Lately I’ve been noticing that my WordPress has been getting hacked constantly (this site is run on WP). Even if I update it, there seems to be some backdoor that gets executed every month.

So recently I took a few extra moments to take a look at these attacks. On the surface these attacks are not sophisticated, they mostly target un-updated WP installations and install malicious payloads that has a signature similar to:
eval(base64decode(123413j234lk1j23adfa ...

Originally i started to write some scripts to remove signatures like this, but it seemed easier to re-use other’s code. I recently stumbled upon this:
Exploit Scanner
basically what this plugin does is it matches the current install with the vanilla version of WordPress and tells you if there are any differences – a very good way to detect modification of php code.

the hashes exist here:
Hashes

The other thing i do is that I track all my wordpress installs with git
everytime I install a plugin / update WordPress – i update my git with a commit, so if any of the WordPress installs get attacked, I can run:
git reset --hard HEAD to revert any changes made to the files and at the very least put me on a good baseline for cleanup

1&1 actually does some nice security scanning now. They detect attacks and then automatically lock the file so that it cant be executed on the web. In order to fix this – i usually do a:
chmod -R 777 * on the WordPress directory so git will have the right permissions to remove/delete files

Recently my uncle received the following email (I’ve redacted some things and highlighted some) :

this is the classic phishing email with some truths, but ultimately lots of conflicting information.

couple things to look at:

  1. Originating email – du@totas.org.cn – at first glance it seems pretty legit, but when doing a google search on it, or even attempting to go there, it goes no where
  2. Content – written in broken english, the email attempts to play good cop by telling the user that another party has been attempting to register a domain name that is similar to the current one we have. As you know, must domain registrations are unrestricted and allows for anyone to register whatever they want, so this sort of ploy is counter to what we know.
  3. Footer – in order to look more authentic the phisher decided to include a real company, or on further investigation a company that seems to do domain name registrations. couple issues with this one. so the originating email and footer have different domain names, flag 1. they use a .org to have a semblance of authenticity, but most orgs usually dont try to outright sell services. if there was some sort of governing body over domain names, i would have expected a .gov.

Sometimes the Mac will have weird internet behavior,
this usually happens after you travel and connect to other wifis or gateways

The commands to attempt to fix this are:

we assume usage of Mac OS X 10.10.x (Yosemite), if you are on an older system, the commands are different

//clear arp cache
$ sudo arp -a -d

//clear dns cache
$ sudo killall -HUP mDNSResponder

ARP (Address Resolution Protocol) handles the low-level exchanges in order to map an IP address to a link layer address on demand. Sometimes if the connection has cached bad link layer addresses, clearing the cache can help.

DNS (Domain Name System) handles the conversion of domain names to IPs. for example facebook.com translates to 69.171.230.5 and this is how a computer decides how to reach facebook. In some cases, there is an attack called dns poisoning, basically what happens is that when your computer goes to the DNS master, to resolve facebook.com, the master (in this case the attacker, most likely using a man-in-the-middle attack) will return a different IP, this basically makes it so that you are unable to goto facebook or redirected to a facebook-looking site. This attack is commonly used in China to block access to certain sites. Clearing the cache sometimes helps because it forces the system to go resolve the domain name/IP addresses mapping again.

Gatekeeper

there are times when your organization/company locks down your computer and you have to install software. Here is how to gain access to install software.

Obviously you will need to have root access. Most of the time, if you are configured as an administrator on the Mac, you will be able to gain root.

1. Open up Terminal
2. Run this command $ sudo spctl –master-disable

spctl is the Mac’s SecAssessment System Policy Security.

What we are doing is Disabling the assessment subsystem altogether. Operations that would be denied by system policy will be allowed to proceed; assessment APIs always report success. Requires root access.

see:

SC-REMOTE-RF
I bought the MustangAV SC-E106D169 (a motorized 16:9 106″ screen) a while back, and when I moved I forgot to pack my remote, So I had to buy a new one.

the model number is SC-REMOTE-RF and can be found at Newegg.com for around $35.99
http://www.newegg.com/Product/Product.aspx?Item=N82E16824992112

Once I received the product, there was no instructions on how to sync the remote, as well as calling support on the mustangav.com site usually resulted in an answering machine.

