HEX
Server: nginx/1.18.0
System: Linux vps-9dcdb12e 5.15.0-176-generic #186-Ubuntu SMP Fri Mar 13 11:01:42 UTC 2026 x86_64
User: ubuntu (1000)
PHP: 8.1.2-1ubuntu2.24
Disabled: exec,passthru,shell_exec,system,proc_open,popen,curl_exec,curl_multi_exec,parse_ini_file,show_source
$ pwd: /tmp/
Upload Files
File: //tmp/ovh_audit.sh
#!/bin/bash
BASE=/var/www
echo "ovh_audit_start"
echo "DOMAIN|WP|BACKDOOR|PLUGINS|CASINO_SPAM|MU_PLUGINS"
for d in $(ls $BASE 2>/dev/null | grep -vE '^_|^html|backup'); do
  P="$BASE/$d"
  [ ! -f "$P/wp-config.php" ] && continue
  WPU="sudo -u www-data wp --path=$P --allow-root --skip-themes --skip-plugins"
  # backdoor mu-plugin?
  bd="-"
  [ -f "$P/wp-content/mu-plugins/ultra-builder-live.php" ] && bd="ULTRA"
  # inne mu-plugins
  muc=$(ls "$P/wp-content/mu-plugins/"*.php 2>/dev/null | grep -v index.php | wc -l)
  # liczba wtyczek (katalogi)
  plc=$(ls -d "$P/wp-content/plugins/"*/ 2>/dev/null | wc -l)
  # spam kasynowy (data 2025-08-27 lub sluggi)
  spam=$($WPU db query "SELECT COUNT(*) FROM wp_posts WHERE post_type='post' AND post_status='publish' AND (post_date='2025-08-27 15:37:58' OR post_name REGEXP 'casino|deposit-bonus|free-spins|-slot') AND post_content NOT LIKE '%lvbet%'" --skip-column-names 2>/dev/null | tr -d '[:space:]')
  [ -z "$spam" ] && spam="?"
  # czy WP odpowiada
  wpok=$($WPU option get blogname 2>/dev/null >/dev/null && echo "OK" || echo "ERR")
  echo "$d|$wpok|$bd|$plc|$spam|$muc"
done
echo "ovh_audit_done"
@ Telegram