TLWebdesign/searchfiles.sh

## searchfiles.sh
#!/bin/bash

# Created by Tom van der Laan - TLWebdesign with the help of ChatGPT 4
# Created on 31st of August 2023

# This script will search for files known to be placed in your joomla installation because of the Acymailing vulnerability.
# It is set up to work on a DirectAdmin installation by default. But when you run the script it will ask you for the file system search pattern.
# Leaving that empty will default it to directadmin structure.

# Common structures are (according to chatGPT)
# cPanel: /home/*/public_html/
# Plesk: /var/www/vhosts/*/httpdocs/
# Webmin/Virtualmin: /home/*/public_html/
# ISPConfig: /var/www/*/web/
# Cyberpanel /home/*/public_html/

# ------------------------------------------------------------------------------
# INSTRUCTIONS:
# You need to log into your server with SSH or some other means to get to the terminal.
# Then you can follow the instructions below.
#
# 1. Create a new file named "searchfiles.sh" (or any other desired name with .sh extension).
#    You can use any text editor like nano, vim, etc.
#    Example: nano searchfiles.sh
#
# 2. Copy and paste the content of this script into that file.
#
# 3. Save and close the editor.
#
# 4. Give execute permission to the script:
#    chmod +x searchfiles.sh
#
# 5. Now, run the script using:
#    ./searchfiles.sh
# ------------------------------------------------------------------------------


# Prompt the user for a directory to search in, and use `/home/*/domains/` as default if they just press Enter
echo -n "Enter the directory to search in (default: /home/*/domains/): "
read directory

# If the user didn't provide a directory, use the default
if [[ -z $directory ]]; then
    directory="/home/*/domains/"
fi

echo "Scanning for files in $directory with patterns: *png\?.*, *jpg\?.*, *.png.php*, and *.php.png*..."

declare -a filesArray

# Expand directory wildcards and iterate over them
for expanded_directory in $directory; do
    while IFS= read -r line; do
        filesArray+=("$line")
    done < <(find "$expanded_directory" -type f \( -name "*png\?.*" -o -name "*jpg\?.*" -o -name "*.png.php*" -o -name "*.php.png*" \))
done

echo "Found the following files:"
for file in "${filesArray[@]}"; do
    echo "$file"
done

if [[ ${#filesArray[@]} -eq 0 ]]; then
    echo "No matching files found."
    exit 0
fi

echo -n "Do you want to delete the found files? (all/one/no): "
read choice

case $choice in
    all)
        read -p "Are you sure you want to delete ALL files? (yes/no): " confirm
        if [[ $confirm == "yes" ]]; then
            for file in "${filesArray[@]}"; do
                rm "$file"
                echo "Deleted: $file"
            done
        else
            echo "No files deleted."
        fi
        ;;
    one)
        for file in "${filesArray[@]}"; do
            echo -n "Delete $file? (yes/no): "
            read confirm
            if [[ $confirm == "yes" ]]; then
                rm "$file"
                echo "Deleted: $file"
            else
                echo "Skipped: $file"
            fi
        done
        ;;
    *)
        echo "No files deleted."
        ;;
esac
	#!/bin/bash

	# Created by Tom van der Laan - TLWebdesign with the help of ChatGPT 4
	# Created on 31st of August 2023

	# This script will search for files known to be placed in your joomla installation because of the Acymailing vulnerability.
	# It is set up to work on a DirectAdmin installation by default. But when you run the script it will ask you for the file system search pattern.
	# Leaving that empty will default it to directadmin structure.

	# Common structures are (according to chatGPT)
	# cPanel: /home/*/public_html/
	# Plesk: /var/www/vhosts/*/httpdocs/
	# Webmin/Virtualmin: /home/*/public_html/
	# ISPConfig: /var/www/*/web/
	# Cyberpanel /home/*/public_html/

	# ------------------------------------------------------------------------------
	# INSTRUCTIONS:
	# You need to log into your server with SSH or some other means to get to the terminal.
	# Then you can follow the instructions below.
	#
	# 1. Create a new file named "searchfiles.sh" (or any other desired name with .sh extension).
	# You can use any text editor like nano, vim, etc.
	# Example: nano searchfiles.sh
	#
	# 2. Copy and paste the content of this script into that file.
	#
	# 3. Save and close the editor.
	#
	# 4. Give execute permission to the script:
	# chmod +x searchfiles.sh
	#
	# 5. Now, run the script using:
	# ./searchfiles.sh
	# ------------------------------------------------------------------------------


	# Prompt the user for a directory to search in, and use `/home/*/domains/` as default if they just press Enter
	echo -n "Enter the directory to search in (default: /home/*/domains/): "
	read directory

	# If the user didn't provide a directory, use the default
	if [[ -z $directory ]]; then
	directory="/home/*/domains/"
	fi

	echo "Scanning for files in $directory with patterns: png\?., jpg\?., .png.php, and .php.png..."

	declare -a filesArray

	# Expand directory wildcards and iterate over them
	for expanded_directory in $directory; do
	while IFS= read -r line; do
	filesArray+=("$line")
	done < <(find "$expanded_directory" -type f \( -name "png\?." -o -name "jpg\?." -o -name ".png.php" -o -name ".php.png" \))
	done

	echo "Found the following files:"
	for file in "${filesArray[@]}"; do
	echo "$file"
	done

	if [[ ${#filesArray[@]} -eq 0 ]]; then
	echo "No matching files found."
	exit 0
	fi

	echo -n "Do you want to delete the found files? (all/one/no): "
	read choice

	case $choice in
	all)
	read -p "Are you sure you want to delete ALL files? (yes/no): " confirm
	if [[ $confirm == "yes" ]]; then
	for file in "${filesArray[@]}"; do
	rm "$file"
	echo "Deleted: $file"
	done
	else
	echo "No files deleted."
	fi
	;;
	one)
	for file in "${filesArray[@]}"; do
	echo -n "Delete $file? (yes/no): "
	read confirm
	if [[ $confirm == "yes" ]]; then
	rm "$file"
	echo "Deleted: $file"
	else
	echo "Skipped: $file"
	fi
	done
	;;
	*)
	echo "No files deleted."
	;;
	esac