WordPress Exploit

I recently upgraded to WordPress 2.5 – and in the process of doing so, I noticed something funky with my older 2.3.3 installs claiming to be 2.5 already. I thought it was odd – but didn’t immediately come across anyone having reported strangeness here and so I just ignored it.

Now that 2.5.1 is out, I thought I’d go upgrade again. Well, after the upgrade I was still having the dashboard tell me that I needed to upgrade. Odd. This time a web search did uncover information that was relevant.

Details on the wp-info.txt exploit are interesting. It seems to me that several problems are being lumped into the one discussion, but I found some helpful advice to help clean things up from the links provided there.

Symptoms:

  • Presence of wp-info.txt
  • Displayed version changed without upgrading.
  • Database modifications
  • New files ending in _new, _old, .pngg, .jpgg, .giff appearing inside writable directory

Continue reading “WordPress Exploit”

Mysterious AMD USB drive

Ken went to EclipseCon and all he brought me back was this lousy USB drive..

100_4817.JPG

Actually, I had seen Ian’s post EclipseCon Guide to Free Stuff and asked Ken to grab me one.

As expected, there were a bunch of AMD promotional .pdf files on the device.  I’m interested in reading through it at one point, but I also think a ‘free’ 1Gig USB drive is pretty handy.  The drive shows up with 2 partitions, one is 20MB with the promotional material on it – read-only, and the other is a read/write partition with the remainder of the Gig.

Now maybe there is something I just don’t know about flash drives, but I’m not able to convince Windows or Linux to reformat this thing to remove the 20MB read only partition.  If anyone out there knows the magic, please add a comment with the solution.

I got to thinking maybe it was a hardware hack.  So of course, I busted it open.

100_4820.JPG

100_4824.JPG

The flip side is a very generic looking 1Gig flash chip.  The controller chip is by ChipBank, a CBM2090.  There are some data sheets available for it, but nothing that really tells me much.

I’m actually starting to get the feeling that this is a clever firmware hack.  If I had access to the right software, I could reach in and tweak the system to ‘fix’ the read only flag and reformat to my liking.  So far, no luck.

Not User Servicable

I tell people that I’m pretty handy, but the truth is I just like to take things apart. When I was a kid I used to take the kitchen cupboard doors off with a screwdriver, and then put them back on. So noisy fan and a label like this:

100_4661.JPG

Is just an invitation to crack the case open and fix it. How can you resist when they tell you they don’t expect you to be able to fix it yourself? Actually, over the years I’ve fixed a few power supplies – so this was pretty much business as usual.

Now what was a bit unusual about this one was how nasty it had gotten inside. This PC was my old webserver, and it sat in the basement while I was renovating – including busting open the concrete floor to do some plumbing (something I don’t recommend). The PC case itself had a very dead spider, and a fair amount of concrete dust everywhere. It is sort of surprising it was working at all.

100_4655.JPG

Even after blowing the dust out the fan was very noisy. Luckily I happened to have a few 80mm Vantec Stealth fans around. Replacing the fan was pretty straight forward. I ended up splicing the wires as the new fan had 3 wires (yellow for speed control) and the stock fan plug wasn’t a match. Here is the new fan installed in the cleaned out power supply.

100_4658.JPG

The date on this power supply is April 30, 1998, the PC its in is from the same era. I’m actually using this Pentium II 400 for something useful, but I honestly can’t say how much longer I’ll bother keeping this relic around.. 10 years is a good run for a PC.