Couple things I learned:
1. MustangAV is sold by Stampede which is located in Amherst, NY (which means they work EST hours)
Stampede Headquarters
55 Woodridge Drive Amherst, NY 14228
Tel: +1 800.398.5652 (Toll free)

2. MustangAV’s support number 866-395-0370 probably gets redirected to Stampede
3. Email and voice mail messages don’t seem effective, best to get a hold of Tom (MustangAV support guy), if possible.

Syncing instructions
After many calls and emails, I was finally able to reach Tom. He was able to send me the syncing instructions, which I will include here, because I could not find them on Google either. Hopefully Google indexes this site and will pick it up.

I’ve included the text here:
1. PRESS and HOLD the upper and center buttons of the RECEIVER together simultaneously until the green LED
indicator light begins to flash.
2. When the green LED indicator light flashes, press the upper button located on the SC-REMOTE-RF (transmitter) and hold until the signal is recognized.
3. The SC-REMOTE-RF has now been reset and synchronized with the receiver. You should now be able to control the operation of the projection screen.

download SC-REMOTE-RF REMOTE MANUAL

I won’t say I’m the best player because there are definitely players that have way higher scores than me, but here are some pointers for how to achieve higher tsum tsum scores.

tsum
typical play – no boosts

fast is slow, slow is fast
sometimes you want to go fast, but going fast means that you over-think and over-analyze. let the fingers do the work and let your mind handle the calculations. don’t try to go fast, just go.

keep the end in mind
when clearing a bunch of tsums, look for the next sequence, attempt to predict where they will fall. many times the starting point of where you start the chain affects how good the chain is.

buy happiness boxes
as the happiness boxes are only 10k, you should buy them until you have filled the first 8 characters (Mickey, Minnie, Donald, Daisy, Goofy, Pluto, Chip, Dale). the reason we do this is to gain latent points. everytime you play, 5 different tsums are used, the more tsums that you own, the higher the point value, and as you play, they keep gaining levels/points even though they are not your main tsum.

buy premium boxes
once you have gotten the first 8 characters, start buying only premium boxes at 30k, try not to use the coins for anything else, other than boxes.

buy tsum level caps
always buy tsum level caps, this will ensure that when this tsum shows up, you will maximize points

attempt to always complete missions
when completing the missions it will give you 800 coins daily. which is a good way to get coins. by now these challenges should be pretty simple with < 10 plays to complete. for high scores, use “+score” and “5>4”
the +score gives an extra 10% and the 5>4 makes it so there is higher likelihood of getting some nice chains.

tsumDetail

choose high value tsums
take a look at all the tsums, in all of them under the level, they will have a score. this is their default base score. obviously the higher the level the higher the points, but the points only increase linearly. so find a tsum that has a high base value, it will make getting points faster. if their score at level 10 is less than 100, they are probably not worth playing.

choose tsums that have a predictable clear pattern
if we take one of the tips from earlier about keeping the end in mind, it is imperative that you be able to predict what the next move is, with a bunch of these characters that do random things – biggest culprit is clears a bunch of tsums at random, it is difficult to predict. some that i consider bad are (Goofy, Tigger, Scrump, Cheshire Cat, Bambi)

some others that are not that great is Maleficent. she has a high base value, but her strategy basically means that when its skill time, you will have to have lined up some nice massive chains, and even then the skill is so short that you only have enough time to pull off 1 or 2 chains.

clear your main tsum first
as you have chosen a tsum with a high base value, clear your main tsum first, as they will always be there and will be more plentiful. this will guarantee a better score, as well as get that skill in faster.

