Adolfo G. Nasol danreb
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| # Upgrade an Amazon Linux EC2 to PHP 7.3 | |
| # | |
| # Last tested w/ PHP 7.2 AWS Linux version 2.8.5 | |
| # | |
| # Must be ran as sudo: | |
| # sudo bash upgrade-php7.sh | |
| # | |
| # Can be added to ./.ebextensions/20_php.config like so: | |
| # container_commands: |
danreb
/ dgscanner.sh
Last active
July 9, 2018 00:45
Helper shell scripts or command to scan for injected code - DrupalGeddon 2 - 3
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Run this inside your cPanel account or just in public_html drupal web root | |
| # Find the ico malware | |
| find . -type f -name "favicon_*.ico" | |
| find . -type f -name ".*.ico" | |
| # Delete the malware, I did not delete favicon_*.ico as you need to double check it manually | |
| find . -type f -name ".*.ico" -exec rm -f {} \; |
danreb
/ gist:e8b0f8c7cd1d05c04a52e50ce0bc2cd2
Created
August 22, 2017 03:55
— forked from tribulant/gist:bf53eaebe29028d902b1
cPanel - Find Malicious Mail Script
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| grep cwd /var/log/exim_mainlog | grep -v /var/spool | awk -F"cwd=" '{print $2}' | awk '{print $1}' | sort | uniq -c | sort -n |
danreb
/ base64_finder.sh
Last active
August 9, 2018 18:20
Find all PHP code with base64_decode - useful to find suspected hacker files
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| find /home/HOMEDIR/public_html \( -name "*.php" \) -type f -print0 | xargs -0 grep --binary-files=without-match -ir "base64_decode\s*(" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ======== ANATOMY OF DRUPAL 7 MODULE =============== | |
| 1.) Required Files | |
| module_name.info = Tells Drupal the information about your module (http://drupal.org/node/542202 - writing module info file) | |
| module_name.module = Contains all hooks and functions related to module functionality | |
| 2.) Optional Files | |
| module_name.install = Contains schema api hooks for creating and updating tables necessary for you module functionality |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| /** | |
| * Version 2.5 | |
| * http://www.php-beginners.com/ | |
| * | |
| * Legends: | |
| * - long_text = this means that the file has long text without any space, a potential hacker code | |
| * - eval = eval is used mostly for hackers to hide their codes. example: eval(gzinflate(... or eval('DDsdf231Fee232ldk .....'); | |
| * - c99madshell = a code found at the top of script like <?php $md5 = "....."; $wp_salt = "..."; | |
| * - thumb - timthumb vulnerability |
danreb
/ drupal-sql-injection-patcher.sh
Created
October 16, 2014 06:22
Do a find and replace to apply the patch for SA-CORE-2014-005 - Drupal core - SQL injection
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| find . -type f -name "database.inc" -exec sed -i 's/foreach ($data as $i => $value) {/foreach (array_values($data) as $i => $value) {/g' {} \; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| ob_start(); | |
| if (function_exists('shell_exec')) { | |
| // Adjust permission | |
| echo "Changing mode.....<br />"; | |
| `chmod 777 sites/default`; | |
| `chmod 777 sites/default/settings.php`; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| server { | |
| server_name test.domain.com; | |
| listen xxx.xxx.xxx.xxx; | |
| root /home/testuser/public_html; | |
| index index.html index.htm index.php; | |
| access_log /var/log/virtualmin/test.domain.com_access_log; | |
| error_log /var/log/virtualmin/test.domain.com_error_log; | |
| fastcgi_param GATEWAY_INTERFACE CGI/1.1; | |
| fastcgi_param SERVER_SOFTWARE nginx; | |
| fastcgi_param QUERY_STRING $query_string; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| function THEMENAME_theme() { | |
| $items = array(); | |
| // create custom user-login.tpl.php | |
| $items['user_login'] = array( | |
| 'render element' => 'form', | |
| 'path' => drupal_get_path('theme', 'THEMENAME') . '/template', | |
| 'template' => 'user-login', | |
| 'preprocess functions' => array( |
NewerOlder