Total Pageviews

Sunday, January 24, 2010

Site infected

Run this script there in root ....ull seee infected files :)
Dont forget to change the username

------------


#!/bin/bash

pattern='r0nin|m0rtix|upl0ad|r57shell|c99shell|shellbot|phpshell|void\.ru|phpremoteview|directmail|bash_history|\.ru/|brute *force|multiviews|cwings|bitchx|eggdrop|guardservices|psybnc|dalnet|undernet|vulnscan|spymeta|raslan58|deface|defacing|defacer|MSRml'

searchpath=/home/lhemail/
find $searchpath \( -regex '.*\.php$' -o -regex '.*\.cgi$' -o -regex '.*\.inc$' -o -regex '.*\.pl' \) -print0 | xargs -0 egrep -il "$pattern" /dev/null | sort >> report.$$

cat report.$$

------------
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)