Search for PHP shell scripts and PHP exploits

Replace the path below (.) with the absolute path of the directory you want to recursively scan. For example, you could recursively scan from the working directory:

grep '((eval.*(base64_decode|gzinflate|\$_))|\$[0O]{4,}|FilesMan|JGF1dGhfc|IIIl|die\(PHP_OS|posix_getpwuid|Array\(base64_decode|document\.write\("\\u00|sh(3(ll|11)))' . -roE --include=*.php*

Path to replace . which will all public-facing web folders on a Cpanel server:

/home/*/public_html/

So it will be:

grep '((eval.*(base64_decode|gzinflate|\$_))|\$[0O]{4,}|FilesMan|JGF1dGhfc|IIIl|die\(PHP_OS|posix_getpwuid|Array\(base64_decode|document\.write\("\\u00|sh(3(ll|11)))' /home/*/public_html/ -roE --include=*.php*

How to secure the /tmp and /var/tmp partition on a VPS?

On a VPS, there are 2 ways to mount OR secure /tmp and /var/tmp partitions with the noexec,nosuid option.
One way is to mount these partitions from the Node the VPS resides on.
1) Login to the Node server and execute the following command:

vzctl set VEID --bindmount_add /tmp,noexec,nosuid,nodev --save
vzctl set VEID --bindmount_add /var/tmp,noexec,nosuid,nodev --save

The “bindmount_add” option is use to mount the partition inside the VPS. The ‘VEID’ is the VPS ID you are working on.
2) The second option is to mount these partition from within the VPS itself. It is useful incase you don’t have access to the Node server. To mount /tmp and /var/tmp from within the VPS, execute:

mount -t tmpfs -o noexec,nosuid,nodev tmpfs /tmp
mount -t tmpfs -o noexec,nosuid,nodev tmpfs /var/tmp

To check the mounted ‘tmp’ partitions, execute

mount | grep tmp

How to secure /tmp and /dev/shm partitions on servers?

It is highly recommended to mount /tmp and /dev/shm partitions in noexec,nosuid mode in order to prevent files been executed under those partitions. To mount /tmp and /dev/shm in noexec,nosuid more, edit the /etc/fstab file and

nano /etc/fstab

search for the word

"defaults"

in front of the 2 partitions and replace them with

    rw,noexec,nosuid

The entry should look like the following:

    tmpfs /dev/shm tmpfs rw,noexec,nosuid 0 0

and same for /tmp partition as well.
Save the /etc/fstab file. You now need to remount the partitions for the changes to take effect. Execute the following remount commands:

    mount -o remount /tmp
    mount -o remount /dev/shm

You can now check the mounted partitions using the command:

mount | grep tmp

PureFtp + Not able to list more than 2000 files

Problem: Not able to list more than 2000 files in a directory using Ftp.

Solution:

The pure-ftp by default limit maximum number of # files to be displayed to 2000.

So edit your pureftpd configuration file which is at /etc/pure-ftpd.conf and change the line

LimitRecursion 2000 

to

LimitRecursion 5000 

Save the file and restart the service.

service pure-ftpd restart

It will display 5000 files from a directory now.

Don’t save commands in bash history (only for current session) disable history for current shell session

1-
root# unset HISTFILE
disable history for current shell session
this will cause any commands that you have executed in the current shell session to not be written in your bash_history file upon logout
2-
root# HISTFILE=/dev/null
disable history for current shell session
3-
root# history -c
Clear current session history (bash)
4-
root# export HISTSIZE=0
Don’t save commands in bash history (only for current session)
5-

root# rm ~/.bash_history && kill -9 $$
Sneaky logout
Best way I know to get rid of .bash_history and don’t allow bash to save the current one on exit
Edit: added ~/ before .bash_history, just in case…

cpanel increase tmp , how to resize tmp

if your server’s tmp is getting filled up very fast and want to increase it.
I give you list of commands and instructions on how to resizing the tmp partition?
Note: this works only on CPanel server.
1- edit the file: /scripts/securetmp

nano  /scripts/securetmp

2 – find and change the following value:

my $tmpdsksize     = 5120000;    # Must be larger than 250000

5120000 = 512MB
if you want 1GB replace it with: 10240000
2GB : 20480000
3 – now we want to delete the old tmp partition

lsof /tmp

4 – Then umount /tmp and /var/tmp:

umount -l /tmp
umount -l /var/tmp

5 – Then remove the corrupt partition file:

rm -fv /usr/tmpDSK

6- Then create a new one: (only valid for Cpanel servers)

/scripts/securetmp

done.

javascript autofocus form element on page load

hello
it’s very simple to dot he trick:

<input autofocus="autofocus" type="text" id="user" name="user" size="16" />

note: The autofocus attribute is supported in all major browsers, except Internet Explorer and Opera.
for Internet Explorer and Opera you can add along with the code:

<script type="text/javascript">
//<![CDATA[
   document.getElementById("user").focus();
//]]>
</script>

Note: The autofocus attribute is a boolean attribute, and can be set in the following ways:
HTML5

    <button autofocus>
    <button autofocus="autofocus">
    <button autofocus="">

———————————————————————-
* text string is automatically highlighted upon user focus:

<form action="http://site.com/" method="post">
   <div>
      <input onfocus="this.select();" value="Select this input text will be highlighted.." size="55" type="text">
   </div>
</form>

Example:

that’s it.

deleting only directory not files - How to delete only directories and leave files untouched

The following commands deleting only directories (no matter if the directories have anything in it or not, it just deletes all)
make sure you are within the directory: cd into your directory.The simple way:

rm -r */

Another way:
run the following to make sure the output looks fine:

find /path -d -type d

then run:

find /path -d -type d -exec rm -rf '{}' \;

-type d looks only for directories, then -d makes sure to put child directories before the parent.
deleting only directory not files


directory - How to delete only directories and leave files untouched
Remove only files in directory on linux NOT directories
rm directories only, not files, when doing rm -rf

Linux find big files or Search for big and large files in linux

the following command will search for files larger than: 20MB

and will search the whole system

find / -type f -size +20000k -exec ls -lh {} \; | awk '{ print $NF ": " $5 }' 

the 20000k is the file size in kilobytes.
change that value to your own


to find users who have large files on their public_html:

find /home/*/public_html/ -type f -size +20000k -exec ls -lh {} \; | awk '{ print $NF ": " $5 }'

to search inside a folder:

find /path_to_folder/ -type f -size +20000k -exec ls -lh {} \; | awk '{ print $NF ": " $5 }'

replace path_to_folder with your real path.

CSF "Check /dev/shm is mounted noexec,nosuid"

Secure " /dev/shm " partition :

Edit the file /etc/fstab and replace the following line

tmpfs /dev/shm tmpfs defaults 0 0

with the following line

tmpfs /dev/shm tmpfs noexec,nosuid 0 0


Then run the following commands :

# umount /dev/shm
# mount /dev/shm

OR

mount -o remount /dev/shm

That's it. Done.