Create a gist now

Instantly share code, notes, and snippets.

What would you like to do?
Hacked Site Cleanup Scripts
#!/bin/bash
# Run as root
# You may want to modify the cpanelusers file after
for i in $(/bin/ls /var/cpanel/users/); do echo ${i} >> /fix-hack/cpanelusers; done
# Increase file permissions
chmod 400 /fix-hack/cpanelusers
#! /bin/bash
# Run as root
# This script runs the single site script for each site
# Create results file if it doesn't exist
touch /fix-hack/results
# Temporarily lower file permission so all users can read/write
chmod 777 /fix-hack/results
# Loop through each cpanel user listed in
while read NAME
do
echo $NAME
su -c "bash /fix-hack/fix-single-site.sh" -s /bin/sh "$NAME"
done < /fix-hack/cpanelusers
# Increase file permission (you know, passwords and stuff...)
chmod 400 /fix-hack/results
#!/bin/bash
# Run as root
# Check cPanel User
if [[ -z "${1+present}" ]]
then
read -p "cPanel User : " CPANELUSER
else
CPANELUSER=$1
fi
# Generate random 20 character password
PASSWORD=$(LC_CTYPE=C tr -dc A-Za-z0-9_\!\@\#\$\%\^\&\*\(\) < /dev/urandom | head -c 20)
echo ${PASSWORD}
# Allow password changing
export ALLOW_PASSWORD_CHANGE=1
# Replace password
/scripts/realchpass ${CPANELUSER} ${PASSWORD}
/scripts/ftpupdate
/scripts/mysqlpasswd ${CPANELUSER} ${PASSWORD}
echo "New cPanel Password:" >> /fix-hack/results
echo ${PASSWORD} >> /fix-hack/results
echo " " >> /fix-hack/results
#!/bin/bash
# Run as root
# Check cPanel User
if [[ -z "${1+present}" ]]
then
read -p "cPanel User : " CPANELUSER
else
CPANELUSER=$1
fi
# Enter directory
cd /home/${CPANELUSER}/public_html/
# Generate random 20 character password
PASSWORD=$(LC_CTYPE=C tr -dc A-Za-z0-9_\!\@\#\$\%\^\&\*\(\) < /dev/urandom | head -c 20)
echo ${PASSWORD}
# Find old password and user
if [ -f wp-config.php ]
then
OLDPASS=$(cat wp-config.php | grep DB_PASS | cut -d \' -f 4)
DBUSER=$(cat wp-config.php | grep DB_USER | cut -d \' -f 4)
if [ -z ${DBUSER} ]
then
echo " "
else
replace ${OLDPASS} ${PASSWORD} -- wp-config.php
fi
fi
if [ -f db-config.php ]
then
OLDPASS=$(cat db-config.php | grep DB_PASS | cut -d \' -f 4)
DBUSER=$(cat db-config.php | grep DB_USER | cut -d \' -f 4)
if [ -z ${DBUSER} ]
then
echo " "
else
replace "$OLDPASS" "$PASSWORD" -- db-config.php
fi
fi
if [ -f stage-config.php ]
then
OLDPASS=$(cat stage-config.php | grep DB_PASS | cut -d \' -f 4)
DBUSER=$(cat stage-config.php | grep DB_USER | cut -d \' -f 4)
if [ -z ${DBUSER} ]
then
echo " "
else
replace "$OLDPASS" "$PASSWORD" -- stage-config.php
fi
fi
if [ -z ${DBUSER} ]
then
echo "DATABASE PASSWORD NOT CHANGED"
else
# Update mysql pasword
mysql -u root -e "SET PASSWORD FOR ${DBUSER}@localhost = PASSWORD('${PASSWORD}');"
echo "Database Password Changed:" >> /fix-hack/results
fi
echo ${DBUSER}
echo ${PASSWORD}
echo ${OLDPASS}
echo "DB_USER:" >> /fix-hack/results
echo ${DBUSER} >> /fix-hack/results
echo "DB_PASS:" >> /fix-hack/results
echo ${PASSWORD} >> /fix-hack/results
echo "OLD PASSWORD:" >> /fix-hack/results
echo ${OLDPASS} >> /fix-hack/results
echo " " >> /fix-hack/results
#!/bin/bash
# Run as user
# This script requires WP-CLI (http://wp-cli.org/)
# Get cPanel user
if [[ -z "${1+present}" ]]
then
read -p "cPanel User : " CPANELUSER
else
CPANELUSER=$1
fi
# Enter directory
cd ~/public_html/
# generate random 20 character password
PASSWORD=$(LC_CTYPE=C tr -dc A-Za-z0-9_\!\@\#\$\%\^\&\*\(\)-+= < /dev/urandom | head -c 20)
echo ${PASSWORD}
# Check if hacked user
USER1=$(wp user get 1 --field=user_login)
echo ${USER1}
if [ ${USER1} == "anonx" ] || [ ${USER1} == "k2" ] || [ ${USER1} == "admin" ]
then
if [ ${USER1} == "anonx" ]
then
echo "Hacked anonx found" >> /fix-hack/results
fi
if [ ${USER1} == "k2" ]
then
echo "Hacked k2 found" >> /fix-hack/results
fi
if [ ${USER1} == "admin" ]
then
echo "Hacked admin found" >> /fix-hack/results
fi
# Store original user email and make it fake so we can create new account
OLDEMAIL=$(wp user get 1 --field=user_email)
wp user update 1 --user_email=fake@emailaddress.com
# Create new account with correct email and hide user from display name
wp user create ${CPANELUSER} ${OLDEMAIL} --role=administrator --user_pass=${PASSWORD} --display_name=${CPANELUSER}user
NEWID=$(wp user get ${CPANELUSER} --field=ID)
wp user delete 1 --reassign=${NEWID}
echo "New user password:" >> /fix-hack/results
echo ${PASSWORD} >> /fix-hack/results
echo " " >> /fix-hack/results
fi
#!/bin/bash
# Run as root
# This script runs multiple scripts to fix a hacked WordPress site
# Check cPanel User
if [[ -z "${1+present}" ]]
then
read -p "cPanel User : " CPANELUSER
else
CPANELUSER=$1
fi
# Add line break and site working on
echo "-------------------- " >> /fix-hack/results
echo ${CPANELUSER} >> /fix-hack/results
echo " "
echo ${CPANELUSER}
# Update cPanel password
bash /fix-hack/fix-password-cpanel.sh ${CPANELUSER}
# Update WP DB password
bash /fix-hack/fix-password-db.sh ${CPANELUSER}
# Update Hacked WP passwords
su -c "bash /fix-hack/fix-password-wp.sh" -s /bin/sh "${CPANELUSER}"
# Update Hacked WP passwords
su -c "bash /fix-hack/fix-update-wp.sh" -s /bin/sh "${CPANELUSER}"
#!/bin/bash
# Run as user
# This script requires WP-CLI (http://wp-cli.org/)
# Get cPanel user
if [[ -z "${1+present}" ]]
then
read -p "cPanel User : " CPANELUSER
else
CPANELUSER=$1
fi
# Enter directory
cd ~/public_html/
# Force latest version of WP
wp core update --force >> /fix-hack/results
# Update Plugins
wp plugin update --all
# Update Themes
wp theme update --all
# Echo any plugins that could not be updated
echo "Remaining plugins" >> /fix-hack/results
wp plugin list --update=available --format=csv --field=name >> /fix-hack/results
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment