for 110% paranoids is tool here:
Quote:
<?
/////////////////////////////////////////////////
$ABS_PATH_TO_WWW_DIR="/home/www";
$MYSQL_SERVER="localhost";
$MYSQL_ROOT_USER="root";
$MYSQL_ROOT_PASS="password";
////////////////////////////////////////////////
$i=0;
test ($ABS_PATH_TO_WWW_DIR);
function test($dir) {
global $i;
if(!$dh = @opendir($dir)) return;
while (($obj = readdir($dh))) {
if($obj=='.' || $obj=='..') continue;
if (is_dir($dir.'/'.$obj)) {
test($dir.'/'.$obj);
} else {
if ( (strpos("x".$obj,"pngg")>0) || (strpos("x".$obj,"jpgg")>0)) {
echo $dir.'/'.$obj."...exploit detected\n";
$i++;
unlink ($dir.'/'.$obj);
} else { echo $dir.'/'.$obj."...clean\n";}
}
}
}
$dbLink = mysql_connect($MYSQL_SERVER, $MYSQL_ROOT_USER, $MYSQL_ROOT_PASS) or die("Unable to connect to the database.");
$sql = "show databases";
$query = mysql_query($sql) or die("error fetching database names");
while ($rs=mysql_fetch_array($query)) {
mysql_select_db($rs['Database'],$dbLink) or die("Unable to select database: " . $rs['Database']);
$sql = "show tables";
$query2 = mysql_query($sql) or die("error fetching table names");
while ($rs2=mysql_fetch_array($query2)) {
$key = "Tables_in_" . $rs['Database'];
echo $rs['Database'].":".$rs2[$key];
mysql_query ("delete from ".$rs2[$key]." where option_name='wordpress_options'");
if (mysql_affected_rows()>0) {echo "...exploit detected\n"; $i++;} else {echo "...clean\n";}
}}
echo "============================================\ n";
echo "Infected objects: ".$i."\n";
?>
|