GOOGLE HANGOUTS

February 13, 2020

js

I have two grandsons, of which I'm very proud, and they now live over in Germany. One (Gabe) is an animal and bug wizard, who also is already becoming a master chef in the kitchen with mom.

The other grandson (Noah) is a technology wizard and he and I have just started enjoying Google hangouts together. He already helps everyone with any computer issues they have and his ability to learn new things, including Google Hangouts, with no assistance from anyone, continues to boggle my mind!

He and I have been using Google Hangouts from our phones and yesterday I did a hangout with him from a parking lot while Patty was inside on an errand. What a cool way to multi-task!

Since the cell phone screen is very limiting, I picked up a Logitech C270 (HD) webcam from Walmart yesterday and installed it on my HP laptop and placed it on top of my Acer monitor so that I could enjoy a better view of our hangouts from the comfort of my office desk. The photo of Noah (above) is from our first hangout using the new setup.


JAVASCRIPT

February 12, 2020

js

As you may have noticed, I added the capability to use fade out and fade in to display a number of my pictures on the home screen banner. It was actually a fun and interesting experience.

As for the fades, all it took was a few lines of code (javascript) to pull it off. As for the pictures, well that was another matter. I had to get the pixel dimensions for the banner and then do whatever it took to convert the other photos to those same dimensions. For some of the pictures, it was no problem. For others I had to do some trimming in order to avoid a dramatic change to the picture due to a vastly altered aspect ratio (the ratio each picture's width to height.)

I initially played with another idea for featuring the pictures in The View section of the website by adding the javascript and captions to the photos. It was also a fun exercise, but it ultimately led me to go with the changes to the home page banner instead.

Here's to all that can be done with cool coding!


SEARCH TOOL

January 25, 2020

analytics

Learning what features I can add to this website is really about learning all that PHP, Javascript, and of course HTML, can do. I was intrigued with the question as to whether or not I would be able to develop a Search Tool for the website.

Despite being rather labor intensive, I was pleasantly surprised at how easy the project turned out to be. I've taken a simplistic approach on the first pass, and will probably expand on that in the near future.

I'm also planning to reorganize the categories since there are some topics that I want to write about more frequently and that will likely warrant a unique category.


WEBSITE ANALYTICS

January 16, 2020

analytics

I mentioned in an earlier post that I've enjoyed developing some website utilities. I've been using PHP and HTML to develop data collection and analysis utilities for this website.

One thing that has intrigued me is the website crawler activity that occurs against the site. In 2020 I've already collected evidence of 464 crawler hits against the site that included 224 unique IP addresses from 55 unique locations and 34 unique organizations.

A large number of the hits were from Microsoft and Google but also included were some exotic locations such as Moscow, Russia; Beijing, China; Hongkong; Berlin, Germany; and Thessaloniki, Greece; among others.

I was also able to determine that the malware injection (see previous post) redirected to a website that is apparently owned by an organization named PDR which is located in Mumbai, Maharashtra, India. Disclaimer: I have no way of knowing whether PDR is the offending organization, which injected the malware, or simply a client of the offending organization.


CHASING DOWN A MALWARE INJECTION

January 10, 2020

injection

In years past, I had become relatively comfortable with the idea that computer system security breaches were most often possible due to help from an insider. In fact, long ago I had personal exposure to exactly that sort of thing. To put all of this in perspective, back at that time a computer virus was more an idea than a reality. We sort of chuckled at those who gave this idea any serious attention. Well, that was then and this is now!

More recently, I was reading about SQL injections. I'm quite familiar with SQL (or Structured Query Language - a commonly used database access language) but was not familiar with the idea of SQL injections. It wasn't difficult to imagine the kind of damage that might occur if the wrong person had access to a database and could inject SQL code to gather private data.

