uI0d$jm3#N8Wr8q ^q7_%uRs8Ad+JnS
)SLwpV6~$dgQ    r6uF266gjGw6vK89!G%
zZ45ouGZHZ$sXg7 yE51*u6&Efv@Kr
0j9y%%PM24F@Yoe P9*Eu%mu4pUrw*
aw%$13mpEu6$HOvRv6M 
p@tB3L@5.JaN-2004
ROtra33_JaDh

192.168.51.178 D
192.168.50.1 dwp D
192.168.50.3 kamandanu D
192.168.70.102 -isat Ceunei-Raizu-065
192.168.70.1 -isat M
192.168.70.2 -isat M
192.168.70.3 -isat M
192.168.70.4 -isat M
192.168.18.11 velo M

== Cek server standar==
cd /var/log/;exiqgrep -o 43200 -i | xargs exim -Mrm;exiqgrep -z -i | xargs exim -Mrm;df -h;exim -bpc;uptime
ps axufw
tail -f /usr/local/apache/logs/error_log
cek file sing perubahan ukurane paling gede nang /usr/local/apache/domlogs/
plesk
ls -lRS /var/www/vhosts/system/*/logs/access_log | head -n 5
ls -lRS /var/www/vhosts/system/*/logs/access_ssl_log | head -n 5
kuwi nggo ngerti 5 file access log non ssl sing paling gede (asumsine akses sing ke-log paling akeh <-- berarti akeh sing ngakses)
cpanel
ls -lRS /usr/local/apache/domlogs/ | grep ssl_log | head -n 10
ls -lRS /usr/local/apache/domlogs/ | grep -v ssl_log | head -n 10


matikan mysql sleep
mysqladmin process
watch mysqladmin process
for x in `mysqladmin pr | grep Sleep | awk '{print $2}'`;do mysqladmin kill $x;done
for x in ` mysql -e 'show processlist' | grep Sleep | awk '{print $1}'`;do mysql -e "kill $x";done

killall -9 httpd
service httpd start
tail -f /var/www/vhosts/system/tokoarduino.com/logs/access_log
tail -f /var/www/vhosts/system/tokoarduino.com/logs/access_ssl_log

================================================================

Spammer email
exim  -Mvb  messageID - ( melihat body email dengan id tersebut )
exiqgrep -rwocare@aufahijab.com -i | xargs exim -Mrm (- delete antrian email dengan recipient id.stealhealth@gmail.com )
exiqgrep -frahman@tripandupelita.com -i | xargs exim -Mrm (- delete antrian email from tripandupelita.com )
exim -bpr | grep frozen | awk '{print $3}' | xargs exim -Mrm (- delete antrian email yang ada tulisan (status) frozen)
exiqgrep -o 43200 -i | xargs exim -Mrm (- delete antrian email yang sudah lebih dari 43200 detik (12 jam) )

Lacak spammer file
Masuk DALAM /var/log
cat exim_mainlog | grep 'cwd=/home' | awk '{print $3}' | sort | uniq -c | sort -n -k 1
cat exim_mainlog | grep '<=' | grep 'A=dovecot_login' | awk -F'A=dovecot_login:' '{print $2}' | cut -d' ' -f 1 | sort | uniq -c | sort -n -k 1
cat exim_mainlog | grep '<=' | grep 'A=dovecot_plain' | awk -F'A=dovecot_plain:' '{print $2}' | cut -d' ' -f 1 | sort | uniq -c | sort -n -k 1


