Timthumb hack – how to recover

Posted on by
Reply

Wordpress security protection

If you are one of the many bloggers who got nailed by the nasties injecting malware into your innocent javascript files, I feel for you.

You see, it happened to me too.  For the past week, all I’ve done is clean, re-clean, check, re-check and generally get more and more frustrated until finally it’s been a whole, ahem, 8 hours since the red Avast flag went up.

Phew (I hope).

Here’s what I did and worked for me.

  • Make sure you have a backup.  You have been taking backups right? Right?  There are many choices, especially in terms of easy-to-setup and user friendly plugins.  Get one, and get in the habit of always having a good backup.
  • Update anything that needs updating: WordPress itself, plugins and themes.  This is very, very important.
  • Go to Sucuri, and have it scan your blog for free.  It will tell you precisely which files are affected.  Mostly it’s been jquery/jquery.js and l10n.js located inside wp-includes/js Wordpress folder.  Sucuri will tell you the exact path.
  • Remove the gunk: the malware is tacked on to the end of the file and looks like this:
var _0x4de4=["\x64\x20\x35\x28\x29\x7B\x62\x20\x3....
  • Once you remove the offending code from a file, go back to Sucuri and re-scan.  Repeat until Sucuri gives you a clean bill of health.
  • Now, you need to plug the vulnerability to stop further attacks.  Find every instance of timthumb.php or thumb.php in your WordPress installation.  This is the file that is out of date, and must replaced with Timthumb 2.0.  This is for those themes and plugins that use the script, and hasn’t been updated.
  • Change your admin, ftp, and database passwords.
  • Monitor every few hours to make sure the nasties haven’t crept back in.
  • If all else fails, wipe your hosting clean, re-install WordPress, grab your content from the backup (you do have a backup, right?), and you should be up and running in under 30 minutes.

In my case, I had found that many instances of Timthumb were sitting in themes that I wasn’t using anymore, but had left installed.  Mistake.

If you have themes or plugins that are installed, and you are not using, just get rid of them!

The other problem was that I only updated timthumb/php, and not thumb.php – forgot to search for it.  Needless to say, a couple of hours later, the malware was back in the javascript files, I had to go through the procedure again.

I hope this is the end of this saga.  I’ve made sure I’ve gone through WordPress’s hardening guide, and implemented most of the recommendations.

At the time of writing this post, things were still looking A-ok, and I now know more about WordPress security than I ever thought I would ever need to know.

For specifics on the how and the variants, check out this post on the Sucuri blog and this more technical and thorough walkthrough of the events.

Choose your best story

Posted on by
Reply

It was a very cold winter.  She must have been around 12 years old.  I don’t recall the exact reason, but she missed the school bus – the only form of transport available to her and her village to get to school.

Undeterred, she put on an extra pair of socks, and she started walking.  She walked the long, interminable 8 kilometers to school.  It took her nearly two hours, but she pressed on, her mother’s words on the importance of education ringing in her ears.  She was determined not to let a mere lack of transportation get in the way of her schooling.  Not even for one, cold, solitary day.

Today, she’s a C-level leader in a cut-throat industry, excelling at her craft, and raising two feisty boys, with the very same ethos that kept her warm on that long, cold walk to school.

Yet, would this highly successful leader choose this particular story to in a show-and-tell? Would she share this story on how deeply rooted her determination to succeed is?  Knowing her, probably not.  She would likely craft an interesting, politically correct, project turn-around story – a well-worn tale, predictable and expected.

Yet, of all the stories she has lived in time I knew her, the school story is the most compelling in illustrating her strength of character, her persistence, and her fierce determination to see something of importance through to its successful conclusion.  Somehow, with the background of the story, it all fell into place for me, a deeper understanding dawning on me about her, even though by this time we had been colleagues to start with and developed a close friendship that is still strong today, almost 20 years later.

How do we choose our story? Which one in our arsenal do we carefully pick out to share when are inviting others into our world, work or otherwise?  Those first couple of anecdotes, those glimpses into our past and what has shaped us, go a long way in painting a picture in the minds of our audience.

What story do we tell ourselves about our own self? Is it a story of triumph of the underdog or the misunderstood genius? Is it one of quiet leadership and loving strength? What picture do you paint to yourself about yourself?

