Update: The virus seems to have affected only GoDaddy websites, hence the change in title.

Few hours ago I opened my website and noticed some rather strange Javascript hanging around the bottom. After some inspection, it became evident that every page on my blog was trying to load an IFrame to some place called ninoplas.com. Turns out, I wasn’t alone and there are other users as well who are affected by this. Judging by the fact that different blogs were attacked at the same time, this was in all probability the result of a security hole in some plugin or the core itself.

The virus acted by adding a piece of encrypted code on the first line of all PHP files on the server. It’s rather unsettling to consider the extend of damage that could have been caused with the write access to those files. Still, the damage could be rectified by simply deleting those lines. I wrote a tiny script for doing this job which cleans the ninoplas virus from all the PHP files in the current directory:

clean-ninoplas.sh

Warning: While this script has worked for me, I am in no way providing any guarantee for how it behaves on other blogs. Backup your blog as well as database before executing this script.
You have been warned.

Using the fix is a simple matter of:

-bash-$ cd wordpress
-bash-$ wget http://inspirated.com/uploads/clean-ninoplas.sh
-bash-$ sh clean-ninoplas.sh

And don’t forget to backup everything again after cleaning up. The security hole — if there is one — has still not been tracked and if it’s in the core or some plugin which you’re still using, the virus might not be so benevolent next time.

Permalink | 69 comments
Post tags: BASH, Fix, GoDaddy, Rants, Script, Security, Virus, WordPress

“Research is what I’m doing when I don’t know what I’m doing.” — Wernher von Braun

As soon as the next semester rolls over, I will be joining nexGIN RC as a research student. My task will be to participate in developmental efforts on the National ICT R&D funded project “An Intelligent Secure Kernel for Next Generation Mobile Computing Devices”. Here’s an excerpt from the project’s executive summary:

The project aims to develop secure kernel framework that enable self-monitoring, and consequently self-healing operation for an operating system of mobile devices. This is expected to produce a fully functional Secure Linux Kernel that will be run on tablet PCs / smartphones. The developed framework will be fully aware of system conditions and resource usage and will schedule different threads intelligently based on each thread/process’ behavior, thus providing a truly secure computing experience in which malware that manages to escape detection by intrusion detection systems gets thwarted in the scheduler.

From the looks of it, there will be substantial poking around Linux involved in this one. So even though my research area primarily revolved around back-heeled through balls, spoon-chip goals, splendid crosses, powerful curlers, Totti, De Rossi, Batistuta, Montella, Ibrahimovic and Cruyff until now, I’ll be trying to redirect the efforts towards kernel development. What could possibly be more fun? Oh yes, watching Roma top the Champions League Group A ahead of Chelsea, but digressing that much isn’t suitable for a single post .

Permalink | One comment
Post tags: Kernel, Linux, nexGIN RC, Rants, Research, Security, Technology

The blasts go off, the government comes under pressure, and going by the books, they pull out an egregiously absurd law out of their asses: They inculpate WiFi hotspots, as one of them was used by the terrorists to send an email.

“We cannot blame anyone if we forget to lock our own rooms. The ISPs should provide all these features of password and password protection,” said a Ministry of Communication and Information Technology Indian Computer Emergency Response Team (CERTC-in) senior official an incompetent dork.

First of all, I do not sympathize with terrorists’ motives because of Indians getting targeted (as distasteful as that sounds, some people did suggest it when I argued with them about WiFi-blaming being ridiculous). With that said, I find it hard to believe that clamping down on hotspot security is going to reduce the level of terrorist threats. The Indian government shall have to outlaw real life mailboxes, phone-calls and anonymity all together as well as install GPS-trackers on every Indian resident for an approach like this to work. On the other hand, exploiting public fear by labeling inane regulations as being Anti-Terrorist is much more convenient than implementing adept law enforcing, don’t you think so?

Permalink | No comment
Post tags: India, Law, Security, Stupid, Technology, Terrorism, WiFi