How to fix “hacked by Moroccanwolf” WordPress site
A client of mine had their wordpress hacked and when you would load the site, it would simply display a message that said “hacked by Moroccanwolf”. I did some digging and luckily it wasn’t a major hack and they didn’t mess with the posts or other settings as a lot of the hacks do.
Quick Fix
- To fix it, you’ll need to connect to your database using an editor of some sort, such as PHPmyadmin.
- Once logged in, expand your database on the left.
- Click on ‘wp_options’.
- On the top right, click the ‘Browse’ tab.
- Look for ‘widget_text’ in the option_name field. (For my client, it was at row 90). You should see something similar to this:
<script>document.documentElement.innerHTML = unescape(''%48%61%63%6b%65%64%20%62%79%20%4d%6f%72%6f%63%63%61%6e%77%6f%6c%66%20%26%26%20%61%62%64%65%6c%6c%61%68%20%45%6c%6d%61%67%68%72%69%62%69'');</script>
Delete the entire tag and this  should restore your website. Now remember to change your logins and update wordpress.
How I Figured it Out
Most of the hacks I’ve seen are done through injecting javascript into the database somewhere which either force a redirect or something along those lines. Here’s the steps I followed to find it:
- To fix it, you’ll need to connect to your database using an editor of some sort, such as PHPmyadmin.
- Once logged in, click on your database on the left. Ensure you’re on the database and not a table.
- Click Export.
- Leave it to quick and click go.
- You should now see a textbox with a mess of SQL commands.
- Copy and paste into your favorite editor,
- Search for <script> and you should find something that doesn’t belong. Â In this instance, that was the only thing I found of note.
- You’ll want to scan the rest of the database for things that don’t belong. Additionally, you’ll want to replace all the wordpress files and confirm no .htaccess files were created that give hackers write access.
When updating Office 2011 for Mac, you are prompted that you must close “Microsoft Database Daemon” and “SyncServicesAgent”
If you’re trying to update your install of Microsoft Office 2011 for Mac, you may get the following message:
“These applications must be closed before the software can be installed:
Microsoft Database Daemon
SyncServicesAgent
Close these applications and try again”
If you try to kill the apps using activity monitor, you’ll find they keep getting restarted. The only way I found that worked to stop them is by following the instructions below.
- Open a terminal window and enter the following command:
launchctl unload ~/Library/LaunchAgents/com.microsoft.LaunchAgent.SyncServicesAgent.plist
This will unload the SyncServicesAgent. Unfortunately the Daemon kept running for me after the latest update. To stop that, do the following:
- Open activity monitor
- Scroll down until you find Microsoft Database Daemon in the list of active applications.
- Click on Microsoft Database Daemon and click on the Quit Process button in the toolbar
Go back to the install utility and you should now be able to proceed with the install. Once the install is finished, you’ll want to restart the Sync Services Agent, so do the following:
- Go back to the terminal window and enter this command:
launchctl load ~/Library/LaunchAgents/com.microsoft.LaunchAgent.SyncServicesAgent.plist
Now you should be all set with updates and can close terminal.
Visual Studio 2013 package did not load correctly
Today I loaded up Visual Studio to continue work on a project and created by a random bunch of errors. All were complaints that various packages could not be loaded. The one I captured was:
[alert color=”gray”]The ‘JavascriptWebExtensionsPackage’ did not load correctly.’ The problem may have been caused by a configuration change or by the installation of another extension.[/alert]
I had just installed SyncFusion’s Essential Studio which apparently screwed something up. I tried doing a repair on Visual Studio which unfortunately did not work.
I was able to fix it by following these steps:
- Close Visual Studio Open the *Users*\AppData\Local\Microsoft\VisualStudio\12.0\ folder
- Rename the ComponentModelCache folder
- Restart Visual Studio.
Visual Studio should now rebuild the cache and no longer display the error messages.
