When we, as a species, collectively overcome our masochistic love for sensational news and watching others in discomfort, we will evolve.
Raam Dev
Cleaning eval(base64_decode()) from a Hacked WordPress Website via SSH
I received an email from a friend yesterday informing me that his WordPress site was loading with a blank white page. I SSH'ed into the server and looked at his wp-config.php file:
That eval(base64_decode("ZXJy.... line is a classic sign of a compromised site. Attackers obfuscate malicious code by hiding it with the PHP base64_encode() function. Then they use the base64_decode() function to decode (i.e. un-hide) it. Finally, the PHP eval() function is used to 'run' (or EVALuate) the malicious code. They place the malicious line at the top of as many PHP files as they can.
What Does the Malicious Code Do?
If you're curious what the obfuscated code looks like, you can copy and paste the whole line into a new PHP file and then replace eval(base64_decode(....)); with echo base64_decode(...);. That will print out the PHP code that the attacker is trying to run.
Hacks like these usually involve redirecting sites somewhere else on the Internet so that the attacker makes money. If someone earns $0.01 per redirection to an ad somewhere on the web, imagine how much they could make if they infected a popular site.
Temporarily Blocking Access to the Site
While we're fixing the problem, we don't want the attacker to have any access to the site. To block all access to the website, you can add the following to the top of the .htaccess in the root folder of the website (if an .htaccess file doesn't already exist, you'll want to create it).
To allow access from just your IP address, replace "!!Your IP Address Here!!" with your IP address:
order deny,allow
deny from all
allow from !!Your IP Address Here!!
Now we're ready to start cleaning things up.
Automating the Cleanup Process
When one file has been compromised, there's a good chance that many more files have been compromised. The attacker wants to ensure that as many files have been infected as possible so as to maximize the chances that his code will be run.
With this being a WordPress site, the easiest solution is to simply replace all the existing files with a clean copy of the WordPress files. However, you don't want to replace the wp-content/ directory because that contains your themes, plugins, and any media that you may have uploaded.
Since we want to keep the contents of the wp-content/ directory, we'll first need to clean it out. The first step is to search the directory for any files that may contain the malicious code:
As I suspected, the list of infected files was quite long. It would be a long tedious task to edit each file and remove the malicious line, but thanks to the power of the Linux command line, we can automate the process.
Using a few Linux commands, we'll find all .php files in the current directory and all subdirectories and then pipe those files into another command that uses the sed program (sed is short for 'stream editor') to search for the malicious line and replace it with nothing, effectively deleting that line from each file.
Now we can run the search command again to see if all the files were cleaned out:
Nothing was found, so that means the files were cleaned.
The next step is to replace the core WordPress files with a clean copy of the latest version of WordPress. First, we'll move all the current files to a backup folder and then create a backup tarball:
Now we have a backup just in case anything goes wrong with the next steps.
The next step is to download the latest version of WordPress and extract the files:
You may need to change the ownership of the files to that of the user:
Now we're ready to move the original wp-config.php file back, along with the original wp-content/ directory:
Since we only cleaned the files in the wp-content/ directory, you'll want to edit wp-config.php using your favorite editor (nano is a simple Linux command line editor) and make sure that the malicious eval() line is not present at the top. If it is, you'll want to delete it before proceeding.
And that's it! If you visit your website now, the site should be up and running again. If you were previously running an older version of WordPress, you may be prompted to upgrade the database.
Tips for Staying Safe in the Future
Here are a few tips to avoid a hacked WordPress site in the future:
- Only run WordPress plugins that you absolutely need, as most vulnerabilities come from badly coded WordPress plugins.
- Before downloading and installing a plugin, see how many downloads it has; the more the better. Also, when was the last update to the plugin? The earlier the better.
- Always keep your WordPress core files and your WordPress plugins updated. If you're prompted to install an update on your WordPress dashboard, it's best to do it immediately.
- Install an SSL Certificate and always use SSL when logging into your WordPress Dashboard (see Administration over SSL).
- Read the entire Hardening WordPress page on the WordPress Codex and implement the suggestions.
- Keep regular backups. Make sure you have a weekly and a monthly backup.
- Check out this post by Kinsta on WordPress security.
That's it! If you have any questions or suggestions, please let me know.
Writing Style: Readers Welcome Influence
Your writing style influences how your readers' inner ear hears your writing.
In the same way that nobody reads Emerson using Shakespeare's style, nobody reads your writing while imposing their own style.
