August 2014

How I upgraded my Dell Vostro 1015 laptop instead of buying a new one!

Dell vostro 1015 Motherboard

Recently I made some modifications to my Dell Vostro 1015 laptop to enhance it’s speed a little bit, cause when I look at the current price lists, the only advantage I see is in the prices ! The hardwares are almost the same as few years ago without any breakthrough or something to look forward to. So, I decided to upgrade my existing laptop and use it for another 2-3 years and wait for the market’s better days ! :D

So, first of all, you need a laptop repair shop in your area, cause most of the parts in your vostro are old and they are not shipped anymore, but the repair shops usually have them all ! Either new or used !

The main bottle neck of dell vostro 1015 for me was it’s 2 GB memory! It was insufficient and the swap space in hard disk was working very hard to make up for it. I changed the Hynix memory with 2*2GB samsung ones with the same speed and timings. Now I have 4 GB of memory, although 3.46Gb is usuable with my 32 bit OS, But everything work smooth now and I don’t get not respondings as much as before. I have to reinstall my OS too, cause it’s 32bit and can’t use the entire 4Gb ram and I plan too upgrade my drivers too.

The next change is in my CPU ! I changed my intel T6570 2.1 GHz 2mb cache with T9300 2.5GHz 6mb cache. You have to use a good silicon pad for your cpu and chipset cause it makes lots of heat ! I didn’t have to update my bios, but I heard some vostros need to. Always make backups of your existing bios before upgrading it. I use I8KfanGUI software to control my fan speed and system temprature and what I saw is the new T9300 produce a lot of heat when it works 100%. The temperature even rise up to 75 degrees, although I have recently changed my fan and my heatsinc is dust free and silicons are fresh. So, be careful with the heat and temperature and use coolpads if you gonna take the juice out of your cpu ! :D

I have changed my 320Gb hard disk before with a WD 500 Gb hard disk before. It’s not a SSD as I wanted, but it’s speed and cache are higher. I have also changed my soundcard conexant chip with another one taken from the same dell vostro 1015 motherboard as it was making noises and sometimes not working entirely. I wish I could have changed the internal speaker too cause it’s very low quality, but unfortunately there was not much space there to change it with another one ! The other unfortunate area is the onboard graphic card, cause you can’t change it at all ! :( It’s onboard and integrated with the chipset.

I have to change my battery too and I’m looking for a good one, but for now, the cpu, ram, hdd, fan, silicon pads and the soundcard have changed and I’ve received a satisfactory result.

Your wordpress is as insecure as your most vulnerable plugin !!!

Wordpress was hacked through WordPress plug-in vulnerability

Recently I noticed huge amount of mails going out of my server from one specific wordpress website and almost all of them were spammy ! I checked my server’s IP and it was blocked in some spam blacklist databases. At first I thought the pop3 account of the website should have been compromised, so I changed the password, but still so many mails were in the queue ! I changed all the passwords and nothing changed. So my thoughts were on Exim and Spamassasin and the other security softwares on the server. I deleted the mail queue which were near 50k mails in it! and updated everything, but looking at the logs, I found out it’s the apache which is sending the emails ! I looked at the outgoing mail headers and the [X-PHP-Script] section was saying they were originating from /wp-content/uploads/wysija/bookmarks/medium/17/user.php ! God damn you wysija or the new mail poet plugin !

I downloaded that mail poet plugin month ago, cause it was nice and popular ! so many people were already using it and I said to myself, well it should be reliable ! But today I found out that’s not a reliable factor ! In other word, a pluging with so many users is a perfect chance for a attacker to look for the bugs and exploit them !

I checked the uploads folder inside wp-content and it was full of files created by apache or let’s say the attacker ! and why all of them were in the uploads folder !? Well, because it’s writeable by the php files ! It’s permission is 777 and they can exploit it ! Also my .htaccess file were changed, because it’s writeable too !!! WordPress needs them to be writeable and that’s a security flaw !

So the attacker should obviously using a backdoor in the wysija pluging and gaining access to the system. I checked the database and there was an unknown user 1001001 in the wp-users table. It could be everywhere now ! All the writeable files might be injected with malicious code! well that’s a real mess.

MailPoet is a very popular plugin with almost 2 million downloads, so as you can expect, when such severe vulnerability is identified, it can be mass exploited.

What I learned from this incident is that, Your wordpress is as insecure as your most vulnerable plugin !!!

I guess wordpress should make some modifications in the code and it’s plugin section. First of all, it shouldn’t leave the uploads folder and all the subfolders inside it writeable or let the plugins write through it ! All the file requests should be watched and controlled via it’s core to a safe place or bucket.

Also the plugins should have security reviews and measures and wordpress should introduce a bug bounty program for those who find exploits and when an exploit is found in a plugin or theme, it should notify all the users and installations via the dashboard.

How to send email from your localhost web server Xampp without getting spamed using your Gmail account

Send mail from localhost xampp web server using gmailHad tried to make php mail() work on my localhost Xampp web server using Mercury for relaying messages to external mail servers. I made a lot of configurations, but sometimes it work and sometimes it won’t!  I’ve found a better way of doing it with the help of my Gmail account ! A lot of google searching and some simple steps, I could make it work. So here sharing my experience with you.

Your Xampp installation comes with the sendmail package. If not or you are not using xampp, you can get the latest package at http://glob.com.au/sendmail/.

Extract the zip file and copy the files into your \xampp\sendmail folder(Replace every file in the existing folder).

Update the sendmail.ini (xampp\sendmail\sendmail.ini) with the following details.

First, comment the “Mercury” and “A free mail service example” contents as shown below:

# Mercury
#account Mercury
#host localhost
#from postmaster@localhost
#auth off

# A freemail service example
#account Hotmail
#tls on
#tls_certcheck off
#host smtp.live.com
#from [exampleuser]@hotmail.com
#auth on
#user [exampleuser]@hotmail.com
#password [examplepassword]

Add the account through which you want to send your mails. In my example I have configured the Gmail account as shown below. Change the username and password with yours.

account Gmail
tls on
tls_certcheck off
host smtp.gmail.com
from [your_gmail_username]@gmail.com
auth on
user [your_gmail_username]@gmail.com
password [your_gmail_password]
port 587

account default : Gmail

Now, edit your php.ini (xampp\php\php.ini). Search for [mail function] and change these parameters accordingly.

SMTP = smtp.gmail.com
smtp_port = 587
sendmail_from = [your_gmail_username]@gmail.com
; #Note: this gmail account will be used to send the email
sendmail_path = “\”D:\xampp\sendmail\sendmail.exe\” -t”
; #Note: I did install my xampp at D:\xampp

Restart your apache server.
Now you can send email from xampp localhost! enjoy :-)