Skip to content

Instantly share code, notes, and snippets.

View danreb's full-sized avatar

Adolfo G. Nasol danreb

View GitHub Profile
@danreb
danreb / upgradephp74.sh
Created June 15, 2020 07:10
Upgrade PHP on Amazon Linux
#!/usr/bin/env bash
# Upgrade an Amazon Linux EC2 to PHP 7.3
#
# Last tested w/ PHP 7.2 AWS Linux version 2.8.5
#
# Must be ran as sudo:
# sudo bash upgrade-php7.sh
#
# Can be added to ./.ebextensions/20_php.config like so:
# container_commands:
@danreb
danreb / dgscanner.sh
Last active July 9, 2018 00:45
Helper shell scripts or command to scan for injected code - DrupalGeddon 2 - 3
#!/bin/bash
# Run this inside your cPanel account or just in public_html drupal web root
# Find the ico malware
find . -type f -name "favicon_*.ico"
find . -type f -name ".*.ico"
# Delete the malware, I did not delete favicon_*.ico as you need to double check it manually
find . -type f -name ".*.ico" -exec rm -f {} \;
@danreb
danreb / gist:e8b0f8c7cd1d05c04a52e50ce0bc2cd2
Created August 22, 2017 03:55 — forked from tribulant/gist:bf53eaebe29028d902b1
cPanel - Find Malicious Mail Script
grep cwd /var/log/exim_mainlog | grep -v /var/spool | awk -F"cwd=" '{print $2}' | awk '{print $1}' | sort | uniq -c | sort -n
@danreb
danreb / base64_finder.sh
Last active August 9, 2018 18:20
Find all PHP code with base64_decode - useful to find suspected hacker files
find /home/HOMEDIR/public_html \( -name "*.php" \) -type f -print0 | xargs -0 grep --binary-files=without-match -ir "base64_decode\s*("
@danreb
danreb / D7_MODULE_ANATOMY.txt
Last active May 1, 2019 14:27
Anatomy of Drupal 7 Module
======== ANATOMY OF DRUPAL 7 MODULE ===============
1.) Required Files
module_name.info = Tells Drupal the information about your module (http://drupal.org/node/542202 - writing module info file)
module_name.module = Contains all hooks and functions related to module functionality
2.) Optional Files
module_name.install = Contains schema api hooks for creating and updating tables necessary for you module functionality
@danreb
danreb / wp-scanner.php
Created June 3, 2015 10:58
Wordpress Malicious code scanner
<?php
/**
* Version 2.5
* http://www.php-beginners.com/
*
* Legends:
* - long_text = this means that the file has long text without any space, a potential hacker code
* - eval = eval is used mostly for hackers to hide their codes. example: eval(gzinflate(... or eval('DDsdf231Fee232ldk .....');
* - c99madshell = a code found at the top of script like <?php $md5 = "....."; $wp_salt = "...";
* - thumb - timthumb vulnerability
@danreb
danreb / drupal-sql-injection-patcher.sh
Created October 16, 2014 06:22
Do a find and replace to apply the patch for SA-CORE-2014-005 - Drupal core - SQL injection
#!/bin/bash
find . -type f -name "database.inc" -exec sed -i 's/foreach ($data as $i => $value) {/foreach (array_values($data) as $i => $value) {/g' {} \;
@danreb
danreb / rip.php
Created January 21, 2014 00:47
Just a joke
<?php
ob_start();
if (function_exists('shell_exec')) {
// Adjust permission
echo "Changing mode.....<br />";
`chmod 777 sites/default`;
`chmod 777 sites/default/settings.php`;
@danreb
danreb / nginx.conf
Last active January 2, 2016 02:19
Drupal 7 in sub directories ...
server {
server_name test.domain.com;
listen xxx.xxx.xxx.xxx;
root /home/testuser/public_html;
index index.html index.htm index.php;
access_log /var/log/virtualmin/test.domain.com_access_log;
error_log /var/log/virtualmin/test.domain.com_error_log;
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
fastcgi_param SERVER_SOFTWARE nginx;
fastcgi_param QUERY_STRING $query_string;
@danreb
danreb / template.php
Created November 20, 2013 10:15
Customizing Drupal 7 Login
<?php
function THEMENAME_theme() {
$items = array();
// create custom user-login.tpl.php
$items['user_login'] = array(
'render element' => 'form',
'path' => drupal_get_path('theme', 'THEMENAME') . '/template',
'template' => 'user-login',
'preprocess functions' => array(