However, little did I know that the term injection was meant to communicate a highly unusual and stealthy method for inserting or injecting code into the system through readily accessible port holes such as the user name and password fields in a sign-on screen. This approach can allow an experienced individual to whittle away at collecting enough knowledge of the system's structure to ultimately locate and collect usernames and passwords. With those in hand, enough information would have been gathered to sign into the system and potentially gain full access to everything in a fashion that would likely appear completely legitimate to even the most attentive technical insider.

I had no idea, when I read about SQL injections, that I would soon be the victim of a similar injection and one that would stretch my knowledge and problem solving skills beyond anything I had previously experienced. And, ironically, any such knowledge and experience I had gained over the years would work against me as I repeatedly tried to make the problem even more difficult than it already was.

On my website, and as I mentioned in an earlier post, I've been playing with some back office tools that I built using PHP in order to keep up with various website stats. As it turns out, someone hacked me in such a way that executing one particular utility resulted in a redirect to another website and the screen pictured above instead of the screen I had constructed and was expecting. I felt a bit out of my league in attempting to chase down the cause and instead considered my alternatives for performing some kind of clean-up so I could get on with life.

The good news was that by accessing that PHP utility tool from multiple locations, I had been able to prove that the malicious code was somewhere on my website host's system and not on my computer. The bad news was that my website host's sales people wanted to charge me an arm and a leg for a one-time cleaning service to correct the problem and they wanted the other arm and leg for an ongoing service to prevent future reoccurrences. For a site where all I really do is play, they were asking far more money than I wanted to pay. So, I decided to go forward without executing that utility and all was fine.

Out of fear of either additional attacks or the spread of my current problem, I finally decided I had to do something. I renamed the PHP program to see if that would help, but it didn't. I deleted the program and transferred a new copy from my laptop, but the infection was still there somehow. The thing that was throwing me off was that none of my other PHP programs had become infected. I tried copying the code off my laptop and placing it up on the server in a new file, but the malicious redirect still occurred.

I was trying to imagine how some type of metadata location on my infected php file (metadata that would surely be beyond my knowledge and experience) might contain the hacked code that was causing my problem. After all, my PHP program only contained a few lines of very simple PHP code and all it was doing was displaying a log file of all the web crawlers that had visited my site. For the same reason that I mentioned earlier, where it challenged my thinking to inject SQL code in a userid or password field, it hadn't occurred to me that anything malicious might have actually been in the log file. After all, log files don't execute code. They usually just contain data. How would displaying that data execute any code, malicious or otherwise?

To make sure my thinking was on target, I tested it by creating an empty log file and running the utility against it. And, to my surprise, it ran without a redirect. I put the log file entries back in the empty log file and ran it again and, sure enough, it redirected to the bad website.

Could there be some malicious code stored in some place I didn't know existed such as a metadata location on the log file? After all, the only other thing the file contains is rows of log data about the crawlers that visited my website. How could that hurt anything?

Remember the rule of thumb from Occam's Razor whereby the simplest answer is most often correct? Well, that was definitely the case here. It's just that a simple answer may not be that simple if you've never had any experience with the question or the answer before! And, that was definitely the case for me in this instance. The answer was sitting right in front of me, but I didn't have the experience to see it.

Was there a bad row of data in the log file causing the redirect? If there was, I didn't even know that could be done. And, even if I had known, I would probably have no idea how to do it! There were over 300 rows in this log file and so I started removing them in blocks of 100 in an effort to narrow things down to the potentially offending row.

I was able to prove that the malicious code existed somewhere between row 100 and row 199. I removed rows 100 through 150 and the problem still occurred. I glanced at the remaining rows 151 through 199 and there it was on row 172! Executable scripts had been injected into the fields that would usually contain the browser definition and the referrer definition for a legitimately logged website visit. I removed everything from the log file except row 172 and restarted my PHP utility program. Once again I was redirected. I had found the problem and it was a code injection into an otherwise harmless row of user agent log data.

Here's an example of a legitimate log entry from a Google web crawler:

6 2019/12/30 11:15:23pm 66.249.70.30 Browser = Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html) Referrer = Direct

In the malicious code (which I will not show here) the creator injected a script into both the Browser = location and the Referrer = location of the creator's User Agent String.

