Domain-name based ssh login attempts

The last few weeks I have noticed some illicit ssh login attempts that uses parts of the reverse DNS domain name as user name when it tries to login. The last attempt looked like this in my LogWatch summary:

Illegal users from these: ( 9 times
       root/password: 4 times
       cenara/password: 2 times
       ip-83-209-13-88/password: 2 times 1 time

As you can see, the secondary and tertiary domain name, along with the full domain name, was tried as user name when attempting to login. I guess that the attack script tries with a blank password and also with the same password as user name.


WordPress crack attempt this morning!

When I got to work and viewed this blog I noticed that Sidebar Widgets was disabled. I thought "That’s weird!"

When I tried to login to the administration interface I was told that my WordPress database needed upgrading. I thought "That’s weird!"

Some further investigation revealed that someone managed to upload a PHP script called ro8kfbsmag.txt (MD5 sum df3b74cd38c717d9d7bbf0cd1910baa1) to my /tmp directory. It starts like this:

/*Magic Include Shell by Mag icq 884888*/
//TODO: ñëèòü ôàéëî íà ñâîé ôòï (!)

This gave me enough information too start googling. A must-read is Detailed Post-Mortem of a Website Hack Through WordPress & How To Protect Your WordPress Blog From Hacking, as it describes a very similar attack. There is also a support thread at Weird and Dangerous : ro8kfbsmag.txt.

The attack vector on my server looked like this, originating from with HTTP/1.0 as protocol version and "Opera" as User-Agent. I wish I logged POST data!

POST /wp-admin/options.php
POST /wp-admin/upload.php
POST /wp-admin/options.php
POST /wp-admin/options.php
POST /wp-admin/inline-uploading.php?post=-1&action=upload
POST /wp-admin/options.php
POST /wp-admin/options.php
POST /wp-admin/upload.php?style=inline&tab=upload&post_id=-1
POST /wp-admin/upload.php?style=inline&tab=upload&post_id=-1
POST /wp-admin/options.php
POST /wp-admin/options.php
GET /wp-admin/upgrade.php?step=1

Needless to say, I have restored a backup and taken certain precautions to prevent this from happening again.

Andi Gutmans: “Java is losing the battle for the modern Web”

Andi Gutmans (of PHP fame) has written a very interesting blog post about Java’s future on the web. The article is called Java is losing the battle for the modern Web. Can the JVM save the vendors? He gives some good arguments for using a LAMP stack for web applications.

One of the interesting quotes is:

Project Zero’s Chief Architect is one of the first IBMers to admit in public that Java today can be considered as a system language and is not desirable for building RESTful Web applications […]

This was apparently a bit out of context, according to the comment by Jason McGee, but fun to read nevertheless.

He makes a prediction that shall be interesting to see if comes true:

It has taken over 10 years for the Java stronghold to admit Java’s poor ROI on the Web and with the current recession it is likely that many Java customers are going to be making more informed investments. As a result there will be considerable rise in uptake of dynamic languages.

Highway to Dell, part four

(Continued from Highway to Dell, part three.) Before buying the Dell Inspiron1525 I did some research and I found a thread about PPP problems with Ubuntu on the machine. I sent a PM to the author of the post and asked of his/her experiences. I got this reply (quoted with permission):

I am no longer using Ubuntu 7.10 on this notebook. I converted to Fedora 8, have not yet returned, and do not plan to until the 8.04 release. Fedora functions beautifully in an unprecedented manner. My primary issue with Ubuntu was power management, which is a complete wreck. The screen saver, for example, would activate only sporadically. To no surprise, hibernation and sleep never functioned, and I would lose sessions consistently upon reactivation. Not that this situation is unique, but, on the other hand, Fedora 8 has managed to execute power management flawlessly and I have maintained highly stable uptimes of up to two weeks. I would highly recommend its installation on this particular model, as I have experienced virtually no drawbacks.

Ubuntu works fine for me, but if you can’t get Ubuntu to work properly it sounds like you might want to try Fedora!

