FarhanFaisal

Last few weeks I found a malicious script installed on my hosting server. This is due to unupdated WordPress, that allow remote attacker to upload some malicious code into the server. The server have been clean up, no more problem.

The malicious file found is a PHP script, with alot of hacking tools embedded. One interesting part is, it have a md5 decoder. I’m not really good in data structure, I cannot construct my own bruteforce code. So, I took those bruteforce code to a single file, just to decode a md5 hash string.

This is just a prove of concept that, a strong password should be long, and have some extra character, other than normal alphabets. This give a higher probability of character to choose in bruteforce attack.

Download the code here, md5decode.txt. Please rename it to *.php.
You have to put in what character options to test against the hash string, and also the hash string you want to decode.

This code might not applicable in real life nowadays, as there are other ways users password been exploited, for example, using default password, and common password. Thats why most bruteforce attacked were dictionary based. So, make sure your password is strong enough. One other method, is Rainbow Table. I’m still reading it

Rainbow Table (Wikipedia) – http://en.wikipedia.org/wiki/Rainbow_table
Md5decode.txt – http://www.farhanfaisal.com/?download=md5decode.txt

I have found this one mysql backup script, that just suite my need to backup all database in their respective file. It will be easy for recovery, if I need the sql for that particular database. This is script have been modified from mysql database backup script in HowToForge. This script will also FTP to other location, but I have remove this functionality, as I dont need to move it to another FTP server.

#!/bin/sh
# System + MySQL backup script
# Copyright (c) 2008 Marchost
# This script is licensed under GNU GPL version 2.0 or above
# Modified by Farhan Faisal @ farhanfaisal.com
# ---------------------------------------------------------------------

#########################
######TO BE MODIFIED#####

### System Setup ###
BACKUP=YOUR_LOCAL_BACKUP_DIR

### MySQL Setup ###
MUSER="MYSQL_USER"
MPASS="MYSQL_USER_PASSWORD"
MHOST="localhost"

### FTP server Setup ###
FTPD="YOUR_FTP_BACKUP_DIR"
FTPU="YOUR_FTP_USER"
FTPP="YOUR_FTP_USER_PASSWORD"
FTPS="YOUR_FTP_SERVER_ADDRESS"

######DO NOT MAKE MODIFICATION BELOW#####
#########################################

### Binaries ###
TAR="$(which tar)"
GZIP="$(which gzip)"
FTP="$(which ftp)"
MYSQL="$(which mysql)"
MYSQLDUMP="$(which mysqldump)"

### Today + hour in 24h format ###
NOW="$(date +"%Y-%m-%d")"

### Create hourly dir ###

mkdir $BACKUP/$NOW

### Get all databases name ###
DBS="$($MYSQL -u $MUSER -h $MHOST -p$MPASS -Bse 'show databases')"
for db in $DBS
do

### Create dir for each databases, backup databases in this folder. ###
FILE=$BACKUP/$NOW/$db.sql.gz
$MYSQLDUMP -a -u $MUSER -h $MHOST -p$MPASS $db | $GZIP -9 > $FILE
done

### Compress all tables in one nice file ###

ARCHIVE=$BACKUP/$NOW.tar.gz
ARCHIVED=$BACKUP/$NOW

$TAR -zcf $ARCHIVE $ARCHIVED

rm -rf $ARCHIVED

http://www.howtoforge.com/shell-script-to-back-up-all-mysql-databases-each-table-in-an-individual-file-and-upload-to-remote-ftp

Last weekend was a great weekend, as I did one new thing, waterfall hunting. I have marked 2 waterfall to search for, both of them found in a website, http://www.waterfallsofmalaysia.com. Its Tanglir Waterfall, and Sungai Dua waterfall. Both of them just within the same path on Karak Highway. Anyway, It start will a warm up trip to Chilling Waterfall with my rock climbing friends.

Chilling waterfall located in Kuala Kubu Bharu. After reaching there, we park our car, and start tracking to the base site, where there were the management office, campsite, toilets and place to pray. The place is well maintained, as it is a fish sanctuary area. Thats why, fishing is strictly not allowed in Chilling Waterfall. You can see the signboard throughout the path.

After 40 minutes walk, just following the path upriver and 5 river crossing, we reached the fall at around 3.30 pm. The waterfall is just fantastic. I remember last time i went there, we did canyoneering near the fall. We spend around 1 1/2 hours there, and start departing back to campsite. There were some strict rules, like you cannot camping there beyond the hanging bridge, and you have to get back before 5 o’clock. You also cannot swim there if its raining. There have been a few accident there, that involves death.

Read the rest of this entry »

Picture by Alexander Krasnikov

Within last few weeks, I’ve been to Bukit Tabur. Could not find more time for long trip, other than usual rock climbing during weekends, and Bukit Tabur trip. It start with my colleague, who would like to try out some adventures during weekends.

On 20th December, we start hiking the hill at 6.30, just 4 of us, because 5 others were late. We dont waste the opportunity to see the sunrise. Within 25 minutes, we arrive there. Its still dark, and we still have to use our headlights to walk. Then I returned back, and wait for the other 5 of us to arrive. We managed to reach the others around 7.30. Its not so hot yet, and we can still enjoy the sunrise that time.

The trip was planned for only to enjoy the sunrise, but we could not hold ourself seeing other trackers moving with the passion to the top. I never reach the peak, the real peak, and neither all of us. We just follow some other trackers that time.

Following few weeks, there comes another trip, for my other friends. They missed the 1st trip, because of health condition. Well, I keep my promise to bring them there Its not as early as the previous trip, but we enjoy the trip, enjoy the sunrise, and enjoy the view from there. For last few trip to Bukit Tabur, I really want to just enjoy the view, and the cold winds. Its just feels like at the top of mountains, just with 20-30 minutes walk.
Read the rest of this entry »

Today I discovered a very slow loading of a few website of mine. For apache, I have reading through and made some tweaks and optimization to make it perform better. On database, not much that I’ve done. I use mytop, a mysql health monitor just like top in linux system. Its shows a few queries hanging and queued.

Apache and mysql need a higher priority to serve the web faster, as fast as it could. I found a tutorial on renice, where we can change the process priority of process, and also for any process that belong to any particular user. The value varies from -20 until 19. The negative value only can be assigned by a superuser. The lower the value, higher the priority. For example, process with value -19, have a higher priority than a process with nice value -18.

to change the nice value, it could be as simple as :

nice -5 httpd
* this will change process httpd priority to 5.

You can also change the priority by user.

renice -5 -u mysql
* This will change the priority of all process that belong to user mysql to -5

renice -5 -u mysql -p 8918
* This will change the priority of all process that belong to user mysql and with PID 8918 to -5.

http://www.newlinuxuser.com/howto-change-a-running-processes-priority-with-renice/
http://jeremy.zawodny.com/mysql/mytop/
Renice – Linux man page http://linux.die.net/man/8/renice

Yesterday I spent some time to play around with Monowall. Monowall is an embedded firewall package, thats built from bare-bone version of FreeBSD. The whole package is really small, smaller than 12MB, it can fit into your CF card for your embedded project. I start to have a look into Monowall when my boss bring this machine into our office, an embedded box, Axiomtek NA-0042B. I couldn’t find any technical spec in detail of the product, even from the official Axiomtek website.

So, in my case, I’m using a generic-pc image, from one of the monowall mirrors. I load the image into another vmware virtual machine, load the image into a secondary image of the machine.

The disk is available for download here Monowall Disk for VMware. I’ve also prepared a complete vmware machine with monowall. Please download it here, Monowall VMware Image.. This machine have been configured with IP 192.168.1.254. Username & password are the same as default, admin and mono respectively.

I’ll have a look into IpCop and pfSense later. Never get my hands tired with them yet. Maybe some other Monowall derivative as well

http://www.farhanfaisal.com/?download=Monowall Disk for VMware (5.4MB), 157 downloads.
http://www.farhanfaisal.com/?download=Monowall VMware Image. (5.4MB), 142 downloads.

Hai everyone.

It seems a long time since I wrote in my own blog. So busy with life, no activity to post in yet. Btw, I’m thinking there might be something I could share with you guys.

These are a few website I’ve been alot lately. I’m into web development, PHP & Jquery.

http://www.noupe.com/ – Good blog related to web development and design
http://www.problogdesign.com/ – Have good articles on web design and wordpress.

http://nettuts.com/

http://www.devsnippets.com/ – Collection of good tutorials on web development, mostly Ajax, CSS and JS framework.
http://www.smashingmagazine.com/ – This site have a good design articles. Web designers, photographers, you should subscribe to this blog.

I’m planning to develop a new website, my own, from scratch. Previously I’ll just use CMS like Joomla and wordpress. Build it from scratch, I have the freedom to see it the way I want. But still, I’m not good in designing actually.

These are a few website I’ve done for past few month
http://www.iratec.com.my
http://www.amaidnetwork.com
http://www.pmo.gov.my

There are a few more to go:
http://www.wahtec.com
http://www.palmaritime.com.my

Will update more soon..

What a perfect day.. I got an offer to handle canyoneering at Sungai Pisang, Jalan Gombak, handling around 25 students, I forgot from where.. The rope installation take a few minutes, and after all of them took breakfast, everyone tried canyoneering, at the waterfall. Some of them even ask for twice Canyoneering is actually abseiling activity at waterfall.

Sorry to make you waited for the pictures. Some pictures are already been uploaded, in my gallery, just didn’t update you guys.

You can view all the pictures here. http://www.farhanfaisal.com/gallery/thumbnails.php?album=41

Thanks to Fifah, Zul and Tom for the pictures.

Pictures from americangreetings.com

This month surely a great month for some of us. There will be nurse day on 12th May, Mothers day on 13th May and Teachers day on 16th May.

All those 3 are people in our society that have played a big role, in our development. In facts, many aspect of our development, especially humanly development. They have put their life in helping, to build up a good community where we live in.

This is a good moment where we should appreciate what they have done. It doesn’t mean this is the only time they need to be remembered, but these days are a good day where we should do it together. I symbol of appreciation from us.

Happy Nurse Day, Happy Mothers Day and Happy Teachers Day