Upgrading to “Windows 10 Creators Update”

Did this today.  It was a fairly clean upgrade, with only these exceptions:

  1. VirtualBox would no longer launch so I upgraded to the latest version, v5.1.18, and that fixed it.
  2. Microsoft Outlook (part of Office 2013) errored upon launch.  I ran the Inbox Repair app, which found a bunch of errors that I had it fix.  Then Outlook worked fine.
  3. A few file associations got dropped (e.g., for opening PDF’s, PNG’s, etc.).  I have to think this was on purpose by Microsoft.

Upgrading to Windows 10, Part 2

I took the plunge on upgrading on my main machine.  These were the hiccups:

  1. I have a DisplayLink USB/DVI adapter for an external monitor.   The “compatibility check” Windows runs prior to upgrading failed to catch that I needed to install the latest driver.  It just was a blank screen after upgrading.  So I had to get it manually from here and fortunately it seems to be work (otherwise I’d have to rush out and buy a new adapter).
  2. Vagrant somehow forgot the network interface it had been using prior and didn’t find the network interfaces installed.  Upon up, it asks “default: which interface should the network bridge to?” which is described in this issue.  So I had to upgrade VirtualBox to the latest 5.0.x test build (which is semi-compatible with Windows 10), and upgrade Vagrant to v1.7.4 to work with it.  Then upon reboot and relaunch of Vagrant I was able to pick the interface I wanted (although it still seems to forget my selection each time).
  3. My PuTTY keys quietly disappeared from the Pageant key list and had to be re-added manually.  Seem to work now though.
  4. TortoiseGit overlay icons all disappeared as per this issue which appears to point to OneDrive (which I have no intention of using) as the culprit.  I followed the steps in my comment there to work around it.

 

Still open: Windows Search was not indexing any program directories, so it couldn’t find any applications at all!  So I manually added all the Program directories, and we’ll see if it works.

 

Upgrading to Windows 10

I updated my laptop from Windows 8.1 to Windows 10 over the last day.  I did not want to leave this major update up to Microsoft’s timing, so I installed all the available updates from Windows Update, which triggered the little Windows 10 icon at the bottom of the screen.  I then initiated the upgrade via the steps at this post.

Here’s what I learned:

  1. Be patient, enormously so.  I found that that several of the dialog windows can realistically be “spinning” for several hours or more – even after you have supposedly downloaded the several GB’s of update files.
  2. Startup times seem much slower than Windows 8.1.  Don’t know if this will improve over time, or not.
  3. Upon boot, I saw several DOS windows flash across the screen with error messages relating to OneDrive, which I have never used.  I also don’t believe I have configured a Windows Live account for this laptop in the past either (I only use a local account).  I do see an taskbar icon for OneDrive so clearly Microsoft expects me to be using that already!
  4. I got a notification that my “Wifi Sense” needed attention.  But after clicking it, all I got was a blank Settings screen.  I have no interest in the (rather creepy) Wifi Sense feature.  Fortunately it will only apply to unsecured networks so I don’t think it represents a security risk on my home networks.
The good news is all my applications and files seem to be untouched.  I’ll give it a few more days and if it seems stable I will take the plunge on my primary machine.

Disinfecting a hacked WordPress site

Recently I took over management of a WordPress site for a nonprofit that had been hacked at some point in the previous few months, and my job was to recover it.  It had been hosted at the time on GoDaddy and it appeared that there had been a GoDaddy-specific exploit that the hackers had known of.

Pretty quickly I found the hackers’ PHP files (for malware, it appeared) in both the webroot and under /wp-content/uploads – so those were quickly deleted.  I thought that was it, but I was wrong.

The site was running a somewhat-dated version of WordPress, maybe 3.9 – so it was 6-12 months old, which isn’t too bad.  It used a hodgepodge of plugins though, and I was afraid to upgrade it for fear of breaking some plugin (I had not budgeted any debugging time to this).  So I didn’t upgrade WordPress core, but should have in retrospect: as it turned out, there was also a spam-relay PHP hack under /wp-includes that I had missed.  When I got the site up on a new locked-down server, I didn’t notice at first that the postfix queue was getting absolutely hammered with outbound mails from this domain – which wasn’t hosting email in any case.

So I was in a situation where there were dozens of mails entering the queue per second.  I had no idea where they were coming from, as this server wasn’t even the destination of the MX records for the domain.  So I did the following:

  1. Remove the MX records, and all associated A records (like email, smtp, webmail, etc.) from the zone entirely.  Now in hindsight I doubt it would have had any impact in this case, but if you’re not running mail on a domain, you don’t need any of that.
  2. Check the mail queue via mailq and individual mails via postcat.  There’s more detail on syntax as this link.  You can delete the entire queue via

    nice postsuper -vv -d ALL
     
  3. To be safe, I also set up postfix to reject all emails being sent from this domain, by following the steps here.

Eventually I thought to look at the access logs and found the hackers’ requests to /wp-includes which obviously is wrong.  I then did a clean reinstall of the WordPress core via git, and the outbound spam attempts ceased.

Moral of the story, always do a clean reinstall of the core.