Cleaning up an infected PHP server (Mal/Badsrc-M – Troj/PHPShll-B)

Published on October 29, 2012 in security. Closed Tags: , , , , , , .

I recently discovered that a number of sites of mine were considered unsafe by Google, Firefox, Yandex … The reason was they had detected malware being served to visitors of the site. I checked a bit further and I discovered it was the Mal/Badsrc-M – Troj/PHPShll-B trojan. In each of my (WordPress and other) PHP files, the first line had been changed to

<?php /* */ eval(base64_decode("...(bad stuff)"));?><?php ...
The file is easy to clean up: you remove the eval statement and that’s it. Only, on this server several hundreds of PHP files (WordPress, MediaWiki, …) were affected. So I made a script to go through all of them and clean up. It uses the fact that

  • the whole injected statement is on 1 line
  • no ‘decent’, trustworthy program uses eval(base64_decode(" ... ")) in its PHP code
  • it moves the second <?php to the second line and then removes the whole first line

So if you have the same problem, use a bash script like this and run it in the root of all your websites:

iOS6 losing its 3G cellular data settings – fix for Belgium

Published on October 10, 2012 in mobile. Closed Tags: , , , .

I upgraded my iPhone 4S to the new iOS6 the day it came out. As I expected, I had to reconfigure the cellular data settings (‘APN’). For some reason they always get lost during major OS updates. However, I have noticed the last weeks that, every now and then, my 3G connection stops working, and when I check the APN settings, they have disappeared. My colleagues, with iPhones and iPads on different cellular operators also have this problem. So for them, for me, and for anyone else who has this problem: here are the settings for the Belgian operators.

PROXIMUS/BELGACOM
APN: internet.proximus.be
Username: (empty)
Password: (empty)
MOBISTAR
APN: APN: iphone.mobistar
Username: (empty)
Password: (empty)
BASE
APN: gprs.base.be
Username: base
Password: base
MobileVikings
APN: web.be
Username: web
Password: web
Telenet
APN: telenetwap.be
Username: (empty)
Password: (empty)
Scarlet
APN: internet.bmbpartner.be
Username: (empty)
Password: (empty)

These are the most common ones.

The procedure is: goto General/Cellular/Cellular Data Network, verify they are all empty, fill in the correct values, leave the Cellular menu, switch your phone to “Airplane Mode” for 10 seconds, and then switch that back off. You should see the 3G logo appear again.

Emoticon for innuendo: &-)

Published on April 20, 2012 in culture, internet and sarcasm. Closed

Do you often find yourself in a situation where you are using some kind of word play in a written (chat or text message) conversation, but feel that you need to make this second level of comprehension clear? This is why emoticons exist: pictorial representations of a facial expression using punctuation marks and letters, written to express a person’s mood. Emoticons were already used in the 18th century and adopted with mucho gusto in electronic communication since 1982. These days, if you don’t know that a “:-)” means that the writer is happy, you’re missing a lot of the meaning of SMS or emails.

It doesn’t stop there, there is also the :-p tongue-sticking-out, the %-) I’m-so-drunk and even *<|:-) Santa Claus. But there is one often-used ironical level that I find is not well covered by the ;-) I’m-only-joking emoticon, and that is the dangerous stylistical weapon called innuendoan indirect remark about somebody or something, usually suggesting something bad, mean or rude. We need an emoticon that says if-you-know-what-I-mean-wink-wink-nudge-nudge in 3 characters. I hereby propose the …

&-)   = if-you-know-what-I-mean

  • “My parents are coming over tomorrow and I still have to dust off the silverware &-)” = have to clean up dishes for the last 2 weeks and remove all clothes from the living room
  • “Can’t talk right now, my girlfriend is here and we’re studying &-)” = no actual studying is done
  • “Is your wife a goer? &-)” = say no more

What could be a proper response to a &-) ? Depending the recipient’s sense of humor:

  • &-D oh-I-*know*-what-you-mean
  • &-O OMG-you-didn’t-just-say-that-did-you
  • &-? not-really-sure-what-you-mean
  • &-/ I-get-it-but-am-not-that-amused
  • &-( this-is-totally-inappropriate-and-I-am-disappointed-in-you

I think there is also one variation necessary for the most versatile joke on earth: that’s what she said! This is expressed with &-)! – as in “make sure it’s long enough” > “&-)!

