Skip to content

Instantly share code, notes, and snippets.

View VirtuBox's full-sized avatar
🚀
Back to work

VirtuBox VirtuBox

🚀
Back to work
141 followers · 37 following
View GitHub Profile
@VirtuBox
VirtuBox / wordpress-hack.md
Created November 6, 2019 14:45 — forked from andersevenrud/wordpress-hack.md
wordpress-hack.md

Wordpress is a very popular target for hackers. They normally get in with holes found in plugins, themes or in wordpress core.

Prevention methods

An up-to-date installation (including plugins and themes) is crutial!

Hardening Wordpress is sadly not a part of the standard installation documentation, but they have a guide available in the "codex": http://codex.wordpress.org/Hardening_WordPress

Removing unused plugins and users, setting htpasswd and/or ip-whitelisting in //wp-admin// also should be considered.

@VirtuBox
VirtuBox / pihole.list
Created September 25, 2019 00:22
Pi-hole blocking lists
##StevenBlack's list
https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts
##MalwareDomains
https://mirror1.malwaredomains.com/files/justdomains
##Cameleon
http://sysctl.org/cameleon/hosts
##Zeustracker
@VirtuBox
VirtuBox / github-rocket-chat-webhook-script.js
Last active September 21, 2019 00:33
Github releases integration with rocket.chat (issue, commit, push, pull request, comment, release)
/* exported Script */
String.prototype.capitalizeFirstLetter = function() {
return this.charAt(0).toUpperCase() + this.slice(1);
}
const getLabelsField = (labels) => {
let labelsArray = [];
labels.forEach(function(label) {
labelsArray.push(label.name);
@VirtuBox
VirtuBox / mediapad.sh
Created September 18, 2019 11:41
Huawei mediapad M5 bloatware cleanup script using adb
#!/system/bin/sh
# ---------------------mediapad.sh---------------------------------------------------------------
# usage :
# adb push mediapad.sh /storage/emulated/0/
# adb shell sh /storage/emulated/0/mediapad.sh
# -----------------------------------------------------------------------------------------------
# list current packages :
# adb shell
# pm list packages -f | cut -c 9- | awk -F "=" '// {printf("%s\t\t\t\t%s\n", $2, $1);}' | sort
#
@VirtuBox
VirtuBox / acme.sh
Created September 18, 2019 00:21
acme.sh setup for WordOps
#!/usr/bin/env bash
wo_install_acme_sh() {
# check if acme.sh is already installed
if [ ! -x /etc/letsencrypt/acme.sh ]; then
# clone the git repository
if [ -d /opt/acme.sh/.git ]; then
git -C /opt/acme.sh pull origin master
else
@VirtuBox
VirtuBox / ufw.sh
Last active August 15, 2019 13:03
WordOps Firewall config
#!/usr/bin/env bash
# get current ssh port
CURRENT_SSH_PORT=$(grep "Port" /etc/ssh/sshd_config | awk -F " " '{print $2}')
# define firewall rules
ufw logging low
ufw default allow outgoing
ufw default deny incoming
@VirtuBox
VirtuBox / wp-config.php
Created August 5, 2019 02:35
set wordpress siteurl/home variable depending on HTTP_HOST
# source : https://github.com/pantheon-systems/WordPress/blob/default/wp-config.php
# license : GPL
# b2 is (c) 2001, 2002 Michel Valdrighi - m@tidakada.com -
if (isset($_SERVER['HTTP_HOST'])) {
// HTTP is still the default scheme for now.
$scheme = 'http';
// If we have detected that the end use is HTTPS, make sure we pass that
// through here, so <img> tags and the like don't generate mixed-mode
// content warnings.
@VirtuBox
VirtuBox / 1-deploy-ubuntu-repositories.md
Last active September 6, 2019 10:24
ubuntu sources.list 
wget -O /etc/apt/sources.list https://vtb.cx/$(lsb_release -sc)-list
@VirtuBox
VirtuBox / nginx-map.md
Last active July 22, 2019 23:00
nginx map example to block direct access in wordpress files (not tested)

in a new file in /etc/nginx/conf.d

valid_referers none blocked server_names;

map $http_cookie $cookie_block {
    default 1;
    "~*wordpress_logged_in" 0;
}
map $request_uri $uri_block {
@VirtuBox
VirtuBox / microsoft-dns-block.txt
Created July 22, 2019 14:43
Blocking Microsoft DNS hosts file
0.0.0.0 feedback.microsoft-hohm.com
0.0.0.0 search.msn.com
0.0.0.0 a.ads1.msn.com
0.0.0.0 a.ads2.msn.com
0.0.0.0 a.rad.msn.com
0.0.0.0 ac3.msn.com
0.0.0.0 ads.msn.com
0.0.0.0 ads1.msn.com
0.0.0.0 b.ads1.msn.com
0.0.0.0 b.rad.msn.com