Vladimír Smitka lynt-smitka
lynt-smitka
/ vulnerability scanner log
Created
July 13, 2022 09:40
View vulnerability scanner log
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 64.78.149.164 - - [13/Jul/2022:08:00:04 +0000] "GET /.well-known/acme-challenge/gd22ntR9D4t5fTtZGFIvnGXZ_ufFAgwOxBmelQ1Sq40 HTTP/1.1" 200 87 "-" "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)" "-" | |
| 172.105.5.120 - - [13/Jul/2022:08:01:21 +0000] "GET / HTTP/1.1" 302 145 "-" "-" "-" | |
| 172.105.5.120 - - [13/Jul/2022:08:01:24 +0000] "GET /server-status HTTP/1.1" 302 145 "-" "Go-http-client/1.1" "-" | |
| 172.105.5.120 - - [13/Jul/2022:08:01:24 +0000] "GET /telescope/requests HTTP/1.1" 302 145 "-" "Go-http-client/1.1" "-" | |
| 172.105.5.120 - - [13/Jul/2022:08:01:24 +0000] "GET /?rest_route=/wp/v2/users/ HTTP/1.1" 302 145 "-" "Go-http-client/1.1" "-" | |
| 172.105.5.120 - - [13/Jul/2022:08:01:24 +0000] "GET /s/3133382e36382e39362e3830/_/;/META-INF/maven/com.atlassian.jira/jira-webapp-dist/pom.properties HTTP/1.1" 302 145 "-" "Go-http-client/1.1" "-" | |
| 172.105.5.120 - - [13/Jul/2022:08:01:24 +0000] "GET /info.php HTTP/1.1" 200 96474 "-" "Go-http-client/1.1" "-" | |
| 172.105.5.120 - - [13/Jul/2022:08: |
lynt-smitka
/ .htaccess
Created
July 11, 2022 08:34
.htaccess to the "/wp-admin" directory to limit IP address
View .htaccess
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <RequireAny> | |
| Require ip your.ip.address.here | |
| </RequireAny> | |
| <Files admin-ajax.php> | |
| Require all granted | |
| </Files> | |
| <Files admin-post.php> | |
| Require all granted |
lynt-smitka
/ setup-config.php
Last active
July 4, 2022 12:23
Modified WP setup-config.php with install-key protection. https://smitka.me/2022/07/01/wordpress-installer-attack-race/
View setup-config.php
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| /** | |
| * Retrieves and creates the wp-config.php file. | |
| * | |
| * The permissions for the base directory must allow for writing files in order | |
| * for the wp-config.php to be created using this page. | |
| * | |
| * @package WordPress | |
| * @subpackage Administration | |
| */ |
lynt-smitka
/ lynt-installer-security.php
Last active
September 1, 2022 20:17
This MU plugin blocks attempts to install WP to remote databases. https://smitka.me/2022/07/01/wordpress-installer-attack-race/
View lynt-installer-security.php
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| /** | |
| * Plugin Name: Lynt WP Installer Security PoC1 | |
| * Author: Vladimir Smitka | |
| * Author URI: https://lynt.cz/ | |
| * License: GNU General Public License v3 or later | |
| * License URI: http://www.gnu.org/licenses/gpl-3.0.html | |
| */ | |
| if ( defined( 'WP_SETUP_CONFIG' ) && !empty( $_POST['dbhost'] ) ) { |
lynt-smitka
/ backdoor-example.php
Created
July 2, 2022 12:08
View backdoor-example.php
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| /** | |
| * @package ZeroSpam | |
| * @version 6.0.0 | |
| */ | |
| /* | |
| Plugin Name: Zero Spam for WordPress | |
| Plugin URI: https://www.highfivery.com/projects/zero-spam/ | |
| Description: Tired of all the ineffective WordPress anti-spam & security plugins? Zero Spam for WordPress makes blocking spam & malicious activity a cinch. <strong>Just activate, configure, and say goodbye to spam.</strong> |
lynt-smitka
/ malicious_requests.log
Created
July 1, 2022 17:56
View malicious_requests.log
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 95.211.187.223 - [01/Jul/2022:13:45:58 +0000] "GET /index.php HTTP/1.1" 302 2048 "-" "Go-http-client/1.1" | |
| 95.211.187.223 - [01/Jul/2022:13:45:58 +0000] "GET /index.php HTTP/1.1" 302 2048 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.54 Safari/537.36" | |
| 95.211.187.223 - [01/Jul/2022:13:45:58 +0000] "GET /wp-admin/setup-config.php HTTP/1.1" 200 4096 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.54 Safari/537.36" | |
| 95.211.187.223 - [01/Jul/2022:13:45:59 +0000] "POST /wp-admin/setup-config.php?step=2 HTTP/1.1" 200 4096 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.54 Safari/537.36" | |
| 95.211.187.223 - [01/Jul/2022:13:46:00 +0000] "POST /wp-login.php HTTP/1.1" 302 2048 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.54 Safari/537.36" | |
| 95.211.187.223 - [01/Jul/2022:13:46:00 +0000] "GET /wp-admin/i |
lynt-smitka
/ lynt-install-block-mu.php
Created
July 1, 2022 12:29
View lynt-install-block-mu.php
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| /** | |
| * Plugin Name: Lynt Install Blocker | |
| * Author: Vladimir Smitka | |
| * Author URI: https://lynt.cz/ | |
| * License: GNU General Public License v3 or later | |
| * License URI: http://www.gnu.org/licenses/gpl-3.0.html | |
| */ | |
| if ( defined( 'WP_INSTALLING' ) && WP_INSTALLING && !is_blog_installed() ) { |
lynt-smitka
/ plugin.php
Created
April 27, 2022 07:46
View plugin.php
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| /* | |
| Plugin Name: Ukazka vlozeni skriptu na thankyou page | |
| */ | |
| function lynt_ukazkova_akce( $order_id ) { | |
| ?> | |
| <script> | |
| console.log("thank you!"); | |
| </script> |
View putenv.php
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| if (!function_exists('putenv')) { | |
| function putenv($string){ | |
| return false; | |
| } | |
| } |
lynt-smitka
/ lynt-managed.php
Created
March 30, 2022 14:29
View lynt-managed.php
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| /** | |
| * Plugin Name: Managed plugins | |
| * Description: Managed plugins detection | |
| * Author: Vladimir Smitka | |
| * Author URI: https://lynt.cz/ | |
| * License: GNU General Public License v3 or later | |
| * License URI: http://www.gnu.org/licenses/gpl-3.0.html | |
| */ |
NewerOlder