Nguyễn Minh Khôi khoipro

## chown-site.sh
#!/usr/bin/env bash
set -euo pipefail

SITE=""

while [[ $# -gt 0 ]]; do
  case "$1" in
    --site=*)
      SITE="${1#*=}"
      shift

## check-cve-202631431.sh
#!/bin/bash
# CVE-2026-31431 ("Copy Fail") — pure-bash static vulnerability checker
#
# Exit codes:
#   0 = NOT VULNERABLE (patched kernel or preconditions not met)
#   1 = INCONCLUSIVE
#   2 = LIKELY VULNERABLE
#   3 = MITIGATED (workaround applied, kernel not yet patched)
#
# Use only on hosts you own or are explicitly authorized to test.

## https-performance-enhancer.php
<?php
// Malware plugin keep redirection to other site - WP Hack Exploit
/**
 * Plugin Name: Performance Enhancer
 * Plugin URI:
 * Description: Enhances website performance through optimized resource loading
 * Version: 1.0.0
 * Author:
 * License: GPL2
 */

## codetot-maintenance.php
<?php
/**
 * Maintenance Hooks for WordPress
 * @author CODE TOT <khoi@codetot.com>
 * @link https://baotriweb.codetot.vn
 **/

// Reject comments containing URLs in the comment text or website field
function codetot_maintenance_reject_comments_with_urls($commentdata) {
    // Check the comment content for URLs

## Runcloud.md

      
              1 file
            
          
              0 forks
            
          
                0 comments
              
            
              2 stars
            
          
                khoipro
                / Runcloud.md
            
            
              Last active
              March 16, 2026 07:42
            
              
                Hardening Runcloud VPS
              
          
    Hardening VPS in Runcloud

Change SSH port

Step 1: Visit Dashboard > Choose Server > Security
Add New Rule
Globally Open Port, port 2040 (or your port)
Protocal: TCP


## content.php
<?php

$counter = 0;

$content = preg_replace_callback(
    '/<img([^>]+)>/i',
    function ($matches) use (&$counter) {
        $counter++;
        $imgTag = $matches[0];

## php-bulk-resize-image.php
<?php
/**
 * Bulk Image Resizer for PHP & MySQL Applications
 * Automatically detects Imagick or GD.
 *
 * @package codetot-optimization
 * @author codetot, khoipro, gemini
 * @since 0.0.1
 *
 * Usage: copy to your project, and run 'php php-bulk-resize-image.php'

## functions.php
<?php
// Sử dụng: paste đoạn code vào trong file theme functions.php
// Không cần nếu bạn đã tắt comment trên web

function codetot_prevent_urls_in_comment_content( $commentdata ) {
    $comment_content = $commentdata['comment_content'];
    $url_pattern = '/https?:\/\/(www\.)?[-a-zA-Z0-9@:%._\+~#=]{1,256}\.[a-zA-Z0-9()]{1,6}\b([-a-zA-Z0-9()@:%_\+.~#?&//=]*)/i';

    if ( preg_match( $url_pattern, $comment_content ) ) {
        wp_die(

## sample-lazyload-sections.php
<?php
/** Drafting **/
add_filter('the_content', 'codetot_lazyload_home_sections', 1000);
function codetot_lazyload_home_sections( $content ) {
	$front_page_id = get_option('page_on_front');

	if ( ! is_page( $front_page_id ) ) {
		return $content;
	}


## functions.php
// Remove Meta Generator: <meta name="generator" content="WordPress x.x" />
// and <meta name="generator" content="WooCommerce x.x.x" />
remove_action('wp_head', 'wp_generator');

// Remove the EditURI/RSD
// Like: <link rel="EditURI" type="application/rsd+xml" title="RSD" href="http://localhost/wp/xmlrpc.php?rsd" />
remove_action ('wp_head', 'rsd_link');

// Remove it if you don't know what is Windows Live Writer
// <link rel="wlwmanifest" type="application/wlwmanifest+xml" href="http://localhost/wp/wp-includes/wlwmanifest.xml" />
	#!/usr/bin/env bash
	set -euo pipefail

	SITE=""

	while [[ $# -gt 0 ]]; do
	case "$1" in
	--site=*)
	SITE="${1#*=}"
	shift
	#!/bin/bash
	# CVE-2026-31431 ("Copy Fail") — pure-bash static vulnerability checker
	#
	# Exit codes:
	# 0 = NOT VULNERABLE (patched kernel or preconditions not met)
	# 1 = INCONCLUSIVE
	# 2 = LIKELY VULNERABLE
	# 3 = MITIGATED (workaround applied, kernel not yet patched)
	#
	# Use only on hosts you own or are explicitly authorized to test.
	<?php
	// Malware plugin keep redirection to other site - WP Hack Exploit
	/**
	* Plugin Name: Performance Enhancer
	* Plugin URI:
	* Description: Enhances website performance through optimized resource loading
	* Version: 1.0.0
	* Author:
	* License: GPL2
	*/
	<?php
	/**
	* Maintenance Hooks for WordPress
	* @author CODE TOT <khoi@codetot.com>
	* @link https://baotriweb.codetot.vn
	**/

	// Reject comments containing URLs in the comment text or website field
	function codetot_maintenance_reject_comments_with_urls($commentdata) {
	// Check the comment content for URLs
	<?php

	$counter = 0;

	$content = preg_replace_callback(
	'/<img([^>]+)>/i',
	function ($matches) use (&$counter) {
	$counter++;
	$imgTag = $matches[0];
	<?php
	/**
	* Bulk Image Resizer for PHP & MySQL Applications
	* Automatically detects Imagick or GD.
	*
	* @package codetot-optimization
	* @author codetot, khoipro, gemini
	* @since 0.0.1
	*
	* Usage: copy to your project, and run 'php php-bulk-resize-image.php'
	<?php
	// Sử dụng: paste đoạn code vào trong file theme functions.php
	// Không cần nếu bạn đã tắt comment trên web

	function codetot_prevent_urls_in_comment_content( $commentdata ) {
	$comment_content = $commentdata['comment_content'];
	$url_pattern = '/https?:\/\/(www\.)?[-a-zA-Z0-9@:%._\+~#=]{1,256}\.[a-zA-Z0-9()]{1,6}\b([-a-zA-Z0-9()@:%_\+.~#?&//=]*)/i';

	if ( preg_match( $url_pattern, $comment_content ) ) {
	wp_die(
	<?php
	/ Drafting /
	add_filter('the_content', 'codetot_lazyload_home_sections', 1000);
	function codetot_lazyload_home_sections( $content ) {
	$front_page_id = get_option('page_on_front');

	if ( ! is_page( $front_page_id ) ) {
	return $content;
	}
	// Remove Meta Generator: <meta name="generator" content="WordPress x.x" />
	// and <meta name="generator" content="WooCommerce x.x.x" />
	remove_action('wp_head', 'wp_generator');

	// Remove the EditURI/RSD
	// Like: <link rel="EditURI" type="application/rsd+xml" title="RSD" href="http://localhost/wp/xmlrpc.php?rsd" />
	remove_action ('wp_head', 'rsd_link');

	// Remove it if you don't know what is Windows Live Writer
	// <link rel="wlwmanifest" type="application/wlwmanifest+xml" href="http://localhost/wp/wp-includes/wlwmanifest.xml" />