Choose the right stories about you, your life and the essence of what makes you, well, you.  Stay away from the stories that compromise how you feel about you.  Amused laughter to self-deprecating pronouncements is just that – amused.  Is that the first, and possibly the only impression you wish for?

Choose the stories that make you strong, that resonate strongly with your core beliefs.

Choose your own true stories: the ones that are true in fact, and true to you.  You get to paint the picture, so choose wisely.

Choose the stories that serve you best, the anecdotes that truly reflect your nature, your purpose, and you.

So.  What is your story?

25 Small But Amazing Things

Posted on by
Reply

If you are a cynic and live in a permanent state of complaining, this post is not for you.  Or may be it is ….

  1. Silence of early, misty dawn
  2. Earthy smell of rain
  3. Tiny arms of a child wrapped around the neck
  4. Unexpected greeting from a complete stranger
  5. An old song triggering a happy memory
  6. Finding forgotten money in an old pair of jeans
  7. Getting an email from long lost friend
  8. The strong jet of water in the shower
  9. A long, enveloping bear hug from your partner
  10. A kitten strutting across your path
  11. A movie you’ve missed showing on TV
  12. Shoes that feel like socks
  13. A fit of giggles
  14. A rainbow
  15. Finding a forgotten picture in which you look amazing
  16. Discovering twenty minutes have gone by on the treadmill, and you thought you just started
  17. The last item on the rack, on sale at 70%, and it’s your size and colour
  18. Hearing an old melody remixed to bring it up to date
  19. Sleeping so deeply you wake up with no idea of what day it is
  20. Getting a gift you actually wanted – and it’s a surprise
  21. A piece of real, tasty strawberry in your ice cream
  22. A parking space that opens up just as you pull up
  23. The unique, fresh smell of a baby
  24. Getting on a scale and finding you are much closer to your target
  25. Freshly baked bread

What is your small amazing thing today?

 

Are you [still] relevant?

Posted on by
Reply

It hits me every time.  I watch as an older person (read: over 24 in this crazy world of Biebers and Zuckerbergs) struggles to retain their tried and true role of being the voice of reason, of wisdom, of experience.  Yet, over and over again, I see them in danger of being discarded, not unlike a useless, unrecyclable piece of past-due baggage.

Yet, I know it’s not age or sad state of bodily affairs whereby the physical keeps going south as the mental is continuously north-bound.  You see, this kind of loss of relevance can happen to anyone.

Just ask the new kid in the class.

The new kid, who was a football captain in his old school. He is now a nobody.

Or the new co-worker, who used to be the most gregarious in his previous place of work, and is now all but invisible.

Or the new neighbour, who used to host impromptu evenings most weekends, and now spends Friday nights alone, staring at four walls.

Or the family leader, who recounted stories of courage and bravery to a rapt audience, and now finds himself longing for a grandchild, a nephew, anyone, really, to spend more than a cursory and awkward ten-minutes with him.

It’s not about getting old.  it’s not about moving away from the familiar.

You see, staying relevant has so many dimensions.

It has to do with being aware of context, for relevance is meaningless without reference.

It means being attuned to nuances in the surroundings so you can update your impact on it.

It means recognizing the part can’t work in isolation, just like even a soloist needs to be aware of the backing orchestra.

Above all, staying relevant means you adjust.  It means you learn the new context.  Or perhaps the context has stayed the same, but the inhabitants have moved on (cheese, anyone?).

It means you improvise with an open mind.

My gut says, and I’m sure that there’s research somewhere out there to back it up, that staying relevant comes easy to the lifelong learner. I’m sure that staying relevant is second nature to those who observe and seek to merge new information with previous experiene to arrive at brilliant, newly relevant insights.

Just like the ex-football captain learns his new team’s play strategies, the twenty-something and sixty-something alike must continue to learn, to observe and integrate their understanding before scoffing off and dismissing new dynamics as fads that are unworthy of their time.

After all, weren’t we all once those impetous young teens that proclaimed to be misunderstood?

Learn.  Every day, and in every which way you can.  About life, nature, people, anything at all.  Just learn something new each day.  It is the one guaranteed way to stay relevant.

The power of small practices

Posted on by
Reply

Closing out the first quarter of the year (where did the time go?), I indulged in a little self assessment, a review, if you like, on the outcome of 90 odd days.

