Dec 11

Solution for Schannel Event ID:36888 VPN Problems

I have been experiencing issues when I use VPN. It started occuring after installing latest Windows Updates. So what happens was, as soon as I get on VPN, although I can ping public servers and even use telnet/ftp etc. to get information, surfing web pages was not possible.

After going through series of troubleshooting, I found out it was caused by a Windows Security update (2585542 MS12-006: Description of the security update for Webio, Winhttp, and schannel in Windows: January 10, 2012)

If you go on this website ( there is more details about the reason Microsoft had to come up with this security patch and also mentions “side effects” of installing this update. Right under “Known issues with this security update”. The solution to this problem is fairly simple:

By default, this security update sets the Opt-in mode at the schannel level, because of application compatibility issues. To disable this security update for all applications system-wide, you must add a DWORD value named SendExtraRecordthat has a value of 2 to the following registry subkey:


To add this schannel registry entry registry entry, follow these steps:

  1. Click Start, click Run, type regedit in the Open box, and then click OK.
  2. Locate and then click the following subkey in the registry:
  3. On the Edit menu, point to New, and then click DWORD Value.
  4. Type SendExtraRecord for the name of the DWORD, and then press ENTER.
  5. Right-click SendExtraRecord, and then click Modify.
  6. In the Value data box, type 2 to disable the split record in schannel, and then click OK.
  7. Exit Registry Editor.


Sep 18

Hacked Joomla website

I found out of one my friend’s joomla site was hacked and hidden links were embedded into his website. It took me almost an hour to figure out where they had added the code. It started with finding out template change that they could hide links from us.

templates/rt_maelstrom/css/template.css:#rt-lm {display-none;}
templates/rt_maelstrom/css/template.css:#rt-lm{position: absolute; top: 0px; left: -5000px;}

Next step was looking for the URL and where they were getting it but lots of ‘grep’ -ing and phpMyAdmin search resulted with nothing. While I was giving up on it, I found it in article.php file under templates folder. Ofcourse encoded as usual.

echo base64_decode($pml);?>

Jun 06

Export HTML code from phpmyadmin and Import to Excel

Exporting HTML from phpmyadmin is a big hassle. PhpMyAdmin doesn’t escape characters like “;” or “,” properly so when you try to open your CSV or “CSV for MS Excel” formatted documents in Excel, everything is cluttered and you have a huge mess.

Here is what you should do.

On phpmyAdmin, you should choose a very distinctive column separator, in my example:

Columns separated with: ######

In order to prevent new line characters mess up your Excel view, you should:

Remove carriage return/line feed characters (should be checked)

Now you can download your document. You should open it in a Text Editor, I used Notepad+:

1-Replace all \t (tab) characters with space ( )
2-Replace ###### with \t

When you open this document in Excel, now all your columns fit perfectly.

Nov 29

WordPress gets hacked over and over with eval(base64_decode) code

My websites were getting hacked every 30 minutes or so and when I checked the source code, I kept finding these codes added (below). When I delved more into it, I found out the hackers were using a disabled theme on my blog called:
Twenty Eleven 1.2 by the WordPress team
Twenty Ten 1.2 by the WordPress team

They were hitting to same file (index.php) over and over, although I had cleaned up all the other codes they had added, whatever they were sending to index.php was adding everything back to the websites. This attack would fly uncaught since they are adding iframe into the code which wouldn’t bother you or visitors if it is not interpreted right by your browser (blocked by addons etc.) but if you leave the hole open, they can query database – extract information, open other holes for themselves and pretty much anything a mutant would do.

Here is the solution. Read the rest of this entry »

Oct 09

OpenSSH Windows Known_hosts Problem and SSH-Keygen work around

I have been trying to fix this error:

Could not create directory ‘/home/xxx/.ssh’.
The authenticity of host can’t be established.
Failed to add the host to the list of known hosts (/home/xxx/.ssh/known_hosts)

It is very annoying to type in Yes everytime trying to connect to a server so I decided to do some research but couldn’t find solution.

I found my solution this way:

-Create  a file in your hard drive (wherever you feel like), I have created mine under: c:\users\myusername\known_hosts (ex: c:\users\john\known_hosts)
-find ssh_config under OpenSSH\etc\ folder and add this line

UserKnownHostsFile c:/users/john/known_hosts

 After you add this line, try to connect and you won’t have to type in “Yes” anymore. If you would like to disable known_hosts file check completely, you can also change this line:
StrictHostKeyChecking yes


StrictHostKeyChecking no

 That will allow you avoid known_hosts from get go.

If you want to do public key authentication but you are not able to use ssh-keygen to create because you are getting:

Generating public/private rsa key pair.
Enter file in which to save the key (/home/xxx/.ssh/id_rsa):
Could not create directory ‘/home/xxx/.ssh’.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
open /home/xxx/.ssh/id_rsa failed: No such file or directory.
Saving the key failed: /home/xxx/.ssh/id_rsa.

You can run ssh-keygen uder c:\program files\openssh\bin\ folder  with this:

ssh-keygen -t rsa -f id_rsa

-f switch would allow you to add a filename. Once you create the public and private key (for this example: id_rsa and go back to your c:\program files\openssh\etc\ssh_config file and remove # from
#IdentityFile ~/.ssh/id_rsa

and point it to your new file:

IdentityFile c:/program files/openssh/bin/id_rsa

Older posts «

» Newer posts