Update Continued on Highway to Dell, part five.

Highway to Dell, part three

(Continued from Highway to Dell, part two.) The trackpad is much easier to work with since I followed these instructions. I also set MaxTapTime to "0" (zero) to disable tapping on the trackpad, and SHMConfig to "on" so that I can use synclient, gsynaptics or similar programs to play with the settings at runtime. The relevant section of /etc/X11/xorg.conf now looks like this:

Section "InputDevice"
        Identifier      "Synaptics Touchpad"
        Driver          "synaptics"
        Option          "SendCoreEvents"        "true"
        Option          "Device"                "/dev/psaux"
        Option          "Protocol"              "auto-dev"
        Option          "HorizEdgeScroll"       "0"
        Option          "MinSpeed"              "0.14"
        Option          "MaxSpeed"              "1.6"
        Option          "AccelFactor"           "0.084"
        Option          "SHMConfig"             "on"
        Option          "MaxTapTime"            "0"

I plan to play with HorizEdgeScroll later! It also seems like ndiswrapper was not loaded at boot so I simply load it from /etc/rc.local with the line below. There is probably a more correct way, but this works fine:

/sbin/modprobe ndiswrapper

Once when the computer woke up from hibernation it did not restore the X session properly, but it was possible to login from another computer and reboot. Such is life. I was not able to spot anything in the logs to explain this.

Update Continued on Highway to Dell, part four.

Highway to Dell, part two

(Continued from Highway to Dell, part one.) Yesterday I swapped hard disk drive in the Dell Inspiron 1525 (without even booting Windows Vista), inserted the DVD with ubuntu-dell-1525n-intelvideo-reinstall.iso downloaded from // and installed Ubuntu. Everything I’ve tried worked out of the box except the wireless network. The Dell 1395 wireless network started working when I followed these great instructions and driver for the Broadcom BCM4310. The solution uses ndiswrapper and it is important to download the Windows XP drivers and not the Windows Vista driver. Don’t worry that lspci says "Broadcom Corporation BCM4310 USB Controller" but Dell writes "not USB" about the driver package. Do not bother with the bcm43xx driver! These things are now tried and seem to work fine:

  • 1440×900 pixels resolution
  • Wired network
  • Wireless network
  • Suspend
  • Hibernate
  • Sound
  • Trackpad
  • Sound playback buttons

The biggest annoyance so far is the trackpad. First of all I’m a TrackPoint guy and second the acceleration is unbearably slow. I’ll try these instructions later though. A note about DVD playback: When buying a Dell laptop with Ubuntu, they include LinDVD, but unfortunately LinDVD is not included on the ISO image. Swedish readers who long for a Dell with Ubuntu preinstalled could read about and envy Dell’s offerings to other European countries.

Update Continued at Highway to Dell, part three.

Highway to Dell, part one

(Kind of continued from About to buy a new laptop.) I ordered a Dell Inspiron 1525 on Februrary 12 and the delivery was estimated to Match 17. A few minutes to 7 AM this morning the delivery company called and said they were to deliver before lunch today! Unfortunately I had to call back and ask them to deliver tomorrow instead, but Dell sure exceed expectations on delivery time! My planned is to run Ubuntu 7.10 (Gutsy Gibbon) on the laptop, so I was really pleased to read the Welcome the Inspiron 1525 to the Dell Ubuntu Family blog post! As this option was not available when I ordered (and maybe never will be in Sweden) I obviously paid the "Microsoft tax", but according to a recent article it’s more expensive to buy a Dell without operating system than with Windows in Sweden. Update Dell corrected themselves, but it’s not applicable to me anyway. To my great, great joy, Dell provides ubuntu-dell-1525n-intelvideo-reinstall.iso at // Wonderful! I have a spare 2,5" hard disk drive, so I’ll probably change hard drive and then try the ISO image from Dell. I’ll follow up with my experiences!

Update Continued at Highway to Dell, part two.