Thursday, 1 August 2013

How to find PHP Shell on your server

In most of the hacking or defacing the most common tool used is PHP Shell. If you scan your server regularly for php shell and delete them you can avoid many hacking and defacing attempt on your server.

#Scanning all users directory for various php shell
# Below command is one line so see that its one line in your script or else it will generate error

echo "No PHP Shell was Found" > /root/scan.txt
/bin/egrep "cgitelnet|webadmin|PHPShell|tryag|r57shell|c99shell|noexecshell|/etc/passwd|revengans|myshellexec" /home/*/public_html -R | cut -d: -f1 | uniq > /root/scan.txt

/bin/cat /root/scan.txt | mail -s "PHP Shell Scan"

#Replace your email address above

#Cron Settings
# 0 6 * * * PATH TO SCRIPT
The above script is a very simple shell script which will scan all public_html directories of all cpanel accounts for various php shell. Then the script will mail you the locations of PHP Shell. You can set cron for this script to run once a day. If you check the code I have added a cron for it which you can use which will execute the script on 6th hour daily.

No comments:

Post a Comment