Readers will embrace whatever style you write with because they're reading your writing. They're listening to how you're communicating the words. Nobody reads like an editor (except editors, and they already know they're reading like editors).
The very act of choosing to read puts your readers in a receptive mode that welcomes influence, whether they realize it or not. The placement of your commas and periods, the points at which sentences and paragraphs end, the words that you choose to use, all of it influences how your writing sounds inside the head of your reader.
They do not use your style--whether good, bad, or full of errors--to judge you as a writer. (Again, editors and people inclined to read like editors are the exception, but they're not the norm and they're most likely not your average reader.)
So embrace whatever style comes natural to you. Avoid letting your inner editor judge you before others even get the chance to read what you have to say. Don't let your style, or lack thereof, prevent you from writing. What you have to say is far more important than how you say it.
Crossroads
Stillness Speaks
Talking About Living
How You Respond
Group Selflessness
Auspicious Journey
Noisy Mind
Do What You Love
Do what you love and do it often.
Living in pursuit of what feels real will always lead to surprises, but no surprise is without its purpose. Every fork leads somewhere. It's not your choice that is recorded by the universe but what you do with that choice once you've made it.
Take the fork and all will make sense. Trust that life knows best. Have faith that you will be ready. Do what you love, live what you love, and each event in your life will join to form an infinite stream of serendipity.
In the end, when your entire life flows into a single moment of time, it won't be your possessions, your worries, or your missed opportunities that cumulate into that single moment, but rather how you truly you lived, how deeply you loved, and how completely you followed your heart.
Not Judging is a Judgment
Note: You can download this Journal entry in MOBI format for reading on the Kindle (or with the Kindle app). If you want to automatically receive new Journal entries on your Kindle, please reply with your Kindle email address. You'll also need to add [email protected] to the approved email list on your Amazon account. (You can do both of these by going to Manage Your Kindle Account and then clicking Personal Document Settings on the left.)
I've long maintained the position that remaining open-minded and not judging others was the best route to take in life. I've avoided forming opinions out of fear that doing so would cut me off from seeing other perspectives and therefore prevent me from gaining a new understanding of something that was otherwise alien to me. But as I've gotten older I've found that a lack of opinions greatly limits my personal growth.
If someone asked me for my thoughts on a big topic--God, religion, politics, money, sexuality, ethics--my response was always watered down so that I didn't have to take a firm stance in any direction. I might say that I feel one way or another, but I would always end it by saying that I'm still exploring and that I choose to remain open-minded.
That's not to say that I don't have a strong sense of personal ethics and moral values. I've always felt a strong sense of right and wrong, but I've never explored the why of those feelings. So when I'm presented with a situation that requires using my sense of right and wrong to judge someone else's actions, I've always taken the stance of not judging at all. Instead of deciding that someone's actions are right or wrong, I choose to tell myself that I don't fully understand where that person is coming from and therefore I cannot rightly judge their actions.
However, I'm beginning to see that I do this not to protect the other person but to protect myself. I do it because I'm afraid of what others might conclude those judgements mean about me. I'm afraid of being defined, of being put in a box and labeled as 'person who believes X'.
But the older I get the more I realize this is not only wrong but dangerously influential to those who may be watching my example. Our life is a walking billboard and the examples that we set are the messages that are broadcasted to the world. Our ethics define who we are. Choosing not to take a stance on a particular subject is taking a stance in itself, a stance that says it's OK not take a stance, that it's OK to let things slip by simply because you've chosen not to decide.
All of these thoughts on judgement and ethics came about after reading the following bit from a post written by Shawn Coyne on Steven Pressfield's blog.
The other day I overhead this conversation:
Man #1: “I ran into Frank Smith (not his real name) at the beach yesterday…”
Man #2: “Isn’t that the guy who cheated on his wife, got a DWI, and said all of those nasty things about Jill’s daughter in law?”
Man #1: “…Well…yes…but I try not to judge.”
I run into this “I don’t judge” stuff a lot and it infuriates me on many levels. But as this is a blog about what it takes to create art, I’ll just address why this “moral position” is at best hypocritical and at worst a force as undermining and dark as Resistance.
If you want to create art, you need to make judgments about human behavior and take a side. How well you convey and support your point of view is a measure of your skill.
[...]
If you don’t call people on their shit, you’re placing yourself above them, as if their actions are so inconsequential to you that they need not be considered. You’re above it all, some kind of Ayn Randian ubermensch behaving only out of self-interest. The same goes for not giving a standing ovation for great work because others remain seated. If you admire a work, let the artist know. They can use all the attaboys they can get. It’s Hell in that studio.
