萬法唯心 – Impermanence

Got Hacked Again!

September 4, 2007 3:09 pm

One of my joomla site (Design and Hosting) got hacked again! Usually I just fixed the configuartion file knowing that it will do the job, but also knowing that the vulnerabilities are still there. So this time I’ve decided to track down the problem, found out from the log that it was hacked by someone in Turkey using a something called R57shell! How it works on the other side seems quite simple, in this case the url used was

http://vinlai.com/index.php?mosConfig_absolute_path= —-

I won’t show the last part but it’s url to a site containing the r57shell script. And that’s it, they can view and change all all the files and directory! Anyway, in my case the problem was caused by a sef components used to rewrite the urls. Have no time to fix it now, only took out the hacked files. Will do a clean install this time since the current one is quite ‘broken’, until then, the site will be done. If you also uses Joomla, here are some guides which I found useful…

A lot of them are common sense like keeping the software up to date… can’t be lazy sometimes, will just end up spending more time fixing it after the damaged has been done!

— Update 17:10 —

Site back online! Using a different component for url rewrite this time, hopefully it won’t be hacked again soon…

Google Analytics New Version

May 9, 2007 11:09 am

Google keeps improving, they just released a new version of the Goolge Analytics yesterday. The main differences for me is the interface, when I compared sitemeter and Google Analytics last time, I mentioned that sitemeter has a simpler interface. With this new version, I feel that they have managed to put in as much information as possible in a user friendly way. It does take some time to get use to and they are new features which I haven’t try as well, e.g. the customisable dashboard. Remember, Google Analytics is free, Google is quite amazing. Here are some screenshots which I took:

Overview – Summary page

Google Analytics - New Overview

Some more

Google Analytics - Content Summary Site Meter - Site Overlay Google Analytics - Map Overlay

New QuGee Logo

April 29, 2007 9:59 am

Thanks to Jac, we now have a new QuGee Logo:

QuGee Logo

And also some changes to our QuGee frontpage, also new web buttons and badges:

QuGee button

QuGee Badges

If you want to put it on your site, this is the code:

<a href=”http://www.qugee.com/”><img title=”QuGee button” src=”http://www.qugee.com/images/qugee_button.gif” alt=”QuGee button” height=”15″ width=”80″ /></a>

Of course this is only one of the many ways to add the button. Lastly there are some very nice wallpapers which you can found on this page.

Upgraded to WordPress 2.1.3

April 28, 2007 3:32 pm

WordPress 2.1 has been released for quite a while now, but knowing that there could be many problems with plugins and I don’t want the website to be down for a long time, I have decided to leave it later. Finally got sometime this weekend, I have decided it’s time to upgread. Did the usual backups and search for new versions of all the plugins. Disable them all during the upgrade, overwrite the current wordpress with the new one, ran the upgrade script and everything was working except one or two plugins. Even WPG2, the wordpress-gallery2 plugin which I was worry of not working works without any further configuration.

Since I started upgrading the site, I tried out a few new plugins including the one on the stats page to show who’s online and another anti-spam image plugins. One feature which I really like about wordpress 2.1 is that in the edit page, it has two tabs for switching between Visual and Code rather than before where it pops up a window for editing the HTML code. I really appreciate and quite impressive with open source software!

More on Sitemeter and Spyware

April 27, 2007 9:38 am

Today, sitemeter is down again and I went to check the code on my site using a firefox plugin and found that as well as the code that I expect to see, there is something extra:

<iframe width=”0″ height=”0″ frameborder=”0″ xsrc=”http://dg.specificclick.net/?u=http%3A//vinlai.com/blog/&r=” style=”display: none;”>

Wondering why is sitemeter sending info to dg.specificclick.net? Me too! Did a search on google and found this post on “SiteMeter and Spyware (Sort of)“, it was found that this piece of code will return a set of tracking cookies. So I cleared my cookies and reload this page again, didn’t find any suspecious cookies yet, only cookies from sitemeter themselves so will check at a later time or another computer to confirm.

Sitemeter – Spyware?

April 24, 2007 10:20 pm

The sitemeter site has been down for 2 days for me so I started searching to see if other people are experience a similar problem. Other than finding out that some others are experiencing the same problem, I accidentally find a post on “Did Sitemeter sell out to Spyware?“. I did a few more search to see if sitemeter is really sold out to Spyware, but that’s up to you to decide, I would still consider it as unconfirmed. However due to the server being down for me for 2 days, I’m really considering of taking it out for this site and just use Google Analytics instead. If you are also using sitemeter, find out more for yourself from the link above.