How To Check for Infected Files Using Nagios Plugins

Author: , January 25th, 2016

This example shows how to look for infection patterns inside all .php files in a directory tree using find and grep called from a Nagios NRPE plugin written in PERL. You can adjust the behavior by modifying the script, described at the bottom of this post in the Advanced section. On the host to be […]

How To Use Apache Scalp Log Analyzer to Catch Website Attacks

Author: , August 31st, 2015

Requires Python! Scalp Home https://code.google.com/p/apache-scalp/ Download Scalp: https://code.google.com/p/apache-scalp/downloads/detail?name=scalp-0.4.py Backup Link: http://www.wyzaerd.com/scalp/scalp-0.4.py Original (Broken) XML Rules File: https://dev.itratos.de/projects/php-ids/repository/raw/trunk/lib/IDS/default_filter.xml Fixed XML Rules File: http://www.wyzaerd.com/scalp/default_filter.xml To Fix the XML file: Replace: (?:all|distinct|[(!@]*)? with (?:all|distinct|[(!@]+)? and: (?i:(\%SYSTEMROOT\%)) with (?:(\%[sS][yY][sS][tT][eE][mM][rR][oO][oO][tT]\%)) Examples:

Current options: exhaustive: Won’t stop at the first pattern matched, but will test all the patterns tough: Will […]

How To Cleanup Hacked WordPress PHP Code Using A Perl Script

Author: , March 21st, 2012

Perl to the Rescue! This perl script cleans just one type of infection as an example. Vary the script to search for and clean other combinations and patterns. Also, the script is deliberately written long-hand and verbose, and could be significantly more compact and efficient. It was done this way for ease of use and […]

MondoMouse: How to hack the trial copy to stay active

Author: , September 27th, 2009

Must quit System Preferences first. % cd ~/Library/Preferences % mv com.atomicbird.mondomouse.plist com.atomicbird.mondomouse.plist.old