On the one hand, I was pleased I reached a weight goal that has eluded me for many years. On the other hand, I realized that that it had absolutely nothing to do with smaller goals along the way or completing specific, one-time tasks.

Similarly, a goal related to my work life was similarly achieved, almost despite the plans and preset milestones.

Both of these goals got a gorgeous, elated tick mark next to them because of one thing: practices.

Without these tiny, unassuming kittle daily practices that began populating my life, these goals, together with their lofty milestones and precise tasks just wouldn’t have even started.

What got me going were practices. Daily habits that I cultivated almost without noticing. Doing the same little thing ever single day without fail gave me the momentum to get past procrastination, to whiz right past self-doubt and tick away one box after another of completed milestones.

Here are some daily practices that helped me:

Morning quiet: I turned off music, radio and other noise to give my brain and subconscious a chance to surface all the solutions it had been ruminating overnight. Those 10 minutes (ok, half an hour) while getting ready in the morning are now a time when I feel at my most creative and subconsciously slot acting on those solutions into my day. There’s still plenty of time for morning radio fun on the commute to work.

One minute of exercise: sure 30 minutes is way better, but anyone can practice one minute in the morning. My choice is push-ups and squats as between them they hit most areas. Ten to fifteen of each, and not only does it circulation going and get you ready to jump in the shower, the accumulated benefit over time could well give nicely toned arms.

One real, deep conversation: it doesn’t need to be philosophical or solve the world hunger problem. It does, however , need to go beyond the usual script of work related laundry list, or home related logistics. Have a real, proper conversation with someone you see and interact with everyday, but this time turn off your automatic pilot. It gives me wonderfully new perspectives.

Read something, anything: this is my favorite practice. What started as a grim determination to get through my Google Reader inbox has become delightful fodder for my brain. I use a variety of tools to pick out quirky and interesting in-depth stories from around the web.

Each of these practices adds a little bit of a spark, brings in new perspectives, while the daily occurrence has an element of discipline.

Do share your daily practices in the comments.

Why re-inventing is good

Posted on by
Reply

Starting anew.  A concept so familiar to third culture kids and their families, as they adapt and try to blend in with their new host society.

As any kid in a new school or new neighbourhood will tell you, adapting to new circumstances and getting it right in the first week makes the difference between becoming the new, hip kid on the block, or one to be shunned, or worse, bullied.

You take your past,  check out the new parameters, and re-frame your story to fit the new reality, choosing a funny, slightly tragic slant.  The sweet underdog.

You take those curious looks and meet them with a defiant, unflinching stare.  You resist the temptation to be the first to break the ice, and respond with a cool, detached greeting when approached.  The ice princess.

You bounce into midst of your new environment, full of energy with a touch of mischief.  You take charge, and grinning from ear to ear, sweep everyone along with your sheer enthusiasm.  The life of the party.

There are so many ways we can choose to be when we first approach a new environment.  That’s the thing about new places, new schools, new jobs.  Nobody knows you.

Sure, the facts are there on your CV and the obvious physical aspects of you, but the way you present those facts is entirely dependent on how you, and only you, choose to present them.  Make no mistake, it is a choice.

I remember being at an event once, and someone asked me where I was from.  On a whim, I said Brazil.  The truth is, I’m not even from the same continent as Brazil, but for a couple of hours, I inhabited the persona of a Brazilian.  To be honest, all I really knew about Brazil is the wild carnival and awesome football national team.   The funny thing is no one questioned it.  Everyone at that event just assumed I was, in fact, from Brazil and responded to the “Brazilian” persona I was projecting.  It was great.

I don’t recommend fibbing about where you’re from, especially when your physical traits are a bit of a give-away (then you just come across as pathetic).  I do, however, recommend trying this re-invention thing.  There’s infinite freedom being someone else for a little while, just to try on how it feels.

Dress in a way you usually don’t and go somewhere you never do.  Take a vacation from your world and become Brazilian for an afternoon.

If you’re the suited-and-booted neutral colours corporate type, wear a multi-coloured kaftan and go to an art gallery.

Drive to a nearby city, and pretend you’re scouting for video shoot locations for your favourite band.  Wear dark glasses.

