New battery for X40

The last 4 months my battery life on my laptop has becomming really bad. Mid december it died after a year and four months of good service. Last week I ordered and recieved a new one - yay!

Right now I’m sitting in the train on my way home from work. Just finished watching the movie “You got served” on my laptop - a street dance movie. I can only say one thing… they surely know how to move :-)

Consistensy in GNOME

I use GNOME both at work and at home and I love it. Though one thing have annoyed me a lot lately and that is that shifting through tabs in gnome-terminal and gedit uses different keyboard shortcuts.

So now I filed a usability bug on that very issue.

I hope it gets fixed for GNOME 2.14 (Dapper Drake). Having gedit with VFS support (like editing files directly over ssh), gnome-terminal with better performance (through all the work put into Pango - the font rendering library), it will be a killer release… at least for me.

World of Warcraft patch 1.8

After the 1.8.0 patch World of Warcraft doesn’t work for me again. I’m unable to click on things ingame :-( (This applies to the latest 1.8.1 patch too).

This sucks because now I have to boot into Windows again.

Anyways, I have played alot the last few weeks and have become level 53. I might hit level 60 before Christmas… YEAH! I’m not going to set higher goals… my girlfriend might not like it ;-)

I have been reading more on the items and quests in the game, and I’m begining to realize that I wont ever get near some of the really cool stuff :-(

Pure Pwnage

Some time ago a friend of mine introduced me to Pure Pwnage, and yesterday I took the time to watch all episodes.

It is a video show about a “pro” gamer who totally own noobs… and stuff, LOL. First I was like, okay I’ll watch, but I know he dosn’t own as much as me - rite, then I’m okay he is cool and all - you know.

Okay enought of the wierd Pure Pwnage thounge :-D If you are just a tiny bit into computer games, I’m sure you will find this worth while watching - ENJOY.

My server was hacked

Yesterday evening while struggeling to keep up with work I noticed my internet connection was acting strangly. I checked my server (which have a fairly small amount of visitors) to see who the visitor was and noticed that I had a strange connection:

shire:/var/www# netstat -tanp
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:37              0.0.0.0:*               LISTEN     1770/inetd
tcp        0      0 0.0.0.0:31337           0.0.0.0:*               LISTEN     3694/httpd -DSSL
tcp        0      0 0.0.0.0:9               0.0.0.0:*               LISTEN     1770/inetd
tcp        0      0 127.0.0.1:3306          0.0.0.0:*               LISTEN     1822/mysqld
tcp        0      0 0.0.0.0:139             0.0.0.0:*               LISTEN     1985/smbd
tcp        0      0 0.0.0.0:13              0.0.0.0:*               LISTEN     1770/inetd
tcp        0      0 0.0.0.0:111             0.0.0.0:*               LISTEN     1606/portmap
tcp        0      0 0.0.0.0:55443           0.0.0.0:*               LISTEN     3727/httpd -DSSL
tcp        0      0 0.0.0.0:25              0.0.0.0:*               LISTEN     1969/master
tcp        0      0 0.0.0.0:445             0.0.0.0:*               LISTEN     1985/smbd
tcp        0      0 127.0.0.1:669           0.0.0.0:*               LISTEN     1765/famd
tcp        0      0 10.0.255.1:34904        193.2.236.79:6667       ESTABLISHED13538/pscan2
tcp        0      0 10.0.255.1:139          10.0.0.5:1034           ESTABLISHED31714/smbd
tcp6       0      0 :::993                  :::*                    LISTEN     1757/couriertcpd
tcp6       0      0 :::143                  :::*                    LISTEN     1739/couriertcpd
tcp6       0      0 :::22                   :::*                    LISTEN     2044/sshd
tcp6       0      0 :::25                   :::*                    LISTEN     1969/master

Notice where httpd -DSSL is running and pscan2. The above is missing a suspecious bash process that I found located in /tmp. I killed the process before I got the great idea that I wanted to blog about it. In /tmp/.heva I found all the files used for this hack (I hope) including the compressed file cbk.tar.gz, which I guess was used to transport it all into my server.

I ran ps aux to see which processes where running and identified that the suspecious processes was started by www-data (the webserver user on Debian).

I assume that the intruder came in through either a security hole in one of the php-applications on my webserver or because Apache wasn’t updated with the latest security patches from Debian.

I found a cron script installed by www-data by running:

shire:/tmp# su - www-data -c 'crontab -l'
* * * * * /tmp/.heva/.cbk/y2kupdate >/dev/null 2>&1

I deleted it by running:

shire:/tmp# su - www-data -c 'crontab -r'