Skip to content

Instantly share code, notes, and snippets.

@s5csimmons

s5csimmons/gist:ea8f64b9e6e872bcca34

Last active August 29, 2015 14:13
Show Gist options
  • Save s5csimmons/ea8f64b9e6e872bcca34 to your computer and use it in GitHub Desktop.
Save s5csimmons/ea8f64b9e6e872bcca34 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
gistfile1.txt
#!/bin/bash
for website in $(awk --posix '/ServerName/ { if ( $2 !~ /([0-9]{1,3}\.){3}[0-9]+/ && $2 !~ ENVIRON["HOSTNAME"] && $2 !~ /^_wildcard_/ ) print $2 }' /etc/httpd/conf/httpd.conf)
do
((totalSites++))
curl -s http://labs.sucuri.net/?is-my-wordpress-ddosing=$website | grep -q "Good: Your Website"
[ "$?" -ne "0" ] && badSites+=($website) || ((goodSites++))
sleep 1
done
echo "Out of $totalSites total websites on this server, $goodSites of them are clean."
[ "${badSites[0]}" ] && echo "The following sites came back as having been a part of a DDoS attack though:"; printf '%s\n' ${badSites[*]}
@pstengel
Copy link

Don't indent do and stay consistent with formatting with do and then: if you want to use if [ something ]; then, then you should also be using for whatever in $stuff; do. The indenting for that last if statement is unnecessary as well.

In general, you should only use CAPS variable names for variables that are constants or won't be changed from their initial assignments. So URLS is correct, but TOTALSITES, ALLGOOD, BADSITES all change from their initial values and should be lower-case names (use camelCase or snake_case; whichever, just be consistent).

Aside from that, the only other thing is that your greps can probably be simplified and condensed. For example, the assignment of the URLS variable could probably look something more like this:

awk '/ServerName/ { if ($2 !~ /([0-9]{1,3}\.){3}[0-9]+/ && $2 !~ /^_wildcard_/) print $2 }' /etc/httpd/conf/httpd.conf

This is probably how I'd write your script:

#!/bin/bash

for website in $(awk '/ServerName/ { if ($2 !~ /([0-9]{1,3}\.){3}[0-9]+/ && $2 !~ /^_wildcard_/) print $2 }' /etc/httpd/conf/httpd.conf)
do
  curl -s http://labs.sucuri.net/?is-my-wordpress-ddosing=$website | grep -q "Good: Your Website $website"
  [ "$?" -ne "0" ] && echo "$website"

  sleep 1
done

I removed a lot of the verbosity because it's not really necessary. Who really cares about the number of good and bad sites? We ultimately just want to list the bad sites and the other output just makes it more difficult to programmatically use that list.

The [ "$?" - ne "0" ] && echo $website is checking the exit status of the last command (which the grep in the previous line). $? always stores the exit code of the last command. grep exits non-zero if no matches are found, and -q tells grep to not output anything and just exit on the first match. So we're saying, if the exit code is not equal to zero, then the website is not "good" and echo the website name.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment