1#@!#!123s

��JFIF�� 1#@!#!123s
: / opt / sharedrads / oldrads / extras /
Filename : newhackhunt.pl
back
#!/usr/bin/perl
#script to search message logs for newly uploaded files that corespnd w/ the bad-folder-name-regex.
# Programmed by Clayton at Inmotion
@clearname=qw(images styles forums thumbs);
$user=0;
$sub_dir_a=0;
$sub_dir_b=0;
#@array=`cat messages| grep -v "forums/styles" | grep -v "forums/images"`;
@array=`cat /var/log/messages`;
LINE: foreach(@array){
  if(/\(\w+\d+\@(\d+\.\d+\.\d+\.\d+)\) \[NOTICE\] \/home\/(\w+\d+)\/+public_html\/(\w\w\w\w\w\w)\/(\w\w\w\w\w\w\/)/){
    $ip=$1;
    $user=$2;
    $sub_dir_a=$3;
    $sub_dir_b=$4;
    foreach(@clearname){
#     print "testing for \"$_\" \n";
#     print "testing $user, $sub_dir_a and $sub_dir_b for $_ \n";
      next LINE if((($sub_dir_a =~/$_/) || ($sub_dir_b =~ /$_/)));

}
      $path="/home/".$user.'/'."public_html".'/'.$sub_dir_a.'/'.$sub_dir_b;
      $file="index.php";
      if(-e "$path$file"){
        @file_contents=`head $path$file`;
        foreach(@file_contents){
          if(/\<\?php eval\(base64_decode\(/){
            if(-e "$path","/cache"){
              `chmod -R 000 /home/$user/public_html/$sub_dir_a`;
              `chown -R root:root /home/$user/public_html/$sub_dir_a`;
              `apf -d $ip 6rnd-hacker`;
              `echo $path $ip >> /root/6rnd-hacked-accounts`;
              print "Processed $path\n";
#              @messages=`grep "$sub_dir_a/$sub_dir_b" /var/log/messages`;
#              foreach(@messages){
#                print;
#}
}
            else{
              print "0\n";
}

      #print $1,"\n";
}
}
}
}
}