Look for any outbound port 80 connections with:
lsof -i :80
You will see your own apache server in that list too, but keep an eye for other stuff.
usually, attacks like this are very obvious in the output of:
ps faux
jimsmith
RusHibaM
/ gitstats.sh
Created
January 10, 2017 19:11
— forked from xeoncross/gitstats.sh
Git - calculate how many lines of code were added/changed by someone
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Run this in the project repo from the command-line | |
| # http://stackoverflow.com/a/4593065/99923 | |
| git log --shortstat --author "Xeoncross" --since "2 weeks ago" --until "1 week ago" | grep "files changed" | awk '{files+=$1; inserted+=$4; deleted+=$6} END {print "files changed", files, "lines inserted:", inserted, "lines deleted:", deleted}' |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Find all devices | |
| ---------------- | |
| for ip in $(seq 1 254); do ping -c 1 192.168.1.$ip>/dev/null; | |
| [ $? -eq 0 ] && echo "192.168.1.$ip UP" || : ; | |
| done | |
| Using nmap | |
| ---------- |
federicosan
/ cleaning_malware_wordpress.md
Created
December 23, 2016 20:58
— forked from sandys/cleaning_malware_wordpress.md
cleaning malware from wordpress