How to detect PHP shells with Linux

August 29, 2014 in Linux

This tool can help any webmaster to check his files for infections , i have made it to work with base linux commands so there is no need of external apps/tools. Was built in bash with only 18 lines of code and is highly customizable . This small bash script will check your folder for PHP files and will check all of them against some known PHP SHELL signatures . Right now can successfully detect the following shells :
Read the rest of this entry →

Torrent windows backdoored

March 18, 2013 in Windows

I have just installed a *Fresh and untouched copy* of a Windows 7 Ultimate OS on a virtual machine.
I wanted to know is there are any errors & other behind this *free* software. Result was amazing.
This windows installation was scanned with Advanced SystemCare Ultimate v 6.0.8.289
Read the rest of this entry →

Execute shell commands with php

March 15, 2013 in php scripts

A simple way to execute commands on a linux machine is to use one of the few existing php functions. Here i will use a function named shell_exec.

< ?php
if(function_exists('shell_exec')) {
    echo shell_exec("whoami");
}
?>

OUTPUT :
Read the rest of this entry →

osCommerce scripts under attack

February 26, 2013 in Around the web

Seems that some kiddies are still using some old exploits to deface websites. In the last 2 days i have noticed lots of logs from defacing attempts that are logged by my daily stat plugin.
Read the rest of this entry →

error: Could not get shadow information for NOUSER

February 22, 2013 in Linux

Just notice this error on my server at a large scale and i started to investigate. Of course google serch didn’t help much since we can find many problems and only few of them are solved. Here is the output from my auth.log

J260:/var/log# cat auth.log | grep NOUSER | wc -l
2393

Read the rest of this entry →