve needed to do this forever, and finally found a stack exchange with a nice quick way to send mail from rails console, that works with the version of rails I’m on.

1
2
3
4
5
6
7
8
9
10
11
ActionMailer::Base.delivery_method = :smtp 
ActionMailer::Base.smtp_settings = {
  address: 'smtp.gmail.com', 
  port: 587, 
  domain: 'gmail.com',
  authentication: 'plain', 
  enable_starttls_auto: true, 
  user_name: 'you@gmail.com',
  password: 'yourpassword'
}
MailNotifier.activation_instructions(@user).deliver

Permalink » No comments

Fixing subdomain folders with wildcard cert

This is something I’ve had to do twice now, and it’s not all that hard, but I keep forgetting.  The specific problem is when you have a wildcard security certificate for your domain, but your subdomain just points to the same folder as your primary domain – even though it works correctly when you access it’s insecure version.

I’m sure there are other causes and fixes for this, but I find what I need to do is:

  1. Log into WHM
  2. Search “Install an SSL Certificate on a Domain”
  3. Then hit the “Browser certificates”
  4. Find the correct wildcard certificate and click the “user certificate” button
  5. Under “domain”  change “*.yourdomain.com” to “yoursubdomain.yourdomain.com”
  6. Then hit the install button

And that should be all you need to do!  You can just do this with as many sub-domains as you need.  If you want to check what certificates you have installed, you can search for “Manage SSL Hosts” in WHM and it will tell you there.

Permalink » No comments

How to compress only new files in a folder

In the shell using tar, you can compress only files newer then a specific date :)  Suuuuuper handy if you’re passing off files added to a large website to someone who already has an old version of that site.  So, pretty easy, you just run this command:

sudo tar -N ‘2016-12-01 00:00:00‘ -jcvf compressed.tar.bz2 folder

  • The Date (example date is December 1st 2016 midnight)
  • Location for output file
  • Folder to copy

Permalink » No comments