Macrotone Blogs

Macrotone blogs upon Joomla, our products and other matters.

Running scheduled (cron) tasks with Joomla

joomlaWe have recently developed a feature with one of our components to make use of a scheduled task to perform a repetitive action, which avoids the need for us to enter the site and manually click upon various icon(s) which in turn cause the required action(s) to occur. Such a requirement is reasonably common and includes things such as sending scheduled emails etc. We were expecting it to be difficult to implement but as it turned out was pleasantly easy to achieve.

Upon UNIX based systems ‘Cron’ is a daemon that provides a time-based job scheduler that runs in the  background on UNIX systems that executes commands at specified intervals. These commands are called "cron jobs."  Windows servers use a Scheduled Task to  execute commands. Typically a task requiring repetitive actions  to be carried out on a regular (pre-determined) basis would be ideal candidates for using ‘cron’.

There are basically a few methods that can be used to provide a  scheduled task within Joomla. The preferred method will depend upon the specific web hosting supplier and the facilities they supply. [For our implementation it was necessary to supply both mechanisms, since some of our users’ systems may not have one or the other.]

Continue reading

reCAPTCHA updated by Google

We have noticed recently that on some sites, that Google’s reCAPTCHA have included a number of numeric challenges instead of characters. We didn’t take much interest at the time but mentally noted it.

Google has today rolled out an updated version of its reCAPTCHA system.  We first saw the details herereCAPTCHA is a user-dialogue system originally developed by Luis von Ahn, Ben Maurer, Colin McMillen, David Abraham and Manuel Blum at Carnegie Mellon University's main Pittsburgh campus, and acquired by Google in September 2009. CAPTCHA stands for “Completely Automated Public Turing test to tell Computers and Humans Apart”, and as its name implies, it is a quick test used in computing to determine whether or not the user is human, and one has probably seen it many times on different sites, and we even use it upon our own, however we still seem to be displaying character strings.

http://techglam.com/wp-content/uploads/2013/10/reCAPTCHA.jpg

Generally reCAPTCHA  presents two words (and the term words is used loosely): one which it knows (used to test whether you are human), and one which it doesn’t (used to help digitize the text in books). Since humans find numeric CAPTCHAs (pictured above) significantly easier to solve than those containing arbitrary text, Google will be showing you more and more numbers, which explains our observations. So we can expect to see it more often.

Detected intrusion attempts again

We are seeing a persistent number of web attacks on our site by hackers which seem specificaly designed to attack a WordPress site.

These attacks take the form of Remote File Intrusion attempts. These are where hackers try to force a vulnerable extension into loading PHP code directly from their server. This is done by passing an http(s):// or ftp:// URL in their request, pointing to their malicious site.

They are using Wordpress plugins in the main, so if you are a WordPres site this is something be to aware of. The source of the attacks is a little varied but the IP addresses tend to indicate the US and Canada, but of course these may be compromised addresses hiding the real source.

Detected intrusion attempts

We have detected an unusual (for us) sudden spate of web attacks on our site by hackers which we thought we would share with the community.

These attacks have taken a different route to those we normally see. They have basically fallen into two separate categories:

Malicious User Agent:  
This attack vector describes where a hacker tries to access the site using a browser configured to send malicious PHP code in its user agent string (a small piece of text used to describe the browser to your server).  The idea behind it is that buggy log processing software will parse it and allow the hacker to gain control of the website.

Direct File Inclusion:
In this attack vector a hacker tries to trick vulnerable components into loading arbitrary files. Depending on the vulnerable component, the file will either be output verbatim or parsed as a PHP file. This allows attackers to disclose sensitive information about the site or to run malicious code uploaded to the site through another vulnerable vector, e.g. an unfiltered upload of executable PHP code.

Private IP addresses visible on Internet?

This should not happen, BUT we have observed a few private IP addresses being used by visitors to our site.

