The Hacked Server Hangover

by Arnaud Bouchot on April 24, 2014 4 comments

Every Server Admin managing a shared hosting environment knows what the hacked server hangover is like:
– it is painful
– it is frustrating, because it happens despite the strict security you already put in place, already having an antivirus in place, strict firewall rules, upgraded services…
and
– it almost always starts with the same – boring – story
“once upon a time one of your users installed WordPress and forgot about it”, leaving it in a corner of his space and letting it get to a point where it’s several versions older than the current releases -> full of security holes.
I could talk for much longer about these CMSes, Not only WordPress, but basically the security holes are more often originating from the third party templates, plugins, or custom developments rather than the WordPress or other CMSes themselves. These old unmaintained installations make the ideal ground for all the exploit scanners that intruders/hackers are using to get access to your servers. Most of the time a malware has been injected after a series of XSS (Cross-site scripting) attacks or SQL injection exploits in the user’s folder.
The pain is propagating as far as it can to suck out all the resources it can take from your server, in some extreme cases you could also lose access to your own server… Generally, the first symptoms will come with an excess of emails in the queue – thousaaaaaaands – of garbage emails delivering the best offers to the whole world, from your shared server IP -> disaster, in this case where the server is used as a spamming resource, you will also find out that the infected user’s websites have been defaced and are now used to relay the spam sent and host temporary phishing pages to try to steal people’s sensitive data (generally banking details).
This also has a few exciting side effects like exposing your server to high CPU load, leading to such poor performance that you almost cannot SSH-in anymore.

It’s bad times and the fun has just started but action has to be taken as quickly as possible because you are in a very bad spiral of events; next steps are your IP being reported to the DNSBL (DNS Black Listing) -> server blacklisted -> Ip reputation downgraded – break down.

All you need is a hug, a fast, efficient painkiller and a good way of preventing it from ever happening again.

You can ask around for the hug, if you are not spending too much time on your servers I’m sure you’ll find a friend – easy.

I can provide painkillers :

Linux Malware Detect (LMD) is a malware scanner that detects and removes malware on your Linux server. It says it all. It is particulary great for webservers in shared hosting environment and this is LMD’s main focus.

The threat landscape in shared hosted environments is different from the scenario typically addressed by the standard Anti Virus products. These detect primarily OS level trojans, rootkits and traditional file-infecting viruses but are quite poor at detecting the increasing variety of malware at the user account level which serves as an attack platform.

Linux Malet uses MD5 file hashes and HEX pattern matches as signatures.
These signatures are built from malware data that was delivered by IPSes, community data, ClamAV and user submissions.

I have implemented LMD on every Linux Webserver that I install, even my own laptop:

let’s take it onboard.

Please note that you need a linux server, the root access and a bit of paranoia – also in case you are wondering, LMD is already watching all our On-Rev servers.

1) Download the latest LMD package.

# cd /tmp
# wget http://www.rfxn.com/downloads/maldetect-current.tar.gz

2) Install it

# tar xfz maldetect-current.tar.gz
# cd maldetect-*
# ./install.sh

3) configure it

(every param in the config file is commented)

# nano /usr/local/maldetect/conf.maldet

here's a sample file

# [ EMAIL ALERTS ]
##
# The default email alert toggle
# [0 = disabled, 1 = enabled]
email_alert=1

# The subject line for email alerts
email_subj="maldet alert from $(hostname)"

# The destination addresses for email alerts
# [ values are comma (,) spaced ]
email_addr="you@domain.com"

# Ignore e-mail alerts for reports in which all hits have been cleaned.
# This is ideal on very busy servers where cleaned hits can drown out
# other more actionable reports.
email_ignore_clean=0

##
# [ QUARANTINE OPTIONS ]
##
# The default quarantine action for malware hits
# [0 = alert only, 1 = move to quarantine & alert]
quar_hits=1

# Try to clean string based malware injections
# [NOTE: quar_hits=1 required]
# [0 = disabled, 1 = clean]
quar_clean=1

# The default suspend action for users wih hits
# Cpanel suspend or set shell /bin/false on non-Cpanel
# [NOTE: quar_hits=1 required]
# [0 = disabled, 1 = suspend account]
quar_susp=0
# minimum userid that can be suspended
quar_susp_minuid=500

4) Manual Scans and Usage

You may just wanna scan the “suspect” user, so that’d be the command you’d want to run.

