| Dir : /proc/thread-self/root/proc/self/root/proc/self/root/opt/sharedrads/oldrads/extras/ |
| Server: Linux ngx353.inmotionhosting.com 4.18.0-553.22.1.lve.1.el8.x86_64 #1 SMP Tue Oct 8 15:52:54 UTC 2024 x86_64 IP: 209.182.202.254 |
| Dir : //proc/thread-self/root/proc/self/root/proc/self/root/opt/sharedrads/oldrads/extras/newhackhunt.pl |
#!/usr/bin/perl
#script to search message logs for newly uploaded files that corespnd w/ the bad-folder-name-regex.
# Programmed by Clayton at Inmotion
@clearname=qw(images styles forums thumbs);
$user=0;
$sub_dir_a=0;
$sub_dir_b=0;
#@array=`cat messages| grep -v "forums/styles" | grep -v "forums/images"`;
@array=`cat /var/log/messages`;
LINE: foreach(@array){
if(/\(\w+\d+\@(\d+\.\d+\.\d+\.\d+)\) \[NOTICE\] \/home\/(\w+\d+)\/+public_html\/(\w\w\w\w\w\w)\/(\w\w\w\w\w\w\/)/){
$ip=$1;
$user=$2;
$sub_dir_a=$3;
$sub_dir_b=$4;
foreach(@clearname){
# print "testing for \"$_\" \n";
# print "testing $user, $sub_dir_a and $sub_dir_b for $_ \n";
next LINE if((($sub_dir_a =~/$_/) || ($sub_dir_b =~ /$_/)));
}
$path="/home/".$user.'/'."public_html".'/'.$sub_dir_a.'/'.$sub_dir_b;
$file="index.php";
if(-e "$path$file"){
@file_contents=`head $path$file`;
foreach(@file_contents){
if(/\<\?php eval\(base64_decode\(/){
if(-e "$path","/cache"){
`chmod -R 000 /home/$user/public_html/$sub_dir_a`;
`chown -R root:root /home/$user/public_html/$sub_dir_a`;
`apf -d $ip 6rnd-hacker`;
`echo $path $ip >> /root/6rnd-hacked-accounts`;
print "Processed $path\n";
# @messages=`grep "$sub_dir_a/$sub_dir_b" /var/log/messages`;
# foreach(@messages){
# print;
#}
}
else{
print "0\n";
}
#print $1,"\n";
}
}
}
}
}