Replies

So how does the host explain the files showing up, above the base folder for WordPress?
Do you have any feature or plugin, somewhere in your websites, that accounts for file uploading? If a web server is patched up and properly maintained, files cannot show up out of nowhere?!

i haven’t really pressed the host on the why’s and wherefore’s yet. was trying to educate myself a bit before challenging them on the issue.

no file uploading anywhere. in fact, on both blogs, commenting is disabled.

and with my limited knowledge of web servers, i was also under the impression that files cannot be uploaded out of nowhere. that said, i suppose they could have hacked my FTP user id and password somehow — since the latest problem, i’ve changed that info. but if they had that info, i would think they would be doing a lot more than uploading buggy PHP files.

Do you keep your site up to date in terms of plugins and WordPress versions? It is probably all you need to do to keep it safe. If you do it and it still gets infected, then it’s the host’s fault.

Anyway, probably the question that should be asked is: where are the infected files they claim to have found? Did they list the files for you?

yes, generally update the wordpress stuff within a couple of days of the update becoming available. the last time this happened (today) all my wordpress stuff was up-to-date.

typically the infected files are in their own directory — couple of times the directory was named “.config”. and within the directory would be a PHP file with what appears (to me at least) to be gibberish PHP code. and then there will typically be a PHP generated error_log file, where this PHP file apparently was executed and generated an immediate error.

Have you read this topic yet? It might be of some help to you.

thanks for the reference — unfortunately, i don’t see much there that helps. the alleged malware files that are appearing show up in directories that are not even in the wordpress directory tree.

does anyone know exactly what the Transporter Sync interface for sharing files looks like? what makes Dropbox so great is that you can share a folder of photographs with an HTML link, and when the other person opens the link the folder opens with a nice web-based photo viewing app that works pretty much like all the cloud-based photo sharing sites like Google+, Flickr, etc. no need for the user to download the files first, or have to open a local app. ditto for sharing videos — send the user a link, they click it, and voila, they are watching the video in their browser. this was the main drawback IMO for the WD My Cloud drive — the sharing functionality didn’t really go beyond sending email attachments.

the WS article does say that in order to access shared files the user would have to install a downloaded app — that’s a drawback, but not a big one. but once they have that app, will the Transporter then work the same way that DropBox does?

”wait for it to stabilize” seems vague (depends on your definition of “significant”) and less meaningful than “at what point in the reboot sequence that particular batch file ran”.

Isn’t the point to ascertain when the system becomes available for some action that you’re waiting to perform?

Bruce

no, i don’t think that’s the point of the article at all. Langa said he’s trying to time “how long your system takes to go from power-on to a stable desktop”. just because a one-line batch file in the startup folder has completed is no indication whatsoever that the system is now “stable”. there could be dozens of other programs and services thrashing the system at that point.

what is vague about “wait for it to stabilize”? Process Explorer gives you a great picture of exactly what is going on with your processor. when there are dozens of startup processes still consuming cycles, it will be very obvious. and when all the startup processes are complete, it will also be very obvious. and it is at that point that i would maintain that you now have a “stable desktop”.

an added advantage of using Process Explorer here is that it will tell you exactly what all is going on while the system is booting up, and which of those processes are really using a lot of the CPU. it’s a great tool for diagnosing the types of issues Langa is referring to here.

seems to me that whatever timestamp you capture via a “bootdone.bat” file is going to be close to meaningless. all that tells you is at what point in the reboot sequence that particular batch file ran. more than likely there are a ton of other processes that are running at startup, some of which will run before that batch file and some of which will run after that batch file. only way that i’m aware of to figure out exactly when the boot process is done is by installing a program like Sysinternals Process Explorer and putting a shortcut to it in your startup folder. then when the system reboots, just watch the Process Explorer display and wait for it to stabilize with only procexp.exe showing any significant CPU activity. and that’s the point at which the boot process is 100% complete.