# maldet --scan-all /home/suspect/

The following command is good to know too, If you previously ran a scan but forgot to turn on the quarantine option, you still can quarantine or clean all previous malware scan results using their SCANID :

# maldet --quarantine SCANID

OR

# maldet --clean SCANID

5) Daily Scans

By default LMD script is located here /etc/cron.daily/maldet and it performs a daily scans, update of signatures, quarantine etc, and sends a daily report of malware scan to your specified emails. The apache folders are already listed but if you need to add additional paths to be scanned, then you will need to add them here:

# nano /etc/cron.daily/maldet

Voila, after having cured a few servers and saved -a lot- of time using LMD I felt I had to tell you about it, hoping it will be as useful to some of you as it has been to me.

Finally I would like to add a little something about WordPress, I like wordpress and the only reason I have mentioned it in our catastrophe scenario above is because this is by far the most popular CMS and so you get a higher probability to find out it has been the gateway of some hack, just because of it’s popular. This does not mean that WordPress is less secure than other CMSes like Joomla or Drupal. As long as you keep your WordPress up to date and respect a few things you’re ok, I could eventually detail these rules in a future blog post.

read more
Arnaud BouchotThe Hacked Server Hangover

From Cocoa with Love

by Mark Waddingham on April 23, 2014 11 comments

There’s lots been going on at RunRev lately development-wise. Maintenance on the 6.6 cycle has been trundling along, 7.0 with its Unicode support is rapidly maturing and in between these two things sits the project that has been my main focus for the last few months – 6.7.

The main goal of 6.7 is to rework the Mac-specific parts of the engine to use the Cocoa framework rather than the (now deprecated, and aging!) Carbon / Classic frameworks. Not only will this allow LiveCode apps to be sandboxed (there are numerous bugs in Mac’s implementation of sandboxing for Carbon apps) and thus submitted to the Mac AppStore once again but it also means that things like revBrowser work much better as the browser control can be embedded directly in the stack window.

One of the most challenging parts of porting the engine to use Cocoa has been (as far as possible!) to retain identical functionality as before. Cocoa is a very high-level framework and as such likes to do things in a very specific way. Given that LiveCode is also a very high-level framework there is a certain amount of ‘creative coding’ required to bend Cocoa around to LiveCode’s way of thinking.

For example, Cocoa will not send continuous ‘windowMoved’ messages (unlike Carbon), you only get periodic updates when the user pauses the movement. This did cause a bit of consternation, but after some googling, some hair pulling and a nifty use of an auxiliary thread and window server interrogation, LiveCode can still enjoy appropriate moveStack messages (you can see the patch for that here https://github.com/runrev/livecode/pull/613).

All-in-all though, the transition to Cocoa has been relatively smooth – a cleaner, more well-defined separation between the platform-specific part of the engine and the rest is emerging and we’re approaching parity with the non-Cocoa feature set.

Anyway I’d better get back to my 6.7 bug fix list – we’re hoping to get 6.7-dp-3 ready soon which will hopefully be the last before we start the RC cycle!

read more
Mark WaddinghamFrom Cocoa with Love

Stacks, objects and messages… oh my…

by Neil Roger on April 21, 2014 7 comments

So what have I been up too since my last blog post? I certainly haven’t been following a yellow brick road through a spooky forest (feels like I am sometimes), although, I almost made it to Hogwarts but just missed the train at platform 9 ¾….

hp
(Unfortunately Harry was on his Easter holidays)

All joking aside, the above picture is from London’s Kings Cross Station where I arrived and departed from during my recent work related travels.

Myself and work colleague David Williams, were visiting “the big smoke” last week as we were the lead trainers for a LiveCode training course that was being held in the fantastic Lift venue in Islington.

class

The main goal of the course was to provide some basic training for users who are new to the LiveCode platform. We covered things such as LiveCode fundamentals, database integration, media integration, location services, social networking and deployment. The initial feedback we received from the attendees was great and it was fantastic to see what our users are using LiveCode for first hand.

After each day we travelled back to our hotel by bus (The great bus service in London rivals what we have in Edinburgh), freshened up and then headed out for a bite to eat. Our first night led us to a nice little Indian restaurant and the second night found us in a very traditional English pub which served fantastic Thai food.

pub

plates
(Need some plates?..take your pick from the wall)

The sessions were a great personal experience as I have not had a chance before to lead a training course and really enjoyed building the content and making sure that it would be interesting, relevant and helpful. Interacting with the attendees was very inspiring.

I am very much looking forward to our next training sessions, it was a fantastic experience, with some challenges along the way which left me more than ready for my bed at the end of the day.