How to Get Browser Name and Version via JavaScript
Today I ran into a strange issue where Firefox version 28 and below rendered style widths different than Firefox 29 and above. Firefox 29 and above appear to have fixed the issue and render sizes to match Chrome/IE8+/Opera/Safari. Unfortunately, as old as Firefox 28 is, our client’s legal review team is stuck on that version as IT refuses to let them upgrade. As such, we needed to add a kludge fix to the site to add a style to fix the issue for those running older Firefox versions. JQuery removed the version support from version 1.9 so here’s a handy script that will allow you to detect the browser and version without any extra dependencies.
function get_browser_info(){
var ua=navigator.userAgent,tem,M=ua.match(/(opera|chrome|safari|firefox|msie|trident(?=\/))\/?\s*(\d+)/i) || [];
if(/trident/i.test(M[1])){
tem=/\brv[ :]+(\d+)/g.exec(ua) || [];
return {name:'IE ',version:(tem[1]||'')};
}
if(M[1]==='Chrome'){
tem=ua.match(/\bOPR\/(\d+)/)
if(tem!=null) {return {name:'Opera', version:tem[1]};}
}
M=M[2]? [M[1], M[2]]: [navigator.appName, navigator.appVersion, '-?'];
if((tem=ua.match(/version\/(\d+)/i))!=null) {M.splice(1,1,tem[1]);}
return {
name: M[0],
version: M[1]
};
}
Usage is very simple:
var browser=get_browser_info(); console.log(browser.name); console.log(browser.version);
BONUS: If you need to detect a specific version and add special classes, here’s a quick snippet that will allow you to add a class to the HTML tag using plain old vanilla.js.
var browser=get_browser_info();
if(browser.name == 'Firefox' && browser.version <= 28)
{
var root = document.documentElement;
root.className += " firefox28";
}
ESET AntiTheft Causes Dell Machines to Lose Permissions on C:
I just spent the past two days complaining about Windows 8 to everyone I know because of how awful the experience is. I installed Windows updates, rebooted, and the system stops working.
It turns out it wasn’t Windows causing the problem but ESET AntiTheft on Dell laptops. It turns out there’s a permission bug specific to Dell machines when ESET creates it’s ghost account and instead of giving it restricted access, the system essentially copies the permissions and then changes everything on the C: drive to a state where the permissions are no longer accessible.
Unfortunately, the only known fix at this point is to contact ESET support. I called their support line in North America and the tech knew about the issue right away. You’ll have to reboot into safe mode, and then get them to remote in to install a utility that runs a script that resets the permissions.
Contact Info here: http://www.eset.com/us/about/contact/
The tech assured me they are working with Dell to get this issue resolved so until they do, make sure you don’t activate ESET’s AntiTheft on the Dell machine.
What’s the Problem?
A few years ago, I started at a company as a help desk tech. After establishing myself, I’d often get put on all the…interesting issues. When nobody else could figure out the problem, I’d get called in to figure out the issue. During my early days as a new tech there, the manager of the team passed me a ticket and stopped by to give me background on the situation. This particular client would call in every week because one computer couldn’t talk to the server and at one point, every tech on the team had worked on the problem and nobody had been able to figure it out. My manager told me not to stress about it because it was definitely something on their side but he treats the situation as a rite of passage for all new hires.
I give the doctor a call back and he gets me connected to his PC and begins to elaborate on the problem and all the things everyone has had him do. He explains how his tech knows the problem is with our software since everything on the network side works. He clicks on the Windows XP start menu and by sheer luck, the tech had set the menu back to classic which meant the banner along the left showed which version of Windows was running. As the doctor continued on with his explanation, I noticed the banner on the start menu said “Windows XP Home Edition”.
I politely interrupted the doctor and informed him that I had figured out the problem. He went quiet for a few seconds and said “You haven’t done anything yet and I haven’t finished explaining everything. How could you possibly have figured out the problem?” I informed him that he’s running Windows XP Home Edition which doesn’t support business networking and explains why he couldn’t connect to the server. He insisted that all his computers are running Windows XP Pro and besides, how could I possibly know that without having even done anything?
I asked him to click on the start menu and then he went quiet. I asked if he was there and he apologized and said he was going to call his tech to get the OS fixed. He asked if it would be alright for him to call and request my help if there are any problems from there.
I closed the ticket with “Problem solved. Issue was Microsoft Windows XP Home Edition”.
Kill Multiple Processes at Once Via Command Line with Taskkill
Ever have a program or process that doesn’t end properly and runs in the background continuously?
