How to Find Malicious Script in File (Linux Command) - Slot Gacor

 grep -r -i "thailand" /var/www/html

 grep -r -i "gacor" /var/www/html

grep -r -i --exclude-dir=mysql --exclude-dir=db "thailand" /var/www

find /var -type f -perm 0777

grep "?" /var/log/nginx/access.log

grep -Ei "cmd=|exec=|bash|sh" /var/log/nginx/access.log

awk '{print $1}' /var/log/apache2/access.log | sort | uniq -c | sort -nr

Jika terjadi spam user yang masuk ke database

SHOW DATABASES;

USE db

SHOW TABLES;

DELETE FROM users WHERE url LIKE '%slotgacor%';

-- Delete users with suspicious email domains DELETE FROM users WHERE email LIKE '%@yahoo.it%' OR email LIKE '%@yandex.ru%'; -- Delete users from unusual country codes DELETE FROM users WHERE country IN ('HM', 'MP', 'IS');

Verification

SELECT user_id, username, url FROM users WHERE url LIKE '%gacor%';

-- Find other suspicious patterns SELECT user_id, username, email FROM users WHERE email LIKE '%@yahoo.it%' OR email LIKE '%@yandex.ru%';

SELECT user_id, username, country FROM users WHERE country IN ('HM', 'MP', 'IS');

DESCRIBE author_settings;

SELECT * FROM author_settings WHERE setting_value LIKE '%gacor%';

DELETE FROM author_settings 

WHERE setting_value LIKE '%gacor%';

SELECT * FROM author_settings WHERE setting_value LIKE '%gacor%';

Prevent

-- Add indexes for faster spam detection ALTER TABLE users ADD INDEX idx_url (url(255)); ALTER TABLE users ADD INDEX idx_email (email(255));

------------------------

-----------------

Configurasi Apache untuk mengetahui IP yang mengakses ke server yang menggunakan Reverse Proxy

<IfModule mod_remoteip.c>

    RemoteIPHeader X-Forwarded-For

    RemoteIPTrustedProxy 127.0.0.1

</IfModule>

"ganti 127.0.0.1 dengan alamat reverse proxy"

----------------------------

find /var -type f -perm 0777