If there is anything you would like to see in a training session or any areas that you would like us to visit, please leave a comment below and with interest building more and more, we might end up taking a trip to somewhere near you 🙂

read more
Neil RogerStacks, objects and messages… oh my…

LiveCode @ D14

by Mildred Foo on April 17, 2014 4 comments

So, I have an exciting piece of information to share with you all this month!  We have been invited to showcase at the D14 Summit which is Scotland’s flagship digital summit.  D14 will debate the issues impacting digital business, as well as identifying the opportunities for companies designing, innovating, and adopting digital services, platforms, and applications. 

On 29th and 30th May 2014, the digital and creative sectors will come together at the SECC in Glasgow to explore ways to collaborate.  D14 will comprise keynote presentations, studio sessions, networking, and an interactive showcase, all focused around 4 themes –

  • Retailing
  • Fintech (Financial Technology)
  • dHealth (Digital Health)
  • Education

The event will also tackle the difficult questions impacting the sector and offer ideas and perspectives from around the world to support the creation of new business opportunities.

Come and learn from internationally known key players in the digital sector and share your views and ideas with like-minded people.  ‘Digital’ shouldn’t mean hiding behind the laptop or mobile phone.  D14 is about meeting face to face, making new connections, discussing, sharing, and taking a bold new approach to solving problems, so we can do things better.

Taking part at such a prestigious event is the perfect opportunity for us to present LiveCode and delegates will be able to interact with LiveCode as well as speak with our knowledgeable team.  We will be showcasing within the Education arena so do drop by if you will be there too!

read more
Mildred FooLiveCode @ D14

Fixing Bugs

by Panagiotis Merakos on April 14, 2014 3 comments

The in-app purchasing feature I was working on during the previous months is now finished, and is available in LC 6.7 DP1. So, in the meantime, before moving to a new project, I had the chance to do some bug-fixing. It was my first exposure to bug-fixing, and I have to admit that it was more interesting than I imagined! To begin with, I started browsing our bug database in the Quality Control Center. The steps for fixing a bug are three:  reproduce – find where it comes from – fix!

 I thought that as a beginner, I should start with something relatively easy, so I tried to sort out some crash-related bugs. I believe these are easier to fix, or at least easier to reproduce and find the exact line of code where the crash occurs. This can be done by trying to run LC in the IDE with the debugger active and see what line of code it stops on. Well, this isn’t necessarily the line that contains the bug, but you know you are close! If you step backwards, you will find where the actual bug occurs. Using this method, I fixed a couple of bugs. Not surprisingly, modifying the same single line of code, fixed three different bugs that at a first glance  seemed unrelated.

The next category of bugs I tried to fix were the “platform-specific ones”. In this kind of bug, the LC functions that were reported to misbehave, usually communicated with particular System functions that were deprecated. The fix to these bugs required more time. I had to search the web for the new up-to-date System functions, and replace the deprecated ones.

After that, I felt I was ready to face some harder bugs! I tried different categories, android orientation-related bugs, engine architecture-related bugs, engine objects-related bugs and some more. When I could not fix a bug, I tried to post a helpful comment or provide a workaround. In any case, either being successful in resolving these bugs or not, I enjoyed it because it gave me the opportunity to gain a deeper understanding on how the engine works. Moreover, I was impressed with how much attention to detail the LiveCode users that reported some bugs pay! I remember a bug where the user had reported that in a specific version of LC, the “unlock cursor” command delayed by one(!) pixel, meaning that when you unlock, the cursor had to be moved a pixel (at least) for the change to take effect. Impressive!

read more
Panagiotis MerakosFixing Bugs

Reading other people’s code

by Michael McCreary on April 11, 2014 11 comments

Things are pretty hectic here in the LiveCode office at the moment. Not only are there 3 (yes three) separate versions of LiveCode out there for testing (6.6, 6.7 and 7.0), each with there own set of new features, there are also several projects being worked on that are still in their infancy. These new projects will form the basis of future LiveCode releases. It’s tricky to decide when to end development on one project and begin working on another. That’s often why as developers we find ourselves working on several things at any one time.

As we’re preparing to draw a line under the 6.5/6.6 cycle (with the release of LiveCode 6.6.2 – naturally we’ll still be fixing any bugs that crop up in these versions), I find myself doing a lot of debugging and sifting through old sections of code. And this got me thinking about coding style and specifically how we comment code. Each developer appears to have their own particular way of doing things. I’m trying to decide which I prefer. Here are a few that I have come across. What type are you?

The read the source commenter

Or in other words, the coder who views comments as optional. This coder takes the opinion that all the information you need is contained within the source itself. In reality they’re just lazy. I think I’m allowed to write this: I’m very much of this type.

For the most part, I actually don’t mind this style. I often prefer to work through the code line by line, figuring out what it does and how it all fits together as I go. As long the code is well written and I have a grasp on roughly how the given component works, it usually works out okay.

But there are some pitfalls. How many times have you found yourself in this position? You come across a line of code that you have no idea what it does or even why it’s there. What you do know is that if you remove it, it fixes a bug that you’ve spent hours tracing down. What you don’t know is the impact of removing the line. Will it pass without incident or will computers around the world suddenly start catching fire? See, a little explanation here wouldn’t go amiss.

So some commenting is useful. But how much?

The essay writer

This type of coder makes the assumption that everyone reading their code is an idiot. Often, the lines of comments far outnumber the lines of code. I once heard someone say that you should write your code with the intention that your gran should be able to understand it.

And here’s my problem with this style. I’m not an idiot (or at least I like to think not). And I’m certainly not your gran.

Working on a project like LiveCode, which has a very mature code base, you find that a lot of your time is spent poring over code, trying to figure out what it does and how it works in order to fix bugs. You want to do this as quickly and efficiently as possible. However, there’s nothing worse than when going to fix a bug, finding yourself faced with a swathe of green. It makes you feel like that to even begin contemplating fixing the issue you need to spend the next few hours sitting down in a darkened room getting into the author’s mindset. Only then will you have reached a point where you will be able to understand and comprehend the complexity of the  code that follows.

In reality, when fixing a bug, you want to do it as efficiently as possible. You don’t need to have a complete grasp on the full inner workings of the system. You just need to know enough to understand what the issue is and know that your fix won’t cause any further issues.

My opinion is that more significant chunks of technical documentation should be kept separate from the source code itself. If you find yourself having to write a lot of comments to explain your code, maybe the problem is with the code itself. Try and write clean and clear code. Often code that is well designed and thought out requires fewer comments and is much easier for third parties to understand.

The redundant commenter

Ahh, the redundant commenter. The only thing that annoys me more than the essay writer is the redundant commenter. I’m sure that this coder has good intentions at heart. It’s just they appear not to be able to put these good intentions to use. Take for example, the following lines of code:

    -- Repeat through each person in the address list
    repeat for each line tPerson in tAddressList
        . . .
    end repeat

As I’m sure you can see, the comment above is less than useless. Consider this: You’ve spent what feels like hours tracing down a bug, get increasingly more and more frustrated. At this point you would take any minor hint or guidance. Just a little something that might point you in the right direction. You spot a line of green. You think this is it, this is the comment that is going to make everything clear. You read it. You collapse in a heap of disappointment. At this point, I usually get up from my desk, go home and swear I’m never going to look at a computer again.

That may be an exaggeration, but padding out your code with redundant comments isn’t really helpful. It’s commenting for the sake of commenting. If a line of code is self explanatory, there’s no need to comment.

Finding a balance

So, comments are needed. But too much can be counter productive. So what’s a good balance? I generally try to stick to the following rules. Use descriptive names for your variables and handlers. Don’t be scared of verbosity, but don’t go overboard.

  • Use a prefix system for variables (e.g. local variables, parameters, globals, script variables etc).
  • For each handler, write a sentence or two describing what the handler does (not how), including a run-down of parameters it takes, what it returns and any errors it throws. If you can’t do this in a few sentences, that suggests that you may need to rethink your abstraction.
  • Comment on any blocks of code that are doing something subtle or that is not immediately obvious.
  • Attempt to make the code you write as clear and simple as possible. After you’ve got a block of code working, if you think you can rewrite it in a cleaner way, then do so.
  • If you are working on a larger project that requires further description, do this in a separate document.

These, though, are just my thoughts and opinions that have been formed over years of looking at other people’s code. I imagine that if you ever had to work through some of my code, you’d no doubt be of the opinion that I’m full of nonsense and doing it all wrong.

read more
Michael McCrearyReading other people’s code

Connections.

by Heather Laine on April 9, 2014 2 comments

This afternoon, for one reason and another, I am temporarily disconnected from the internet, and I’m finding it pretty traumatic. I’m using the time to write a blog post, but even this simple activity is hampered by my inability to look up things online, check my facts on Wikipedia, and locate suitable images to illustrate my points.

Which really is the point of today’s post. Our lives these days are governed by connections and many of the apps we write can be seen as collections of information gathered, often live, from the wonderful world wide web at our fingertips. So many apps are data driven, grabbing information as it is needed and serving it up to the end user, hot from the grill. For example, my desktop calendar has of its own volition located the calendar on my phone and now startles me daily by popping up notifications and reminders when I least expect them. In my defence, some of these events were not even entered by me, they are events created by other users whose calendars talk to my calendar, which then talks to my phone and reminds me I should now be somewhere entirely different, doing something I wish I had been allowed to forget about. Push notifications in action. Terrific.