Despite the initially convincing argument that to “not judge” is an expression of empathy—who knows, if I faced those same circumstances maybe I’d do something like that too? —It’s not. It’s an excuse for not standing up for what’s right.
Not saying something is uncaring. Not saying something means that you do not want to put your ass on the line and take the risk that you’ll be shunned for your opinion. It has everything to do with you. Nothing to do with the other person.
I’m aware that the world is not black and white. There are shades of gray between the two poles of every value. On the spectrum of “Truth and Deceit,” telling a white lie when your cousin asks if she looks good in her bathing suit is not the same as running a billion dollar Ponzi scheme. I get it.
And yes, most of the time, keeping our big mouths shut is the right thing to do. We’re all guilty of misdemeanors and don’t need Earnest Ernies pointing out our shortcomings. And when we do confront someone about their actions, we need to do it with tact and care. That’s empathy.
But this “non-judgment, I tow the middle line” attitude is dangerous. There is no middle line. Not judging is a judgment. And it pushes people away from each other—I best not make a mistake and judge anyone or no one will like me…best to keep quiet and be agreeable—instead of bringing them together—I thought I was the only one who thought Animal House was genius…
The man I overheard who doesn’t “judge” the adulterous, alcoholic driving, rumormonger sends a message to the world that destructive actions are excusable. It is what it is… There is no right and wrong. Nonsense.
But it is his passive aggressive dressing down of the other guy for “judging” someone guilty of antisocial behavior that is even worse. It masks his cowardice as virtue. And to not judge whether something is right or wrong is the furthest thing from a virtue.
You must choose a position in this world on innumerable moral questions and stand by your judgments. Woody Allen made this point in six lines of dialogue. Ken Kesey riffed on it for an entire novel. It’s important.
If you are an aspiring artist and you wish to avoid “judgments,” you’ll find that you have nothing to say.
So even if it means risking shutting yourself off to other possibilities, choosing a position on moral questions is important. It's important because the alternative--not choosing a position--means that you're setting an example even worse than choosing the wrong position.
By not choosing to make moral judgements you're setting an example that says it's OK to not stand for what you believe, that it's OK to not believe in anything. It's not OK. As human beings we grow and evolve through what we believe, not through what we don't believe.
Equally as important to being human is the formation of new opinions and ideas, that process of discovering, learning, and then accepting that previously held beliefs may have have been wrong. But if you don't take a stand in the first place, how can you prove yourself wrong?
Committing to the Adventure of Life
The Gift of Life
Love
Live More Happiness
Lunar Transformation Donations
Beginning on the New Moon of December 13th, 2012 and going through until the Full Moon of December 28th, 2012, I'm donating $100 every day to a different non-profit organization whose mission contributes to the welfare of humanity and to the preservation of our planet, without which the beauty of the moon would go unwitnessed.
$1,600 Donated
Lunar Transformation Donations
December 13th, 2012
$100 donated to BlinkNow.org (Kopila Valley Home and School)
"To create a self-sustainable living community for destitute children that provides their most basic needs and also contributes to post-war recovery and peace in the nation of Nepal."
December 14th, 2012
$100 donated to Charity: Water
"90% of the 30,000 deaths that occur every week from unsafe water and unhygienic living conditions are children under five years old. Many of these diseases are preventable. The WHO reports that over 3.6% of the global disease burden can be prevented simply by improving water supply, sanitation, and hygiene."
December 15th, 2012
$100 donated to Alternative House
"The mission of Alternative House is to facilitate the creation of a society in which violence against women will no longer exist."
December 16th, 2012
$100 donated to The Philippine Community Fund
"Our goal is to permanently improve the quality of life for the poorest of the poor Filipino families who deserve a better chance."
December 17th, 2012
$100 donated to Skyla Knight Benefit Fund
"Skyla was diagnoised with Stage 4 Neuroblastoma at the age of 15 months, she has been in treatments since then and she just turned 3 years old. She is now starting MIBG therapy."
December 18th, 2012
$100 donated to Adventure for Good
"Using Adventure for Good in the favelas of Brazil to build the first-ever climbing wall for a marginalized community. Youth in these underprivileged communities are faced with an array of difficulties and negative influences like drugs, violence and gang life. Climbing can offer these youth a positive alternative to their daily struggles and the construction of a modern climbing wall will provide them with this opportunity."
