PowerShell – al3xclarke

January 30, 2019January 30, 2019

Listing users that use POP/IMAP email retrieval

After a recent upgrade to SmarterMail 17, I noticed that POP and IMAP email retrieval wasn’t working for some users.

The fix was simple… delete the Email Retrieval settings for the affected accounts and re-add (which was done via the webmail).

But which users were using email retrieval?

I wrote a simple PowerShell script that will run through the Domains directory and find all users that are using either POP or IMAP email retrieval.

Download List Email Retrieval Users v1.0

Maybe there’s a way to automatically fix these accounts… but, for now, at least we can identify those ones affected.

August 25, 2014August 26, 2014

Simple log function

I needed a way to log the console output in PowerShell, which would then allow me to email this (a quick and easy way for me to check that my automated scripts were working correctly).

The following function does just that, sort of.

# Log function.

$Log = $null

Function Log($a) {
    If (-Not ($Log -eq $null)) {
        $global:Log += "`r`n"
    }
    $global:Log += $a
    Return($a)
}

# Log function.

$Log = $null

Function Log($a) {

If (-Not ($Log -eq $null)) {

$global:Log += "`r`n"

}

$global:Log += $a

Return($a)

}

Instead of capturing everything that is written to the console, text is passed to the Log function which then updates the $Log string before returning the same text to ensure it is written to the console.

Line breaks are automatically added to the string.

The code below shows how to use the Log function.

Log("hello world!")

1	Log("hello world!")

It’s important to remember that this function will not capture any errors thrown by your script. So, you’ll need to make sure you handle errors correctly.

August 25, 2014August 26, 2014

Finding out-of-date WordPress installations

Several websites, that are hosted on servers I manage, recently fell victim to XML Quadratic Blowup Attacks. They were all running WordPress version 3.9.1 or below.

I first noticed a problem when one of the servers started to run extremely slowly. Every website it hosted was taking an age to respond and frequently timing out. The CPU was maxed out at 100%, mainly from PHP requests.

Further investigation narrowed down the website under attack. Below is a screenshot showing the traffic trend for the month to date of that website.

WordPress DoS Attack — Traffic Trend by Day report for a WordPress website subjected to a DoS attack.

On 15th August page views began to spike, with the most popular requested file being xmlrpc.php.

The temporary fix was to rename the file before installing WordPress 3.9.2, which contains a fix for this exploit.

However, I began to wonder how many other sites, that I was responsible for, could be vulnerable.

So, I decided to write a PowerShell script that scans all websites (on IIS 6 or 7) and checks their current WordPress installation version.

vScanner Console Output — Results are displayed directly in the console and can also be sent to you via email.

Since the WordPress API is used to obtain the current version, you can set this script to run as a task on your server. If an out of date installation of WordPress is detected then you’ll receive an email notification.

Download vScanner v1.0

To turn on email updates, set $SendEmail (line 5) to 1 and be sure to update lines 6 – 11 with your email address and SMTP server details.