efa 
mailq (cek antrian )
mailq | grep -v '^ *(' | awk  'BEGIN { RS = "" }{ print $7 }' | sort | uniq -c | sort -n -k 1  (cek jumlah email terkirim )
mailq | grep radif@prismas.co.id   (melihat email terkirim dari alamat radif@prismas.co.id)
postcat -vq 0E81C4070 ( melihat detail email ID 0E81C4070 )
find /var/spool/postfix/ -name "0E81C4070" ( mencari file email 0E81C4070 )
vi /var/spool/postfix/deferred/0/0E81C4070 ( melihat file email 0E81C4070 )
===hapus efa==
postqueue -p | tail -n +2 | awk 'BEGIN { RS = "" } /MAILER-DAE/ { print $1 }' | tr -d '*!' | postsuper -d -;postqueue -p | tail -n +2 | awk 'BEGIN { RS = "" } /over quota/ { print $1 }' | tr -d '*!' | postsuper -d -;postqueue -p | tail -n +2 | awk 'BEGIN { RS = "" } /srs/ { print $1 }' | tr -d '*!' | postsuper -d -;postqueue -p | tail -n +2 | awk 'BEGIN { RS = "" } /root/ { print $1 }' | tr -d '*!' | postsuper -d -;postqueue -p | tail -n +2 | awk 'BEGIN { RS = "" } /overquota/ { print $1 }' | tr -d '*!' | postsuper -d -

===
cek space server, default langkahe:
- cek mounting ke server backup (apakah mounting terputus, apakah server backup penuh) (ps axufw | grep pkgacct (masih proses back up))
- du -sh /var/log/salt/
- du -sh /backup/
- ls -al /home/*.tar.gz
- cek akun yang overspace (du -sh *|grep G (cek space akun GB)
===
Brute bruce wp-login
ps axufw
/home/saklarst/public_html/berker/wp-login.php
/home/saklarst/public_html/jung/wp-login.php
/home/shiptoi1/public_html/wp-login.php
root@jejeran [/var/log]# tail /usr/local/apache/domlogs/shiptoindo.com
csf -d 23.99.143.214 86400  ( -td= temporary deny ; -d=deny ; -ta=temporary allow 
=======================

cari file nama database
[root@ngijon iseptcoi]# ls -al /var/lib/mysql/iseptcoi_ (tab untuk lihat nama database)
iseptcoi_drup810/ iseptcoi_ipul/
[root@ngestiharjo public_html]# grep -R "iseptcoi_drup810" .



   cek space server
df -h

du -h --max-depth=1

cari file cek back up
find . -name paudter1.tar.gz -exec ls -al {} \; 

find . -type f -perm 000
find . -type d -perm 000 

mengubah file dan d directory
find . -type f -exec chmod 644 {} \;
find . -type d -exec chmod 755 {} \;

cek massmail email
bukti massmail:
cat /var/log/exim_mainlog | grep dwirest1

jumlah mass email:
grep dwirest1 /var/log/exim_mainlog | wc -l          

grep -R "xfbml : true" /home/cheapes4/public_html/*        

cat exim_mainlog | grep benditw1 << cek cek hack

cat /usr/lib/php.ini   

cek jumlah email di server
exigrep @ /var/log/exim_mainlog | grep _login | sed -n 's/.*_login:\(.*\)S=.*/\1/p' | sort | uniq -c | sort -nr -k1

auto ssl " does not resolve to any IPv4 addresses on the internet."
/root/idwscript/dig_satu_domain.sh ginsamyong.biz
/usr/local/cpanel/bin/autossl_check --user=ginsamyo

scp -P 3322 root@paseban.idwebhost.com:/home/cpmove-panasi01.tar.gz /home
[root@server tujuan ~]# /scripts/restorepkg usercpanel

