API tools faq
paste
Guest User

Joomla-Autoheal v0.01 - Joomla Injection Watcher/Cleaner

a guest
Aug 3rd, 2011
83
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.38 KB | None | 0 0
raw download clone embed print report
  1. #!/bin/bash
  2.  
  3. #########################
  4. # Joomla-Autoheal v0.01 #
  5. ###############################################################################
  6. # Script that checks for base64 redirect injections from Google referred hits #
  7. # and attempts to clean the file. #
  8. # VERY NB!!! This script assumes that you do not use eval(base64_decode #
  9. # for anything legitimate! If you do PLEASE do not use this because it will #
  10. # break your code! #
  11. # #
  12. # Disclaimer: Use this script completely at your own risk! I will take no #
  13. # responsibility if it nukes your system or causes any damage what so ever. #
  14. # If it does though, please let me know so that I can adapt the scripts #
  15. # working to prevent it from happening again. #
  16. # #
  17. # Author: Adam Schoeman (adam@usintrust.com) #
  18. # www.usintrust.com #
  19. ###############################################################################
  20.  
  21. # If you want the prog to mail you when it finds an infected file set mail=1
  22. # and enter your email address
  23. mail=0
  24. emailaddy="you@yourdomain.com"
  25.  
  26. # Place your web folders in here. You can specify /var/www only to scan
  27. # all the files in /var/www but at the cost of reporting. Separate with a
  28. # space.
  29. web_folders=(/var/www/joomla-host1 /var/www/joomla-host2 /var/www/agg/joomla-subhost1)
  30.  
  31. for folder in $(seq 0 $((${#web_folders[@]} - 1)))
  32. do
  33. element=0
  34. infect=""
  35. infect_array=( )
  36. echo "Infected files in ${web_folders[$folder]}"
  37.  
  38. for infect in $(grep -l -r "eval(base64_decode" ${web_folders[$folder]})
  39. do
  40. echo -n "--$infect"
  41. infect_array[$element]=$infect
  42. bad_string=`grep -P "eval\(base64_decod" $infect |perl -n -e {'if ($_ =~ /.*(eval\(base64_decode\(\".*\"\)\);)/) {print "$1\n";}'}`
  43. sed -i s/$bad_string//g $infect
  44. echo "...CLEANED!"
  45. element=$element+1
  46. done
  47. if [ $mail -eq 1 ]
  48. then
  49. if [ ${#infect_array[*]} -gt 0 ]
  50. then
  51. sub="${web_folders[$folder]} has ${#infect_array[*]}"
  52. mail -s "$sub" "$emailaddy" < "/etc/hostname"
  53. fi
  54. fi
  55. done
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!