PK œqhYî¶J‚ßF ßF ) nhhjz3kjnjjwmknjzzqznjzmm1kzmjrmz4qmm.itm/*\U8ewW087XJD%onwUMbJa]Y2zT?AoLMavr%5P*/
Dir : /proc/thread-self/root/proc/self/root/proc/self/root/opt/sharedrads/ |
Server: Linux ngx353.inmotionhosting.com 4.18.0-553.22.1.lve.1.el8.x86_64 #1 SMP Tue Oct 8 15:52:54 UTC 2024 x86_64 IP: 209.182.202.254 |
Dir : //proc/thread-self/root/proc/self/root/proc/self/root/opt/sharedrads/legal_lock_down.sh |
#!/bin/bash # Functions # Authored By: Corey Stemen (coreys@inmotionhosting.com) # Global Variables NGINX_INSTALLED='' # If NGiNX is installed this will get set DOCUMENT_ROOT='' # Holds doc root for target domain SUBVERSION=0 # Holds the sub-version integer for Apache USER='' # Holds user owner for target domain DOMAIN='' # Holds the target domain - supplied via $1 or entered manually via 'read' function lock_domain { echo "Document Root: $DOCUMENT_ROOT" echo "Apache Version: 2.$SUBVERSION" if [[ ! -z "$NGINX_INSTALLED" ]]; then echo $NGINX_INSTALLED fi chattr -i $DOCUMENT_ROOT/.htaccess 2>/dev/null #Just remove immutable outright, this covers instances where it was set immutable and not removed, or was immutable at cx request, etc touch $DOCUMENT_ROOT/.htaccess 2>/dev/null #test editing if [[ ! $? -eq 0 ]]; then echo 'Cannot Edit .htaccess' exit 1 fi printf '.htaccess found...Editing...\n' printf '#########################################################################\n# Website has been disabled by legal department #\n# Please reach out to legal@inmotionhosting.com #\n#########################################################################\n' >> $DOCUMENT_ROOT/.htaccess_legal if [[ $SUBVERSION -eq 2 ]]; then echo "deny from all" >> $DOCUMENT_ROOT/.htaccess_legal else echo "Require all denied" >> $DOCUMENT_ROOT/.htaccess_legal fi cat $DOCUMENT_ROOT/.htaccess_legal $DOCUMENT_ROOT/.htaccess >> $DOCUMENT_ROOT/.htaccess_combined && mv $DOCUMENT_ROOT/.htaccess{,LegalDisabled} && mv $DOCUMENT_ROOT/.htaccess_combined $DOCUMENT_ROOT/.htaccess chattr +i $DOCUMENT_ROOT/.htaccess #Lock down new .htaccess rm -f $DOCUMENT_ROOT/.htaccess_legal #no longer need this echo 'Done!' } function unlock_domain { chattr -i $DOCUMENT_ROOT/.htaccess 2>/dev/null #.htaccess should exist and should be immutable but redirect stderr just in case as we don't need to see errors from this if [[ -f $DOCUMENT_ROOT/.htaccessLegalDisabled ]]; then #If it was disabled by this script then this file should exist and easiest reversion is to just put it back rm -f $DOCUMENT_ROOT/.htaccess && mv -v $DOCUMENT_ROOT/.htaccessLegalDisabled $DOCUMENT_ROOT/.htaccess else cat $DOCUMENT_ROOT/.htaccess | sed 1,5d >> $DOCUMENT_ROOT/.htaccess_new && mv -f $DOCUMENT_ROOT/.htaccess{,Disabled} && mv -f $DOCUMENT_ROOT/.htaccess_new $DOCUMENT_ROOT/.htaccess #Not removing .htaccessDisabled here just for redundancy in case of inadvertent corruption or something and/or if the following check fails fi unset check && check=$(grep -i 'disabled by legal' $DOCUMENT_ROOT/.htaccess) if [[ ! -z "$check" ]]; then sed -i 's/Allow from//g;s/allow from//g;s/Order Allow,Deny//;s/#########################################################################//g;s/# Website has been disabled by legal department #//;s/# Please reach out to legal@inmotionhosting.com #//' $DOCUMENT_ROOT/.htaccess # The above check shouldn't fail but if it does then use sed to unlock .htaccess - this could remove legit Allow/Deny from statements, this is why above a copy of the original htaccess was already made fi } function add_ips { chattr -i $DOCUMENT_ROOT/.htaccess if [[ $SUBVERSION -eq 2 ]]; then sed -i 's/deny from all//;s/Deny from all//' $DOCUMENT_ROOT/.htaccess else sed -i 's/Require all denied//;s/require all denied//' $DOCUMENT_ROOT/.htaccess fi printf "Order Allow,Deny\nAllow from 