This is a collection of notes from a professional development series I am doing on web application development using PHP. Even though I am using PHP, it’s just one language, and many of the concepts are implemented in other languages. The focus is on the concepts behind web application development.
Part 1 – Building a Weibo Isotope with CodeIgniter
You will need to download these to get ready for the hands-on parts of the seminar (no need to install yet):
- Download XAMPP for your operating system: Windows, Linux, Mac OS X
- Download CodeIgniter: zip
- Download 960 Grid System: zip
- Download Smarty: zip
- Download Smarty integration code: codepad.org/GofSbVfT
- Download RedBeanPHP: tar.gz
- Download RedBeanPHP integration code (updated): codepad.org/5L48Nvgm
It’s advisable to skim through the following reading:
- Web building primer at W3Schools
Next steps that we will cover at the seminar (coming this Saturday):
- Setting up server environment
- Setting up CodeIgniter
- Integrating 960 Grid System
- Integrating Smarty
- Integrating RedBeanPHP
To be continued…
This infection occurred in a friend’s laptop, running 32-bit Windows 7 Ultimate and Avast! Antivirus free edition. Research on the Internet says this is a very severe rootkit trojan, hard to remove, and includes keyloggers plus other spyware that can steal banking login information. Thanks to various forums, I attempted to remove this trojan and below are some details of how I did it.
- Hotmail reported the account password was wrong, and on one occasion reported that the account had been deleted and doesn’t exist anymore. However, when trying from another non-infected computer, login was successful.
- From what I could tell, Internet Explorer had been hijacked and all of the search results were turning up bogus website URLs. For example, clicking on a valid Microsoft Support link showing in Google Search redirected to a bogus website.
- Windows Firewall reported an error with its settings but turning the firewall on or off was disabled. The firewall service couldn’t be restarted either.
- Ammyy Admin was running and could not be stopped via the Task Manager, and its executable file (named AA_v3.exe) could also not be located in the file system for deletion . Ammyy was also installed as a service. Ammyy is a remote access program, not a virus itself, but probably being used to gain remote access to the system.
- Avast did not report any infection and was partly disabled. Attempts at enabling it and scanning were not successful.
- Microsoft Security Essentials (MSE) reported a severe infection at initial scanning and identified it as the Win32/Sirefef trojan.
Given the severity of the trojan, and that my friend didn’t have the option to reinstall the operating system, I basically used a lot of tools to check, double-check, clean, and double-clean the system. I got to know about these tools from various forums. Below is the list of tools I downloaded, installed and ran, in order of sequence of execution:
- Microsoft Security Essentials
- Malwarebytes Free
- Norton Power Eraser
- TDSSKiller by Kaspersky
- ESET SirefefEVCleaner Tool
- Panda ZAccess Tool
After completing the removal process, I used the following tools to repair system alterations and damages to files caused by the trojan.
- ESET ServicesRepair Tool: This tool replaces various system files that may have been infected by the trojan.
- RogueKiller: This tool is useful to repair various registry, hosts files, proxy, MBR, and driver corruptions caused by the trojan.
After all that, was the trojan removed? It seems so, the symptoms are gone and the antivirus and antimalware tools haven’t sounded any more alarms of an infection. In this case, I had to try cleaning the trojan, but the best advice is to try to do a fresh install of the system. Also, I ran ESETSirefefremover at the end and it confirmed that the Win32:Sirefef trojan and its variants were not detected on the system.
Note The ESET tools are linked to their executables for clarity, but here is the page where I got the executable links
On Linux or other Unix-based systems, the terminal can be a powerful interface to locating and searching for stuff on your hard drive. The visual interface and search box may have limited options. Ever tried looking for files with some text in them? Here’s two commands that I’ve found very useful on the terminal, and I actually don’t use the search box interface anymore.
To find files by their names or wild cards, use:
find -iwholename “*name*.ext”
The quotes are where you can put in what you want to look for. This command will look in the current directory for files that end with “.ext” and contain “name” somewhere in their name. The -iwholename is just one of the many options in this command, and the -i part ensures the search is not case sensitive. For more info on the find command, here’s a link to the online man pages: http://bit.ly/qNtN93
To find files by searching what’s inside them, use:
grep -ilr “sometext” ./
I am assuming these are text files, but there’s more complex options for searching binary files too. Have a look at the online man pages of the grep command for more options: http://bit.ly/p53tsq The -lir options together give us a nice and tidy output. The -l part prints just the file names in which “sometext” was found, while the -i part makes searching case insensitive, and the -r part allows looking at sub-directories. The final “./” implies the current directory as the starting point for searching.
Notes to self
- This is tested on my Debian virtual OS, does it work on other distros?
- How do I make find search in sub-directories?
- Can I make find and grep work together (i.e. piping, etc) so I can search for only file types that have a certain keyword?
This may seem like a weird title! After all, what’s the big deal with opening .mdb files? However, there’s some of us out there (me inclusive) that don’t use Microsoft Office. Instead, we rely on free stuff like OpenOffice. So I found a nice utility called “MDB Browser and Editor” that lets you open your legacy .mdb databases :) Its free and I gave it a try, works pretty well. So check it out if you need to.