After tasting 20 beers, the average ranking was:

  1. Almanac- Farm To Barrel (Dark Pumpkin Sour)
  2. Cambridge Brewing Co- The Great Pumpkin Ale
  3. Shipyard- Pumpkinhead
  4. Southern Tier- Pumking
  5. Elysian- Punkuccino

the tasting group seemed to prefer sours, and didn’t like overly sweet beer, thus the discrepancy between average rankings and my rankings…

  1. Elysian- Punkuccino
  2. Southern Tier- Warlock
  3. Avery- Rumpkin
  4. Avery- Pump[ky]n
  5. Almanac- Farm To Barrel (Dark Pumpkin Sour)

you can download the data here:
pumpkinBeer

IMG_6764
Wynkoop – Pumpkin Ale
ABV: 5.5%
Type: Ale
Description: ale brewed with pumpkin, honey and spices
Nose: sweet honey
Tasting Notes: sweet nose, average pumpkin mid, not much of an end
Rating: 1/5
An: 1, Av: 3, Bi: 2, Br: 2, Gl: 3

IMG_6763
Anderson Valley – Fall Hornin’
ABV: 6.0%
Type: Ale
Description: ale brewed with pumpkin and spices
Nose: pumpkin, nutmeg
Tasting Notes: light nose, bland, very subtle pumpkin/bitterness at the end
Rating: 0.9/5
An: 2, Av: 2, Bi: 4, Br: 2.5, Gl: 2

IMG_6762
Southampton – Pumpkin Ale
ABV: 5.5%
Type: Ale
Description: ale brewed with pumpkin, spices and vanilla extract
Nose: more alcoholic, sour
Tasting Notes: non existant nose, kinda chardonnay feel, very light
Rating: 0.9/5
An: 3, Av: 4, Bi: 2, Br: 3, Gl: 1.5

IMG_6761
St-Ambroise – Pumpkin
ABV: N/A
Type: Ale
Nose: strong spices, vanilla
Tasting Notes: light nose, plain mid, beer/bitter pumpkin end
Rating: 1.2/5
An: 3, Av: 1, Bi: 3, Br: 3.5, Gl: 1

IMG_6760
Hoppin’ Frog – Frog’s Hollow Double Pumpkin Ale
ABV: 8.4%
Type: Ale
Nose: strong sweet pumpkin, vanilla, all spice
Tasting Notes: light all over, spice kick, refreshing, slightly sweet end
Rating: 2.3/5
An: 3, Av: 2, Bi: 2, Br: 3, Gl: N/A

IMG_6759
Southern Tier – Warlock
ABV: 8.6%
Type: Malt
Nose: sweet coffee pumpkin, nice creme brûlée dessert like
Tasting Notes: sweet pumpkin front-mid, dark, molasses end
Rating: 3.7/5
An: 1, Av: 3, Bi: 2, Br: 3, Gl: N/A

IMG_6758
Southern Tier – Pumking
ABV: 8.6%
Type: Ale
Notes: sweet pumpkin pie, vanilla
Tasting Notes: light front, with pumpkin pie like taste, slightly burnt sugar, butter end
Rating: 3.5/5
An: 4, Av: 3, Bi: 3, Br: 4, Gl: N/A

IMG_6757
Epic Brewing – Fermentation without Representation (Imperial Pumpkin Porter)
ABV: 8.4%
Type: Porter
Nose: malty, belgian-ish
Tasting Notes: light front, dark sweet and coffee-ish interesting mid, carbonated end
Rating: 2.7/5
An: 4, Av: 2, Bi: 3, Br: 2, Gl: N/A

IMG_6756
Dry Dock – Imperial Pumpkin
ABV: 9%
Type: Ale
Description: autumn in a glass
Nose: sweet pumpkin
Tasting Notes: sweet front, strong nutmeg, spice mid , slightly bitter end
Rating: 1.7/5
An: 1, Av: 3, Bi: 1, Br: 3.5, Gl: N/A