egrep -lir --include=*.php "(gzuncompress\(base64_decode\(|eval\(gzinflate\(base64_decode\(|eval\(gzinflate\(str_rot13\(base64_decode\(|1n73ction|oQOVbDAFcR7M25FXbQD9VjPx0lTTzLJ7I9UrBRmRASX6j1IzC1zLN|Pz48P3BocA0KDQovKioNCiAqIEAxM3RoMnIgSWtyMW0gQU|I2luY2x1ZGUgPHN0ZGlvLmg|ydW50aW1lKDApOwpvYl9zdGFydCgpOwokbXRpbWUgPSBleHBsb2RlKCcgJywgbW|JElJSUlJSUlJMUlJST0nY2htb2QnOyRJSUlJSUlJSWwxSWw9J2NoZGlyJzskSUlJSUlJSUlsSTFsPSdm|ZWRpcigkZGgpOyB9IHNvcnQoJGZuYW1lKTsg|LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t|om79R4P7SuWmaX73PVm7PFPLYuRmRobGoUn7qvwYsmP8SR7YpJ49SVXJop7tZamSXancS6f|5BOyPXTjkaaMx3AaaDGI0hTen0foYSTjaDHuE2cycLWlYBWlpcH2iRaTyjGaYwdycb|JY7xlrI0604acopcosM1KzQmMsuvDcxmxVbgrgp9DE8JMpQ0TLpyxSoE4heI6KJaawhtJUUZRc5qBHomhbp8NOPxll3Gq3Wf|LCQiQSwkdhEMYWx1ANBjaGVTsGQ9MCkY4DPwICQAoHJldCA9ICI8NhIgA5E9Ii4kdI8CBBAuIiAE|bPQkPlPiWELKQAKPekDiTqRMXt7wMHHnCnzHMwAJgKUd7HcTMV0Y7BHWy2l59UK9KNJr8niiOJ0YOocIH2AQk4GTHgj32URIEhagaDH6ENMKfiTb|JE9PMDBPMDBPMD0kR0xPQkFMU1snT09PMDAwME8wJ10oJEdMT0JBTFNbJ09PTzAwMDAwTyddKCRHTE9CQUxTWydPME8wME9PMDAnXSgkTz|U4OGywbSeV9QUVGADZf7jlJHv1ZJKmUFhXaG|6W6Mh3GVxGl5fmZdUQDlDELtTHMmwNcQU|XSA9ICRfUE9TVFsnYXNzdW50byddOwokb|1YjczOWE3ZTQxZTQ2YTA1ZDA3N2VjNGE0YTQ9I|veyron\.yahoo\.com/TDS\.post\.php|function_exists\('shell_exec'\)|function_exists\('passthru\(|TC9A16C47DA8EEE87\(|Copyright7_17_156|cgishell|hackingway|b374k|shbd|backconnect|bindshell|_1513899822|r57shell|indishell|hackerlink|qbhqemyge|n9a2d8ce3\(|n85ced157\(|lylqqutjxsog\=|vjfajwgqfgv\}|FilesMan|\\x73\\x65\\x36\\x34\\x5F\\x64\\x65\\x63\\x6F\\x64\\x65\\x28|_shell_atildi_|Mo3tafA|5nkhUYDh|fightagent|Alsa3ek|AnonGhost|KUBUCYBER|1923Turk|iskorpitx|Mr\.TiGeR|Tryag\.Cc|fffndxcytuo|EntriKa|c99shcook|h4ntu|entrika|PHPSHELL_VERSION|xsylar|Hackerdre81|djeu84m|Devilzc0de|Mohajer22|Yogyacarderlink|Silent-KiLLer|alShaMi|ManSykez|shellc0der1337|pee/root|miyachung|Challenges-HackerS|cha88\.cn|ShababHacker|TeaM HacKer EgypT|r3c0d3d|RAB3OUN|by