| Server IP : 146.190.157.162 / Your IP : 216.73.217.6 Web Server : Apache System : Linux ubuntu-s-2vcpu-4gb-amd-sfo3-01-KIT-DIGITAL 6.5.0-44-generic #44-Ubuntu SMP PREEMPT_DYNAMIC Fri Jun 7 15:10:09 UTC 2024 x86_64 User : businessweek ( 639) PHP Version : 8.2.10-2ubuntu2.2 Disable Function : exec,passthru,shell_exec,system,proc_open,popen,pcntl_exec,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_signal,pcntl_signal_dispatch,pcntl_getpriority,pcntl_setpriority,dl,putenv,parse_ini_file,show_source MySQL : OFF | cURL : ON | WGET : ON | Perl : ON | Python : OFF | Sudo : ON | Pkexec : OFF Directory : /var/www/html/ |
Upload File : |
#!/bin/bash
BASE="/var/www/html"
BAD_PLUGINS_REGEX="asazysac|javax-|u-short|urshort"
for SITE in "$BASE"/*; do
[ -d "$SITE" ] || continue
[ -f "$SITE/wp-config.php" ] || continue
PROJECT=$(basename "$SITE")
echo ">>> Procesando: $PROJECT"
# --- PASO 0: DESBLOQUEO INICIAL ---
# Quitamos la inmutabilidad de los archivos críticos para poder trabajar
chattr -i "$SITE/index.php" "$SITE/.htaccess" "$SITE/wp-config.php" 2>/dev/null
if [ -f "$SITE/wp-content/uploads/.htaccess" ]; then
chattr -i "$SITE/wp-content/uploads/.htaccess" 2>/dev/null
fi
# --- PASO 1: VERIFICACIÓN DE USUARIO ---
if ! id "$PROJECT" &>/dev/null; then
OWNER="root"
echo " [!] Usuario '$PROJECT' no existe, usando root."
else
OWNER="$PROJECT"
fi
# --- PASO 2: LIMPIEZA DE PLUGINS MALICIOSOS ---
if [ -d "$SITE/wp-content/plugins" ]; then
ls "$SITE/wp-content/plugins" | grep -E "$BAD_PLUGINS_REGEX" | while read mal_plugin; do
echo " [MALWARE] Eliminando plugin sospechoso: $mal_plugin"
rm -rf "$SITE/wp-content/plugins/$mal_plugin"
done
fi
# --- PASO 3: PROPIETARIO Y PERMISOS ---
# Ahora que no hay candado, chown y chmod funcionarán
chown -R "$OWNER:$OWNER" "$SITE"
chmod -R u=rwX,g=rX,o=rX "$SITE"
# --- PASO 4: CONFIGURACIÓN DE UPLOADS ---
if [ -d "$SITE/wp-content/uploads" ]; then
chgrp -R www-data "$SITE/wp-content/uploads"
chmod -R 775 "$SITE/wp-content/uploads"
cat > "$SITE/wp-content/uploads/.htaccess" << 'EOF'
<Files *.php>
deny from all
</Files>
EOF
chown "$OWNER:www-data" "$SITE/wp-content/uploads/.htaccess"
chmod 644 "$SITE/wp-content/uploads/.htaccess"
chattr +i "$SITE/wp-content/uploads/.htaccess" # Bloqueamos este también
fi
# --- PASO 5: RESTAURACIÓN Y BLOQUEO FINAL ---
# Limpiamos el index por si fue re-infectado
echo '<?php define("WP_USE_THEMES", true); require __DIR__ . "/wp-blog-header.php";' > "$SITE/index.php"
# Ponemos el candado de nuevo
chattr +i "$SITE/index.php" "$SITE/.htaccess"
echo " [OK] $PROJECT blindado correctamente."
done
echo "=================================================="
echo "PROCESO COMPLETADO SIN ERRORES DE PERMISOS"
echo "=================================================="