Vtube all about Technology

Friday, 10 November 2017

How to change AddThis Follow button settings for a gadget on blog or website

This article shows how to change the accounts presented in an AddThis Follow gadget which has already been set up on a Wordpress-based website.

(Note: this is only relevant for Wordpress.org users. Wordpress.com users do not have the same freedom to add or configure plug-ins.)

The AddThis plug-ins for Wordpress provide several functions. One is a Follow gadget, which lets you offer links to your account on other platforms (eg on Twitter, Facebook and Instragram), so that people who are interested can subscribe to you there, and get updates from you even if they don't visit your blog or website regularly).

When you install and activate this plugin, there is a screen where you can choose which other platforms to show, and say what your address on those platforms is.

After you have set up the plug-in, then you an add the AddThis Follow widget to your site, This gadget displays an icon for each tool which you selected, and each one link to the account that you provided. How exactly it looks depends on the options you choose, but one possibility (Horizontal Follow) is like this:

But - how do you change these settings after the gadget has been added?

For most widgets, to change their settings you just:

Choose Appearance > Widgets from the left hand menu
Find the widget in the list of ones that have been installed
Click the down-arrow beside the name, to reveal the options.

And initially, AddThis-Follow looks much the same. Rather than giving the detailed options immediately, it says

To edit the options for your AddThis tools, please go to the plugin's settings

Which sounds fair enough - there were a lot of values displayed on the page where you selected which social media platforms to include and how to connected them to your blog.

So you click the link, and get taken to a page - example below- which looks nothing like the one where you chose the services to display in the widget. Even when you scroll down, nothing looks familiar, or even gives any clues about how to update the linked social networking accounts:

How to change the accounts offered by the AddThis Follow widget after it has been added

Don't start with the Appearance > Widgets menu item.

Instead:

Choose with Plugins > Installed plugins
Find Follow Buttons by AddThis in the list.
Click Settings
In the list of gadgets that is displayed, beside the type of Follow button you used (horitzontal or vertical), click the Settings button. [Yes, that is two Settings clicks in a row.]

This opens up the familiar screen where you can choose social media services by clicking on their icon, and entering your name on that service in the field at the bottom of the page.

Job Done!

You can now edit the social media accounts linked to your blog - both correcting errors in the original setup, or adding new accounts which have been added since then.

What this means

Aach AddThis widget (eg AddThis-Follow, AddThis-Inline, etc) has the same settings each time it is used on your site. So, provided your theme supports having gadgets in multiple places, you can have the Follow-Me gadget several places (eg in your sidebar and underneath your posts) - always looking the same and linking tothe same social-media accounts.

There are no related articles for this topic.

Thursday, 9 November 2017

Last Day on Earth Mod v 1.6.7 By Game Killer

Last Day on Earth Mod By Game Killer

👇FEATURES OF THIS HACK👇

(1) UNLIMITED MONEY

(2) ONE SHOT KILL

(3) ALL CRAFT FREE

(4) UPDATED VERSION

(5) GAME KILLER MOD ENABLE

(6) *NO ROOT*

(7) ETC...

HOW TO USED SAVE DATA

(1) First Download The Save Data

(2) Then Extracte the Save Data

(3) The its want a password (PASSWORD IS bygamekiller)

(4) Then Copy The Folder Called zombie.survival.craft.z and past in Android/data folder

Then Enjoy Unlimited HACK

FRIENDS MY ALL MODS ARE FREE SO PLEASE SUPPORT MY CHANNEL AND HELP ME TO GET MORE SUBSCRIBES

To Luarn How To Hack Any Games Subscribe Hack Now Channel

تفليش و ازالة الكود الحماية SM-B310E SAMSUNG

http://go.oclasrv.com/afu.php?zoneid=1482351

سلام عليكم متابعي مدونة احترف
اليوم لدي موضوع خاص بالافلاش و ازالة كود الحماية + تعريب الهاتف
لكن الامر يحتاج الى بوكس z3x pro

اولا تحميل الروم عربية تجد الرابط التحميل اسفل الفيديو
تانيا كابل usb يوجب ان يكون اصلي
ثالثا ان تكون عندك بوكس z3x pro لكي تتم العملية
و الان تابع الفيديو

تحميل روم عربية

Sunday, 5 November 2017

Hungry Shark Evolution Mod By Game Killer

👇FEATURES OF THIS HACK👇

(1) UNLIMITED GOLDS

(2) UNLIMITED GEMS

(3) ALL SHARKS UNLOCK

(4) UPDATED VERSION

(5) GAME KILLER MOD ENABLE

(6) *NO ROOT*

(7) ETC...

To Luarn How To Hack Any Games Subscribe Hack Now Channel

Saturday, 4 November 2017

CrunchyRoll hack delivers malware

Introduction

There's a Reddit post today with a PSA (Public Service Announcement) about Crunchyroll, a website that offers anime streaming, being hacked:

PSA : Don't enter crunchyroll.com at the moment, it seems they've been hacked.

As mentioned before, Crunchyroll offers anime streaming, and in their own words:

Enjoy your favorite anime & manga at the speed of Japan

The German Crunchyroll team has additionally issued the following warning:

And for our English-speaking audience
Please DO NOT access our website at the current time. We are aware of the issues and are working on it
— Crunchyroll.de (@Crunchyroll_de) November 4, 2017

The official CrunchyRoll Twitter account has tweeted the following:

ATTENTION ALL CRUNCHYROLL USERS!!

