The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Script to inform admin of hacked sites

Discussion in 'General Discussion' started by Frankc, Feb 12, 2009.

  1. Frankc

    Frankc Well-Known Member

    Joined:
    Jun 18, 2005
    Messages:
    98
    Likes Received:
    0
    Trophy Points:
    16
    In 95% of the cases a hacker would deface the index.htm, index.php or index.html file in public_html and also "brag" about that by adding "Hacked by" somewhere.

    You can run the following script via cron on daily base to find out whether a index file in any user public_html directory was hacked or not.

    Simply copy this code into a file, save it somewhere as hackers.sh, chmod 755 and run via cron daily.

    Code:
    #!/bin/sh 
    for i in `cat /etc/trueuserdomains| awk {'print $2'}`; 
    do grep -rl "Hacked" /home/$i/public_html/index.htm; 
    done | mail -s "Infected Files" your@emailaddress
    
    for i in `cat /etc/trueuserdomains| awk {'print $2'}`; 
    do grep -rl "Hacked" /home/$i/public_html/index.html; 
    done | mail -s "Infected Files" your@emailaddress
    
    for i in `cat /etc/trueuserdomains| awk {'print $2'}`; 
    do grep -rl "Hacked" /home/$i/public_html/index.php; 
    done | mail -s "Infected Files" your@emailaddress
    Script originally supplied by the good guys at webhostingtalk.com but I tweaked the final output to be more suitable for my needs.
     
Loading...

Share This Page