Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/bin/bash
- #########################
- # Joomla-Autoheal v0.01 #
- ###############################################################################
- # Script that checks for base64 redirect injections from Google referred hits #
- # and attempts to clean the file. #
- # VERY NB!!! This script assumes that you do not use eval(base64_decode #
- # for anything legitimate! If you do PLEASE do not use this because it will #
- # break your code! #
- # #
- # Disclaimer: Use this script completely at your own risk! I will take no #
- # responsibility if it nukes your system or causes any damage what so ever. #
- # If it does though, please let me know so that I can adapt the scripts #
- # working to prevent it from happening again. #
- # #
- # Author: Adam Schoeman (adam@usintrust.com) #
- # www.usintrust.com #
- ###############################################################################
- # If you want the prog to mail you when it finds an infected file set mail=1
- # and enter your email address
- mail=0
- emailaddy="you@yourdomain.com"
- # Place your web folders in here. You can specify /var/www only to scan
- # all the files in /var/www but at the cost of reporting. Separate with a
- # space.
- web_folders=(/var/www/joomla-host1 /var/www/joomla-host2 /var/www/agg/joomla-subhost1)
- for folder in $(seq 0 $((${#web_folders[@]} - 1)))
- do
- element=0
- infect=""
- infect_array=( )
- echo "Infected files in ${web_folders[$folder]}"
- for infect in $(grep -l -r "eval(base64_decode" ${web_folders[$folder]})
- do
- echo -n "--$infect"
- infect_array[$element]=$infect
- bad_string=`grep -P "eval\(base64_decod" $infect |perl -n -e {'if ($_ =~ /.*(eval\(base64_decode\(\".*\"\)\);)/) {print "$1\n";}'}`
- sed -i s/$bad_string//g $infect
- echo "...CLEANED!"
- element=$element+1
- done
- if [ $mail -eq 1 ]
- then
- if [ ${#infect_array[*]} -gt 0 ]
- then
- sub="${web_folders[$folder]} has ${#infect_array[*]}"
- mail -s "$sub" "$emailaddy" < "/etc/hostname"
- fi
- fi
- done
Add Comment
Please, Sign In to add comment