Bad news! guys.. My blog was under attack for several times during this year. (Thanks to my readers who informed me about the problem.) I have successfully removed the injected script from my blog so it’s safe for you guys to read my blog again. (Actually, It was safe for you guys because the domain in the injected script is in the blacklist so the browser will automatically block you from accessing it. ) In this post, I will inform you about the injected script and the list of changes that I did to prevent this from happening again.

The attacker was targeting the footer.php file in the current theme that I’m using. The following script was injected in footer.php file.

The Injected Script

Fig 1: The injected script

Analyzing the Javascript

By looking at the script, I knew that that person was using Javascript function “unescape” to decode his encoded string. But I couldn’t say what he wrote in that encoded text. So, I used the online JavaScript Escape/Unescape Converter tool to decode the string.

I copied the whole text and paste it in “escape text” textbox and click on “Complete Unescape” button.

Here is what I got for the first conversion.

Fig 2: The decoded script - part 1

As you can see, the text was encoded twice so I copied the text between unescape brackets and converted it again in converter webpage.

Here is the second part of the decoded script.

Fig 2: The decoded script - part 2

But there are some % and number (e.g. %62 ) in the URL but it’s very easy to figure out what it is.  I went to the “HTML URL Encoding Reference” page and I got the ASCII character for four numbers.

• %20 = {whitespace}
• %62 = b
• %65 = e
• %63 = c

The purpose of this script is that when user access my blog then it will show this site below in iframe. But luckily, this site is in black list so the most of browser will warm you or refuse to show that site so the attacker will not get what he wanted.

Fig 3: Black website

I thank to him for not deleting any data or etc. It encourages me to take good care of my site even I’m very busy. :)

What did I change to prevent this?

I changed the following things but honestly, I have no idea whether it will work or not. I will have to wait a few months or year to see the result. I’m posting this because if you are facing the same problem as I had and you don’t know what to do then you can probably try doing the same thing like I did. Please feel free to let me know if you have any better idea or suggestion.

Tips

1. Ensure WordPress and all plugins are up-to-date.
2. Delete all unnecessary plugins or themes that you are using in your blog. If you have other extra files in your host, do delete them as well.
3. Disable unused accounts in your host and change the password of current account that you are using.
4. Use auto-backup software or plugin or etc to back-up all files (including images, samples) and database.
5. Double-check the security setting of your blog (You can read the best practice for WordPress Security in this link Hardening WordPress ) If you are not familiar with those things then you should ask your hosting provider to help you or get someone to do this.
6. Install some security plugins. I installed the following plugins for security in my blogs
   • AntiVirus – By Sergej Müller
   • Login LockDown – By Nicolas Zimmer
   • WP-MalWatch – By OrangeCast
   • WP Security Scan – By Michael Torbert

Well, That’s all that I did. Like I mentioned, let me know if you have any better way to secure the wordpress blog. Thank you all for reading.. :)

Related ~

• WordPress FAQ: My site was hacked
• How To Completely Clean Your Hacked WordPress Installation
• Old WordPress Versions Under Attack

Obviously, I’m not a SQL expert and I was focusing on WPF, Silverlight and patterns during last two years. But recently, I got an opportunity to wear multiple hats in my new job and SQL is the one of the hats that I’m wearing now. :)

Okay. Let’s talk about this post.. This post is about how to read the SQL image data, save it as an image file and how to update the existing image data with new image file from SQL Query Panel.

This is the screenshot of one of our games. As you can see in this screenshot, there are some images that we are using in our Silverlight game. Those image comes from database.

I thought that SQL 2008 R2 Management Studio would have something that allows us to view or change the existing images (binary) but Unfortunately, it has nothing that you can view the images. (Please take a look at the screenshot below. This is how you will see the image data in SQL 2008 R2 Management Studio. very powerful tool, isn’t it? :) )

I looked for open source or free tool that I can view the image from SQL database and save it as a file. I found a few trail tools but none of them are good enough. I decided to do some experiments on SQL script and here is something that I come up with.. I’m not sure whether this is a good solution for you guys or not but it’s good solution that I can live with for now. If you have any good solution that you are using in your work then please feel free to let me know..

Let’s take a look at the script.

