Copyright © 2010 The G String. All Rights Reserved. Snowblind by Themes by bavotasan.com. Powered by WordPress.
Microblogs
- Anarchists v Capitalists cricket match this Friday http://bit.ly/duLt2j
- First-hand account of what its like to break-into Westminster http://london.indymedia.org/articles/5461
- No praccy with @HERCYROCK cos Stu fell over- you'll just have to hear the improved version of 'Shadows' for now: http://bit.ly/b7MxGz
- @alijonesmusic - I have a holding page up for Burning Desire, lets post the live recordings tomorrow... http://bit.ly/ccZUfW
- One more Hercules Rockafeller demo available on my website: Check out 'Shadows' - free download at http://bit.ly/b7MxGz
Follow Me on Twitter
Posts Tagged ‘ mySQL ’
Add new tag
AMD
apache2
applet
Barebones
CMS
configuration
CSS
dan garland
Debian
freelance
google
hosting
Icecast
Ices
IE
Indymedia
Intel
jar
jarsigner
java
keytool
Linux
london
Music
mySQL
Open Source
Projects
radiohead
Rails
Ruby
rubygem
Ruby On Rails
SecureTrading
SEO
Servers
sqlite3
Streaming
Tyan
tyan transport gt24 debian
upgrade
widget
x3d
xj3d
XPay
You know when your brain is just not co-operating when you type ls into the mysql client console.
Continue Reading »Far from having a hardcore readership in Russia, I learned the hard way that running a custom WordPress installation invites hackers to manipulate its fallible security measures. It would seem that the variety of users signing-up with a .ru address have figured out how to inject php code into wordpress, and my 2.8.2 version was riddled with custom javascript, php code and lots of messages about those little blue pills that can do so much for your sex life. I have to hand-it to whoever it was, that they took the time at all to suss out the flaws and use wordpress for such a lofty goal. They even managed to get a PHP file uploaded to the application, which is both alarming and annoying.
In the end, I decided that caution was the best policy, and installed a completely fresh installation of WordPress. I’ve now disabled users (not really sure of the point of them anyway), and added HTTP authentication to my /wp-admin directory. Its now been a couple of quiet weeks, so I’m taking this to mean victory for now.
I suppose this is the main issue of using open-source software; if you find an exploit, you can cruise around the web, looking for older, vulnerable installations and attack them. The customised code of many of the websites I’ve seen are probably far more vulnerable, but their uniqueness brings a form of security of its own- its too much work for script kiddies to figure out the dynamics of every site on the web, and after all, who cares if you hack Dan Garland’s blog; better-off chasing after Disney and Microsoft, where all the geek kudos would be.
Clean-up
For anyone out there who has experienced a hacked wordpress installation and wants to clean it up, these are the steps I took:
You can find the latest verison at http://wordpress.org/latest.tar.gz.
Don’t make the mistake of leaving your hacked wordpress somewhere on-line that these pricks can get at it.
You could point wordpress at your old installation, but you’re running the risk of leaving some code in a comment or post that will leave your installation vulnerable.
Search particularly for long-entries, or any content not authored by yourself.
I decided to keep posts, comments, tags and categories. I used:
mysqldump my_db -u user -p wp_links > links.sql
mysqldump my_db -u user -p wp_posts > posts.sql
mysqldump my_db -u user -p wp_comments > comments.sql
mysqldump my_db -u user -p wp_links > links.sql
mysqldump my_db -u user -p wp_term_relationships wp_terms_tp_term_taxonomy > tags.sql
Barring the odd column here and there that may have changed between versions, this worked for me but gave me the chance to vet what content went back into the database.
mysql my_db -u user -p < links.sql
…
When working in ruby on rails 2.0.2 I keep my development database in the default sqlite3 but use mysql for the production database on a seperate test server. I found that after a while of use from my alpha-testers, the test server database for my web app had been filling up with useful, real-life data, that I wanted to use on my development environment. So I needed a way to transfer the data from mySQL (5.0.32) into sqlite3.
I exported the data from mySQL using the mysqldump utility. The mysqldump tool is normally used for backing up mySQL databases, but with a but of cunning can be used to export data into other formats. Firstly, since my sqlite3 development database already exists and can be recreated from the rake migration scripts, I didn’t need any of the SQL statements that modify or create the schema. You can tell mysqldump that with the –no-create-db and –no-create-info arguements to mysqldump:
mysqldump –no-create-db –no-create-info yourdatabase
Secondly, mysqldump uses its comma-seperated INSERT feature for brevity. However, sqlite doesn’t like this, so I wanted it to use a sepereate INSERT statement for each row. This is done with the –extended-insert=0 option
mysqldump –no-create-db –no-create-info –extended-insert=0 yourdatabase
Lastly, I wanted to ignore any of the comments or locking statements and output only those INSERT statements into a file. I did this using grep and piping the output:
mysqldump –no-create-db –no-create-info –extended-insert=0 yourdatabase | grep ‘INSERT’
you can then redirect this output into a file
mysqldump –no-create-db –no-create-info –extended-insert=0 yourdatabase | grep ‘INSERT’ > yourdatabase.sql
The one problem that I found with this output was that sqlite3 handles escape characters differently from mySQL, so I had to manually replace any instances of \’ with ” using my text editor.
This yourdatabase.sql file then contains a load of INSERT statements. Since I didn’t need the data in my development database anymore, I decided that the easiest thing to do would be to just delete the db/development.sqlite3 database and use rake to rebuild the schema, to leave me a clean, empty database. This avoids problems such as clashing primary key entries.
rm db/development.sqlite3
rake db:create
rake db:migrate
Finally, to import my data into sqlite3 I used the .read command in the interactive command-line tool
.read yourdatabase.sql