Category Archives: bash

WordPress HACKED! Everbody Panic!

Okay, yes, the title is absolutely link bait. I am the worst kind of internet ghetto barker, flashing neon and shouting lewd incitements to the passersby, hoping to lure them into hot sweaty posts of ill repute.

Yes, my wordpress installation was hacked. No, you shouldn’t panic. It was an old version of WordPress, 2.4, that I had installed on an unused domain for testing purposes. Somebody figured out how to hack the built-in file uploader included in WP, and they were using it to install folders on all the other domains on that same server. The folders they installed generated thousands of link-farm pages. Assholes.

So, I had to go into search and destroy mode. I needed to find every file on my site that had been modified after a certain date. To do that, I used the “find” command, with a few modifiers. Here’s the full command (type it, don’t copy it)

find . -name "*" -mtime -1 -print | grep -v cache | grep -v logs | grep -v cache

Here’s what it means

find . = “Find some files for me, starting right here in this directory.”

-name “*” = “I want you to find files where the name matches … um, everything (thus the wildcard).”

-mtime -1 = “Once you find those files, narrow it down to just the ones with a modification time of 1 day or sooner.” If you want to search further back, increase the number to however many days back you want to search.

-print = “When you get those files, print them on the screen.”

| grep -v logs = “Now just before you print those file names, filter out any that have the word “logs” in the name.”

| grep -v cache = “And finally, filter out any that have the word “cache” in the name.”

You can modify how far back you want to search, you can modify the names you want to exclude (logs and cache files will always have recent modification dates, so I exclude them from my results), tweak it until it works for you, and then go forth and destroy the intruding files.

Oh, also, GIRLS! GIRLS! GIRLS! Whiskey and Cigarettes! Come on in, sir, experience the experience of an experienced lifetime!

I Spy, With My Little Bmon

So, it’s been a little while. Rehab was great, then I did a little walk through the Colorado Mountains that lasted 9 months, now I’m back and more command line idiotic than ever I was.

I built a little rsync script that uploads all of the audio from my recording studio hard drive to a backup drive on my home network. Why? Because mozy.com has a stupidly slow upload limit, and carbonite won’t allow you to backup external drives. So, rsync, cron, a home network and $100 hard drive from costco to the rescue. I’ll give a detailed outline of how I built the system later, but for now, just a little tool to alert you to.

The rsync job, when it runs, takes forever, and chews up a ton of bandwidth on the home network. I wanted a quick way of logging in remotely and seeing, in realtime, how much bandwidth was being used by the home server (a Linux Mint mediabox, mostly). My initial plan was to call my wife at home, have her fire up the monitor and read the numbers to me, but that only works twice, then she stops taking my calls.

Bmon to the rescue.

sudo apt-get install bmon

It’s simple, it’s quick, it works, it has fancy (ascii) graphics if you want them, and it tells you at a glance just how much of your network pipe is being sucked down by a silly little backup script from a remote studio computer.

Up the WP

Give me WordPress, give me WordPress
You can have all the rest, give me WordPress

I love Matt’s little blogging engine that could. It’s easy, fast, and pretty to look at. It’s easy to install. It is not, however, fun to upgrade.

That’s a problem, because people keep on coming up with tricksy little ways to burninate WordPress. Now, the folks who write the code are pretty good at staying on top of chinks in the armor, but that means that every time they say “update”, I have to update. Being the lazy ass that I am, I don’t like to keep doing things the hard way, ftp’ing data up and down, so I wrote a little bash script to do the badness for me. Now, I can go from vulnerable to updated in 0.4 seconds flat!

Let me take just a second to give mad props to the WordPress folks for a simple decision they made early on, that makes a world of difference to guys like me: you will always, always find the latest version of WordPress at the same location:

http://wordpress.org/latest.zip

Simple, easy, but by avoiding all the complications of version numbering and folder locations in the download URL, they make it possible to write scripts like this. Thanks, guys!

