Look for any outbound port 80 connections with:
lsof -i :80
You will see your own apache server in that list too, but keep an eye for other stuff.
usually, attacks like this are very obvious in the output of:
ps faux
Sandeep Srinivasa sandys
sandys
/ wordpress_nginx_apache_subdirectory_wpadmin.sh
Created
August 18, 2015 17:06
Wordpress: nginx proxying to apache2. Wordpress installed in a subdirectory. All wp-admin and wp-login links working
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # in wp-config.php | |
| define('WP_HOME', 'http://' . $_SERVER['HTTP_HOST'] . '/recipedia'); | |
| define('WP_SITEURL', 'http://' . $_SERVER['HTTP_HOST'] . '/recipedia'); | |
| $_SERVER['REQUEST_URI'] = '/recipedia' . $_SERVER['REQUEST_URI']; | |
| #in nginx config | |
| location /recipedia/ { | |
| proxy_pass http://127.0.0.1:85/; |
sandys
/ get_size_count_human.sh
Created
August 8, 2015 22:49
get size and count of a s3 bucket in human readable form
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| aws s3api --profile redcarpetup_media list-objects --bucket media.chefatlarge.in --output json --query "[sum(Contents[].Size), length(Contents[])]" | awk 'NR!=2 {print $0;next} NR==2 {print $0/1024/1024/1024" GB"}' |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| sudo apt-get install build-essential libreadline-dev libssl-dev zlib1g-dev libxml2-dev libxslt-dev git libpq-dev libmysqlclient-dev libpq-dev nodejs libcurl4-openssl-dev libffi-dev imagemagick libjpeg-progs pngcrush cmake qt4-qmake libqt4-dev sni-qt | |
| wget https://www.python.org/ftp/python/2.7.8/Python-2.7.8.tgz | |
| tar zxvof Python-2.7.8.tgz | |
| cd Python-2.7.8 | |
| ./configure --prefix=$PWD/release --enable-shared --enable-unicode=ucs2 LDFLAGS=-Wl,-rpath=$PWD/release/lib | |
| make | |
| make install | |
| #your new python is in Python-2.7.8/release/bin/python |
- https://play.google.com/store/apps/details?id=com.redcarpetup.rewardpay - customer payment, rewards and discovery app
- https://play.google.com/store/apps/details?id=com.redcarpetup.merchantapp - merchant billing app
- https://www.dropbox.com/s/8rq7sufcrntq8np/RC_Prod_7ab1c12_10March_Payment_Only.exe?dl=0 - POS integrated platform
- http://www.redcarpetup.com/merchants/10 - our merchant page with live instore activity
sandys
/ dockerfile_ruby_rbenv.sh
Last active
July 12, 2024 02:37
Dockerfile for a ruby/rbenv setup on ubuntu/debian
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # DOCKER-VERSION 1.0 | |
| # run with curl <gist path> | docker build -t sandys/rbenv - | |
| #when exiting/stopping a container it remains in the filesystem | |
| #every time we run docker run a new container is created | |
| #https://github.com/dotcloud/docker/issues/3258 | |
| #stop all containers docker stop $(docker ps -a -q) | |
| #rm all containers docker rm $(docker ps -a -q) |
sandys
/ full_synclient_config.sh
Last active
August 29, 2015 13:58
Linux synclient configuration for two finger scrolling on alps touchpad (Dell Latitude 6410)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Parameter settings: | |
| LeftEdge = 300 | |
| RightEdge = 1700 | |
| TopEdge = 210 | |
| BottomEdge = 1190 | |
| FingerLow = 5 | |
| FingerHigh = 7 | |
| MaxTapTime = 200 | |
| MaxTapMove = 107 | |
| MaxDoubleTapTime = 200 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| DAEMON_OPTS="-a :80 \ | |
| -T localhost:6082 \ | |
| -f /etc/varnish/default.vcl \ | |
| -S /etc/varnish/secret \ | |
| -s file,/www/varnish/$INSTANCE/varnish_storage.bin,1G" | |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import multiprocessing | |
| ## Server Socket | |
| bind = 'unix:/opt/user1/run/api.sock' | |
| backlog = 2048 | |
| ## Worker Processes | |
| workers = multiprocessing.cpu_count() * 2 + 1 | |
| worker_class = 'sync' | |
| worker_connections = 1000 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| install -d -g root /var/log/journal | |
| setfacl -R -nm g:adm:rx,d:g:adm:rx /var/log/journal | |
| #in /etc/systemd/journald.conf | |
| #comment the following | |
| `#ForwardToSyslog= | |
| #ForwardToKMsg= | |
| #ForwardToConsole=` |