==== HACKED / COMPROMISED ==== Function: Provide listing of files based on time. Usage: ls -lart "/path/of/directory/" Function: Process Tree List Usage: ps -wauxef Function: Identify Spam Mail Script Usage: postcat -q "id" | grep X-PHP Function: Count Awaiting Spam for Delivery Usage: find /var/spool/postfix/deferred -type f | wc -l Function: Failed Password Usage: grep "Failed password" /var/log/secure |cut -d ":" -f 4 |grep -v "invalid user" |awk '{print $6 }' |sort -n |uniq -c Function: Wordpress Failed Login IPs Usage: cat access_log | grep wp-login.php | awk '{print $1}' | sort | uniq -c | sort -rn Function: Hit Server X times Usage: tail -n20000 example.com-access.log | cut -d- -f1 | sort | uniq -c | sort -nr | head Function: tcpdump 53 Usage: tcpdump -i any port 53 Function: ClamAV Virus Scan Usage: freshclam; clamscan -r -i / >> /home/rack/clamscan.out Function: MALDET Installation Usage: cd /usr/local/src/ && wget https://www.rfxn.com/downloads/maldetect-current.tar.gz && tar -xzvf maldetect-current.tar.gz && cd maldetect-* && sh install.sh Function: MALDET Scan Usage: maldet -d && maldet -u; maldet -a / Function: Fix Everything Command Usage: bash <(curl -s https://hoshisato.com/tools/code/wut.sh)