And to end, I leave you with this: Uncyclopedia’s definition for sexual innuendo. Just don’t read it aloud in the office.

TL;DR:

  • &-) if-you-know-what-I-mean
  • &-D oh-I-know-what-you-mean
  • &-)! that’s-what-she-said!!

Company cars in Belgium: your new taxes

Published on April 3, 2012 in Belgium and finance. Closed Tags: , , .

January 2012 marks the beginning of a new calculation of the ‘Benefit in kind’ – the value an employee is calculated to get from a company car. It has a big effect on your taxes. Do you pay taxes in Belgium? Do you have a company car? Read on!

The actual formula can be found here: Arval: Benefit in kind (FR: Avantage de toute nature / NL: Voordeel van alle aard). I simulated this for my own car (Saab 9.3 Cabrio from 2005). It’s clear I need to sell it ASAP. Then I started calculating some other ‘common’ company cars to see what car to buy next. A hybrid? Diesel? Start-stop? So here are some numbers for the ‘cheap’ cars:

 

VVA: goedkope autos

And because you’re right to worry about your company Range Rover:

VVA: dure autos

Conclusions

  • There is a minimum benefit: 1200€/year. Some cars would have been able to go lower than that, like some electric/hybrid ones, the Volvo V40, the Audi A3, the Smart, but no, you are still going to be taxed for those 1200. 1200, so the state considers you to make 100€/month more.
    Concretely: for an electric car, you are going to be taxed as if it costed 30.000€. For the most economic petrol/diesel car: as if it costs 21.818€. If your company has 22K to spend on a car, use it. You can’t save on your tax filing anyway.
  • Accessories and options: they are also taken into account for the price of your car. The leather seats, the GPS pack, the xenon lights… They all count.
  • CO2 coefficient is important, but don’t overdo it. The treshold for petrol (benzine) cars is 115 g/km, and for diesel it’s 95 g/km. You pay more if it’s worse, but you don’t pay less if it’s better.
    For diesel cars: stay under 115 g/km. For petrol cars, stay under 130.
  • Electric cars: you would be surprised. Apart from the Renault Twizzy, which is more of a toy, there are not that many options, and you’re not even sure of the minimum benefit. If the car costs more than 30K, you’re screwed. Hybrid cars: if they cost more than 22K, you will feel it.
  • SUVs: if you have a big SUV (BMW X5, Mercedes M, Porsche Cayenne) or a big jeep (Landcruiser, Pajero), you’re gonna feel the pain. Nissan Qashqai, Toyota RAV4, not so much.
  • Second hand: there is a discount for the age of your car: 6% per year, with 5 years max. So if your car is 6 to 25 years old (after which it becomes an old-timer), the state will take into account 70% of the price it was bought for the first time. But if you bought it second hand? You might buy a 2 year old car for 50% of the price, but it will still be counting for 88% of the price-for-a-new-one. Concretely: if you buy a second hand Maserati, don’t buy it in the company.
  • Super cars“. I know you love to watch Top Gear and dream about that Lamborghini, but I’m guessing that has become something even more of the happy few. If you buy/lease it as a company car, you will bleed in your personal taxes. 20K for that Porsche Carrera (so you will pay +- 50% of that in taxes). 10K for that Range Rover.

As far as I understand it, this is for new ànd second-hand cars, bought or leased by a company for a manager or employee. Let’s wait until some accountants come up with new schemes for expensive cars.

In the mean time: what individual wants to buy a Saab Cabrio?