I recently encountered this issue with VLC on one Windows 7 machine where it keeps the process never terminates. Since I never reboot the machine for other than Windows Updates, this amounted to 633 copies of VLC running in memory. Each process only used about 633k so it wasn’t an astronomical memory hog but multiply that by 633, you begin to feel the machine slowing down. Task Manager doesn’t let you kill multiple processes in bulk and I didn’t want to go through killing them one by one or rebooting.
The solution? Good old command line. Open up command prompt (start -> run -> cmd.exe). This snippet will kill all processes that start with the taskname:
TASKKILL /IM [TASKNAME]* /F
To kill all VLC processes, you’d use:
TASKKILL /IM vlc* /F
All running VLC processes will be terminated automatically.
jQuery fancybox ‘*.support not defined’ or ‘b.support not defined’ Error
I was importing some code from static HTML pages into a client’s home grown CMS system this morning. When I reviewed the site in Firefox with Firebug running, I was seeing the error:
b.support not defined
The site uses Fancybox to display the window overlays within the site so I had to step through the code and to find out what broke during the migration. Turns out it was a stupid mistake on my part.
Make sure that you include a reference to the jquery library before you load fancybox.
<script type="text/javascript" src="/js/jquery.min.js"></script> <script type="text/javascript" src="/js/Fancybox.js"></script>
SQL 2008 DTSX
The Problem
Earlier today, I was working on setting up DTSX so some end users could run some packages. After loading and testing the packages successfully, the users tried running the package and encountered an interesting error:
SSIS Execution Properties
Failed to open package file “C:\Program Files\Microsoft SQL Server\100\DTS\Packages\dts_filename.dtsx” due to error 0x80070005 “Access is denied.”. This happens when loading a package and the file cannot be opened or loaded correctly into the XML document. This can be the result of either providing an incorrect file name was specified when calling LoadPackage or the XML file was specified and has an incorrect format. ({FFEE8F2F-A0A6-40BE-8CDA-86BEC124F874})
The packages were provided by another vendor so I wasn’t keen on trying to modify things within the packages themselves. I was able to run the packages under my admin account but the end users kept running into the error which lead me to believe that the user needed some special permissions. The users were connecting to this virtual server via remote desktop. While it was a dedicated virtual machine specifically for this project, I really didn’t want to give users admin rights because…well I don’t think that needs to be explained so I hunted around and of course there are no settings for controlling access via permissions in management studio. It was time to take to the interwebs and use my Google-Fu and see what others have found on this error. I found others who had similar errors but none had the exact issue. Some similar errors:
- http://msdn.microsoft.com/en-us/library/aa337083.aspx – This was the closest except that it dealt with remote access which wasn’t the case here. I tried it anyways in case it was the problem.
- http://www.mssqltips.com/tip.asp?tip=1199 – Proxy permissions for SQL agent which is useful to know when creating scheduled jobs.
The Solution
I remembered that SQL Management Studio had issues with accessing files in different locations (i.e. My Documents). With the new security settings in Windows, you may have noticed you need admin rights to add, run, or or modify folders/files in locations like c:\Program Files in Windows 7/2008. I wondered if DTSX used a special permission that allowed it to access files and checked the groups under the Server Manager. I found a group called SQLServerDTSUser$[MachineName]. I added the users who were executing the packages to this group and then checked the permissions on the folder C:\Program Files\Microsoft SQL Server\100\DTS which didn’t have the group listed. I added the group to the folder permissions, tested the package and voila – it worked.
{Unable to evaluate expression because the code is optimized or a native frame is on top of the call stack.}
Problem
If you’re working in ASP.NET and ever ran into the error:
{Unable to evaluate expression because the code is optimized or a native frame is on top of the call stack.}
You’ll probably find that the stack trace gives you no useful information as to where the error actually occurred.
The Solution
For Response.Redirect, use the overload function (Response.Redirect(String url, bool endResponse)) and pass false into the EndResponse parameter:
[csharp]Response.Redirect ("nextpage.aspx", false);[/csharp]
For Response.End, you’ll need to call the HttpContext.Current.ApplicationInstance.CompleteRequest method instead of Response.End to bypass the code execution to the Application_EndRequest event.
Details
The error occurs when you use Response.End, Response.Redirect, or Response.Transfer.The Response.End method ends the page execution and shifts the execution to the Application_EndRequest event in the application’s event pipeline. The line of code that follows Response.End is not executed. This problem occurs in the Response.Redirect and Server.Transfer methods because both methods call Response.End internally.