David Yin's Blog

Currently Viewing Posts Tagged hack

Dirty Hack: Add CDN support into phpBB 3.1.6

October 17, 2015
0 Comments

It works for phpBB 3.1.x, not just phpBB 3.1.6. For a national forum or global forum, it is a must to have a CDN support.

The way I used is not a formal extension or plugin. It is a hack, actually a dirty hack. If you have no experience for it, you can close this page now.

Now, let’s start.

  1. Backup everything of your phpBB, include files and database.\
  2. URL path example.
    Forum url is http://www.myforum.com/
    CDN url is http://myforum.kxcdn.com/
  3.  Open /includes/functions.php
    add following in line 5112

    // Add CDN path
$cdn_cache = '//myforum.kxcdn.com/';

    Find following around Line 5216

    'T_ASSETS_PATH'         => "{$web_path}assets",
'T_THEME_PATH'         => "{$web_path}styles/" . rawurlencode($user->style['style_path']) . '/theme',
'T_TEMPLATE_PATH'      => "{$web_path}styles/" . rawurlencode($user->style['style_path']) . '/template',
      

    Replace by

    'T_ASSETS_PATH'         => $cdn_cache."assets",
'T_THEME_PATH'         => $cdn_cache."styles/" . rawurlencode($user->style['style_path']) . '/theme',
'T_TEMPLATE_PATH'      => $cdn_cache."styles/" . rawurlencode($user->style['style_path']) . '/template',

    Find following around Line 5230

    'T_STYLESHEET_LINK'      => "{$web_path}styles/" . rawurlencode($user->style['style_path']) . 'https://d22rw8pyewxbkl.cloudfront.net/theme/stylesheet.css' . $config['assets_version'],
'T_STYLESHEET_LANG_LINK'    => "{$web_path}styles/" . rawurlencode($user->style['style_path']) . '/theme/' . $user->lang_name . 'https://d22rw8pyewxbkl.cloudfront.net/stylesheet.css' . $config['assets_version'],

    Replace by

    'T_STYLESHEET_LINK'      => $cdn_cache."styles/" . rawurlencode($user->style['style_path']) . 'https://d22rw8pyewxbkl.cloudfront.net/theme/stylesheet.css' . $config['assets_version'],
'T_STYLESHEET_LANG_LINK'    => $cdn_cache."styles/" . rawurlencode($user->style['style_path']) . '/theme/' . $user->lang_name . 'https://d22rw8pyewxbkl.cloudfront.net/stylesheet.css' . $config['assets_version'],

    Save and overwrite the original file.

  4.   Open /includes/functions_content.php
    Find following around Line 902

    return preg_replace('#<!\-\- s(.*?) \-\-><img src="\{SMILIES_PATH\}\/(.*?) \/><!\-\- s\1 \-\->#', '<img class="smilies" src="' . $root_path . $config['smilies_path'] . '/\2 />', $text);

    Replace by

    return preg_replace('#<!\-\- s(.*?) \-\-><img src="\{SMILIES_PATH\}\/(.*?) \/><!\-\- s\1 \-\->#', '<img class="smilies" src="' .'//forum.kxcdn.com/forum/'.$root_path. $config['smilies_path'] . '/\2 />', $text);

    Save and overwrite the old file.

  5. Then purge cache in the ACP.

Look at the waterfall chat after this hack.

cdn-phpbb-hack

The CDN service provider is KEYCDN. You can apply through this link.

How to install Linux Malware Detect on CentOS 6.3

February 7, 2013
0 Comments

Linux Malware Detect is a malware scanner for Linux released under the GNU GPLv2 license, that is designed around the threats faced in shared hosted environments. Here is a HOWTO to show you the installation on CentOS 6.3.
1) SSH to CentOS server
2) Get the source package

Continue reading “How to install Linux Malware Detect on CentOS 6.3”

Protect Proftpd server by restricting IP address allowed

July 30, 2012
0 Comments

There are so many hackers or what ever name for them, want to login ftp server of my VPS server.
The one of the most simplest way is to deny all IP address except specific IP address.
The FTP server running on VPS is Proftpd.
To do the limitation, just edit /etc/proftpd.conf
Add the following in the end.

Order allow,deny
Allow from 96.49., 64.180., 24.81.
Deny from all

Continue reading “Protect Proftpd server by restricting IP address allowed”

How to block SSH connection per IP address

July 30, 2012
0 Comments

I have any VPS which is hosted on Burst.net.

The openssh server running on it. When I checked the error log. I saw a lot of log in errors as below.

It is clear that the hacker want to connect this VPS through SSH as root. They tried different password, different port. All were blocked by PAM system.

sshd-error-login-try

To save the cost of these connection and PAM. I choose the way to block them per IP address.

