Tag Archives: hack

Drupal: Installing multiple contrib modules – the easiest way

Here’s how to quickly extract multiple tar.gz files in a folder using “find” or a loop. It’s easy, it’s simple, and it gets your drupal install up and running in less time than it takes to say “Upload via FTP”. If you want the solution right away, scroll down to the bottom if this post.

I’ve recently had to install drupal a number of times in a span of a few days. The way I usually do it – download tarballs, extract, create file structure, upload via ftp – was just too slow. Fortunately I have shell access to my shared hosting account on DreamHost, so here’s what I’ve been doing recently.

  1. Fire up a terminal window in Mac OS and SSH to my wonderful DreamHost linux webserver (you can do the same in Linux, but you need some software SSH in windows) – Here’s the command I use:
    ssh username@servername.com
    and enter the password when the server asks you for it. Do note that the characters that you type in for your password may not appear on the screen, but they’re still being entered.
  2. Change to the directory that you’re going to install drupal into. Alongside this, navigate over to drupal.org, and to their download page. At the time of writing this, Drupal 6.20 is the latest version, so the path to the .tar.gz file looks like this: http://ftp.drupal.org/files/projects/drupal-6.20.tar.gz I just right click in Firefox and select “Copy Link Location”.
  3. Now, skip back over to the terminal window. Remember, I’ve navigated to the folder I want to install drupal to. Then type in wget http://ftp.drupal.org/files/projects/drupal-6.20.tar.gz. This downloads the drupal core tarball to the server directly.
  4. Extract it using tar -xzvf drupal-6.20.tar.gz. You’ll see a screen ful of paths as the files are extracted to a folder called drupal-6.20.
  5. I go ahead and start off the install in a browser, and get the settings file renamed and database hooked up, and everything else until it becomes time to get the contrib modules installed.
  6. On any given install of drupal, I usually have atleast 10 or so contrib modules installed, and very often it goes up quite a bit. Like I said before, FTP just does not cut it for this, so, like our drupal core tar.gz file, I find the paths to every single contrib module that I want installed. And here’s a little secret – They’re all at the Modules page of Drupal.org!!! and happily listed in descending order of the modules most used. This is a quick process. I wget them to the sites/all/modules/ folder, so that I have about 20 GZipped Tar files; and that’s where I hit a snag.
  7. You see, the tar command does not use wildcards happily. In fact it does not use wildcards. – (period) So I had to find an alternative, to get all these .tar.gz files extracted without having to repeat the same command again and again manually. I found a solution. In fact, I found two solutions
  8. find -name '*.tar.gz' -exec tar -xzvf '{}' ';' – This piece of code extracts all .tar.gz files in the current folder, and all subfolders, making it ideal if you have all the tar files ready and waiting extraction in the sites/all/modules/ sites/all/themes/ and sites/all/libraries/ folders. Just run it in the sites/all/ folder, and then run back and rm -R *.tar.gz each folder to remove the tar files.
  9. for i in *.tar.gz; do tar -xzvf $i; done – This piece of code extracts all .tar.gz files in the current folder. Leaving you to cleanup all the tar.gz files in the directory with a simple rm -R *.tar.gz
  10. That’s it, done! Head over to http://yoursite.com/admin/build/modules and tick the check box next to the names of all the contrib modules you want to activate, save, and they’re ready to do your bidding!

I hope you find this time saving shortcut useful. The code is not mine. I found it on WebHostingTalk.com in a thread titled How do you untar multiple .tar.gz files? I was also helped along by a good friend who does not want to be named. Experiment and see what works best for you.

Google Malware Warnings

Interesting! Google seems to be restricting some of its search results. I was searching for some articles to help me with a website that I’m designing when I was suddenly confronted with this warning page:
Google Malware Warning

Now, I was surprised the first time around, so I just let it pass… (after visiting the link to StopBadware.org, of course!) Then I came across it again! Like so…

Google Warning - Search Results

So I visited the site again. The home page details that Stopbadware.org has tied up with some majors, including Google, Lenovo, Sun Microsystems, AOL, Trend Micro, VeriSign and PayPal. And apparently Google has been showing the warnings for quite a while now, and I’ve been somewhere else in this universe…

They also seem to have some influential members on the Advisory Board and on the Working Group. Their blog also lists some interesting cases where software has been allowed to do bad things to your system, and you’re not aware of it.

What Do You Do?

Has your blog or website been blocked by this notification? You’re sure that you’re not a malware producer or distributor… So, why has Google ranked you as one? It sure is discouraging people from visiting your website, so you need to get it sorted out quick.

Are you REALLY sure that you’re not sending out badware to every person who visits your site? Take a look at what Stopbadware.org says in its FAQs

Currently, many sites that are the subject of Google’s warnings have been the victims of a malicious hacking attack, in which code linking directly to badware through exploits was inserted onto an otherwise innocent, but poorly secured, website. In other cases, a website with no intention to distribute badware hosts content (such as ads or hit counters) provided by a third party, and can inadvertently distribute badware through that content. If you are confused about why your site has a Google warning, then there are strong odds that your site has experienced one of the above situations.

To remove the warning, you will need to discover what code on your site caused Google to flag your site, and then clean and secure your site.

So, maybe something has happened that you were not aware of, and someone has exploited a loophole in your website’s security. StopBadware.org has also got some tips to get you started on cleaning up your website and to get out of their list. Here’s the form to request removal from the Stop Badware list.

In Conclusion

It looks to me like they’re doing a good job of it… but what if my ideology about what software can and should do differs from theirs? I can no longer even tell the world about it, Google is blocking my website!

Well, my take on it is, that if you’re out to harm my computer, I’d rather have your website blocked. If you’re un-intentionally promoting sites/software/ads that do bad things to my computer, I’d like a warning… and I’d like you to get your site cleaned up so that I can tell the world just how great a website it is.

Cheers all!