WP Live Chat custom js attack
Stefan Helander

WordPress Live Chat support plugin redirect vulnerability – how to fix

/0 Comments/in /by

A security problem in the WordPress Live Chat support plugin made it vulnerable for XSS making it possible for an attacker to add custom javascript to the configuration of the plugin. This can be done from the outside world without being logged in to the site.

The exploit has been used to infect WordPress sites with for example redirect scripts, causing the visitor to be redirected to other sites when clicking on internal links in the site. More information about the details of the exploit can be found here.

The vulnerablity in WP Live Chat support plugin has been fixed in version 8.0.29 of the plugin but just updating the plugin will not solve the problem if the site already has been infected with custom javascript code.

To solve the problem:

  • Make sure WP Live Chat support plugin is updated to version 8.0.29
  • In WP backend, go to Live Chat -> Settings -> Custom scripts and remove the unwanted code from the Custom JS box (see image)
WP Live Chat custom js attack
WP Live Chat custom js attack
Zello
Stefan Helander

How to run Zello on Mac OSX

/0 Comments/in , , /by

Unfortunately there is no version of Zello available for Mac OSX but it is possible to run the Windows version using Wine.

  • Download and install XQuartz version >= 2.7.7
  • Log out and log back in on your Mac
  • Download and install “Wine stable
  • Download “Zello for PC
  • Launch Finder, go to Programs and run “Wine stable”
  • In the wine terminal window do
    cd Downloads
    wine ZelloSetup.exe
  • The Zello setup process will install Zello and launch it. The next time you want to run Zello, launch Finder, go to Programs and run “Wine stable” and enter
    wine C:\\Program\ Files\ \(x86\)\\Zello\\Zello.exe
Netbeans and git over ssh
Stefan Helander

Netbeans 8.2, git clone over ssh “Incorrect credentials for repository at ssh://”

/0 Comments/in , /by

Trying to git clone a repository over ssh in Netbeans 8.2 displaying an error message saying “Incorrect credentials for repository at ssh://” gave me a bit of a headache. I could successfully connect to the repository server using ssh from the terminal in my Mac running OSX.

Netbeans and git over ssh

After spending some time troubleshooting I tried to check for updates in Netbeans and that gave me an error message saying Netbeans could connect to the Internet in order to check for updates.

It turned out the problem was not incorrect credentials for SSH when trying to git clone, but in reality Netbeans could just not access the Internet. This was caused by the TripMode application I am using to control which applications can access the Internet when I am on mobile broadband where data rates applies.

So the error message “Incorrect credentials for repository at ssh://” in Netbeans can be misleading. It can be caused by the fact Netbeans just can’t connect at all to the repository server.

Regular Labs Library plugin is outdated.
Stefan Helander

Fixing “Regular Labs Library plugin is outdated. Try to re-install Modals. Modals cannot function.”

/0 Comments/in /by

After an update I had the error message saying:

Error

Regular Labs Library plugin is outdated. Try to re-install Modals. Modals cannot function.
Regular Labs Library plugin is not enabled. Modals cannot function.
Regular Labs Library plugin is not enabled. Articles Anywhere cannot function.

In my case, the extension causing this was cause by Articles Anywhere.

Solution:

  • Go to https://www.regularlabs.com/extensions and download the latest version of Articles Anywhere (or the extension causing trouble in your case)
  • Go to Extensions -> Manage and search for “regular”
  • Select all the regular labs extensions and uninstall them (you made a backup of the site first, right?)
  • Go to Extensions -> Install and install the extension in your Joomla site again
  • In case of the above not solving the problem, use FTP or similar to delete the following folders and try the above again:
    /plugins/system/regularlabs
    /libraries/regularlabs
Stefan Helander

FreeNAS, VMware and iSCSI with MTU 9000

/0 Comments/in , /by

In order to improve perfomance there are recommendations to set the MTU for the iSCSI interface to MTU 9000 instead of the default 1500.

To do this, it important that you set MTU to 9000 on all devices involved; FreeNAS network interface, VMware NICs and vSwitch and all switch ports on the switches connecting those.

Note: When changing these settings, it will cause loss of connectivity so it might be a good idea not to do it on systems in production.

At one point I had forgotten to set the MTU to 9000 for the VMware NIC (only for the vSwitch) causing connectivity problems and error messages in the FreeNAS logs looking like this:

WARNING: 172.16.1.200 (iqn.1998-01.com.vmware:host-585e8872): no ping reply (NOP-Out) after 5 seconds; dropping connection

FreeNAS settings

  • In Network interface setup, add “mtu 9000” to options.