An IP address is considered private if the IP number falls within one of the IP address ranges reserved for private uses by Internet standards groups. The following  private IP address ranges exist:

      10.0.0.0 to 10.255.255.255
      169.254.0.0 to 169.254.255.255 (APIPA only)
      172.16.0.0 to 172.31.255.255
    192.168.0.0 to 192.168.255.255

These private IP addresses are (normally) used on local networks which includes homes, schools business LANs etc.  Devices with private IP addresses cannot (should not be possible to) connect directly to the Internet. Similarly devices outside of the local network cannot (should not be able to) connect directly to a device with a private IP.  Typically access to such devices are brokered by a router or similar device that supports Network Address Translation (NAT).  NAT effectively hides the private IP numbers but can selectively transfer messages to these devices, affording a layer of security to the local network.

Standards groups created the private IP addressing to prevent a shortage of public IP addresses available to Internet service providers and subscribers.

So given that these private IP addresses should not be visible on the Internet, how is it possible therefore for our site to have recorded access from devices with addresses in the 10.x.x.x and 192.168.x.x ranges? 

One can always block these devices from access to web pages by including the private address ranges within ‘blocked’ ranges, using commonly available tools available upon the web, but it still doesn’t explain how there are visible in the first place! If in doubt it is possibly wise to block them as a matter of course for a site on the Internet. Remember if the site is on a ‘local’ LAN that blocking them is not an option.

One wonders if there is a connection with the implementation of IP v6, and whether somehow these address ranges are getting through.  Alternatively perhaps a particular NAT provisioning mechanism is faulty?  Another possibility is that  dubious entities are using them to ‘mask’ their activities.  We are led to the latter possibility since the 10.x.x.x devices were attempting access to our site ‘back end’.

Despite some extensive searching we do not currently know the source of these connections, which raises a few possibly serious security concerns. We will continue our investigations.

Apple tracking iOS 6 users

apple
Apple's launch of the iPhone 5 in September came with a bunch of new commercials to promote the device. Not surprisingly Apple didn't shout quite so loud about an enhancement to its new mobile operating system, iOS 6, which also occurred in September: The company has started tracking users so that advertisers can target them again, through a new tracking technology called IFA or IDFA.

See Business Insider

Tags:

Microsoft IE Bug


Microsoft has released details of a method users of Internet Explorer can use to secure their computers from a recently discovered exploit allowing malicious code to run on a PC.

Microsoft has admitted to the bug, which it says hurts Internet Explorer versions 6 through 9, but leaves IE 10 alone. The flaw is described as follows:

A remote code execution vulnerability exists in the way that Internet Explorer accesses an object that has been deleted or has not been properly allocated. The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer. An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website.

The remedy is detailed in Security Advisory 2757760, where it says that there's no outright fix for the issue at present, but that users can work around the threat by deploying the Enhanced Mitigation Experience Toolkit (EMET), described as "... a utility that helps prevent vulnerabilities in software from successfully being exploited by applying in-box mitigations such as DEP to applications configured in EMET."

Website Anti-Spam


A recent comment requested some additional anti-spam option in our Issue Tracker component. That triggered much though on a topic that obviously impact all website and their components, be it blogs, commenting systems etc.

There are a number of different parts to preventing spam on a website and this is to expand upon our own particular take on the subject.

Spam is one of the many problem that face web sites today. It is basically the proverbial ‘pain in the neck’ and if not handled correctly can be very time consuming. How often have you viewed web sites where there are totally unrelated comments /registrations/ forums posts which has to make one think about the site’s reputation and credibility.

Our site is not immune to this problem and the source is not restricted to any specific country although there does seem to be a preponderance from locations such as Turkey, China, Russian Federation and more recently Ukraine and Brazil.

Continue reading

Amazon and Apple close security hole.


Amazon has closed a security hole discovered following the earlier journalists security hack earlier this week. On Tuesday, Amazon handed down to its customer service department a policy change that no longer allows people to call in and change account settings, such as credit cards or email addresses associated with its user accounts.



Apple has also suspended its policy of allowing over the phone AppleID password resets.


The journalists actual report is here.

Dangers of having your data in the cloud.

iCloud logo
This article describes how a US journalist was cut off from his entire digital life by attackers who tricked Apple support into re-setting his iCloud account.

If does illustrate very clearly just how much we trust we place in the cloud provider irrespective of who they are, when we put any of our data into the cloud. There is a lot to be said for the ‘old’ fashioned method running your own systems and ensuring they are backed up securely.

Go To Top

Joomla! Debug Console

Session

Profile Information

Memory Usage

Database Queries