IMG_6755
Elysian – Punkuccino
ABV: 5%
Type: Ale
Description: packs a short shot of stumptown coffee, shake of cinnamon and nutmeg
Nose: very strong coffee, vanilla
Tasting Notes: light nose, coffee caramel mid, slightly bitter end
Rating: 3/5
An: 1.5, Av: 0.5, Bi: 3, Br: 4, Gl: 4

IMG_6754
Elysian – Dark O’ The Moon
ABV:6.5%
Type: Stout
Description: stout brewed with pumpkin and pumpkin seeds with cinnamon
Nose: candied apple cinnamon
Tasting Notes: very coffee-ish mid, bitter/carbonated end (missing pumpkin)
Rating: 1.3/5
An: 1, Av: 2, Bi: 2, Br: 2.5, Gl: N/A

IMG_6753
Cambridge Brewing Co – The Great Pumpkin Ale
ABV: 5.47%
Type: Malt
Nose: sour-ish
Tasting Notes: mid nose, carbonated mid, slight tart end
Rating: 2.3/5
An: 4, Av: 4.5, Bi: 4, Br: 4, Gl: N/A

IMG_6749
Almanac – Farm To Barrel (Dark Pumpkin Sour)
ABV: 7.0%
Type: Sour
Description: ale brewed with pumpkin and spices, aged in wine barrels
Nose: sweet malty, strong sour
Tasting Notes: can’t tell the pumpkin, strawberry sour, hints of bitterness
Rating: 3/5
An: 5, Av: 4.5, Bi: 4, Br: 5, Gl: N/A

IMG_6748
Shipyard – Smashed Pumpkin
ABV: 9.0%
Type: Ale
Nose: medium pumpkin/spices
Tasting Notes: sweet front, mid/end hoppy-ness
Rating: 1.5/5
An: 2, Av: 1, Bi: 1.5, Br: 3, Gl: 0.5

IMG_6747
Shipyard – Pumpkinhead
ABV: 4.5%
Type: Ale
Nose: light pumpkin spice, ginger
Tasting Notes: sweet front, light mid and end
Rating: 2.5/5
An: 4, Av: 3, Bi: 2.5, Br: 4, Gl: 2

IMG_6746
Avery – Rumpkin
ABV: 16.73%
Type: Ale
Description: Ale brewed with pumpkin and spices, aged in rum barrels
Nose: toasted pumpkin seeds, banana bread
Tasting Notes: fortified with raisin, very sweet end (complex)
Rating: 3.3/5
An: 0.5, Av: 0.5, Bi: 1, Br: 2, Gl: N/A

IMG_6744
Avery – Pump[ky]n
ABV: 17.22%
Type: Porter
Description: Porter brewed with pumpkin and spices, aged in bourbon barrles
Nose: sweet, sugary, coconut
Tasting Notes: super strong sweet, coconut end
Rating: 3.2/5
An: 1, Av: 0.5, Bi: 1, Br: 2, Gl: N/A

IMG_6743
Magic hat – Wilhelm “Scream”
ABV: 5.4%
Type: Ale
Nose: medium pumpkin
Tasting Notes:light nose, strong mid flavor, dark , approachable end
Rating: 1.2/5
An: 3.5, Av: 3, Bi: 4, Br: 3, Gl: 1

IMG_6741
HornyCopia – Pumpkin Ale
ABV:6.3%
Type: Ale
Notes: strong pumpkin
Tasting Notes: light nose, hoppy-ness, very bitter end
Rating: 1/5
An: 2.5, Av: 3, Bi: 3.5, Br: 3.5, Gl: 1

The other day, my mother informed me that someone had impersonated my aunt and was sending some interesting emails – here’s a running transcript of our email conversations…

July 26
Troll > Me

Hello,

I need your help, Can you do me a Favor?

Thanks & Regards.