VMware settings

  • Networking -> VMkernel NICs -> edit -> set MTU to 9000 -> Save
  • Networking -> Virtual switches -> edit -> set MTU to 9000 -> Save

Network switch ports

  • Make sure all network switch ports all the way between the FreeNAS and VMware host have MTU set to 9000

Testing

On the VMware host, enable SSH and login using SSH. Use the command:

vmkping -s 8972 172.16.1.100 -d

Replace 172.17.1.100 above with the IP-address of your FreeNAS. -s 8972 sets packet size to 8972 bytes allowing 28 bytes for headers and -d means fragmentation should not be allowed.

If everyting works you will get echo replies. If you get the error message “Message too long” it means somewhere on the way between your VMware host and the FreeNAS there is a limit not allowing MTU 9000.

Stefan Helander

Akeeba restore error – 1118 – Row size too large (>8126) [solution]

/0 Comments/in , , /by

When restoring an Akeeba backup of a WordPress site the restore process was interrupted with the error message saying 1118 – Row size too large (>8126).

Solution:

  • Use SSH to log in to your database server
  • Edit /etc/mysql/my.cnf or if you use a config file under /etc/mysql/conf.d, edit that one
  • Under the [mysqld] section add:
    internal_tmp_disk_storage_engine=MyISAM
    innodb_strict_mode = 0
  • Restart mysql:
    service mysql restart

Edit: After you successfully restored the site, remove the lines and restart MySQL. I didn’t do this and later tried to move another site from this server to another using Akeeba. When the site was installed on the new server, I just got an error message saying “Error Establishing a Database Connection”. To resolve it, I had to go back to the above server, remove the lines from mysql config, restart MySQL, make a new backup of the site using Akeeba and successfully restore it on the new server.

Credit: The solution to this problem was found here.

Stefan Helander

Contact Form 7 not working with All-in-One Intranet plugin [solution]

/0 Comments/in /by

When using Contact Form 7 forms in a site where the All-in-One Intranet plugin is installed, it will not be possible to submit the CF7 forms. The solution is quite simple.

In the Advanced settings of the Contact Form 7 form, add the line:

subscribers_only: true

Stefan Helander

Latest iLO2 firmware for HP Proliant DL380 Gen 5

/0 Comments/in /by

When looking for the latest iLO2 firmware for HP Proliant DL380 Gen 5 on the HPE website I found version 2.27 dated in 2015. To resolve browser issues with modern browsers I wanted to find a later firmware.

On this site you will find an exellent collection of all the latest iLO firmwares: https://pingtool.org/latest-hp-ilo-firmwares/

The latest listed iLO2 firmware is 2.33 dated march 2018 (when writing this post). The download links leads to HP sites so it should be legitimate. However, when unpacking the archive and investigating the Readme-file, only Gen 6 servers where listed.

HP Proliant iLO2 firmware

HP Proliant iLO2 firmware

It turns out the firmware works fine on my DL380 Gen 5 iLO2. Upgrade had to be done through Microsoft Internet Explorer 11, otherwise when trying to upgrade through other browsers I got the error message “iLO 2 firmware update has not started.” described here. The simple solution was to upgrade through MSIE 11.

Disclaimer: I can’t garantuee this will work for you or not get you in trouble with your system using the above procedure. It is just a description of what worked for me.

 

Stefan Helander

What Supermicro motherboard model does my server have?

/0 Comments/in , /by

When getting the latest IPMI firmware for your Supermicro server, you need to know what model of the motherboard your server has. Often the server lives in a datacenter somewhere and you don’t want to go there, take down the server, pull it out of the rack and investigate it. If you are running Linux on it, you can simply check the dmesg log for “Supermicro”.

grep Supermicro /var/log/dmesg

Supermicro motherboard model

Supermicro motherboard model

Stefan Helander

open_basedir restriction in effect. File(/) is not within the allowed path(s) in WordPress [Solved]

/0 Comments/in /by

After a WordPress site move to new hosting, some images wouldn’t load and investigating the php error log revealed:

open_basedir restriction in effect. File(/) is not within the allowed path(s)

The solutions was to edit the database using phpMyAdmin, go to the table wp_options and set the correct value for upload_path.