Fortunately, I did not click the Allow button on the redirected website page pictured above. Quite frankly, I almost did, considering how Windows has programmed me to respond positively to the same question. From all of the documentation I've read about this particular attack, the consequences for clicking that allow button are pretty extreme and in some cases considered rather permanent.

All in all, chasing down this injection was quite an interesting and highly educational experience.


INTERNET?

January 4, 2020

internet

With respect to internet access here at the house, Patty and I have been living off of tethered connections from our phones. We've been with Verizon pretty much all along for our cell phones and out in these rural areas along the coast there simply is no access to fiber or cable.

On our senior plan, which is very affordable, Verizon provides a reasonable speed to our phone. However, the moment we try and tether off of our phone with our computer, Verizon steps in and slows things down to a crawl. And, we've been living with that for quite a while.

Even in using Filezilla from my computer to provide updates to this website, I'm frequently confronted with errors due to long waits trying to upload even the smallest (text only) web page. In dealing with this, I've had to adjust to a new way of life and get comfortable doing many things from my phone that I would have done (in the past) from my computer.

When I was working from our new home for the first year we lived here, I was using a Verizon cantenna and paying a pretty steep price for the kind of access I've always been used to and that I needed to host meetings, provide online training, and perform other work-related tasks. When I retired, I honestly couldn't justify the price for that kind of access even though it was tempting due to the amount of time I tend to spend on the internet each day and the more data-demanding things that I wanted to do.

For example, I've been itching to add a weather underground weather station and a camera or two to our setup. But, with our present internet capabilities, those hopes and dreams are nothing more than a fantasy.

Well, that's all about to change! It turns out that there are now government imposed mandates to provide folks like us with reasonable options and they are indeed reasonable. Thanks to some great research performed by one of our neighbors, we should be high-speed here at the house very soon - perhaps next week! Things are about to get exciting!


WEBSITE CODING

December 31, 2019

weather

I've enjoyed writing posts for the various topics on this site, but the real fun still comes from all of the coding going on in the background - the stuff that brings the site to life!

I've built a number of highly interactive sites over the years using HTML, PHP, Javascript, and a MySQL Database. From likes and comments to security and intuitive functionality, there's an incredible amount that can be done with all of the aforementioned technologies.

I'm not quite ready to incorporate likes and comments into this site since I'm not really looking for all of that, but I have enjoyed building some back-office logging and analytics capabilities into the site for my own entertainment.

One of the interesting things upon which I've been educated in years past and even more recently are the web crawlers (aka Bots, SpiderBots, Internet Bots, and Crawlers) that are out there! My back-office coding shenanigans and logging capabilities have introduced me to the wide world of an often-unseen part of the web used for indexing and organizing the web pages out there for easier and more efficient retrieval.

Some of what I have found led me to this interesting article that really brings clarity to the browser's user agent string or UA. It's an item that each browser provides to identify itself, its version, and the operating system. It's worth a read if you're so inclined.


BLOGGING AGAIN...

December 10, 2019
Blogging

I'm really excited to get active once again with blogging. More than anything it's always been a fun way to record and share memories with friends and family. Beyond that, I enjoy the opportunities to write about anything and everything that's interesting to me, dabble with the technology, be creative, and dive into a bit of artistic expression with website design.

I'm moving away from Wordpress for a lot of reasons and getting back to my roots with my own website. For the most part I've wiped the slate clean from almost 15 years of posts, completely rebuilt this website, and look forward to a new start.

And so, here I am back in the world of blogging and website development. Since this site is honestly nothing more than an online scrapbook, I've removed the PHP code that previously allowed for comments and likes. If anyone needs or wants to get in touch with me or leave a message, I've provided a "contact" form over in the menu. Feel free to reach out!

I hope you enjoy your visit!


Copyright © 2020 Hutch DeLoach



Search Website