统计php更改文件,可疑文件
#!/bin/bash
#wirtebyzhenglong20150818
#Centos
#phpTrojanchecking
email="1525356778@qq.com"
rm-rf/tmp/file.txt
echo"Containsuspiciousfiles:">>/tmp/file.txt
find/-name"*.php"-typef-print0|xargs-0egrep"(phpspy|c99sh|milw0rm|eval\(gzuncompress\(base64_decoolcode|eval\(base64_decoolcode|spider_bc|gzinflate)"|awk-F:'{print$1}'|sort|uniq>>/tmp/file.txt
echo-e"\nContainfile_put_contents:">>/tmp/file.txt
grep-r--include=*.php'file_put_contents(.*$_POST\[.*\]);'/>>/tmp/file.txt
echo-e"\nContaineval:">>/tmp/file.txt
grep-r--include=*.php'[^a-z]eval($_POST'/>>/tmp/file.txt
echo-e"\nPHPfilechangeinoneday:">>/tmp/file.txt
find/-mtime-1-typef-name*.php>>/tmp/file.txt
cat/tmp/file.txt|mail-s"PHPTrojan"${email}
声明:本站所有文章资源内容,如无特殊说明或标注,均为采集网络资源。如若本站内容侵犯了原著者的合法权益,可联系本站删除。
