Posts

Find out what real code a php eval(gzinflate(base64_decode contains

When you are dealing with a hacked or otherwise compromised website where someone has installed a backdoor or other kinds of malicious code you will often find php files with code packed into non-readable format using php eval, like eval(gzinflate(base64_decode.

To find out what the code does, copy the entire eval code (including “eval(“) into this site: http://ddecode.com/phpdecoder/

You will in the end get a human readable version of the code. Usually nasty stuff.

Fix the Heartbleed Bug on Ubuntu

OpenSSL on Ubuntu can be vulnerable to the Heartbleed Bug. Not all versions of OpenSSL are affected though. 

OpenSSL version 1.0.1 to 1.0.1f are vulnerable.
OpenSSL version 1.0.1g are not vulnerable.
OpenSSL branches 1.0.0 and 0.9.8 are not vulnerable.

To fix this issue on Ubuntu systems: 

Check your OpenSSL version to see if it is vulnerable to the bug:

openssl version

If it says 1.0.1 check the build date:

openssl version -b

If it says anything before Apr 7 2014 you need to update OpenSSL. Proceed as follows:

sudo apt-get update
sudo apt-get install openssl
sudo apt-get install libssl1.0.0

Now verify that you are running the updated OpenSSL libraries:

openssl version
openssl version -b

The build date should now come out Apr 7 2014 or later.

Now you need to regenerate your SSL certificates as they might been compromised. A guide can be found here: https://www.digitalocean.com/community/articles/how-to-create-a-ssl-certificate-on-apache-for-ubuntu-12-04