Enabling Ole Automation Procedures in SQL

Before running the script, you need to enable “Ole Automation Procedures” by using the script below. Note that you need to have an administrative right to run the script.

sp_configure 'show advanced options', 1;
GO
RECONFIGURE;
GO
sp_configure 'Ole Automation Procedures', 1;
GO
RECONFIGURE;
GO

Once you enable the option then you should be able to read the image by using Ole and save it as a file.

Reading Image Data and Save it as a image file

You need to set the path where you want the generated image to be saved. Did you notice that I mentioned the file extension in @filePath? It’s because I know that all images that we are using are .jpg but it would be great if we can write something that can detect the image format from the binary data. If you have the script please share with me. ^^

DECLARE @objStream INT
DECLARE @imageBinary VARBINARY(MAX)
SET @imageBinary = (SELECT imagedata FROM dbo.tblDefaultImages WHERE imageid = 121)
DECLARE @filePath VARCHAR(8000)
SET @filePath = 'C:\\MS\\r.jpg'
EXEC sp_OACreate 'ADODB.Stream', @objStream OUTPUT
EXEC sp_OASetProperty @objStream, 'Type', 1
EXEC sp_OAMethod @objStream, 'Open'
EXEC sp_OAMethod @objStream, 'Write', NULL, @imageBinary
EXEC sp_OAMethod @objStream, 'SaveToFile', NULL,@filePath, 2
EXEC sp_OAMethod @objStream, 'Close'
EXEC sp_OADestroy @objStream

Updating the image

Here is the script for updating the existing binary data with new image file. I didn’t use Ole here because OpenRowSet is very easy to use and much shorter..

UPDATE [YourDatabase].[dbo].[tblDefaultImages]
SET imagedata =  (SELECT * FROM
OPENROWSET(BULK N'E:\\FTPRoot\\MS\\rhyme\\rhymeObjects\\wine.png', SINGLE_BLOB)
AS Document)
WHERE imageid = 127

Okay. That’s.. What do you think?

Just in case if you are not following our Singapore Silverlight User Group’s website, here is the WCF RAI presentation slide from our last meetup. Please feel free to download it.. I hope it would be helpful if you are also preparing a talk about WCF RIA.. :)

Download ~

• WCF RIA Services Presentation.pptx (513KB)
• WCF RIA Services Presentation.ppt – Office 2003 Format(1.67MB)

Related ~

• Singapore Silverlight User Group – 1st Meetup
• Singapore Silverlight User Group – 3rd Meetup Photo
• SG Silverlight User Group – June 2010 Meetup Photos

Good morning! I hope you guys are doing well. I’m doing all right. I’ve been so busy lately and was not able to update anything on my blog for long time. I’m very sorry about that. The problem with me is that I want to know or experiment a lot of things so I keep on taking more tasks even I already have a lot of things in my hand. At the end, I always end up working late or working on weekends. I know this is definitely not a good way of living.. I will have to manage my time carefully and need to put more efforts on planning.

Okay. Let me update you guys on what I’m doing lately.

Changes in my blog

I managed to spent some times for changing a few things in my blogs today. I wanted to make those things since long time back but it took quite a while to finish the whole things so I ended up rolling back my changes after I’ve done here and there. Finally, I finished changing almost everything that I want for my blog. I’m very happy about it. :)

1. New Theme

I’ve been using the WordPress theme called “Fluid Solution 1.0″ created by Viktor Persson in my blog for long time. I forgot to blog when I changed that theme so I don’t remember how long my blog has been wearing it. (BTW, if you are interested in viewing my old blog themes, you can check them here,  here and here. ) I’m glad that I finally found new awesome theme created Shlomi Noach in wordpress theme directory and I’m going to start using it for my blog.

2. Feedburner

I accidentally removed my feedburner image when I switched my theme from Freshy to Fluid Solution. I got some feedbacks from my reader saying that they used to have problem in finding my RSS feed so I re-added my feedburner image that I used to have earlier. Now, you can click on Feedburner image to subscribe my feed. Or, please click here you can also subscribe me by email address.

I added one more widget that you can subscribe my feed by email address in right-bar…

3. Social network sharing

I added three plugins that can help you for sharing your favorite posts in your social network or with your friends. For me, I used to use the browser plugins or copy the URL manually to share something that I like in social network.