Yes, far fetched (unless my readers suddenly include famous artists with a pechant for kaftans …).  But still, just for a moment, admit it, you had gone off somewhere in your head, picking out which persona you could check out on quiet Saturday afternoon.  Or perhaps you were choosing the persona to be at your job interview next week, or how it might be fun to greet your spouse in a completely different way at the end of day tomorrow …

Madonna has made a career out of re-invention, and Lady Gaga’s daily dress-up keeps millions of fans guessing.  You don’t have to be a famous pop star or a kid to play dress-up, to re-invent yourself, see the world with a different set of eyes, and be seen in a different light.

Who knows, it might even re-define how you think about yourself and the world around you.  And kaftans.

Month Two, Take Two

Posted on by
Reply

One minute the goals and resolutions are free flowing, as is the hubbly bubbly, the music, laughter and celebrations.

Just on the other side of the midnight gong awaits a whole new life, full of kept promises, shiny goals, glittering new personas.

Then, January quietly slinks past, in a haze of post-holiday exhaustion and dreariness of going back to every day life.

February dawns with the realization that the lofty ambitions have disappeared into every day mundane logistics.  The new persona has once again left, disappearing into nothingness, each detail slowly fading with the weakening will power, leaving you stuck in the quicksand of habit.

Stuck, waiting and going through the motions  until the next round of lofty promises at the next birthday, new year, rite of passage, or just a bored afternoon.

Or not.

The power of choice is ours – so get unstuck, dust off those resolutions and have another go.

Build your own snowman

Posted on by
Reply

It was definitely winter.  I can’t quite remember if it was my first winter experiencing snow, but I think I was around six or seven.  My parents’ work had taken us to Paris and there I was, building my own snowman in the school yard.

My snowman was small, perhaps a foot and half, and pretty skinny as snowmen go. I stuck the requisite carrot in for a nose, and paused to look over my shoulder.  A few of my classmates had teamed up to make their own snowman too.  Whether it was because I was new to the school, had a fallout with the other children, or was just being a diva … I can’t remember.  I can’t remember why I ended up with my own tiny snowman.  Fact is, there I was with my anorexic snowman 10 feet away from the other, huge, round communal snowman.

Yet, I don’t recall feeling in the least bit put out, left out or bad in any way.  I had my own skinny snowman and that was cool.  No pun intended.  After all, in those days cool just meant cold.

That scene in the snow covered school yard came back to me recently. It occurred to me than in this day and age of mass communication made easy, there are so many options of other snowmen teams to join.  Almost too easy.  Especially joining the team and passing ones’s self off as an original contributor.  It’s also become just as tempting to imitate, with blatant copying, not emulating being an every day occurrence.

Of course, it’s useful and even recommended to learn from those who have succeeded in areas that are important to us.  The key here is to learn and incorporate into our own individual landscape.  It does not serve us to change our entire landscape, our belief systems, our very own core to completely buy into some other way of being just so we can become identical to the ones we admire (Unless it’s Beyonce.  Or Lady GaGa.  Just kidding.  Or am I?)

Similarly, when choosing to collaborate, it’s important to differentiate between being a groupie who just wants some of that shiny stardust to rub off on her, and being a significant contributor who helps create the magic.  Because while there is strength in numbers, and innovation is often borne out of team work, there is absolutely no glory in hitching your wagon to someone else’s cart just because you can’t be bothered finding your own horse. And there’s even less glory in taking the polar opposite position just because it isn’t your horse doing the pulling.  Actually, the latter is downright malicious and wasteful.

So going back to that beautifully crispy cold day so many years ago, whatever my motivations, I chose to build my own version of skeletal snowman.  I snapped the carrot in half-ish as it was too big for my puny snowman (‘puny is my son’s favourite word for ‘insignificant’), added in a couple of small stones for eyes and the other half of the carrot stuck in horizontally for a rigid, unsmiling mouth.  Then, happy with my masterpiece, I continued playing during the rest of our break.

This year, I resolve to build more snowmen, even if the one across the road is bigger, better and shinier.  I resolve to listen to my inner artist and treat her as relevant and worthy of my efforts.  I resolve to resist the pull of the well-trodden path long enough to consciously discern whether it is going in my direction anyway or if I’m falling into the lure of the path of least resistance.