Lily

July 28
Me > Troll

yes. what is it

July 31
Troll > Me

Hello,

I hope you get this on time, I just arrived in Istanbul,Turkey for a Business Trip,i got robbed; Cash, phones and other valuables things were stolen,it’s such a crazy experience.It has really been embarrassing for me. the authorities are not being 100% supportive but the good thing is i still have my passport and flight leaves later today. I need your help, I’m in a fix. i need a loan of $720 USD from you. You’ll have it as soon as I get back home. I lost my bank card, I’ll appreciate what you can give if not all. It’s really urgent, please get back to me asap, I’ll advise on how to send it.

Looking forward to read back from you soon,

Thank You.

July 31 10:01 AM
Me > Troll

I can definitely give you a loan for $1000, to make sure everything is ok. Please advise on how to send the money.

August 1 4:47 AM
Troll > Me

Thanks for doing me this favor, You can have the money wired to my name my name and location,Via Western Union Money transfer around you, which is the best and also the safest here, all you need is the info below

Receiver’s Name: Lily Chen
Address: Address: Güzelbahçe Sokak, Nisantasi, 34365, Istanbul, Turkey.
State: Istanbul
Country:Turkey

Kindly email me the confirmation number as soon as you are done, you will need to get back to me with the western union MTCN number and the complete sender’s name as written on the western union receipt to enable me pick up the money. I will be glad to see this work out and i promise to pay back as soon as am back home.Hope to read from you soon.

I owe you a Lot..

Thank you
Lily

August 1 5:39 AM
Troll > Me

Hello, what is going on? am hanging on here to read from you with the Western Union details for the pick up of the money once you have it done and I promise I’ll refund it as soon as we get back home please i really help count on you please don’t let me down because i have limited time in getting out of here…Hope to read from you soon

Thank You
Lily

August 1 7:30AM
Troll > Me

Hello, what is going on? please let me know if you really still want to help me out of here because i have limited time in getting out of here and also i really count on you please don’t let me down, I promise to make it up to you as soon as am back home so keep me posted with the transfer details as soon as you are done….Hope to read from you soon.

Thank You
Lily

August 1 7:34 AM
Troll > Me

Hello, what is going on? please let me know if you really still want to help me out of here because i have limited time in getting out of here and also i really count on you please don’t let me down, I promise to make it up to you as soon as am back home so keep me posted with the transfer details as soon as you arte done….Hope to read from you soon.

Thank You
Lily

August 1 9:45 AM
Troll > Me

What is going on?

August 1 9:47 AM
Me > Troll

I went to Western Union and attempted to wire the funds, but they said that there has been a high level of suspicious activity to the address and location that you provided and did not allow me to wire the funds. Do you have an alternative address?

August 1 10:46 AM
Troll > Me

Okay, am very happy you are helping me out of here, Here is another address below you can have the money sent to me in turkey:

Receiver’s Name:Lily Chen
Address: 23 Sirkeci, Eminonu Fatih, Istanbul 34210, Turkey
State: Istanbul
Country:Turkey

Kindly email me the confirmation number as soon as you are done, you will need to get back to me with the western union MTCN number and the complete sender’s name as written on the western union receipt to enable me pick up the money.Hope to read from you soon because i have limted time in getting out of here.

Thank You
Lily

August 1 12:27 PM
Troll > Me

What is going on?

Lily

August 1 1:02 PM
Me > Troll

Lily,

I had some meetings to attend and was unable to get to Western Union to do the wire transfer. Please be patient.

Lately I’ve been trying to run some load scripts that basically take data from mySQL and convert them to a Redis Luke Protocol. Part of the reason why I wrote it in Java was because the cached object needed to be Java serialized.

I ran into some issues while running some tests. It seems that my Eclipse memory heap was not big enough. Here are steps to increasing it.

1. Open Eclipse
2. Eclipse > Preferences > Java > Installed JREs

installedJre

3. Select the current JRE
4. Select “Edit”
5. Modify the default JVM properties to something like:
-Xms512M -Xmx1024M

editJre