oRb|DEFACE|Shaun Connection|Alibobo ReZulT|rule of spam-assassin|JoomlaBru|DarkScream007|PHP  BAD Mailer|Procoderz Team Albania|Hacked by |cPanel Password Cracker|By Hacking Sec|StealHealth|NIezQWPQzO|All Indonesia Coder|oyZ2utCaxg|All Indonesia Hacker|All JibanCrew|Indian Hacker|minang\.cyber\.team|v53DMKL|BREACK|sqbezzibn|_REQUEST\\['p1'\\]|export LD_PRELOAD|function is_good_ip\(|ygtqpkoosnxt|edoced_46esab|Mrs.Loli48|FlirtGirl404|Phoenix1337|S4MP4H|Ricky-Death404|orofZ1VO9ChDgFIgBxCuSgH2ERo3XTwwugBDjfABoHsvchxkHmPMVfjo1slDmDSrn|\;passthru\(|Mr.Pain|kdGemFGOXlaV01vSmlSaGNuSXBDbnNLSUNCeVpYTmxkQ2drWVhKeUtUc0tJQ0IzYUdsc1pT|Mass Defacer|Av3LoXiS|Barrabravaz|exploit-db\.com|YTFmWTJiYWsxY3owaXIgPSAiXHg2NlwxNjVceDZlXDE0M1x4NzRcMTUxXHg2ZlwxNTZ\)|'eypvx47'|'kyvlc2'|SocketIPs|\/proc\/self\/exe|\\\xa29\\\x29\\\x29\\\x3b|dunat\.ru|fidot\.ru|GjfTMPxq8inkLe1PgzHgJEp3DDk4aeIc7NSHJI2dhy6wwNYLWGoXcDf1an9zU4eV9oBk2uu|\\\x77\\\x65\\\x62\\\x7a\\\x6au\\\x71\\\x62\\\x64lt|\\\x6a\\\x66\\\x72\\\x67\\\x6f\\\x74j\\\x77\\\x67\\\x66eb|eval\(base64\_decode|mxhosts|x4bGROUN|PD9waHAgIyANCiRhdXRoX3Bhc3|mail\(stripslashes|Ly9lNHd2eTRkd2JjN3J3NWNyYzVqaQ0KDQokYW5k|JHJkNzZlOWRiOGExMDc0MGVlYzM5OWYzOD|y5ht35QgG5hKGdANEY|PCT4BA6ODSE|\\\x67\\\x7a\\\x75\\\x6e\\\x63\\\x6f\\\x6d\\\x70\\\x72\\\x65\\\x73\\\x73|a7005c184d9f2a252db7637b225902bb|Ea9EskFq5kqQdI3ShZxXjiTXgocFwxG|sBGcFxnEd4XWg6NbkCQJhlc08z|r76\[87\]|\_spamdom|xKIV4KWYNKIPNgeStMt2XOpUXEHoGEmPpOQzXPpOXEzwpOmupExzTaXJTEAwGMt|v135K6V|vAUNYNW|3469825000034634|mx.yandex.ru|cscrb78|yMxbgVDJ96|EWnBCG\-hUfK|oboikuury|JdlZn9Ug|vMTY00V|UEsDBBQAAAA|\\\x47LO\\\x42\\\x41\\\x4c|\\\x77m\\\x64\\\x38|\\\x61\\\156\\\x75|mqaeu21|jbvnzvTQ|jembot|vWY4H5F|I0hUVHJhY2sjaQ|jmiO\@sxhFnD|vOII2J2|kr9NHenNHenNH|v0QIDFF|vL4OLC8|vKU8H3W|v98TP02|vHRL97B|v0BVB7O|vS8BZMR|2Y7ADIZCQSS|vSJ3UAI|v02N9OC|v16TV1E|jmiO\@sxhFnD|v9HN3OQ|vEBTETM|jsfw4O8Z|\\\xd\\\x50\\\x45\\\x31|vF3H751|vN6SN40|f0c3bd9|vJW520X|\\\x9\\\x5a\\\x36\\\x58|bbtfyahbas|vNSZ3FA|o6VloXpz|\\\x6a\\\x30\\\x6d\\\x23|vLWXOLI|vRJYM4L|aw14agoK|KOI2KOI2|23FepB4OMT2E5|vD56601|d82c10941|vSJI70Q|vODL819|vT6D0Q5|v2SNG1N|vO1JADU|ytldtdsi|NGlCgUW|\.\$i85\[79\]|l9Jc5WMU1|Yo6gR6ow|cszuk|s5ac52af4|\$d79[47]|uuxab26|flkpdbkofs|PD9waHANCg0|xvecmkqt|eyIubXguYW9|LPmVc4RQsKL6d|nfJWlvZHe|aysfayx|yswcqice|dteoyyrp|base64\_decode\"\;return|oj4228\[|n4bb3|\\\x65\\\x63\\\x6F\\\x64\\\x65|BAkK8t1QhrIix|zksh89\[|bbfq11\[|n95dde0|KE393\[|iVBORw0KGgo|d6378e446|47\\\x4c\\\x4fB\\\x41\\\x4c|KE393|chiltonsondemand|x34\\\x5Fde\\\x63\\\x6Fd|XHg2Nlx4NzVceDZFXH|XCRfNjFhMWQzZ|\\\x5f\\\x46\\\x36\\\x63\\\x5d|\[F9K\^0G\"\^\"S4H|mygV6D2Z5M3PD2|wS1RzZyIpKTsg|yWBYQzCvmFpn7mCcJTi|f5983|\\\x64\\\x48\\\x2f\\\x4a|'ZMxrnCbWoeZ|sea8321|0quSlVyHpW0Z|ynpvjb|jifqyc|bqnpyvz|chr\(106\^12\)|\"base\"\ \.\ \"64\_decode\"\;return|se\\\x364\\\x5Fd\\\x65cod|feuerwehr-ladendorf.at|66666666667|\\\x351\\\x32744\\\x38\\\x63|\$OO0O00O|\\\x62\\\x61\\\x73\\\x65\\\x36|gLiG2y2oS|lboxaiu\.in|coolin\.in|XCRfMDJmZDAwZmM|OO0O00O\_\_\_|nHarmRt|f8832|Sistema\ Operacional|BY\-SCR43Z1|O00OO0|A8403|oYpRT2440|piwin3t|x5a\"\.chr\(105\)|\\\x31\\\x32\\\x34\\\x33|NlGK60QJZKGZ|bvUFl5ye3f94|NFFcI15|ba9hus|\\\x63\\\x68\\\x72|BYM1O6IZLq|GVYNnNbDRZHb|u6srerrJ2|mdb658|Sw8CVsNDFPSSs|spbze98|jVbdbts2F|nJLtXPScp|xh3LL|gnstilxe|dBZFOf2900|Y4449|wgB\{|\"weakstraight\"|xxxxxxxxxxx|ZXZhbChiYXNlNj|neyp0Md|H1CGOdVX|FX0FERFInXTs|RMTshhnv|\.chr\(178\^|ntuan07|\\\x2fhom|ntuan09|ntuan0|\_b4F4hp\!|\?vapqvj|iideicioidieii|ntuan1|cafrwcm|qZ46inl|cR6goOwwY2P|asuakdwnnas|bdOVhyPwcl4|mWd1MfxZGu|x49bl\+WYl|welldirect.su|qXuGnGC|CuO49dzxT|XJkWzdl|ZHJlY2hyb|cHVicy0|WZkMHTIWL50QP|c2lneT1u|\_0xaae8|PD9waHANCmhlYWRlci|georgianne|bHNlOnJlcm|XSYGRmqfB|bHVycCIs|M5Nzc5NDN|PiR0ZXR|JywkcmUp|fofaec|xttcvrg|CgokZGVmY|KuloSinten|7b17SuO4|KGO0X6B|TkrdonrdE0V|tiW0x2|Xploit|d0763edaa|JFRki6siV3RV|xRx6MHZjzC|TurtleScanner|tea8fc8|\/wwwroot\/)" .

egrep -lir --include=*.php "(gzuncompress\(base64_decode\(|eval\(gzinflate\(base64_decode\(|eval\(gzinflate\(str_rot13\(base64_decode\(|1n73ction|oQOVbDAFcR7M25FXbQD9VjPx0lTTzLJ7I9UrBRmRASX6j1IzC1zLN|Pz48P3BocA0KDQovKioNCiAqIEAxM3RoMnIgSWtyMW0gQU|I2luY2x1ZGUgPHN0ZGlvLmg|ydW50aW1lKDApOwpvYl9zdGFydCgpOwokbXRpbWUgPSBleHBsb2RlKCcgJywgbW|JElJSUlJSUlJMUlJST0nY2htb2QnOyRJSUlJSUlJSWwxSWw9J2NoZGlyJzskSUlJSUlJSUlsSTFsPSdm|ZWRpcigkZGgpOyB9IHNvcnQoJGZuYW1lKTsg|LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t|om79R4P7SuWmaX73PVm7PFPLYuRmRobGoUn7qvwYsmP8SR7YpJ49SVXJop7tZamSXancS6f|5BOyPXTjkaaMx3AaaDGI0hTen0foYSTjaDHuE2cycLWlYBWlpcH2iRaTyjGaYwdycb|JY7xlrI0604acopcosM1KzQmMsuvDcxmxVbgrgp9DE8JMpQ0TLpyxSoE4heI6KJaawhtJUUZRc5qBHomhbp8NOPxll3Gq3Wf|LCQiQSwkdhEMYWx1ANBjaGVTsGQ9MCkY4DPwICQAoHJldCA9ICI8NhIgA5E9Ii4kdI8CBBAuIiAE|bPQkPlPiWELKQAKPekDiTqRMXt7wMHHnCnzHMwAJgKUd7HcTMV0Y7BHWy2l59UK9KNJr8niiOJ0YOocIH2AQk4GTHgj32URIEhagaDH6ENMKfiTb|JE9PMDBPMDBPMD0kR0xPQkFMU1snT09PMDAwME8wJ10oJEdMT0JBTFNbJ09PTzAwMDAwTyddKCRHTE9CQUxTWydPME8wME9PMDAnXSgkTz|U4OGywbSeV9QUVGADZf7jlJHv1ZJKmUFhXaG|6W6Mh3GVxGl5fmZdUQDlDELtTHMmwNcQU|XSA9ICRfUE9TVFsnYXNzdW50byddOwokb|1YjczOWE3ZTQxZTQ2YTA1ZDA3N2VjNGE0YTQ9I|veyron\.yahoo\.com/TDS\.post\.php|function_exists\('shell_exec'\)|function_exists\('passthru\(|TC9A16C47DA8EEE87\(|Copyright7_17_156|cgishell|hackingway|b374k|shbd|backconnect|bindshell|_1513899822|r57shell|indishell|hackerlink|qbhqemyge|n9a2d8ce3\(|n85ced157\(|lylqqutjxsog\=|vjfajwgqfgv\}|FilesMan|\\x73\\x65\\x36\\x34\\x5F\\x64\\x65\\x63\\x6F\\x64\\x65\\x28|_shell_atildi_|Mo3tafA|5nkhUYDh|fightagent|Alsa3ek|AnonGhost|KUBUCYBER|1923Turk|iskorpitx|Mr\.TiGeR|Tryag\.Cc|fffndxcytuo|EntriKa|c99shcook|h4ntu|entrika|PHPSHELL_VERSION|xsylar|Hackerdre81|djeu84m|Devilzc0de|Mohajer22|Yogyacarderlink|Silent-KiLLer|alShaMi|ManSykez|shellc0der1337|pee/root|miyachung|Challenges-HackerS|cha88\.cn|ShababHacker|TeaM HacKer EgypT|r3c0d3d|RAB3OUN|by oRb|DEFACE|Shaun Connection|Alibobo ReZulT|rule of spam-assassin|JoomlaBru|DarkScream007|PHP  BAD Mailer|Procoderz Team Albania|Hacked by |cPanel Password Cracker|By Hacking Sec|StealHealth|NIezQWPQzO|All Indonesia Coder|oyZ2utCaxg|All Indonesia Hacker|All JibanCrew|Indian Hacker|minang\.cyber\.team|v53DMKL|BREACK|sqbezzibn|_REQUEST\\['p1'\\]|export LD_PRELOAD|function is_good_ip\(|ygtqpkoosnxt|edoced_46esab|Mrs.Loli48|FlirtGirl404|Phoenix1337|S4MP4H|Ricky-Death404|orofZ1VO9ChDgFIgBxCuSgH2ERo3XTwwugBDjfABoHsvchxkHmPMVfjo1slDmDSrn|\;passthru\(|Mr.Pain|kdGemFGOXlaV01vSmlSaGNuSXBDbnNLSUNCeVpYTmxkQ2drWVhKeUtUc0tJQ0IzYUdsc1pT|Mass Defacer|Av3LoXiS|Barrabravaz|exploit-db\.com|YTFmWTJiYWsxY3owaXIgPSAiXHg2NlwxNjVceDZlXDE0M1x4NzRcMTUxXHg2ZlwxNTZ\)|'eypvx47'|'kyvlc2'|SocketIPs|\/proc\/self\/exe|\\\xa29\\\x29\\\x29\\\x3b|dunat\.ru|fidot\.ru|GjfTMPxq8inkLe1PgzHgJEp3DDk4aeIc7NSHJI2dhy6wwNYLWGoXcDf1an9zU4eV9oBk2uu|\\\x77\\\x65\\\x62\\\x7a\\\x6au\\\x71\\\x62\\\x64lt|\\\x6a\\\x66\\\x72\\\x67\\\x6f\\\x74j\\\x77\\\x67\\\x66eb|eval\(base64\_decode|mxhosts|x4bGROUN|PD9waHAgIyANCiRhdXRoX3Bhc3|mail\(stripslashes|Ly9lNHd2eTRkd2JjN3J3NWNyYzVqaQ0KDQokYW5k|JHJkNzZlOWRiOGExMDc0MGVlYzM5OWYzOD|y5ht35QgG5hKGdANEY|PCT4BA6ODSE|\\\x67\\\x7a\\\x75\\\x6e\\\x63\\\x6f\\\x6d\\\x70\\\x72\\\x65\\\x73\\\x73|a7005c184d9f2a252db7637b225902bb|Ea9EskFq5kqQdI3ShZxXjiTXgocFwxG|sBGcFxnEd4XWg6NbkCQJhlc08z|r76\[87\]|\_spamdom|xKIV4KWYNKIPNgeStMt2XOpUXEHoGEmPpOQzXPpOXEzwpOmupExzTaXJTEAwGMt|v135K6V|vAUNYNW|3469825000034634|mx.yandex.ru|cscrb78|yMxbgVDJ96|EWnBCG\-hUfK|oboikuury|JdlZn9Ug|vMTY00V|UEsDBBQAAAA|\\\x47LO\\\x42\\\x41\\\x4c|\\\x77m\\\x64\\\x38|\\\x61\\\156\\\x75|mqaeu21|jbvnzvTQ|jembot|vWY4H5F|I0hUVHJhY2sjaQ|jmiO\@sxhFnD|vOII2J2|kr9NHenNHenNH|v0QIDFF|vL4OLC8|vKU8H3W|v98TP02|vHRL97B|v0BVB7O|vS8BZMR|2Y7ADIZCQSS|vSJ3UAI|v02N9OC|v16TV1E|jmiO\@sxhFnD|v9HN3OQ|vEBTETM|jsfw4O8Z|\\\xd\\\x50\\\x45\\\x31|vF3H751|vN6SN40|f0c3bd9|vJW520X|\\\x9\\\x5a\\\x36\\\x58|bbtfyahbas|vNSZ3FA|o6VloXpz|\\\x6a\\\x30\\\x6d\\\x23|vLWXOLI|vRJYM4L|aw14agoK|KOI2KOI2|23FepB4OMT2E5|vD56601|d82c10941|vSJI70Q|vODL819|vT6D0Q5|v2SNG1N|vO1JADU|ytldtdsi|NGlCgUW|\.\$i85\[79\]|l9Jc5WMU1|Yo6gR6ow|cszuk|s5ac52af4|\$d79[47]|uuxab26|flkpdbkofs|PD9waHANCg0|xvecmkqt|eyIubXguYW9|LPmVc4RQsKL6d|nfJWlvZHe|aysfayx|yswcqice|dteoyyrp|base64\_decode\"\;return|oj4228\[|n4bb3|\\\x65\\\x63\\\x6F\\\x64\\\x65|BAkK8t1QhrIix|zksh89\[|bbfq11\[|n95dde0|KE393\[|iVBORw0KGgo|d6378e446|47\\\x4c\\\x4fB\\\x41\\\x4c|KE393|chiltonsondemand|x34\\\x5Fde\\\x63\\\x6Fd|XHg2Nlx4NzVceDZFXH|XCRfNjFhMWQzZ|\\\x5f\\\x46\\\x36\\\x63\\\x5d|\[F9K\^0G\"\^\"S4H|mygV6D2Z5M3PD2|wS1RzZyIpKTsg|yWBYQzCvmFpn7mCcJTi|f5983|\\\x64\\\x48\\\x2f\\\x4a|'ZMxrnCbWoeZ|sea8321|0quSlVyHpW0Z|ynpvjb|jifqyc|bqnpyvz|chr\(106\^12\)|\"base\"\ \.\ \"64\_decode\"\;return|se\\\x364\\\x5Fd\\\x65cod|feuerwehr-ladendorf.at|66666666667|\\\x351\\\x32744\\\x38\\\x63|\$OO0O00O|\\\x62\\\x61\\\x73\\\x65\\\x36|gLiG2y2oS|lboxaiu\.in|coolin\.in|XCRfMDJmZDAwZmM|OO0O00O\_\_\_|nHarmRt|f8832|Sistema\ Operacional|BY\-SCR43Z1|O00OO0|A8403|oYpRT2440|piwin3t|x5a\"\.chr\(105\)|\\\x31\\\x32\\\x34\\\x33|NlGK60QJZKGZ|bvUFl5ye3f94|NFFcI15|ba9hus|\\\x63\\\x68\\\x72|BYM1O6IZLq|GVYNnNbDRZHb|u6srerrJ2|mdb658|Sw8CVsNDFPSSs|spbze98|jVbdbts2F|nJLtXPScp|xh3LL|gnstilxe|dBZFOf2900|Y4449|wgB\{|\"weakstraight\"|xxxxxxxxxxx|ZXZhbChiYXNlNj|neyp0Md|H1CGOdVX|FX0FERFInXTs|RMTshhnv|\.chr\(178\^|ntuan0|\\\x2fhom|ntuan09|ntuan06|\_b4F4hp\!|\?vapqvj|iideicioidieii|ntuan1)" .

egrep --include=*.php* --include=*.ico --exclude=*.js -rlE '(function.*for.*strlen.*\s\.=\sisse|function.+\\x.+\s=\s.+\sfor\s\(.+\sstrlen.+\sfor\s.+\sstrlen.+\.=.+\^|\$GLOBALS.*\\x[0-9]{2}.*eval|/\*(\w+)\*/\s*@include\s*[^;]+;\s*/\*|^.+(\$_COOKIE|\$_POST).+eval\(.+$|eval.*intval.+__LINE__.+|gzuncompress.+base64_decode.+\$_POST|killall -9.+unset.+LD_PRELOAD|base64_decode.+\$_REQUEST.+\\x|@include\s\"\\[0-9]{3}|basename.+trim.+preg_replace.+rawurldecode.+__FILE__)'

[root@plesk-9 theme]# plesk repair web aljahizbiologi.com

update clients set external_id='2b7cd05f-f23d-48a1-b69f-d845ae44cf0e' where login='iklang13'; 

cat /var/log/exim_mainlog
grep naturho /var/log/exim_mainlog
exim -bp
tail -f /var/log/exim_mainlog
exim -bp

http://browserspy.dk/webserver.php

inode counter
echo "Inode usage for: $(pwd)" ; for d in `find -maxdepth 1 -type d |cut -d\/ -f2 |grep -xv . |sort`; do c=$(find $d |wc -l) ; printf "$c\t\t- $d\n" ; done ; printf "Total: \t\t$(find $(pwd) | wc -l)\n"