Please DO NOT access our website at the current time. We are aware of the issues and are working on it!!
— Crunchyroll (@Crunchyroll) November 4, 2017

If you are only interested in how to remove this malware, scroll down to the disinfection/removal section, or click here.

Update: CrunchyRoll has announced, after a few hours, that the issue is resolved:

We've just gotten the all-clear to say that https://t.co/x1dBCM9X9C is back online!! Thank you SO MUCH for your patience ~ ❤️ pic.twitter.com/FQRRHowvp6
— Crunchyroll (@Crunchyroll) November 4, 2017

However, I still advise you to scroll over to the disinfection or removal section. Any questions, feel free to leave a comment, or contact me on Twitter.

Analysis

So, what happens when you visit the CrunchyRoll website? Curently, you get a message the website has encountered an error:

Figure 1 - CrunchyRoll error page

Earlier today, the CrunchyRoll website was showing the following:

Figure 2 - Likely hacked CrunchyRoll website (Image source)

While the CrunchyRoll team claims it was a DNS hijack, I have (so far) found no evidence as to the validity of this claim, and it rather appears someone was able to hack the website.

Either way, while this is bad, CrunchyRoll took swift action by taking down the website, and an investigation is under way.

What happens if you click the 'Download now' button? A new file, called CrunchyViewer.exe, will be downloaded from the following IP address:

109.232.225[.]12

This IP appears to have hosted fake antivirus software or similar in the past:

Figure 3 - Older resolutions (2010)

The newly download file is seemingly the legitimate CrunchyViewer or Crunchyroll, but, near the end of the file, there is a chunk of Base64 encoded data appended, as seen in Figure 4:

Figure 4 - base64 encoded data (click to enlarge)

Using a Base64 decoder, we get a new file, called svchost.exe. This binary will place a copy of itself in the current user's %appdata%\roaming folder, for example:

C:\Users\Yourusername\AppData\Roaming\svchost.exe

This file will periodically call to its C2, or command-and-control server, and wait for any commands:

145.239.41[.]131

Currently, it does not appear the C2 responds on that specific port (6969), however, it is online.

There are claims the malware will additionally install ransomware - I have not observed this behaviour, but it is definitely possible once the C2 sends back (any) commands. ~~More likely, it is a form of keylogger - malware that can record anything you type, and send it back to the attacker.~~

Update: It appears however, thanks to ANY.RUN for the heads-up, (analysis here) that the malware actually downloads Meterpreter, which is a default Metasploit payload.

More information about Meterpreter can be found here, but basically, it can be viewed as a backdoor, as it allows the attacker to completely control your machine. However, it does appear the C2 server only downloaded Meterpreter for a limited amount of time - as port 6969 only responded within a specific time-frame.

Note that the disinfection or removal tips are still applicable in this case.

Svchost.exe will also create an autorun entry:

Figure 5 - newly created run key (click to enlarge)

This basically means the malware will start every time you (re)boot or restart the machine.

Just for fun, it appear that the miscreant's name, or the person responsible for creating the malware is named Ben, as appears from the debug paths:

C:\Users\Ben\Desktop\taiga-develop\bin\Debug\Taiga.pdb

c:\users\ben\source\repos\svchost\Release\svchost.pdb

Taiga is 'A lightweight anime tracker for Windows'. This does not mean they are involved, but rather that 'Ben' has decided to include Taiga in the package.

Update: the developer of Taiga has included a fix for 'CrunchyViewer':
https://github.com/erengy/taiga/issues/489

Thus, if you now update or install the official Taiga application, it will prompt you if the malware is found, and is able to remove it.

Disinfection/Removal

Disinfection is rather straightforward:

Remove the malicious "Java" Run key, by opening Regedit, and browsing to:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Delete the 'Java' key;

Reboot your machine;

Remove the malicious binary, by navigating to:
%appdata%\Roaming (for example: C:\Users\Yourusername\AppData\Roaming\)
Delete the 'svchost.exe' file.

Perform a scan with your installed antivirus product;
Perform a scan with an online antivirus, which is different from the one you have. Alternatively, perform a scan with Malwarebytes.
Change all your passwords if possible. Better be safe than sorry.

Prevention

Prevention advise in general, which also pertains to CrunchyRoll's compromise:

Install an antivirus;
Keep your browser up-to-date;
Install NoScript if you have Firefox;
Install a 'well-rounded' ad-blocker, for example uBlock Origin (works with most browsers);
If a website you visit frequently suddenly looks completely different, or urges you to download whatever, be safe rather than sorry, and leave the website.
Additionally, try to Google or use social media to verify if anyone else is experiencing the same issue.

In this particular case or incident, you may also want to block the two IP addresses as described in this blog post, by adding them in your firewall.

Conclusion

This hack shows that any website or organisation is, in theory, vulnerable to someone hijacking the website, and consequently download and install malware on a user's machine.

While it is uncertain what exactly happened, CrunchyRoll took correct action by taking the website down not too long after. At this point, it is best to monitor their Twitter account, and/or wait for an official statement.

If you have not executed the file, you should be safe. Simply delete the downloaded file.

Note that I can't speak for any second-stage payload that may have been downloaded in the early stage of the attack - however; when I investigated shortly after, I didn't observe any secondary malware.

Update: the second-stage payload was the default Meterpreter by Metasploit. Updated analysis above. This does not affect or change the disinfection or removal steps.

Follow the prevention tips above to stay secure. Any questions or feedback? Feel free to leave a comment, or reach out to me on Twitter.

IOCs