The b374k shell is a popular PHP-based web shell that is used by attackers to gain unauthorized access and control over web servers. Like many web shells, it provides a range of functionalities that allow attackers to interact with the compromised server. b374k shell key features Here are some key characteristics and features of the … Read more

Remove Website Malware

Shared web hosting companies usually install a malware scanner on their servers (ClamAV virus scanner). This is very helpful to scan PHP files with malware. Also, you need SSH access to the server and use extra signatures to get a better detection ratio of PHP malware. We generated a bash script for that, so there … Read more

Free Online PHP Obfuscator

Free Online PHP Obfuscator is designed to help PHP developers protect their intellectual property. Any time you give your PHP source code to someone else your intellectual property can be used and altered without your permission. It’s not one-way encryption but it will keep curious eyes away from your code. These tryed again upload to … Read more

Joomla – Account Creation & Elevated Privileges

Introduction Joomla published version 3.6.4, an update to patch security issues: – [CVE-2016-8870] – Core – Account Creation (High Priority): attackers can exploit this vulnerability to create any account in a Joomla system regardless of whether its registration has been disabled. (affecting Joomla! 3.4.4 through 3.6.3) – [CVE-2016-8869] – Core – Elevated Privileges (High Priority): … Read more

Modules Simple Spotlight Upload

Simple spotlight is a jQuery image rotator with navigation. You can have up to 20 images with links. You can turn off the navigation and choose between 27 effects for transition. It also has 5 button styles and a shadow effect. (Read More) Description Uploaded files represent a significant risk to applications. The first step … Read more

How to Install Nginx with ModSecurity v2.9 from source

Introduction ModSecurity is an open-source Web Application Firewall (WAF) for Apache, Nginx and IIS web server. This application layer firewall is developed by Trustwave’s SpiderLabs and released under Apache License 2.0. ModSecurity protects websites from hackers by using a set of regular expression rules to filter out commonly known exploits, it allows HTTP traffic monitoring, … Read more

ModSecurity Examples – Writing ModSecurity rules


In this article, we will go over the basics of ModSecurity rule writing and also provide ModSecurity rule examples. In case you are new to ModSecurity, we also have an informative article: What is ModSecurity and why do we need it? ModSecurity Rule Writing The ModSecurity Reference Manual should be consulted in any cases where … Read more

Install Maldet Directadmin Server

Login to DirectAdmin server via SSH as the root user or sudo to get root access. Execute the below commands: Output install.sh script Remove unused gzipped tar file You can run a Linux Malware Detect scan now, it would run with no problem. However, it would not include ClamAV’s definitions, if you not before installed … Read more


This is very old malware, Timestamp December 2015 and in Joomla /cache/cache-db.php or /libraries/simplepie/simplepie.lib.php file. This is very cleverly made, and hide assert PHP execution inside the code. First time look source code, it looks like normal file. But when look better and trace first extra code Second hidden code added Third hidden code added … Read more

Securing Directadmin Server

ssh If possible, don’t allow user login ssh to the server. Also disable root user login and use sudo to gain root access. Change: Restart ssh server! Note: Make sure you installed sudo and sudoers to your user! Filesystem You can prevent and hide access certain folders and files. php.ini There are certain functions in … Read more