If you’ve installed the official CentOS image, after trying to login as root you will see the following message: “Please login as the user “centos” rather than the user “root”. Here is how to permit root login in CentOS: Login as “centos” user and...
Is there exim at all? yum list installed |grep -i exim ———————— WHO DID IT ———————— WHO deleted email account grep execute/Email/delete_pop /usr/local/cpanel/logs/access_log WHO suspended email account grep suspend_incoming...
Check the following log files:
To check if the files were deleted using FTP
/var/log/messages
To check if the files were deleted using file manager
/usr/local/cpanel/logs/error_log
If the files were deleted using shell access
history
Lately I’ve been dealing a lot with email accounts in cPanel: Bulk change cPanel mailbox quota for all email ✉️ accounts and Bulk delete ✉️ email forwarders in cPanel. Here is how to bulk create email accounts in cPanel under a single domain name...
This one-liner will help to find all WordPress installations running a specific version, where the current latest is 5.6 locate wp-includes/version.php | xargs grep "wp_version = " | grep -v " = '5-6'" A more efficient shell script that will scan...
PHP 7.0 PHP7.0 new features 1. Combination comparison character () Can’t compare var_dump('PHP' 'Node'); // int(1) var_dump(123 456); // int(-1) var_dump(['a', 'b'] ['a', 'b']); // int(0) 2. Null merge operator Due to the large number of...
First, get the current version of cPanel
cat /usr/local/cpanel/version
and just grep for that version number in update logs:
grep PUT-YOUR-VERSION-HERE /var/cpanel/updatelogs/*
Is your website loading slowly? Redirects? Popups? Can’t login? Strange folders? Files with weird names? Huge number of failed/deferred emails that you didn’t even send? These are just some of the most common symptoms of a hacked WordPress website...
If for whatever reason you need to prevent your visitors from seeing a broken version of the site during maintenance, and to give them a heads up on the updates, WordPress has an embedded feature for handling maintenance mode that will automatically...
Here is yet another PHP Shell which I stumbled upon today. It’s pretty basic and allows an attacker to do pretty much the same as with any other shell.
And here is the obfuscated code for the b374k shell 3.2: