TAG: Caution

How to Copy and Paste into the Digital Ocean VNC Console

I recently signed up for Digital Ocean to test droplets for my development and linux management testing. I was securing the server and setup fail2ban, disabled the root login, and created a user account but forgot to change the user name from root to the user name I selected in my SSH client profile. I ended up locking myself out of the server and had to resort to logging into the admin panel on Digital Ocean’s website and use their browser embedded VNC client to restore my access. I quickly discovered that one of the downsides of using this panel is that you can’t copy and paste commands. Luckily there’s a workaround and you can use the browser console to do sendkeys through Javascript.

Bring up the console in the browser developer tools. Here’s a cheat sheet for keyboard shortcuts:

BrowserDescriptionWindowsMac
ChromeOpen Developer Tools and bring focus to the consoleCtrl + Shift + JCmd + Opt + J
FirefoxOpen ConsoleCtrl + Shift + KCmd + Opt + K
Internet ExplorerAfter hitting F12, you have to click the console tab.
There’s no direct shortcut to the console tab.
F12N/A

Paste this snippet into the textbox in the console window:

Chrome console

 

Update 9-21-16

Ruden and Sebastiaan’s pointed out there was a bug in the code above. This updated snippet has support for characters when using shift characters like !@#$%^&*()_+

You’ll receive a dialog prompt to enter the copy to paste in. Please note that you need to click on the VNC console and hit enter to execute the command.

Javascript Prompt

 

 

 

 

 

If you need to enter more than one command, just hit the up arrow on your keyboard in the console to get the script again for easy reuse.

How to fix “hacked by Moroccanwolf” WordPress site

A client of mine had their wordpress hacked and when you would load the site, it would simply display a message that said “hacked by Moroccanwolf”. I did some digging and luckily it wasn’t a major hack and they didn’t mess with the posts or other settings as a lot of the hacks do.

Quick Fix

  1. To fix it, you’ll need to connect to your database using an editor of some sort, such as PHPmyadmin.
  2. Once logged in, expand your database on the left.
  3. Click on ‘wp_options’.
  4. On the top right, click the ‘Browse’ tab.
  5. Look for ‘widget_text’ in the option_name field. (For my client, it was at row 90). You should see something similar to this:

Delete the entire tag and this  should restore your website. Now remember to change your logins and update wordpress.

How I Figured it Out

Most of the hacks I’ve seen are done through injecting javascript into the database somewhere which either force a redirect or something along those lines. Here’s the steps I followed to find it:

  1. To fix it, you’ll need to connect to your database using an editor of some sort, such as PHPmyadmin.
  2. Once logged in, click on your database on the left. Ensure you’re on the database and not a table.
  3. Click Export.
  4. Leave it to quick and click go.
  5. You should now see a textbox with a mess of SQL commands.
  6. Copy and paste into your favorite editor,
  7. Search for <script> and you should find something that doesn’t belong.  In this instance, that was the only thing I found of note.
  8. You’ll want to scan the rest of the database for things that don’t belong. Additionally, you’ll want to replace all the wordpress files and confirm no .htaccess files were created that give hackers write access.

 

ESET AntiTheft Causes Dell Machines to Lose Permissions on C:

Eset Logo

I just spent the past two days complaining about Windows 8 to everyone I know because of how awful the experience is. I installed Windows updates, rebooted, and the system stops working.

It turns out it wasn’t Windows causing the problem but ESET AntiTheft on Dell laptops. It turns out there’s a permission bug specific to Dell machines when ESET creates it’s ghost account and instead of giving it restricted access, the system essentially copies the permissions and then changes everything on the C: drive to a state where the permissions are no longer accessible.

Unfortunately, the only known fix at this point is to contact ESET support. I called their support line in North America and the tech knew about the issue right away. You’ll have to reboot into safe mode, and then get them to remote in to install a utility that runs a script that resets the permissions.

Contact Info here: http://www.eset.com/us/about/contact/

The tech assured me they are working with Dell to get this issue resolved so until they do, make sure you don’t activate ESET’s AntiTheft on the Dell machine.

Stupid Admin Tales Part 1

Life as an system/network admin can be extremely fun and satisfying when you’re not bogged down with management and people breathing down your neck. Of course it has moments to cause you to sweat a giant puddle in the middle of the server room. We’ve all made mistakes and (hopefully) learn never to repeat them. Sometimes we’re doomed to repeat them no matter what precautions we take.