If you don’t know how to use bash scripts, check out this tutorial: Bash it! Bop it! Script it!. It’ll show you where to put the script, how to make it executable, and how to call it from the command line. The script itself is in the download link below, and it’s pretty well documented, so you should be able to figure out why everything is there. Here’s a stripped down version, with none of the documentation:

#! /bin/bash
#
# =======================
# WordPress Upgrade Script 0.1
# Written by Command Line Idiot
# http://commandlineidiot.com
# You may use, modify, and redistribute this script freely
# Released: April 2008
# =======================
echo 'WordPress server location, without trailing slash (ex. /var/www/mysite.com/blog)'
read WPLOC
WPNEW='/tmp'
cd $WPNEW
rm -rf $WPNEW/wordpress
rm -f latest.zip
wget http://wordpress.org/latest.zip
unzip -o latest.zip
rm wordpress.zip
rm -rf $WPLOC.bak
cp -rv $WPLOC $WPLOC.bak
cp -rfv $WPNEW/wordpress/*.php $WPLOC/
cp -rfv $WPNEW/wordpress/wp-admin/* $WPLOC/wp-admin/
cp -rfv $WPNEW/wordpress/wp-includes/* $WPLOC/wp-includes/
exit

You can download the script here:

WordPress Update Script 0.1

Share and enjoy!

Bash it! Bop it! Script it!

I would rather spend 3 hours writing a program to do a task than have to spend 3 minutes doing it myself more than once. Seriously. I’m that lazy. The only task I like to do over and over again is opening a Corona, taking a sip, filling it back up with tequila, and passing out in a pool of my own vomit. Or, as my kids like to call it, “Thursday.”

That kind of laziness means I use a lot of bash scripts to do regular tasks on my server. I have scripts to do automated backups, scripts to setup new virtual domains, scripts to prop up my fragile ego with repeated compliments, scripts to do just about every repeating task that goes into maintaining a barely functional webserver.

There are several tutorials out there for how to start writing scripts, but none of them have my flair for drunken bravado and outrageous sexual innuendo. So, I proudly present a very basic starter guide to writing a bash script:

How to Write A Bash Script

You know all those fancy commands you keep typing into the command line? Things like

cp -rv secretpr0nstash/*.avi /var/www/churchhats.com/

Well, those same commands can be stored in a file, and can be executed whenever you need to, by invoking the name of the file. Let’s start with a very basic file. It just has 3 lines:

#! /bin/bash
# sexy robot script
echo "You are the sexiest robot"

The first line tells the system which shell to use when interpreting the commands that follow. The second line is a comment, to remind me in 6 months what the point of the script is. You can place these throughout the script to remind yourself why you did what you did when you wrote the thing. Finally, the third line is the actual command. It tells the system to output the given text back to the shell.

If you’re looking to learn more about how to write complex scripts, I highly recommend these two guides:
Advanced Bash-Scripting Guide
Writing Shell Scripts

So, now what?

Where to Put It

Now, you need a place to put the script. I keep all of mine in a folder called “bin” inside of my user folder. To create the folder, type:
mkdir ~/bin
cd ~/bin

now, invoke your favorite text editor to open a new file, and start entering in the code:

nano sexrobot

Enter your code, save, exit, and TADA! you have your very own script to prop up your fragile ego with repeated compliments.

How to Make Go Go

Except, it still won’t run. Try it – type “sexrobot” into your command line. What happened? It mocked you, didn’t it. It told you that your crazy dreams of a sexy robot compliment did not exist.

Before we can invoke the command, we have to make it executable.

chmod 755 sexrobot

Now, I can execute the code. Try it again, with the whole location:

~/bin/sexrobot

Now that it works, we can do the final step – add a line to our .bash_profile file, so that every time we log in, the shell goes into our bin folder to look for commands.
nano ~/.bash_profile

Go to the end of the file, and add the following line:
export PATH="$PATH:~/bin"

Reload the bash_profile settings:
. ~/.bash_profile

If we did everything right, we should be able to execute our new script from any folder, just by typing the name of the file. Let’s try it:
cd /tmp
sexrobot

In Conclusions

Now that I don’t have to do all these repetitive server maintenance tasks, I can focus on more important things, like repetitive binge-drinking to drown my own sorrow.

Ha Ha! Alcoholism is funny!

zip zip

It’s the simplest things. Really. I do the same dumb thing 50 times without ever stopping to think if there might be a better way. And then, when I stumble into it, I smack myself in the forehead.

Zips. I work with WordPress, and on my development install I’m constantly downloading new themes or plugins to try them out. I’d rather use the terminal than an FTP client, so I’m usually using wget to pull the zip file into the plugins folder, unzipping it, then deleting the original zip file.

It took me 6 months of doing this before I realized that I could add one single line to my bash_profile to ease all of the pain.

alias zz="unzip *.zip && rm *.zip"

It seems small, and it is, but my zen-like happiness quotient has been skyrocketing ever since.

Share and enjoy!