Therefore, I have decided to shut down the blog. I will no longer be posting to this blog, and in a couple months, I’ll take down the site and keep the database for my own personal reflection (on my crazy past).

Fret not! I will re-begin my writings at my new blog at http://www.jakertberry.com. I hope all those who enjoyed my blog in the past will enjoy my new blog in the future.

Here’s to another 7 years!

~Jaker

So, the machine I have is a MacBookPro4,1 (from circa early 2008), one of the last models before they switched to the new single-case style. The laptop has a Core2 Duo at 2.4GHz and shipped with 2GB of RAM. I wanted to kick it up a notch and go to 4GB of RAM. So I purchased said RAM, and attempted to install it.

On my first attempt, I installed the new sticks of RAM and tried to boot. Nothing happened. I waited and waited, but the only activity I saw was the CD-ROM spinning up and the power light staying solid.

Second attempt: back to the old sticks of RAM. I booted, and got 3 Simon (the game)-like beeps. Quick research showed that this meant “no good banks.” I was fairly certain that my RAM didn’t go bad just from removing it.

Third attempt: 1 stick of the new RAM, 1 stick of the old RAM: boots.

Fourth attempt: tested the other two, still one of each: boots.

Fifth attempt: back to the 2 new sticks of RAM: CD-ROM spins up and power light is solid. No activity.

Sixth attempt: back to the original sticks of RAM: boots.

It was at this point that I realized something: the new sticks of RAM were rated at 800MHz, whereas the stock sticks were 667MHz. Now, this has never made any difference in the past, but I decided to run with it since nothing was making sense at this point. I fortunately had my personal laptop at work which had 4GB of DDR2 667, so I put those in the MBP and attempted to boot. Success.

I guess the MBP is picky about what RAM speed you have, or perhaps they just don’t like OCZ. Either way, my MBP now has 4GB of RAM.

Oh, and the personal laptop? The Inspiron 1520? He runs just fine with the 4GB of DDR2 800. They’re just clocked down to 667, like every machine should..

~Jaker

The untested solution?

http://www.x.org/wiki/radeonhd

~Jaker

Basically it seems someone found an exploit for Dreamhost that installed a small IFRAME script on any page that starts with “index.” This IFRAME redirects the user to a site (odmarco.com) and attempts to install spyware by exploiting Adobe Acrobat.

Because there’s just a crazy amount of stuff on my site, doing this manually would be a pain. Fortunately, I found a script that fixes this for me.

I use DreamHost for quite some sites, both my own and of friends. Recently I got informed that one of my sites was triggering a warning in anti-virus software and when I went to investigate, it turned out quite a few sites got hit by an annoying script that inserts a hidden iframe. Removing all those by hand would be an annoying job, so I decided to automate it. Given that I don’t know much shell scripting but have a firm knowledge of PHP, I decided to give that a go.

First of all, let’s look at the hack. At this point I am unsure what exactly caused so many of my files to contain the odmarco string. It looks like quite some people on DreamHost got hit by this problem, so I am guessing a vulnerable script on one of their servers caused this. Now, I should blame myself as well, because apparently I didn’t take notice to a lot of files in my websites being writable by the server. It’s no excuse, but a lot of the sites that I have are very old sites, where I definitely didn’t pay as much attention to such details as I do now.

Anyway, from a comment on siteadvisor I learned that the script called in the iframe is trying to abuse an exploit in Adobe Acrobat. Though I hate all stuff like this, I hate exploits more than mere referrer spam injection, so I felt I needed to take care of this quickly, even if a lot of the sites are hardly maintained anymore. So I sat down to hack up a little PHP script that would remove the offending string. Why PHP? Simple, it’s the only language I know good enough to hack something like this up in a short time.

After some hacking around I came up with this script. It’s not perfect, but it does the job and it does it well, so I’m happy. Anyone interested, feel free to use this script to clear up the mess in your site. It’s meant to be run from the command line, inside the directory that you want to (recursively) clean. What I did was put it in the homedir on DreamHost, and then go into a directory that needed cleaning and issue the command:

/usr/local/php5/bin/php ../clear_odmarco.php

As you notice, at DreamHost you need to explicitly specify the php5 path because for some reason, the “php” command still defaults to php4. Then I put in a relative path to the clear_odmarco.php file (you could put the full path if you want). 

If you have anything hosted on my site with your own user account, you should run this script.

~Jaker

Just recently did I figure out how to remove it:

Complete the following steps to disconnect your Free AT&T Email and Portal account.

Note: A Free AT&T Email and Portal account provides access only to the AT&T Email and Portal (http://att.net). Your Internet access is provided by a company other than AT&T and will not be disconnected.

1. Go to http://att.com/internetaccount and login
2. Click Profile Management
3. Enter password and click OK
4. If the Member Management screen displays, select your Member ID
5. Scroll down to bottom of the page and select disconnect my portal service
6. Click Yes

~Jaker

Yes, you’ll see details about this release here.

~Jaker

I hope..

~Jaker

More importantly, a problem that has been existing for an unknown period of time has been resolved. Turns out a plug-in I was using injected some unwanted code into my website, causing some users to possibly become infected with spyware (the lucky exploit, to be exact). As soon as I discovered this, I quickly determined it’s cause, removed it, and made the blogosphere happy again.

If your machine was infected by this because of myself, I apologize. It was not my intent to have my website a space for malware to grow and spread. Besides, that was sooo version 4.1 !!

~Jaker

Horde characters may now obtain the quest “CLUCK!” from Chickens. While Farmer Saldean won’t be selling Special Chicken Feed to the Horde, perhaps “Westfall” William Saldean in Brill might…  

This is funny to me, only because I had found a “bug” with this in the past and make several GM reports (all which came back with nothing–it seems as though my message finally got through).

The bug? I’d be in Brill, and find a chicken. Just as the quest is done, I’d spam this poor chicken with /chicken until it replies with “The chicken looks at you quizically.” Normally you’re supposed to right-click on the chicken. Instead, as Horde, the chicken would turn into an “enemy”–you could only attack it, and the local guards would run to the chicken and kill it.

Now–this action makes sense, programatically. The quest was is meant for Alliance, so the chicken gained the Alliance faction.. Hence why I call it a “bug”–the game’s logic was flawless. The chicken’s existance in Brill, however, was not.

~Jaker