Skip to content

Instantly share code, notes, and snippets.

@rushipkar90

rushipkar90/quickcheck-spamming.sh

Created September 25, 2015 16:21
Show Gist options
  • Save rushipkar90/fbd5a8bb1f0c2f524a96 to your computer and use it in GitHub Desktop.
Save rushipkar90/fbd5a8bb1f0c2f524a96 to your computer and use it in GitHub Desktop.
Download ZIP
quickcheck-spamming.sh
Raw
quickcheck-spamming.sh
#/bin/bash
echo > /usr/local/src/temp_eximlog
echo > /usr/local/src/maliciousresults
echo > /usr/local/src/maliciousfiles
a=`date --date="3 hours ago" +%Y-%m-%d\ %H`
b=`date +%Y-%m-%d\ %H`
awk -v s="$a" -v e="$b" '$0~s,$0~e' /var/log/exim_mainlog >> /usr/local/src/temp_eximlog
cat /usr/local/src/temp_eximlog | awk '{print $3}' | grep /home | sort | uniq -c | sort -nr > scanmaillogdir.txt
for i in `cat /usr/local/src/scanmaillogdir.txt | cut -d= -f2` ; do
find $i -type f -name '*.php' -exec egrep -q 'yMxbgVDJ96|wUu2jGoB|$xYEzDu6r3EZT|$ZR2%tuMpYFr|$knmui74|x47LOBA|EWnBCG-hUfK|vC82XHO|rOqYibX4WA|ALaEJ!Pw|vHHEE8M|v08X2QH|vO5CQ7A|qjyxw29' {} \; -print >> /usr/local/src/maliciousfiles
find $i -type f -name "*.php" -exec grep -lr "eval(v" {} \; >> /usr/local/src/maliciousfiles
done
hostsa=`hostname`
if [ `cat /usr/local/src/maliciousfiles |grep -v -e '^$' |wc -l` -ne 0 ]
then
cat /usr/local/src/maliciousfiles | mail -s "Mail stats for $hostsa" [email protected]
fi
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment