sucuri-cleanup

Author: szepeviktor

.gitmodules

@@ -43,3 +43,6 @@
 [submodule "multipart-robotstxt-editor"]
 	path = multipart-robotstxt-editor
 	url = git@github.com:szepeviktor/multipart-robotstxt-editor.git
+[submodule "frontend-debugger"]
+	path = frontend-debugger
+	url = git@github.com:szepeviktor/frontend-debugger.git

frontend-debugger

@@ -24,7 +24,10 @@ class O1_Protect_Plugins {
 
 	/**
 	 * List of protected plugins.
-	 * Add your plugins here!
+	 *
+	 * Add your plugins here! jQuery one-liner to list plugin paths.
+	 *
+	 *     var parser=document.createElement('a');jQuery('#wpbody .plugins .plugin-title .deactivate a').each(function(){parser.href=jQuery(this).attr('href');console.log(decodeURIComponent(parser.search.split('&')[1].split('=')[1]));});
 	 *
 	 * @var array
 	 * @access private

mu-protect-plugins/protect-plugins.php

@@ -77,11 +77,11 @@ function o1_smtp_options( $mail ) {
     $mail->isSMTP();
     $mail->SMTPAuth = true;
 
-    /*
+    /**
      * Bcc someone.
      */
     //$mail->addBCC( '<BCC-ADDRESS', '<BCC-NAME>' );
-    /*
+    /**
      * Turn on debugging.
      */
     //$mail->SMTPDebug = 4;

mu-smtp-uri/smtp-uri.php

@@ -3,13 +3,15 @@
 ## Check website
 
 - http://sitecheck.sucuri.net/
-- http://urlfind.org/?site=
+- http://urlquery.net/
+- http://urlfind.org/
 
-## Emergency to-do
+## Emergency to-dos
 
 ### Block direct PHP file access
 
 ```apache
+# BEGIN WordPress
 <IfModule mod_rewrite.c>
   RewriteEngine On
   RewriteBase /
@@ -19,6 +21,8 @@
   RewriteCond %{REMOTE_ADDR} !=<MY-IP-ADDRESS>
   RewriteRule . /index.php [L]
 </IfModule>
+
+# END WordPress
 ```
 
 ### Redirect all traffic to a cleaned `/index.html`
@@ -79,17 +83,20 @@ http://www.unphp.net/
 ### Search for malware patterns
 
 ```
-grep -rI --include="*.php" "\$[a-zA-Z0-9_]\+(" *
+grep -rI --include="*.php" "\$[a-zA-Z0-9_]\+\s*(" *
 grep -ri '<iframe.*src=\|<script.*src=' *
-grep -ri 'eval(\|base64(\|<?\$\|?><?php' *
+grep -ri 'eval\s*(\|base64\s*(\|<?\$\|?><?php\|preg_replace\s*(.*e' *
 find -type f -mtime -30
 ```
 
-### Search DB dump
+### Search DB
 
 - Search for found malware signatures
 - Search for malware patterns
 
+https://github.com/interconnectit/Search-Replace-DB/raw/master/index.php
+https://github.com/interconnectit/Search-Replace-DB/raw/master/srdb.class.php
+
 ### Reinstall WordPress and plugins
 
 Dashboard / Updates

shared-hosting-aid/Malware.md

@@ -3,8 +3,8 @@
 ```bash
 SSLOFF="set ftp:ssl-allow off;"
 
-# lftp -e "$SSLOFF" -u 'FTP-USER,FTP_PASS' FTP_HOST.
-lftp -e "cd ~" -u 'FTP-USER,FTP_PASS' FTP_HOST.
+# lftp -e "$SSLOFF cd" -u 'FTP-USER,FTP_PASS' FTP_HOST.
+lftp -e "cd" -u 'FTP-USER,FTP_PASS' FTP_HOST.
 ```
 
 ### Check hosting
@@ -280,3 +280,34 @@ exit;
 - Analytics @weekly
 - Google WMT @weekly
 - PageSpeed, webpagetest.org @weekly
+
+### List WordPress plugin names and paths
+
+```js
+plugin_names=jQuery('#wpbody .plugins .plugin-title strong').each(function (){console.log(jQuery(this).text());});
+
+plugin_slugs=jQuery('#wpbody .plugins #the-list tr').each(function (){console.log(jQuery(this).attr('id'));});
+```
+
+### Move/clone site
+
+```bash
+# lftp
+mkdir sr; cd sr
+!wget -qN https://github.com/interconnectit/Search-Replace-DB/raw/master/index.php
+!wget -qN https://github.com/interconnectit/Search-Replace-DB/raw/master/srdb.class.php
+put index.php; put srdb.class.php
+#mrm *; rmdir sr
+```
+
+#### Things to replace
+
+1. http://domain.tld (no trailing slash)
+2. /var/www/path/to/site (no trailing slash)
+3. email@address.es
+4. domain.tld
+
+#### Change salt
+
+Sucuri plugin
+

shared-hosting-aid/README.md

@@ -0,0 +1,21 @@
+<?php
+/*
+Plugin Name: Sucuri Scanner Firewall menu hider
+Description: Hide Firewall menu and Plugin advertisements.
+Version: 1.1.0
+*/
+
+add_action( 'admin_menu', 'o1_sucuri_remove_firewall', 0 );
+add_filter( 'pre_option_' . 'sucuriscan_ads_visibility', 'o1_sucuri_ads_visibility', 9999 );
+add_filter( 'pre_update_option_' . 'sucuriscan_ads_visibility', 'o1_sucuri_ads_visibility', 9999 );
+
+function o1_sucuri_remove_firewall() {
+    global $sucuriscan_pages;
+
+    unset( $sucuriscan_pages['sucuriscan_monitoring'] );
+}
+
+function o1_sucuri_ads_visibility( $value ) {
+
+    return 'disabled';
+}