Look for any outbound port 80 connections with:
lsof -i :80
You will see your own apache server in that list too, but keep an eye for other stuff.
usually, attacks like this are very obvious in the output of:
ps faux
Sandeep Srinivasa sandys
sandys
/ server.R
Created
November 30, 2015 20:01
— forked from MattSandy/server.R
Creates a websocket based JSON server
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #Connect to this using websockets on port 9454 | |
| #Send in the format of {"data":[1,2,3]} | |
| #The ppp returns the standard deviation of the sent array | |
| library(jsonlite) | |
| library(httpuv) | |
| #server | |
| app <- list( | |
| onWSOpen = function(ws) { | |
| ws$onMessage(function(binary, message) { | |
| write(message, file = "log.txt",append = TRUE, sep = "\n") |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| sudo dnf install cairo-devel | |
| install.packages("Rserve") | |
| install.packages("Cairo") | |
| install.packages("MASS") | |
| install.packages("stringr") | |
| install.packages("ggplot2") |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| >>> import os, psutil | |
| >>> psutil.Process(os.getpid()).get_memory_info().rss / 1e6 | |
| 20.324352 | |
| >>> %time import numpy | |
| CPU times: user 1.95 s, sys: 1.3 s, total: 3.25 s | |
| Wall time: 530 ms | |
| >>> psutil.Process(os.getpid()).get_memory_info().rss / 1e6 | |
| 349.507584 |
sandys
/ fastcgi_params
Created
September 16, 2015 12:57
fastcgi params for wordpress on debian 8 with php5-fpm
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #These two lines were missing from my /etc/nginx/fastcgi_params, make sure they are there! | |
| fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; | |
| fastcgi_param PATH_INFO $fastcgi_script_name; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #source | |
| innobackupex --user=root --password=root /www/DB-BACKUP | |
| #destination | |
| scp root@server:/www/DB-BACKUP /tmp | |
| innobackupex --apply-log --ibbackup=xtrabackup /tmp/DB-BACKUP/2015-09-16_12-05-39/ | |
| innobackupex --copy-back /tmp/DB-BACKUP/2015-09-16_12-05-39/ | |
| rm /var/lib/mysql-new/ib_logfile1 | |
| rm /var/lib/mysql-new/ib_logfile0 |
sandys
/ wordpress_nginx_apache_subdirectory_wpadmin.sh
Created
August 18, 2015 17:06
Wordpress: nginx proxying to apache2. Wordpress installed in a subdirectory. All wp-admin and wp-login links working
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # in wp-config.php | |
| define('WP_HOME', 'http://' . $_SERVER['HTTP_HOST'] . '/recipedia'); | |
| define('WP_SITEURL', 'http://' . $_SERVER['HTTP_HOST'] . '/recipedia'); | |
| $_SERVER['REQUEST_URI'] = '/recipedia' . $_SERVER['REQUEST_URI']; | |
| #in nginx config | |
| location /recipedia/ { | |
| proxy_pass http://127.0.0.1:85/; |
sandys
/ get_size_count_human.sh
Created
August 8, 2015 22:49
get size and count of a s3 bucket in human readable form
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| aws s3api --profile redcarpetup_media list-objects --bucket media.chefatlarge.in --output json --query "[sum(Contents[].Size), length(Contents[])]" | awk 'NR!=2 {print $0;next} NR==2 {print $0/1024/1024/1024" GB"}' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| sudo apt-get install build-essential libreadline-dev libssl-dev zlib1g-dev libxml2-dev libxslt-dev git libpq-dev libmysqlclient-dev libpq-dev nodejs libcurl4-openssl-dev libffi-dev imagemagick libjpeg-progs pngcrush cmake qt4-qmake libqt4-dev sni-qt | |
| wget https://www.python.org/ftp/python/2.7.8/Python-2.7.8.tgz | |
| tar zxvof Python-2.7.8.tgz | |
| cd Python-2.7.8 | |
| ./configure --prefix=$PWD/release --enable-shared --enable-unicode=ucs2 LDFLAGS=-Wl,-rpath=$PWD/release/lib | |
| make | |
| make install | |
| #your new python is in Python-2.7.8/release/bin/python |
- https://play.google.com/store/apps/details?id=com.redcarpetup.rewardpay - customer payment, rewards and discovery app
- https://play.google.com/store/apps/details?id=com.redcarpetup.merchantapp - merchant billing app
- https://www.dropbox.com/s/8rq7sufcrntq8np/RC_Prod_7ab1c12_10March_Payment_Only.exe?dl=0 - POS integrated platform
- http://www.redcarpetup.com/merchants/10 - our merchant page with live instore activity