Continue reading “How to block SSH connection per IP address”

A type of Hacker on WordPress

December 8, 2011
0 Comments

During past week, I saw two shell accounts are hacked. Both are on Dreamhost.
One of it is reported by Google Webmaster Tools. It said there are some malicious code found.
The other one is found, because that the memory usage is increased too fast, but no increase on PV.
I checked the account and be noticed some wired issues.
One of the important files, .htaccess is changed by a hacker.
It send web spiders, such as Google bots, Bing, ASK, to a third party site, which has a malicious code. The code may affect the user computers.
When user enter a wrong URL, user should see a 404 error page from the site. The hacker also send these users to the remote site, which has malicious codes.
SO, if you land the website on the right page URL, you will not see it.
It looks normal and no problems.
The hacker steal the traffic from the sites. And also has potential risk to the users of the site.
How to fix hacked WordPress blog?
The way I did to clean it is that simply.
1) Export the data
2) Make a new shell account on Dreamhost
3) Point the site to new account
4) Install the fresh, updated version software
5) Import the data
Done.
Then last step to delete the old shell account.

Continue reading “A type of Hacker on WordPress”

Best choice of Wii mod chip

May 31, 2009
1 Comment

There are many different brand mod chips for Wii.
WiiKey, D2CKey, Cyclowiz, Wiinja, Wiinja Deluxe, Wiibuster, etc.
Compare with the price, function, features and the Wii Drivechip, I recommend Wii Key 2.
Wii Key 2 support DMS, D2A, D2B, D2C, D2C-2 and D2E chipsets. Support all regions, including USA, JAP, PAL and KOREA
The full specification shown below:

* Compatible with DMS, D2A, D2B, D2C, D2C-2 and D2E chipsets
* Compatible with all regions, USA, JAP, PAL and KOREA
* Compatible with D2B “cut pin” drives (does not require the cut pins to be connected)
* Fully configurable and updatable via DVD
* Advanced automatic region detection with fallback (works even if a drive is changed to a different region Wii)
* Region override for Wii and Gamecube games
* Direct Boot of Wii original, import, and backup games
* Direct Boot of Gamecube original, import, and backup games
* Direct boot of homebrew in GC mode
* Supports multi-disc games, DVD-R, +R, +RW (no bitsetting required)
* Supports Dual Layer
* Supports factory made ‘silvers’, even with incorrect header data
* Supports, SMG, SSBB, Mario Kart and other ‘problem’ titles
* Streaming audio-fix for Gamecube games
* Diskspeed configurable via DVD, with separate settings for different media types
* Recovery mode makes it impossible to brick the chip with a bad flash
* 8Mbit onboard flash for storing data and applications
* Rock solid performance with 3.3V FPGA core and high quality components
* Multifrequency Ringpiece Oscillators (MRO) for optimum performance, even with problem drives
* Onboard status LEDs

It is only 19.95, plus tax $1 and shipping fee, total is $25.90. When you make order through Canadamods.ca. Shipping taks about one week.
Now it is yellow tag in the back of Wii Key 2 chip, so 6 solder points only for D2C, D2C2, or D2E.

Continue reading “Best choice of Wii mod chip”

phpBB official site is hacked

February 9, 2009
0 Comments

phpBB official site was hacked one week ago. It is still under maintenance.

Maintenance
We are sorry to report that we have been attacked through a 0-day-exploit in our PHPList installation (responsible for the mailing list about new releases). phpBB.com will remain unavailable while we work to recover. No vulnerabilities have been found in the phpBB software itself.
You can download phpBB here: http://www.ohloh.net/p/phpbb
You can get support at the temporary support forums or on IRC:
chat.freenode.net #phpbb
A more detailed explanation about the incident.
Press Contact: If you need to get in contact with the management, please email phpbb_press (at) marshalrusty (dot) com.
– the phpBB team

I do have some forum powered by phpBB. It is good news that phpBB software is OK.

SEO hacking for Joomla 1.5.2

May 7, 2008
11 Comments

Joomla! is a wonderful open source CMS. But the performance of content on Search Engine Results is not good enough.
Some SEO (Search Engine Optimize) hacking should be taken to make it better on SERP.
The first one is H1 tag.
Joomla does not take H1 on it template. So the Search Engine can not find the important part of the page.
To add H1 on the page title, article title, you need to do following html hack.
Use whatever html editing tools you like, I use Dreamweaver now.
The template files are sitting here.
\website root\components\com-content\views\frontpage\tmpl\default_item.php
\website root\components\com-content\views\article\tmpl\default.php
\website root\components\com-content\views\category\tmpl\default.php
\website root\components\com-content\views\section\tmpl\default.php
Find “contentheading”
Then add <h1> </h1> around the heading tag.
Save them and upload them to site.
When you browse the page after H1 hacking, the title will looks bigger than before.
You can also use css to add H1 style for them.

  • Archives