403Webshell
Server IP : 146.190.157.162  /  Your IP : 216.73.217.6
Web Server : Apache
System : Linux ubuntu-s-2vcpu-4gb-amd-sfo3-01-KIT-DIGITAL 6.5.0-44-generic #44-Ubuntu SMP PREEMPT_DYNAMIC Fri Jun 7 15:10:09 UTC 2024 x86_64
User : businessweek ( 639)
PHP Version : 8.2.10-2ubuntu2.2
Disable Function : exec,passthru,shell_exec,system,proc_open,popen,pcntl_exec,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_signal,pcntl_signal_dispatch,pcntl_getpriority,pcntl_setpriority,dl,putenv,parse_ini_file,show_source
MySQL : OFF  |  cURL : ON  |  WGET : ON  |  Perl : ON  |  Python : OFF  |  Sudo : ON  |  Pkexec : OFF
Directory :  /var/www/html/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :


[ Back ]     

Current File : /var/www/html/fix-permissions-all.sh
#!/bin/bash

BASE="/var/www/html"
BAD_PLUGINS_REGEX="asazysac|javax-|u-short|urshort"

for SITE in "$BASE"/*; do
  [ -d "$SITE" ] || continue
  [ -f "$SITE/wp-config.php" ] || continue

  PROJECT=$(basename "$SITE")
  echo ">>> Procesando: $PROJECT"

  # --- PASO 0: DESBLOQUEO INICIAL ---
  # Quitamos la inmutabilidad de los archivos críticos para poder trabajar
  chattr -i "$SITE/index.php" "$SITE/.htaccess" "$SITE/wp-config.php" 2>/dev/null
  if [ -f "$SITE/wp-content/uploads/.htaccess" ]; then
    chattr -i "$SITE/wp-content/uploads/.htaccess" 2>/dev/null
  fi

  # --- PASO 1: VERIFICACIÓN DE USUARIO ---
  if ! id "$PROJECT" &>/dev/null; then
    OWNER="root"
    echo "   [!] Usuario '$PROJECT' no existe, usando root."
  else
    OWNER="$PROJECT"
  fi

  # --- PASO 2: LIMPIEZA DE PLUGINS MALICIOSOS ---
  if [ -d "$SITE/wp-content/plugins" ]; then
    ls "$SITE/wp-content/plugins" | grep -E "$BAD_PLUGINS_REGEX" | while read mal_plugin; do
      echo "   [MALWARE] Eliminando plugin sospechoso: $mal_plugin"
      rm -rf "$SITE/wp-content/plugins/$mal_plugin"
    done
  fi

  # --- PASO 3: PROPIETARIO Y PERMISOS ---
  # Ahora que no hay candado, chown y chmod funcionarán
  chown -R "$OWNER:$OWNER" "$SITE"
  chmod -R u=rwX,g=rX,o=rX "$SITE"

  # --- PASO 4: CONFIGURACIÓN DE UPLOADS ---
  if [ -d "$SITE/wp-content/uploads" ]; then
    chgrp -R www-data "$SITE/wp-content/uploads"
    chmod -R 775 "$SITE/wp-content/uploads"
    
    cat > "$SITE/wp-content/uploads/.htaccess" << 'EOF'
<Files *.php>
    deny from all
</Files>
EOF
    chown "$OWNER:www-data" "$SITE/wp-content/uploads/.htaccess"
    chmod 644 "$SITE/wp-content/uploads/.htaccess"
    chattr +i "$SITE/wp-content/uploads/.htaccess" # Bloqueamos este también
  fi

  # --- PASO 5: RESTAURACIÓN Y BLOQUEO FINAL ---
  # Limpiamos el index por si fue re-infectado
  echo '<?php define("WP_USE_THEMES", true); require __DIR__ . "/wp-blog-header.php";' > "$SITE/index.php"
  
  # Ponemos el candado de nuevo
  chattr +i "$SITE/index.php" "$SITE/.htaccess"
  echo "   [OK] $PROJECT blindado correctamente."

done

echo "=================================================="
echo "PROCESO COMPLETADO SIN ERRORES DE PERMISOS"
echo "=================================================="

Youez - 2016 - github.com/yon3zu
LinuXploit