Skip to content

How to Package cordova app

Just a simple step by step reference for packaging a cordova app:

  1. CD to the directory containing your app in the console
  2. export PATH=$PATH:”/cygdrive/P/Programs/Android/SDK/tools”
    export PATH=$PATH:”/cygdrive/P/Programs/Java/jdk1.8.0_121/bin”
    export PATH=$PATH:”/cygdrive/P/Programs/Android/SDK/build-tools/25.0.1″
    export ANDROID_HOME=/cygdrive/P/Programs/Android/SDK/
    export PATH=${PATH}:$ANDROID_HOME/tools:$ANDROID_HOME/platform-tools
    This is specific to my system, you may not need to do something like this
  3. cordova build –release android
    This will create platforms\android\build\outputs\apk\android-release-unsigned.apk
  4. CD and copy your keystore to platforms\android\build\outputs\apk
  5. jarsigner -verbose -sigalg SHA1withDSA -digestalg SHA1 -keystore your.keystore android-release-unsigned.apk keystorename
    sign it with your keystore, you may need to use a different signing method
  6. zipalign -v 4 android-release-unsigned.apk android-release-signed.apk

All done!

How to clean up a File Inclusion attack

I recently helped out a friend clean up an infection from their website.  A hacker took advantage of some outdated plugins to sneak in some malicious code to their website.  Following these steps I was able to find all the infected files, fix the vulnerability, and block the attackers IP.

Find infected files

Hop on the shell, and run this script to review all recently added files:

find ~/websitedirectory/ -name "*.php" -type f -ctime -30  | less

That will list all php files added to the server in the past 30 days.

Also, if you have webalizer or awstats available through your host, go through the logs and search for all files ending in php, any core files or files with random strings for names should be reviewed.

Open one of the infected files, it may be including another file they slipped into your account so track that down and delete it.  Also, try to find something particular in the code so you can use it as another method to track down any infected files.  In the shell this code with search the contents of all php files for SOMETHING:

find ~/websitedirectory/ -name "*.php" -exec grep -l "SOMETHING" {} \;

Make a list of all the locations of backdoor files that the hacker created, we’ll be using those later.

Clean the infection

If possible, delete the entire website and upload from an earlier version before the attack.  If you can’t delete everything, delete and re-upload as many folders as you can.  And for any folder you can’t delete, take whatever steps you need to fix the infected files, this will vary based on the malicious code.

Prevent further infection

Update all your software and plugins to the latest version, if you’re running something out of date that’s likely where they got in. Also, make sure your files all have the proper permissions, these lines will set the proper CHMOD for all files and folders:

find ~/websitedirectory -type f ! -perm 644 -exec chmod 644 {} \;
find ~/websitedirectory -type d ! -perm 755 -exec chmod 755 {} \;

Reset all FTP and CMS account passwords.

And, as an added bonus, use that list of backdoor files to record the IP of the attackers.  If you were able to get correct IP addresses from webalizer and awstats then you can simply block those.  If you’re running cpanel you can block IPs in Security > IP Deny Manager.  If they didn’t record the correct IPs or you don’t have those services, you can use that list of backdoor files to capture the hackers IP.  Replace the code in those files with something like this:

file_put_contents('/home/websitedirectory/hackers.log', $line . PHP_EOL, FILE_APPEND);

That will record the IP of anyone who visits those files in a hackers.log file so you can block them and stop them from fishing around in the future.

Hopefully, that’ll do it!

It may not work in all infections, but it did the trick in this case. You’ll want to replace ~/websitedirectory and /home/websitedirectory/hackers.log with URLs that are relevant to your web server.  Good luck!

Send Rails Email from console

I’ve needed to do this forever, and finally found a stack exchange with a nice quick way to send mail from rails console, that works with the version of rails I’m on.

ActionMailer::Base.delivery_method = :smtp 
ActionMailer::Base.smtp_settings = {
  address: '', 
  port: 587, 
  domain: '',
  authentication: 'plain', 
  enable_starttls_auto: true, 
  user_name: '',
  password: 'yourpassword'

Fixing subdomain folders with wildcard cert

This is something I’ve had to do twice now, and it’s not all that hard, but I keep forgetting.  The specific problem is when you have a wildcard security certificate for your domain, but your subdomain just points to the same folder as your primary domain – even though it works correctly when you access it’s insecure version.

I’m sure there are other causes and fixes for this, but I find what I need to do is:

  1. Log into WHM
  2. Search “Install an SSL Certificate on a Domain”
  3. Then hit the “Browser certificates”
  4. Find the correct wildcard certificate and click the “user certificate” button
  5. Under “domain”  change “*” to “”
  6. Then hit the install button

And that should be all you need to do!  You can just do this with as many sub-domains as you need.  If you want to check what certificates you have installed, you can search for “Manage SSL Hosts” in WHM and it will tell you there.

Transfer files to FTP via Rails console

First require Net::FTP so the functions will be available

require 'net/ftp'

Create FTP connection, with a custom port

ftp =
ftp.connect('url', port) 
ftp.login('username', 'password')
ftp.passive = true

Move to the folder you want to upload the file into


Get URL of paperclip file

url = 'public'\?.*/, '')

Upload to server


Close connection