BrainFish Eat FishBrain

Ramblings of a techie

Cpanel security: scanning for usage or upload of c99 shell script (or other scripts)

Sometimes users upload stuff to your server or use scripts you don’t want used. To detect them fast, I wrote this script.


#!/usr/bin/perl
    
use Digest::Perl::MD5 'md5_hex';

chdir('/root/');
`touch ./scanned` if not -f "./scanned";

%h = ();
open(F, "scanned");
while() {
 chomp;
 $h{$_} = 1;
}
close F;

@x = `cd /etc/httpd/domlogs/; grep c99me *`;
open(F, ">>scanned");
$s = "";
foreach(@x) {
 chomp;
 $m = md5_hex($_);
 next if $h{$m};
 print F "$mn";
 $s.=$_."n";
}
close F;

if ($s) {
 $sendmail = "/usr/sbin/sendmail -t";
 open(SENDMAIL, "|$sendmail") or die "Cannot open $sendmail: $!"; 
 print SENDMAIL "Reply-to: root@myserver.orgn"; 
 print SENDMAIL "Subject: Found some illegal stuff on servern"; 
 print SENDMAIL "To: alerts@somewhere.comn"; 
 print SENDMAIL "Content-type: text/plainnn"; 
 print SENDMAIL $s; 
 close(SENDMAIL); 
}

Be the first to leave a comment. Don’t be shy.

Join the Discussion

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>