This year, I will take the time to make my own stardust and sprinkle it on top of my skinny (promoted from puny) snowman.  Right after I take the time to give my snowman a beautiful, well defined broad smile.

Happy 2011!

Surrender

Posted on by
4

A good friend once shared her recipe for her mouth-watering apple pie.  After going through the list of ingredients and how to combine them to create this yummy masterpiece, she disclosed the secret to making it extraordinary.

She said the secret was surrender to the experience.

She said clearing out an afternoon and devoting several quiet hours to this worthwhile endevour is what made this apple pie so very special.

This is something that I find difficult to do.  I need to get the end of whatever right now.  Even though the typical halwa recipe tells me it will take about 3 hours to cool, after cooking for 90 minutes, I’m already trying to figure ways to shorten the cycle, to make the process more efficient.

Even if you’re not an aficionado of Somali desserts, I’m sure you appreciate that there’s no such thing as a 30-minute halwa.  There some things you just can’t reduce to microwave-like expediency.

Apart from the time factor, there’s another aspect to my friend’s concept of surrendering to the experience.  It means you give your all to the experience.  It means you don’t multi-task, cut corners or in any other way try to dilute this time you have decided to dedicate to this project.  It means you don’t sacrifice effectiveness for the sake of efficiency.

Results often speak for themselves.  Whether your masterpiece is a sinful dessert, a compelling article, a Lego airplane, or an important project, your degree of surrender to the experience of crafting it will be written all over the final outcome.

Contrary to popular sentiment, I don’t believe it’s all about the journey.  It’s equally about the journey and the destination, because they are so inescapably linked.  Focusing only on the journey, the time spent, the experience without regard to the ticking clock and the desired destination means you might learn and grow, but you might also continue to meander aimlessly if not advancing inexorably towards an important result.

Similarly, focusing solely on the outcome and bulldozing through the process of making happen could mean not fully owning the result, and potentially opening the door to recriminations and regret when the apple pie comes out a gooey mess.

The difficulty lies in figuring out when to surrender and take our time, and when it would serve us best to adopt the microwave approach.  I’m still convinced I can train for a 10k marathon in 3 weeks. I’m still deluding myself that if I look hard enough, I’ll find microwaveable halwa.  Yes, you could say I’m in denial.

But what I absolutely know without a shadow of a doubt is that if I do choose to surrender to the training experience, if I elect to plan my half-a-day halwa cooking adventure, the results will be far superior to the efficiency-driven outcomes I feel pressured into by having too many “masterpieces” on the go at any one time.

So here is the question: do you know which one of your on-going masterpieces is missing surrender as its secret ingredient?

Who gets to write the script?

Posted on by
Reply

I’m not much of a TV person, but there are certain series I’m addicted to.  Friends.  Grey’s Anatomy / Private Practice.  24. Lost (till they completely lost the plot). House. Comedy Central anything.

Watching the final episode of Grey’s Anatomy, I wondered yet again – do the actors really know what’s going to happen, or do they simply get the script just in time for rehearsals and shooting?  Presumably they would need to have the script  far enough in advance to be able to learn it,  but late enough so that the emotion is still raw, the surprise still somewhat … surprising.

I couldn’t help but think of about our own highly “scripted” days – where the mundane must-do, must-see, and must-be items are so tightly packed together that there’s little room to accommodate any surprises.  Like traffic – not that that’s a surprise in Dubai.

It can get even worse.

You see, often the other actors in our unwritten life script decide to improvise.  Like start to read from next week’s script, or suddenly choose to play a different role. “What, you didn’t the memo email?”

So I’m wondering.  How much of our daily script do we write? How much do we borrow from the perennial must-do list? From someone else’s script?

Do we even write a daily script? Do we rehearse it in our head, think of what we will do, say, feel? Do we visualize the moment, the impact, the thrill, the gritting of the teeth, the soaring triumph?

Or do we , like the cast of Whose Line Is It Anyway,  let the audience decide the plot for us?

Write your own hit reality TV series.  Starring you, and only the characters you want.  Include a villain or two so you can flex your adversity muscles and triumph over the odds.

Don’t forget to write in the traffic scene –  it’s the perfect spot to place the flashback to that awesome win last year or a flashforward to your woohooo moment later in the day.

It’s your life. Get scripting!