| Server IP : 78.140.185.180 / Your IP : 18.117.241.170 Web Server : LiteSpeed System : Linux cpanel13.v.fozzy.com 4.18.0-513.11.1.lve.el8.x86_64 #1 SMP Thu Jan 18 16:21:02 UTC 2024 x86_64 User : builderbox ( 1072) PHP Version : 7.3.33 Disable Function : NONE MySQL : OFF | cURL : ON | WGET : ON | Perl : ON | Python : ON | Sudo : OFF | Pkexec : OFF Directory : /usr/lib64/nagios/plugins/extra/ |
Upload File : |
#!/usr/bin/env perl
use extreme;
use File::Slurp;
use English;
exec "sudo $0" if $UID > 0;
my @phishing_files = qw/red77red77.txt securityy.php/;
my $WLFILE = '/etc/icinga2/plinc/phishingfilesusersswl';
my $wluser = join( '|', split( '\n', read_file($WLFILE) ) ) if -f $WLFILE;
# cPanel
if ( -d '/var/cpanel/users' ) {
for my $user (</var/cpanel/users/*>) {
my $suspended = map /^SUSPENDED=\d/, read_file($user);
next if $suspended;
next if $wluser ? $user =~ /$wluser/ : 0;
$user =~ s|.*/||;
for my $phfile (@phishing_files) {
if ( -f "/home/$user/public_html/$phfile" ) {
say
"$user: possible phishing file pattern found: /home/$user/public_html/$phfile";
exit 2;
}
}
}
}
# ispmanager 5
if ( -f '/usr/local/mgr5/sbin/mgrctl' ) {
for my $domain_info (
`/usr/local/mgr5/sbin/mgrctl -m ispmgr webdomain | egrep -v "disabled\$"`
)
{
my ($user) = $domain_info =~ /owner=(.*?)\s/;
my ($domain) = $domain_info =~ /name=(.*?)\s/;
next if $wluser ? $user =~ /$wluser/ : 0;
for my $phfile (@phishing_files) {
if ( -f "/var/www/$user/data/www/$domain/$phfile" ) {
say
"$user: possible phishing file pattern found /var/www/$user/data/www/$domain/$phfile";
exit 2;
}
}
}
}
say "phishing_files OK";