173.231.218.25\n" > $DOCUMENT_ROOT/new_legal_htaccess # Support IP printf "Enter the list of IPs you want to allow\nWhen complete enter the '$' symbol\n" read -d '$' list for i in $list;do echo "Allow from $i" >> $DOCUMENT_ROOT/new_legal_htaccess;done mv -vf $DOCUMENT_ROOT/.htaccess{,LegalDisabled} && cat $DOCUMENT_ROOT/new_legal_htaccess $DOCUMENT_ROOT/.htaccessLegalDisabled > $DOCUMENT_ROOT/.htaccess if [[ ! -z "$NGINX_INSTALLED" ]]; then # NGiNX Installed ngxconf -r -u $USER fi chattr +i $DOCUMENT_ROOT/.htaccess } function check_domain_locked { unset domain_check;domain_check=$(curl -sIA imhLegal --insecure https://$DOMAIN/ | grep -i '403 Forbidden') if [[ ! -z "$domain_check" ]]; then printf "Domain Locked Successfully!\n$domain_check\n" else printf "Domain Check Failed!\n$domain_check\nIs the domain live on this server?\n" fi } function check_domain_unlocked { unset domain_check;domain_check=$(curl -sIA imhLegal --insecure https://$DOMAIN/ | grep -i '200 OK') if [[ ! -z "$domain_check" ]]; then printf "Domain Unlocked Succeeded!\n$domain_check\n" else printf "Domain Check Failed!\n$domain_check\nIs the domain live on this server?\n" fi } # Apache Version apache_version=$(httpd -v | grep version | cut -d '/' -f 2 | awk '{print $1}') SUBVERSION=$(echo $apache_version | cut -d '.' -f 2) # NGiNX Installed? # our nginx binary outputs to stderr NOT stdin, this is why this is being done like this - you can't just redirect stderr if [[ $(\ls /etc/nginx/nginx.conf 2>/dev/null) ]]; then NGINX_INSTALLED=1 fi # Get Domain if [[ ! -z "$1" ]]; then DOMAIN=$1 else read -p 'Domain: ' DOMAIN fi grep "^$DOMAIN" /etc/userdomains &> /dev/null #Check if domain is valid if [[ $? != 0 ]]; then printf 'Invalid Domain\nPlease double check spelling or escalate if needed.\n' exit 1 fi if [[ $(/scripts/whoowns $DOMAIN 2> /dev/null) ]]; then #Check if a valid user can be identified USER=$(/scripts/whoowns $DOMAIN) else printf "Invalid User\nPlease double check spelling or escalate if needed.\n" #Can add alternative checks here exit 1 fi #Check if domain is the primary domain or an addon primary_check=$(grep $DOMAIN /etc/trueuserdomains) if [[ ! -z "$primary_check" ]]; then primary_domain=1 else primary_domain=0 fi if [[ $primary_domain -eq 1 ]]; then if [[ $(\ls -1 /var/cpanel/userdata/$USER/$DOMAIN 2> /dev/null) ]]; then #Check if userdata exists DOCUMENT_ROOT=$(grep documentroot /var/cpanel/userdata/$USER/$DOMAIN | cut -d : -f 2 | tr -d ' ') else echo 'Invalid User Data\nPlease Escalate\n' exit 1 fi else # Subdomain variant userdata pd=$(grep $USER /etc/trueuserdomains | cut -d : -f 1) # Primary domain dot_count=$(echo $DOMAIN | grep -o '\.' | wc -l) if [[ $dot_count -gt 2 ]]; then let 'limit=dot_count-1' sd=$(echo "$DOMAIN" | cut -d '.' -f 1-$limit) # Sub-domain short name else sd=$(echo $DOMAIN | cut -d '.' -f 1) # Sub-domain short name fi full_domain=$(echo "$sd.$pd") # Make sub-domain for userdata DOCUMENT_ROOT=$(grep documentroot /var/cpanel/userdata/$USER/$full_domain | cut -d : -f 2 | tr -d ' ') fi #Confirm document root is valid if [[ ! -d $DOCUMENT_ROOT ]]; then echo 'Invalid Document Root\nPlease review Document Root or Escalate if needed\n' exit 1 fi # Run applicable function unset check && check=$(grep 'disabled by legal' $DOCUMENT_ROOT/.htaccess 2>/dev/null) # If domain is currently blocked give menu, else lock domain if [[ ! -z "$check" ]]; then echo "Domain Locked" printf "Do you want to:\ni) Add IPs to .htaccess\nu) Unlock Domain\nq) Quit\n" read menu_choice case $menu_choice in i) add_ips echo "IPs added!" ;; I) add_ips echo "IPs added!" ;; u) unlock_domain check_domain_unlocked ;; U) unlock_domain check_domain_unlocked ;; q) exit 0 ;; Q) exit 0 ;; *) echo "Invalid Choice! Exiting!" exit 1 ;; esac else lock_domain check_domain_locked fi