FWIW, i’ve been testing TeamViewer on some of the computers i now connect to with LogMeIn, and i haven’t seen all that much difference in performance. i have run across some minor quirks with TV that i haven’t bothered to chase down, but overall i’m pretty pleased so far. have you looked at task manager on your home PC while you are connected to see if maybe something is thrashing the system?

another alternative i’m looking at is UltraVNC — it was my main remote control app back in the dark ages before LogMeIn came along, and i suspect it’s what i’ll end up with after LogMeIn Free is gone. you do have to be a bit tech saavy to set it up (you’ll have to configure port forwarding on your router), but once it’s installed it really beats LogMeIn Free in many respects. only real downside is that it’s not for the casual user. i’m a bit surprised Patrick didn’t mention it in his article.

lee

I have questions on cleaning up Java & Javascripts and then deleting the obsolete update files on an XP machine

sounds like maybe there’s some other SUN software installed, and possibly some other applications that use Javascript. as you note, Java and Javascript are two different animals — Java is a programming language that can be used to create stand alone apps whereas Javascript is a scripting language that is typically run on the client side via a browser. without knowing more about what else is installed, it’s impossible to say whether you can delete those files. personally i’m not big on this idea of routinely removing obsolete files, unless of course you are running low on disk space. and if that’s the case, you’re probably better off just adding a new hard drive, what with the cost of disk storage these days.

anyway, if you really want to see about getting rid of these files, one thing you can try is just renaming the parent folder by appending something like “_todelete” to the name of the folder, and then see if any thing fails to run correctly over the next few days or weeks. if an app needs those files, you’ll inevitably get an error message at some point, and you can then just rename the folder back to what it was. and if all goes well for a given period of time, you can then delete the folders. or to be safe, just move them to a USB flash drive.

lee

i’ve always been curious about the often cited recommendation that one regularly change their passwords. if none of your accounts have been hacked, doesn’t that by definition mean that the passwords to them are still secure? what is to be gained by changing them? i guess you could argue that there’s a possibility that you have an account that has been hacked, but that the hacker has yet to take advantage of it, and so by changing the password you will thwart any future attempt at using the old hacked password. but really, what are the odds of that?

and there’s also a downside to regularly changing your passwords, in that if you are using relatively strong passwords they are going to be hard to remember and so you are more likely to write them down somewhere, which is clearly a no-no. if you use the same strong passwords over a period of time, you’ll probably get them memorized and thus not need to keep them written down anywhere.

and there’s also the obvious — you are replacing a proven secure password with an unproven one that may not be as secure.

so, where’s the real upside in changing your passwords every month?

lee

that’s next on the list to try — right now the users are apparently content to just work around the problem. at some point, though, i really want to get to the bottom of this, as i’ve never quite seen anything like this before.

lee

at one point i actually started down that path, but never fully implemented it on all shares on all machines because it seemed to me that given the fact that the Home computers can’t even PING the Pro computer by IP address, that idea was never going to work. the core issue here i would think is the fact that none of the computers on the network can see the Pro computer, period. it’s just not responding by IP address to anything. and yet somehow the UNC name of the Pro computer is showing up in the “network neighborhood” for all the other computers — which leads me to believe that the DNS is working and it’s something else that is blocking the traffic.

lee

pinging by IP address. have checked the router config and don’t see anything there unusual — pretty much all default settings. have tried using a static IP address, and that doesn’t help. re-booted the router and still nothing. the computer in question has both wired and wi-fi adapters, so i tried enabling and connecting via wi-fi — problem persists.

it does seem to me the problem has to be in the router — even with all networking completely turned off and different workgroup and user names, the computer should still respond to a ping, right? but if it is the router, what in the world could it be that would allow that IP address to talk to other computers, but not allow other computers to talk to it?

lee

just disabled it — didn’t help.

lee

yes — the “advanced settings” for each computer are identical. i’ve also tried various alternative settings like turning on and off password protected sharing to no avail.

lee

correct, i’m using a workgroup configuration. and yes, all on the same subnet, all same workgroup names. as far as networking goes, they are all configured identically. all shares in both directions work fine between all pairs except for the one case of the home computers not being able to open files/folders on the pro computer.

lee