• AddThis plugin : This is an official plugin from AddThis team and it supports 305+ social networking services.

  

• Easy Retweet : I added this plugin as well for retweeting your favorite post on twitter. Note that you will be able to see this in individual posts only, not in home page or list..

  

• TweetMeme Retweet Button : This plugin is pretty cool. very stylish and well-written plugins. But I feel like Easy Retweet and TweetMem are a bit overlapped. I can’t decide which one will work best for you guys. Feel free to give me the feedback for this. I will see whether I should keep it both or remove either one based on your feedback.

  

• Kouguu FB Like : If you are a facebook user like me, you might want to share your favorite thing with your facebook friends. That’s why I added “Kouguu FB Like” plugin in my blog so that you guys can simply click on “Like” button that you used to do whenever you feel like to share my articles with your friends.

  

• Wickett Twitter Widget : Well, this is not really a sharing plugin but it will show you what I tweet on twitter. I hope this plugin will be useful when I can’t update my blog so often so my reader can read my twitter. By the way, my twitter id is @michaelsync in case you didn’t know..

I installed a few plugins like Fast and Secure Contact Form, WP Security Scan, WP-MalWatch and etc as well. That’s all for my blog.

Job

I’m sure that you guys already know that I left Xuenn last year. And then, I joined Consistel and worked for WPF projects for 7 months. After that, I recently joined Memolife as a Solution Architect to develop/refactor their Silverlight games. Don’t ask me why I moved one company to another so quickly. :) I will probably write about this in different post. Memolife is a interesting startup company and they are focusing on developing Silverlight games that can help users to increase the memory capacity and help them to memorize more things. We are currently refactoring our games and we will be using the following interesting things ~

• Silverlight 4
• Silverlight for Phone 7
• Managed Extensibility Framework
• Unity
• Visual Studio Test Framework/Silverlight Test Framework
• Moq
• Enterprise Library or CLog (We haven’t decided it yet )
• Scrum for managing project and some Xp practices

Yeah. Those are pretty cool stuffs. But of course, we are going to have a lot of challenges as well.

Education

I enrolled Master of Information Technology course in University of Southern Queensland a few months back. I’m currently taking two modules per semester since I couldn’t study full time. I need to complete 12 modules to get the master degree and I hope that I will be able to complete this course next year.

Okay.. That’s all from my side. Now, you guys tell me what you are doing lately.. :)

We had 3rd Singapore Silverlight User Group meetup at hackspace yesterday. Chris from Microsoft gave amazing talk about Silverlight for Windows Phone 7. It was really fun.. Hope to see you guys next month.

Related ~

• Singapore Silverlight User Group – 3rd Meetup
• Singapore Silverlight User Group – 2nd Meetup
• Singapore Silverlight User Group – 1st Meetup Photo

As .NET compact framework never support System.Reflection.Emit, we can’t use Reflection.Emit in Windows Phone 7 development. So, it prevents us from porting the existing frameworks like Unity, Castle Dynamic Proxy, Moq and etc to Windows Phone 7 development platform. I was looking all options that helps us to use Reflection.Emit in Phone 7. The first option that I check is to port Mono code to Silverlight for Phone 7 version. The second option is to use Mono Cecil that is using in Mono Core. And the third option is to use EmitCF but I don’t see any update after beta release so I guess this project is dead already. So, I decided to give a try on Mono Cecil.

Mono Cecil supports Silverlight, Compact Framework and .NET desktop version. So, it’s very easy to make Cecil work on Phone 7. All I have to do is to create a conditional called CF in csproj file and then it will work like a charm. I submitted a patch to Mono Cecil but Jb Evain said that he doesn’t want to provide csproj officially so I will make the files downloadable here.

Download ~ cecil.zip (Please use Mono.Cecil – 2010.sln and Mono.Cecil-Phone.csproj )

What is Mono Cecil?

Cecil is a library written by Jb Evain to generate and inspect programs and libraries in the ECMA CIL format. It has full support for generics, and support some debugging symbol format.

In simple English, with Cecil, you can load existing managed assemblies, browse all the contained types, modify them on the fly and save back to the disk the modified assembly.

Today it is used by the Mono Debugger, the bug-finding and compliance checking tool Gendarme, MoMA, as well as DB4O.