PS – Actually, OpenOffice does have a way to import existing Microsoft Access files into its database format. However, I couldn’t get this to work with my old password-protected .mdb database.
I’ve come across these keys by searching on the Internet. I use these keys for detecting viruses, troubleshooting stuff, and other geeky things. The convention I’m using in writing out the keys is MainKey\SubKey1\SubKey2\SubKeyEtc > Value (I’m not stating the data)
1. Windows Shell – This is the place where the OS sets its shell “explorer.exe”. Viruses often target this and inject other files to start up
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon > Shell
2. Run on Startup – The place programs use to start with the OS. There are two places in the registry that hold this, one for the system generally, and one specific to the logged in user.
3. Default Wallpaper – Sets the default wallpaper of your desktop (the one that shows when no one is logged in yet)
4. My Computer Context Menu – Things that show up when you right-click the My Computer icon on the desktop (not sure if the CLSID number value will be the same)
5. System Services – Listing of all system services. Useful for removing them manually
Copy Path Shell Extension by Vertigo Software is one of those software that I would call essential. It lets you get the path or directory location of any file on your Windows system by right-cliclking on the file. Here’s the site link.
In addition, if you need to copy UNIX-like paths, you can try out ClipPath, another super software, with similar functionality of appearing in your context menu. I think these kinds of utilities should be in-built in modern operating systems. Windows 7 guys, are you listening?!
Another good software for moi! Great for packaging presentations with dependant files into one executable. Works like a compression software, but has the ability to set a default file to launch from the packed file.
I found this so useful and necessary just a while ago. There was a presentation I had to provide, and it had an additional file with it with a link on the slide. So I needed to provide everything in one place. Zipping was an option, but I also needed to provide a simple way for the user to run the presentation. Unzipping the file, then selecting the presentation file (and remembering its name) wasn’t a failsafe plan. Much better if the user could just click on one file and everything starts working. And AckerPack did just that!
Here’s the author’s description:
AckerPack instantly compresses any folder into a self-extracting executable! Unlike old ZIP-based tools such as WinZIP, with AckerPack you choose where the files should be unpacked and which compressed file to open after installation. Because you have complete control over the process, AckerPack makes an ideal tool for building eBooks or simple software installations.
Believe it or not, packaging up an entire folder for delivery over the internet only takes three clicks!! Just right-click on any folder and select AckerPack Folder. AckerPack compresses up to 30% better than WinZip and produces a much smarter executable which doesn’t confuse the end-user.
Thanks to Softpedia for keeping a mirror of AvatarSoft :)
This post is more of a memory note for me than anything else. I often find cool and free software, but don’t have any use for them at that moment. Later on when I do need them, I’ve already forgotten their names or the URL to get them from. So this is my series on free software.
I gave Wax Movie Editor a try and it certainly looks good. Sort of like the familiar Windows Movie Maker, but with extra functions. Here’s the link: http://www.debugmode.com/wax/
Prelude – Have begun learning Oracle as part of my Databases course.
I found a lot of tutorials on writing SQL in Oracle, and getting info about the tables, but there’s a few tutorials that explain how to actually type in the commands into the SQLPlus editor. This is for those of us who do not have access to the web-driven version. The thing I was searching for was how to delete a mistake!
As stupid and wierd as that sounds, if you’ve typed in it and pressed the BACKSPACE key, you’ll know what I mean, i.e. on the server I have access to, the BACKSPACE key does not erase things I type into SQLPlus. Instead it prints out ‘funny’ characters: H^
Actually, neither does the DELETE key because of two reasons:
Pressing the BACK arrow key will print up more funny characters: [[D^
Pressing the DELETE key itself will give you more of those: [[3~
So all I was looking for was what to press to erase characters in SQLPlus. By trial-and-error, I found the following stuff:
To erase entire words, press CTRL + W
To erase single characters, press CTRL + BACKSPACE
It was 2AM in the morning (night?). I had just woken up and had a glass of water (can’t remember very well). Then my room-mate (Andrew’s his name) told me about this strange noise he had heard in his headset while playing on his XBox. As he focused on it more, he had found that it was actually a local radio station! How did Andrew manage to get the signals of a radio station on his headset?…
This is more of a documentation than a tutorial, because there are so many factors that led to this strange incident with my room-mate: he was able to catch local radio channels on his headset connected to his desktop. It was so scientific (there were various technical details), yet so social (his lifestyle contributed). First of all, here’s a list of devices I suspect were involved:
An old-model IBM metal-based keyboard
A “Turtle Beach” headset
The headset wire connecting to the desktop
The ViewSonic desktop
A close-by radio mast transmitting signals
And here are the attributes of the room and other social factors that may have contributed:
My room-mate’s bed had a considerable metal frame
There were coins behind the keyboard
It was during the night, around 2AM
It was very cold (location Washington DC)
From some research Andrew did on the Internet, it seems that because of the cold and the night, the signals coming from the mast of the radio station nearby travelled lower than normal. Another contributing factor would be the IBM keyboard which has an internal metal frame for pressing the keys.
This incident was fascinating to me moreso because of all the varying factors that came into play: if the keyboard had been an ordinary one with a plastic depression frame, or maybe if his bed had not been raised above his desktop (see picture), or etc., this might not have happened.