D7net
Home
Console
Upload
information
Create File
Create Folder
About
Tools
:
/
proc
/
3
/
root
/
opt
/
dedrads
/
extras
/
Filename :
defacement_fixer
back
Copy
#!/bin/bash #load functions + banners source /opt/dedrads/radsfunctions.sh if [ "$RADSCOLORS" == "off" ]; then radsbanner-nocolor echo "WARNING: THIS TOOL IS NOT TO BE USED WITHOUT THE APPROVAL OF A TIER III ADMIN" else radsbanner echo "WARNING: THIS TOOL IS NOT TO BE USED WITHOUT THE APPROVAL OF A TIER III ADMIN" fi function usage { echo echo "This script will restore multiple defaced sites from a clean backup location." echo "Usage: defacement_fixer.sh FILELIST TARGET BKMNT" echo echo "You will then be prompted to enter a unique string found in the defaced page source." echo echo "where:" echo " FILELIST: list of infected files with full paths obtained by a scan" echo " (to perform a scan, use the defacement_scan.sh script)" echo " TARGET: partition that contains the infected/defaced pages (typically /home)" echo " BKMNT: partition that contains the uninfected/clean pages (typically /bkmnt)" echo } test -z $1 && usage && echo "ERROR: You must supply a list of affected files." && exit LIST=$1 TARGET=$2 BKMNT=$3 HACKEDSTRING="$4" IFS=$'\n'; SESSIONID=`date +%s` if [ "$TARGET" == "/home" ]; then echo else echo "ERROR: Cannot process defacement request outside of /home with this version." echo "This defacement replacement must be done manually by a senior T3 administrator." exit 0 fi if [ "$BKMNT" == "/bkmnt" ]; then echo else echo "ERROR: Cannot process defacement request outside of /bkmnt with this version." echo "This defacement replacement must be done manually by a senior T3 administrator." exit 0 fi echo > /var/log/defacement_fixer.log.$SESSIONID if [ -z "$4" ]; then echo echo "You must enter a UNIQUE string that is found in the source of the defaced pages. " echo "example: Rooted By Dr.Net (do not include any quotes)" echo echo -n "Enter the string now: " read HACKEDSTRING fi echo echo echo "To confirm, we are about to launch a mass defacement replacement on `hostname -s`." echo "We will be replacing all files found in $1 that contain $HACKEDSTRING" echo "with backups from $BKMNT if available." echo echo " *** You can view the log for this session in: /var/log/defacement_fixer.log.$SESSIONID ***" echo function lecho { echo "$(date) $@" >> /var/log/defacement_fixer.log.$SESSIONID } lecho "started run on file $1" echo "$(date) started run on file $1" for file in $(cat $LIST | awk -F: '{print $1}'); do if fgrep -c "$HACKEDSTRING" "$file" &>/dev/null; then lecho " $file infected - attempting repair " BKPINFECTED=DUNNO echo "/bkmnt/${file}" if fgrep -c "$HACKEDSTRING" /bkmnt/${file} &>/dev/null; then BKPINFECTED=TRUE fi if [ "$BKPINFECTED" == "TRUE" ]; then lecho "$file clean failed: backups are also infected" echo "$file clean failed: backups are also infected" >> /var/log/mayhacks.log else lecho "cp -a /bkmnt/${file} $file " cp -a "/bkmnt/${file}" "$file" if [ $? -gt 0 ]; then lecho "error correcting $file" fi fi else lecho "$file clean" fi done