Archive for October, 2009

Cpanel: Monitoring :2082 logins

Simple script to send you all new logins of the day. Seeing something strange would trigger further research.

#!/usr/bin/perl

chdir('/root');

$d = `date +%m/%d/%Y`;
chomp($d);

@logins = `cat /usr/local/cpanel/logs/access_log|grep $d|awk '{print $1 " " $3}'|sort|uniq`;

$x = "";

foreach(@logins) {
chomp;
/(.*?) (.*)/;
next if $2 eq "-";
$z = `whois $1|grep addres|tail -n 1`;
chomp($z);
$x.="$z $1 $2n";
}

if (not -f "./latestscan") {
`touch ./latestscan`;
}

$y = `cat ./latestscan`;

exit if $y eq $x;

open(F, ">latestscan");
print F $x;
close F;

$sendmail = "/usr/sbin/sendmail -t";
open(SENDMAIL, "|$sendmail") or die "Cannot open $sendmail: $!";
print SENDMAIL "Reply-to: root@myserver.orgn";
print SENDMAIL "Subject: Login report hostf1n";
print SENDMAIL "To: alerts@yourserver.comn";
print SENDMAIL "Content-type: text/plainnn";
print SENDMAIL $x;
close(SENDMAIL);

Watching series; I don’t want to touch my computer

When I watch series I don’t want to touch my computer and I watch all episodes in one fell swoop; if I do something like mplayer *.mpg it crashes, so that doesn’t work. This does, run like;


./play "*.mpg"

or


./play "*.avi"

The code;


#!/usr/bin/perl

$a = "";
foreach(@ARGV) {
$a.=" " if $a;
$a.=$_;
}

while(1){foreach(glob("$a")){`mplayer -fs "$_"`}}

Cpanel security: scanning for usage or upload of c99 shell script (or other scripts)

Sometimes users upload stuff to your server or use scripts you don’t want used. To detect them fast, I wrote this script.


#!/usr/bin/perl

use Digest::Perl::MD5 'md5_hex';

chdir('/root/');
`touch ./scanned` if not -f "./scanned";

%h = ();
open(F, "scanned");
while() {
chomp;
$h{$_} = 1;
}
close F;

@x = `cd /etc/httpd/domlogs/; grep c99me *`;
open(F, ">>scanned");
$s = "";
foreach(@x) {
chomp;
$m = md5_hex($_);
next if $h{$m};
print F "$mn";
$s.=$_."n";
}
close F;

if ($s) {
$sendmail = "/usr/sbin/sendmail -t";
open(SENDMAIL, "|$sendmail") or die "Cannot open $sendmail: $!";
print SENDMAIL "Reply-to: root@myserver.orgn";
print SENDMAIL "Subject: Found some illegal stuff on servern";
print SENDMAIL "To: alerts@somewhere.comn";
print SENDMAIL "Content-type: text/plainnn";
print SENDMAIL $s;
close(SENDMAIL);
}

Cpanel security: cron update all WordPress installations on your server

Two simple scripts. Use with caution and at your own risk. Might eat your machine and piss off all your users.


!/usr/bin/perl

`rm -fR wordpress`;
`wget http://wordpress.org/latest.zip`;
`unzip latest.zip`;

@all = `ls -la /home/|awk '{print $3}'|grep -v root`;

foreach(@all) {
chomp;
next if /^$/;
`./updatewp $_`;
}

#!/usr/bin/perl

$host = `hostname`;
chomp($host);

$u = $ARGV[0];

exit if !$u; # user as arg

exit if not -f "/home/$u/public_html/wp-config.php"; # not wp install

# you shouldn't actually have the readme.html, but if it's there it's a bit faster
$v1 = `cat /home/$u/public_html/readme.html|grep Version > dev/null`;
$v1 =~ /Version (d+.d+.d+)/;
$v1 = $1;

$v2 = `cat wordpress/readme.html|grep Version`;
$v2 =~ /Version (d+.d+.d+)/;
$v2 = $1;

exit if $v1 eq $v2; # already updated

`cp -a wordpress /home/$u/wp_int`;

`cp -rpf /home/$u/public_html/wp-config.php /home/$u/wp_int`;
`cp -rpf /home/$u/public_html/wp-content/* /home/$u/wp_int/wp-content/`;
`cp -rpf /home/$u/public_html/.htaccess /home/$u/wp_int/`;

`chown $u.$u /home/$u/wp_int`;

`cp -a /home/$u/public_html /home/$u/wpback`date +%d%m%y``;

`cp -rpf /home/$u/wp_int/* /home/$u/public_html/`;

`rm -fR /home/$u/wp_int`;

$x = `lynx -dump http://$host/~$u/wp-admin/upgrade.php`;

if ($x =~ /Database Upgrade Required/isgm) {
`lynx -dump http://$host/~$u/wp-admin/upgrade.php?step=1&backto=`;
}

print "Updated $un";