Rob's Ramblings

Friday 29 January 2010

Viruses...what a time waster!

For the last few days, I've been working on another website. It's been fun, writing code that people actually seem to be impressed by.

Yesterday, I woke up, opened up the laptop, started to play, and found myself looking at a "Windows security centre" screen and a prompt to install a "Windows Malware" program. Hmm. Now I'm not quite that gullible, so try to just close the windows, but it still pops up an installation dialogue and runs through something too quickly for me to catch and kill it in Task Manager,

So...I've been infected with a virus. It knocked out the AVG anti-virus I had on here, and seemed to block access to several websites that dealt with virus issues. Trend Micros' one-shot "housecall" did run, and spotted four "FakeAV" Trojans, and deleted them, but didn't manage to cure the problem, and indeed got knocked out when I tried to run a full scan rather than the quick one.

In the end I only managed to get rid of it using the f-secure emergency boot disc.. That's a nifty little disc that boots into and runs Linux from memory, and then can scan the NTFS disc partitions where Windows lives. All it can do is rename the infected files, rather than move them anywhere else, but that's usually enough, and it was.

Of course, making the disc was a story in itself.. Suffice to say that my wife's nifty little Dell XPS laptop white elephant couldn't even burn a CDR reliably, so I ended up using an old Acer that mostly these days tends to run software from Fisher Price for the little one!

So, after spending nearly five hours getting rid of the thing, and another three trying to re-install some anti-virus software (AVG failed to reinstall, even after uninstalling it, so I ended up with Avast) I set about looking for how on earth I had been infected in the first place.

Now I use Opera as my browser, and it usualy just opens up all the tabs I had open in the previous session. So I fire that up, and the new AV pops up a "website blocked" warning message. OK... I've got close on 40 tabs open, which one is it. And why? I thought Opera was fairly resilient to attacks. I'd been suspecting the old copy of IE6 that I had fired up for the first time in ages the previous day, to access the courtservice government website, that doesn't like Opera. So I close all the tabs that I didn't need any more, all those I'd run across when looking for something else, that sort of thing, leaving just things like my email, the bank, the stuff I was working on, etc. Close Opera and reload it - same warning. The bad website it's referring to is, so I start doing a view-source on each page in turn, looking for the reference.

And I find it - on my own website!! There's an Iframe link added to the end of the index.php page! WTF?! Has somebody hacked my FTP password? Is there a bug in the CMS that allows injection of code?

I've not looked into it too closely, but at one point I remember seeing an Adobe Acrobat warning that the document I was trying to open was written in a later version than I had installed, so might not work properly. I thought it odd at the time, as I'd not tried to open any documents, and the warning box didn't give an option to cancel the load. I suspect now that this was where the issue was - something somehow added the iframe to my page, which then included a PDF of some sort in a hidden window. This took advantage of a vulnerability in Acrobat to fire off the virus code. So Opera itself was not at fault.. At least I can press F12, turn off plugins, and carry on browsing safely.

So I check my other sites. They all have the malicious code added. That lets off the CMS, but when a simple place-holder website that has nothing more than an index.html page with a single JPEG image has been infected, then there's something else at work. I check the access logs for that site - it gets maybe one or two visits from search engines a day, and that's all it has. However the virus got there, it wasn't via an HTTP connection. It has to be server-side. Drat. This is confirmed when I look up and visit several other random web sites that are hosted on the same machine, and absolutely nothing to do with me. Everybody has the same code on their website.

I logged it with my hosting co's Tech Support, and they seem to know about it, and say they are removing the codes. But eight hours later they have still not fixed the issue. So please be careful if you visit any of my websites. (This blog is safe, as the subdomain is hosted elsewhere.) I tried removing the code manually last night, but it came back..

There's something to be learned from this. Don't just keep your browser up to date with all the security patches. Anything that provides it with a plugin is vulnerable, too. Time to go update Acrobat..

And try and work out how to catch up on a completely wasted day..

Labels: , ,

Friday 22 January 2010

Making old data visible, easily!!

Many years ago I was heavily involved in the viewdata industry - working for Micronet 800 and then producing software for other Prestel ISPs, running my own viewdata BBS, etc. I therefore accumulated rather a lot of viewdata pages, and managed to recover these from an old backup a few years ago.

As part of a separate project, I wanted to display these images. As they were saved using a BBC Micro, I loaded them up in a BBC Micro Emulator, under Windows, took a screen capture, pasted that into Photo Editor, cropped it, saved it out as a GIF, and finally uploaded it to the web server. I then had to add the image to whichever gallery it belonged in. As you can guess, this is fairly labour intensive, and gave rather variable results.

Being a firm believer in "let the computer" do the work, I started this side project to condense all this into as little work as possible. What I wanted to acheive was to reduce the steps to: 1. Upload original saved screen file to the web server. 2. End.

I think this has now achieved this, and more so! There are currently two scripts in the suite - vl.php (viewdata lister) will scan a given directory and construct a web page bsaed on the files it finds. vv.php is used as an image source for each file, and this reads the files and constructs a PNG or animated GIF, as appropriate, and returns it to the client.

As a side-benefit of having the original save file available, it's also possible to provide a text-only version of the frames! I hope this will make things more search-engine friendly.

You can find the files here.

At the time of writing, you can find a sample page here that shows the results that can be acheived for a random selection of pages from Prestel, Teletext and some LAN based services.

Please add any comments or suggestions below.

Labels: , , , ,

Thursday 21 January 2010


Fancy a free cuppa?

I tried some Assam last time they published this offer - I'm not a great tea drinker, preferring a nice coffee, but it was OK. This one is for the more herbal type teas, so it'll be something new.. Pity they are so expensive compared to a box of PG !


Monday 11 January 2010

Ephemeral Coding

I was thinking, last night, about the many programs I've written over my time, and I suddenly realised that the vast majority of them are now completely redundant, and that sort of saddened me. All that time and effort now feels wasted and my efforts are completely forgotten. So, just in case anybody is interested, here are some of the things I've either been paid to write, or were major unpaid projects, that are now of no use whatsoever:

Programs for use with the Prestel viewdata service:
SuperSub - to assist main IPs manage their Sub-IPs.
MailboxMassacre - bulk email handling software.
StopPress Viewdata terminal - the only implementation I knew of that correctly handled double height characters.
AutoF - moderated "bulletin board" and message handling system.
Various modules for the Autonomic Viewdata host.

Programs written in the BOS operating system
Almanac - Room booking and management system mainly used by Local Authorities.
Syrian - took over this EPOS system and almost completely re-wrote it.
COMP - poor mans' IDE for BOS Cobol/SpeedBase, handling macro for recompiling different versions of a project.

Programs written for use with WorldsAway (V.1 of what is now vzones "Dreamscape")
Various game hosts.
Various client mods to add functionality.
Clone server, written in VB. (And to be clear, I had NO access to any existing server code: it was written simply by seeing what the client did when I tried to talk to it.)
Clone client for UNIX, only good for "parking" an avater.

Web Applications
Various PHP based applications to solve puzzles that were being run on the Quiz Call TV channel.

I'm sure there are lots more, but that's what I remember for now.

What's most irritating, is that I can't actually think of anything that I've written that's likely to still be in use, apart from some code contributed to other peoples' projects. (e.g. the econet code in BeebEm.)

Labels: , , , , , ,

Saturday 9 January 2010

Some Old Poems

I found some old "poems" of mine in some ancient files ..

Sing a song of goblins,
a pocket full of elves.
Four and twenty white mice,
talking to themselves.
Conversation falters,
elves and mice get free.
Run of in the undergrowth,
ever live happily.

Once upon a goblin time
when goblin poems were deemed to rhyme
and grass was green, and the earth stood still
and folk were pink, and never ill,
and life began at birth, not death,
and men were men, and all the rest,
that time was great, and never dull,
and now just look, the earth is full,
and grass is blue, and ground does move
and folk are green, and never groove,
and life is death, and men are dead
and all because, it once was said,
that goblins don't exist no more,
it's all superstitious dumb folklore

(c)me, sometme in the late 1980s.

Labels: ,

Wednesday 6 January 2010

Snow, snow and more snow

OK. I need to get back into posting stuff ...

Here are some pictures of the "unprecedented" snow today!


And somebody special enjoying it!


Labels: , ,