In one of my first jobs as a system admin, I used to be responsible for a small business server in a 5-10 user office. One of the downsides of working in a small business is often the budgets don’t coincide with the real needs and you’re often forced to make things work using bubble gum and sticks. Duct tape was a luxury for spoiled admins that was completely out of the budget I was given. The first machine purchased was a bare-bones Windows 2000 machine which served as a file and print server for the office. Not too bad, right? Unfortunately due to budget constraints, this machine ran Windows 2000 Professional, not the server edition that was recommended. It had to function on a workgroup as a server since Active Directory was not an option. Security was managed at a workgroup level meaning all changes had to be made on every PC individually as well as the server. Luckily with 5-10 users, it wasn’t unmanageable and changes could be made to most machines after hours.

As the business grew due to better use of the technology and skills of the IT team (read: Me), the budgets increased slightly and I was allowed to upgrade hardware to a better machine but the Server license was still out of the budget I was provided. The network still purred and all users were happy with the performance and uptime and how smooth things ran. As more data was used and saved, backup became a major priority. With the limited budget a tape backup drive was too expensive, and as this was pre-cloud era, a Maxtor One Touch backup and DVD backups were the only solutions available as options to consider. Dual backup systems were a must for redundancy and off-site backup capability. Everything was implemented and tested successfully with restores working with no issues from both the drive and DVDs.

Flash forward roughly two years and the server’s primary hard drive fails and the secondary seemed to have become corrupted. Luckily the server was under warranty and the hard drive was replaced at no cost. There were backups of everything so data loss wasn’t a concern. After replacing both drives, I loaded the Windows disk and began the install process. Setup detected the new drive and my standard operating procedure is to format the drive to get it NTFS ready. The C: drive was selected and setup began the format and I walked away to complete other tasks. I came back a short while later and found Windows was installing and smiled. It was about then I noticed the lights on the Maxtor drive blinking as if data were being read/written.

A frown replaced the smile as my brain tried to process why the light would be blinking if Windows is installing on the drive and hadn’t gotten to the driver installation portion yet. I processed different scenarios as quickly as possible trying to find valid reasons why the lights would be blinking. It was a horrifying realization that there’s no way to cancel the install without shutting down the machine forcibly which could damage a drive. I weighed my options carefully and decided that in the event that my fear was for naught, I’d simply be able to start the install process over again.

Off the machine went and the Maxtor drive stuttered. Sweat began to build on my forehead as I knew there was no denying it. Windows setup was inexplicably installing to the external drive even though I selected the C: drive. I began damage assessment to see how bad things were. I unplugged the drive and reinstalled Windows and loaded the drive back on. All the data was gone and a partial Windows install was all that remained.

“Wait! Maybe data can be recovered using one of the many tools in my arsenal!” I so foolishly thought to myself. Windows had somehow managed to install itself over only the sectors where all the data was and only a few files were recoverable. I then realized I had DVD backups and quickly rushed to retrieve them from my office. I plopped the most recent disk in and then tried to copy the data back. A message box that simply said “Cyclic Redundancy Check” suddenly greeted me. I grabbed the next disk and tried to restore from that to find the files wouldn’t copy or open. I grabbed the first disk that I tested and knew worked only to find even the files there wouldn’t copy or open. I was dumbfounded as I had tested the discs to ensure that the backups were valid.

So at this point, you might be asking yourself what could possibly have happened? It turns out for some completely inexplicable and idiotic reason, Windows setup chooses the external drive as the primary and sets it to C. The DVD backup issues I only figured out recently. The issue was caused by the NTFS ID being different for the new Windows install. The NTFS IDs were now different on the new server. As the data was on non-writeable media, there was no way to set permissions of the files which made them completely useless.

Lesson learned? Unplug all drives when doing any OS work and DVD backups aren’t worth the disks they’re saved on.

Years later, a friend called me up with issues with his PC and asked if I could help. I went over, diagnosed that the hard drive was failing and that it needed to be replaced was done with no issues. After reconnecting all the cables back to the PC, I checked and saw no backup drives anywhere. I double checked and asked if said friend had backups of the data to be restored and was assured he did and that the drive was safe. I began the install and Windows began to format the new drive. It was then I heard the familiar grind of an external drive when data was being written to it. Reflexively, I shutdown the PC and cut off the installation. I called to my friend and asked why I heard an external drive when none were around that I could see even after tracing all cables. One of his many skills was carpentry and it turned out that he felt the drive was an eyesore and mounted it away behind the desk completely out of sight. I didn’t find any cables to it when I traced them all because the drive was plugged into a printer with a USB hub built into it. Even worse of a coincidence, the new drive wasn’t recognized by Windows due to incorrect jumper settings. The single drive I saw in the list which assured me there was only one drive available turned out to be the external drive.

I spent about two weeks recovering the data on that drive. Luckily I only lost some unimportant videos.

Lesson learned? Unplug all USB cables until after Windows setup is complete.

There are no more results.