LiveCode is excellent glue. It’s great at sticking together content from a wide variety of sources and making it available in one place (your app) in a tidy way (your lovely app interface) so that the end user gets a beautiful seamless experience. At one end of the spectrum you could pull together images from a users camera, data from a website, messages from other users and create, perhaps, a fabulous recipe app that lets you take a picture of the meal you created and share it with friends. Or at the other end it could be used to create a heavy duty app for crunching through masses of data and finding trends or specific information, with its easy database connectivity. Big Data is Big Business and LiveCode is good at it.

I find all the uses that our users find for LiveCode fascinating. These days, the apps created are rarely isolated self-contained items, they are part of our interconnected lifestyle, and participating to a greater or lesser extent in the huge global network that is the World Wide Web.

You could say LiveCode is truly live.

read more
Heather LaineConnections.

Scaling up the details

by Ian Macphail on April 8, 2014 1 comment

In the previous post, I covered the update to the graphics layer. Updating the graphics library means we can now draw stacks at any scale, which allows us to add a whole slew of new and useful features. One of which is the ability to transparently support high-density displays.

Hi-DPI support

The introduction of the Retina display to iPhone/iPad created something of a problem for apps developed for the previous generation of devices. Apps created at the fixed size of these devices suddenly had four times the number of pixels to fit into (2x width and 2x height), and although they could still display at the same size, on the higher density displays it was apparent that they were not taking advantage of the available high resolution. The reason being that the apps were drawing at the old size, and then being scaled up – giving a stretched, pixelated appearance.

Rather than create a smaller image and scale it up, in order to draw cleanly and crisp on higher density displays you need to create an image with the same number of pixels as the display. This is a problem when your app is 320 x 480 in size, and the area into which you need to draw is now 640 x 960. Without scaled drawing support in the engine you would need to manually adjust everything on the stack to appear twice as big – from the size & position of each control, to the line width of any graphics, to the font size of any text appearing in the app.

To overcome these issues we could now use the new graphics library features to implement scaled drawing within the LiveCode engine. This automatic scaling is now included as of LiveCode 6.6 and is enabled by setting the "usePixelScaling" property. On mobile devices the degree of scaling can also be controlled by changing the "pixelScale" property.

The pixelScale controls the relationship between the logical size of the screen and the number of physical pixels in the display. This is quite straightforward on mobile devices, where there is only a single display. The old pre-Retina Apple devices have a 1:1 ratio of logical coordinates to pixels, retina devices have a 1:2 ratio. For a 320×480 stack to appear at the same size on both devices it should have a pixelScale of 1 on the non-Retina device, and a pixelScale of 2 on the Retina device. This happens automatically in the LiveCode engine – the pixelScale is set on startup to the appropriate value for the density of the display.

Getting it all to work

Implementing this within the engine was pretty challenging. If everything can be scaled, then there is no longer necessarily a 1:1 relationship between the size and location of objects on the stack, and their position on the screen as understood by the operating system. Unfortunately this was an assumption made in many different areas, such as the size and location of windows, to the position of mouse movements and clicks, to the apparent size of the screen itself. The situation is further complicated by the fact that some platforms expect coordinates in terms of screen pixels (Windows, Android), and others in terms of logical screen coordinates distinct from physical pixel sizes (iOS, OSX) so we end up having to think in terms of three separate coordinate systems: logical sizes within the engine, physical pixels, and logical (or not) coordinates used by the OS.

All this means that where code could previously use the same coordinates when referring to objects on a stack, or the position of the mouse cursor within a window, now that code had to be adapted to translate back & forth from one coordinate system to another. This was made somewhat easier by the progress of ongoing refactoring work to separate out window-related functionality from the tangle of stack code that made no distinction between a stack and the window that contains it. Now it was possible to define a scale factor between one and the other, and convert coordinates at the point of passing through from one to the other.

I think this really highlights the value of the work we’ve done to split apart the engine code into clearly defined areas based on a consistent and logical identification of distinct concepts that helps collect related code together and removes the implementation details from areas that are not directly related.

LiveCode 6.6.1 is now available. This is a stable release.

Getting this release
To upgrade to this release please select "check for updates" from the help menu in LiveCode or download the installers directly at: http://downloads.livecode.com/livecode/

read more
Ian MacphailScaling up the details

Recent Posts

Recent Comments

Tags