Skip to content

Instantly share code, notes, and snippets.

@jacksoncage
Last active Oct 7, 2015
Embed
What would you like to do?
Shell script to look for evil code and mail if detected
#!/bin/bash
# Shell script to look for evil code and mail if detected
# -------------------------------------------------------------------------
# http://serverfault.com/questions/153666/send-email-based-on-grep-results
# http://www.linuxforums.org/forum/red-hat-fedora-linux/166780-shell-script-send-email.html
# -------------------------------------------------------------------------
WHERE="/home/"
TMP="/tmp/webinject_result.txt"
echo "Looking for evil code"
grep -lr --include=*.php '<?php @error_reporting(0); if (!isset($eva1fYlbakBcVSir' $WHERE > $TMP
if grep --quiet $WHERE $TMP
then
echo "Found evil code, deleting..."
find $WHERE -name '*.php' -exec grep -q eva1fYlbakBcVSir {} \; -print -exec perl -pi -w -e 's/\<\?php \@error_reporting\(0\); if \(\!isset\(\$eva1fYlbakBcVSir.*\?\>//g' {} \;
echo "Sending email to adm@lovemusic.se"
grep -B 20 -B 2 $WHERE $TMP | mail -s "Fixed: Evil code injection on server" adm@lovemusic.se
else
echo "No evil code was found."
fi
echo "Deleting tmp file."
rm -rf $TMP
echo "Done."
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment