The Linux Page

Attacks by ZmEu or w00tw00t robots

Who is ZmEu?

An image showing ZmeuThe name Zmeu (no capital E) is the name of a fantastic creature of Romania. There are so many stories that there isn't a clear understanding of what it is... but it is human like, can spit fire and wants to marry young women.

If you're wondering, it is generally a bad guy.

ZmEu Attack

Today, I noticed a lot of traffic on one of my servers. Looking into what was happening, I immediately found out that an attacker was looking for a loophole in that system. That attack was being performed from China.

I checked another server, and sure enough, that other server was ...

Hacker looking to crack a WordPress Website?

As I was checking some logs, I found the laundry list of a robot checking out one of my websites: 54 hits. As we can see, it checks many paths, some of which it checked 2 or 3 times (the first number in my list is a count).

3 /apple-app-site-association
1 /cache/iph.php
1 /dbss.php
1 /ecss.php
1 /function-sync.php
1 /inlos.php
1 /sph.php
1 /tip.php
3 /.well-known/apple-app-site-association
3 /.well-known/assetlinks.json
1 /wp-content/plugins/another-wordpress-classifieds-plugin/AWPCP.po
1 /wp-content/plugins/auto-attachments/a-a.css
1 ...

logrotate stuck? A true story about an improper documentation

Bad Documentation (if you ask me)

When you looks at the document of logrotate, the first page about the settings shows an example as follow:

/var/log/news/* {
    monthly
    rotate 2
    olddir /var/log/news/old
    missingok
    postrotate
        kill -HUP `cat /var/run/inn.pid`
    endscript
    nocompress
}

Making your think that it's okay to have an asterisk in this way, right? PLAINLY WRONG!

The logrotate utility actually has no heuristic to detect whether a file was already rotated or compressed so with an asterisk, it will discover all the files in a folder and ...

Failing cmake find_library(), returning just a path instead of the path and library name

Today I spent hours trying to find out why one of my find_library() would fail.

I fixed the search implementation, to make it cleaner as a result, which is not a bad thing, but the problem was a -D on a cmake call that would define the value ahead of time. That is...

There is the search I used:

find_library( ADVGETOPT_LIBRARY advgetopt
            PATHS ${ADVGETOPT_LIBRARY_DIR} ENV ADVGETOPT_LIBRARY
         )

This looks just fine and it should work, easy. I even added a test in my main CMakeLists.txt to see what would happen:

find_library( TEST_LIBRARY advgetopt
            PATHS ...

Error "Couldn't load XPCOM." when trying to start SeaMonkey...

Today, I finally upgraded to SeaMonkey 2.49.1.

It was out on Nov 4, 2017 but I did not check for it any time sooner. Bad for me as there were some bugs in 2.48 that banks and such were warning about (oh and WordPress too...)

Anyway. I downloaded the new version. Extracted the files. Updated my icon with the new path. Click on the icon to open the browser. Nothing.

Reading a binary zone file from Bind

Today I needed to check a zone file to see why the IP address was wrong on one of my servers.

Sure enough, the IP was the old one (We switch servers about 9 months ago). Although once in a while I would get the right IP, the second name server still had the old IP. I thought the cache would be renewed more often than that, but I guess this is well optimized!

The error I made is not change the time info which means that the second name server never saw the change. This is just a domain name I redirect so I never noticed the problem before.

To check the cached file, though, I needed a way to ...

Wordpress Mail Subscribe List

Functional Subscribe Form

Today I installed a simple mailing list builder on my Becoming an Internet Affiliate website. So simple that it creates a widget on the sidebar and that's it. So it's not going to be super persuasive, but I like it that way for some of my websites.

The plugin is called Mail Subscribe List. It's a free plugin making it particularly attractive. And it keeps the names and emails in your database (no third parties involved.)

The plugin offers a Widget that you can install in your sidebar. Go to

Appearance » Widgets

and then select the Subscribe ...

I see many login attempts on my Wordpress website, yet I'm the only user?!

This happens on all websites. It's not specific to Wordpress.

However, this is when hackers are trying to gain access to your website. They do two or three things. First they choose common user names such as "admin" or your .com name (i.e. I have https://stargazerrock.com/ and they used "stargazerrock" as the username!) I saw "administrator" as well.

One way to protect your administrator account immediately is to change your username to something that they are not likely to guess. Say your surname is "giraffe", you could use that. Or even better, ...

Wordpress extension for Facebook graph loads partial image and White Screen of Death as a result!

Today I tested one of my Stargazer Rock blog pages and got a WSoD... Not the first time, but last time I fixed the problem by loading and resaving a PNG and changing an SVG to a PNG. Not the type of things I really want to do while bloging.

So I search into it, there is a plugin I use, called "Facebook Open Graph, Google+ and Twitter Card Tags" which attempts to load an image but only the first 32Kb. If that loads fine, then the author attempts to get the image dimensions and save that to the open graph meta data.

Somehow, some images will actually break that process because the ...

Google understands the "Allow:" keyword in robots.txt

At times you have to prevent users from seeing files under a certain folder such as the /admin/ or /wp-admin/ folder.

The easiest way to at least avoid having Google index those pages is to add a Disallow line in your robots.txt file. For example:

Disallow: /admin
Disallow: /wp-admin

This is great and 99% of the time it does exactly what you want. Only once in a while a programmer does it wrong and places a file that should be searchable under such folders. For example, maybe someone placed a style.css file which is access by pages other than just pages under /admin. In that case, the ...