December 19th, 2012
$100 donated to Nepal FREED
"Make[ing] education more accessible for the children of Nepal [...], maintaining a learning environment where traditional Nepalese cultural values can flourish [... and], aid[ing] the local health post in widening the scope of its care."
December 20th, 2012
$100 donated to the Appalachian Mountain Club
"Promoting the protection, enjoyment, and understanding of the mountains, forests, waters, and trails of the Appalachian region."
December 21st, 2012
$100 donated to the The Umbrella Foundation
"Seeking to relieve the impact of poverty and war on the children of Nepal through projects which promote education, vocational training, and community enrichment, so that they may grow up to become responsible, contributing citizens of Nepal."
December 22nd, 2012
$100 donated to the The Street Culture Project
"Mentoring and supporting under-serviced youth. Using social entrepreneurialism and positive adult role models, we connect with youth to help them work through changing their lives."
December 23rd, 2012
$100 donated to the World Wildlife Fund
"building a future in which people live in harmony with nature"
December 24th, 2012
$100 donated to Anna Kham's Orphanage
"giving orphaned children a home"
December 25th, 2012
$100 donated to Pencils of Promise
"supporting a world with greater educational opportunity for all"
December 26th, 2012
$100 donated to the Tarahumara Children's Hospital Fund
"helping insure the health and well being of the Tarahumara"
December 27th, 2012
$100 donated to Food for Life
"bringing about peace and prosperity in the world through the liberal distribution of pure plant-based meals prepared with loving intention; serving more than 1.5 million plant-based meals daily"
December 28th, 2012
$100 donated to Haiti Outreach
"To collaborate with the people of Haiti to build and maintain community-initiated projects that advance their development."
Charities to Donate to in the Future
Prishan Foundation
Shark Trust
Occupy Sandy
How all of this started
My initial intention was to donate $1,000 to Maggie Doyne's Kopila Valley Home for orphaned children and Kopila Valley Primary School in Nepal. I learned about Maggie and her work more than a year ago and I've been wanting to help support what she's doing ever since.
When my friend Matt Maderio put together a fundraiser for his 25th birthday to raise $25,000 so that the Kopila Valley Primary School could purchase a school bus and shorten the multi-hour foot commute that so many students were taking to class each day, I was inspired yet again.
As I prepared to make the $1,000 donation, I unexpectedly found myself asking why I was donating to just this one organization. Why not to some other organization? I realized that it was Maggie's story that inspired me, her passion and her commitment to making a difference in the lives of others.
But Maggie's isn't the only organization that's making a big difference in the world. There are many other organizations doing good for humanity and for the planet and for causes that I'm equally as committed to helping.
So instead of just donating one large sum of money to one organization, I've decided that I will make several smaller donations to various organizations that are doing positive things and working toward causes that I believe in.
Maggie Doyne and Matt Maderio helped inspire this idea, so Maggie's orphanage and school will be the first to receive $100. I will update the list at the top of this page every day for the next sixteen days as I choose organizations and make donations. The photo of the moon will also change to reflect the current phase.
If you know a reputable non-profit organization that is doing good, please share the organization's name in the comments below.
Why am I doing this?
This is not a race. It's not a competition. I'm not looking for any attention. I'm writing about what I'm doing here so that I can share my journey, but I'm donating because I feel a planetary social responsibility.
I'm doing this because I want to give back and because I recognize that I will always have more than I need, because no matter how much I give today there will always be more waiting for me somewhere down the road.
Everything you give without expectation the universe returns to you without hesitation.
The intention behind the donation is what matters, not how much is being given. It's the act of giving without the expectation of reward that's important. Any amount is worth giving when it's given without strings attached.
I'm not rich, but I am privileged.
As of this writing, I have a $960 US dollars in my bank account. I have about twice that in savings. I'm not rich by American standards. In fact, I'm poor by American standards. But I don't feel poor. I feel privileged.
I am lucky. I am a privileged member of Earth's society, a member of the top fifteen-percent of humans who can afford to eat three meals a day. I feel a sense of responsibility to contribute to the welfare of our human family and the preservation of our home.
Why the lunar transformation?
This was all very spontaneous. It happened over the course of a few minutes. I went from being prepared to make a $1,000 donation to a single organization to deciding that I was going to make several smaller donations spread out over several days.
When I looked at my calendar and noticed that it was a New Moon, I thought that making a donation for each day of the moon's transformation into a Full Moon would be a fun way of doing it.
Moon photos by lrargerich