Find malware on your web server/shared hosting

Some of my client websites get hacked. Some shared hosting providers provide some virus scanning tools, but it’s not always enough and what about those who even don’t provide malware scanning. Hopefully they provide SSH access and AI-BOLIT can be used. It’s a free website virus and malware scanner for websites.
Just download it, unzip and upload to your desired host. Copy it into the root directory of your website.
Last run it
php ai-bolit.php --mode=2
or not paranoid/normal mode
php ai-bolit.php

Blocking web access by country code via htaccess

Some Ukraine and Russian folks don’t know how to behave so I decided to block the whole country. Also they’re not target audience for the targeted web.

# .htaccess

<IfModule mod_geoip.c>
GeoIPEnable On
Deny from env=blk

They were causing 509 Bandwidth Limit Exceeded on some client webs with Joomla :/

Passwordless ssh not working

I was getting the following with ssh -v user@remote_host

debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/mike/.ssh/id_rsa
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,password
debug2: we did not send a packet, disable method
debug1: Next authentication method: password

The solution idea came from to fix .ssh dir permissions and .ssh/authorized_keys

Later during investigation after login with password and debug turned on SSH complained with:

debug1: Remote: Ignored authorized keys: bad ownership or modes for file /home/REMOTE_HOST_USER/.ssh/authorized_keys

Facebook and Chrome connections revealed via Little Snitch

I decided to make a video showing how many connections are made after starting Chrome

And connecting to Facebook

When I opened Facebook in Firefox it made a connection to which after visiting shows 1x1px GIF image. Wikipedia info about Atdmt contains the following: “ATDMT is a tracking cookie served by Facebook subsidiary Atlas Solutions and used as a third party cookie by several websites.”
Opening FB in Chrome made connection to which after visiting informs that it is “Quantcast Measurement Service”, they provide also a table of most visited sites at Quantcast on wikipedia

Be aware of the watchers 😉

Vulnerabilities to consider while coding

I just found these following pages which describe SQL Injection and Cross Site Request Forgery (CSRF) vulnerabilities and how to prevent them in WordPress’s PHP code.