new patterns, automation

cms-ver.php

@@ -194,6 +194,7 @@
         array("e107", "/e107_admin/ver.php", "\$e107info['e107_version']", "EOL"),
         array("Glype", "/includes/settings.php","\$CONFIG['version'] =", "EOL"),
         array("ListMail", "/admin.php", "\$current_version =", "EOL"),
+        array("phpGedView", "/config.php", "\$CONFIG_VERSION =", "EOL"),
 
 // still need to work on these
     array("Silverstripe", "/cms/silverstripe_version", "*"), //needs review

cms-vss.php

@@ -208,6 +208,7 @@
         array("e107", "/e107_admin/ver.php", "\$e107info['e107_version']", "EOL"),
         array("Glype", "/includes/settings.php","\$CONFIG['version'] =", "EOL"),
         array("ListMail", "/admin.php", "\$current_version =", "EOL"),
+        array("phpGedView", "/config.php", "\$CONFIG_VERSION =", "EOL"),
 
 
 // still need to work on these

malware6.pl

@@ -1423,14 +1423,17 @@ foreach my $file (sort @files) {
         next if $file eq 'charmap.php';
         next if $file eq 'main-modules.php';
         next if $file eq 'wp-super-cache.php';
-        next if $file eq 'user-edit.php';
-        next if $file eq 'youtube.php';
         next if $file eq 'FMModelForm_maker_fmc.php';
         next if $file eq 'menu_scan.php';
         next if $file eq 'style_dynamic.php';
         next if $file eq 'ninja-forms-submission.csv';
         next if $file eq 'Nette.min.php';
         next if $file eq 'ninja-forms-submission.csv';
+        next if $file eq 'sitepress.class.php';
+        next if $file eq 'slider-main-options.php';
+        next if $file eq 'class-fscf-options.php';
+        next if $file eq 'wpGoogleMaps.php';
+        next if $file eq 'wppa-settings-autosave.php';
         
         print "Scanning $start_dir/$file... ";
 

run.sh

@@ -0,0 +1,37 @@
+#bin/sh!
+
+# checking for unrelated
+echo '[*] Checking for Unrelated Data';
+echo
+echo '[*] Directories with more than 1GB size:';
+    du -h ./ | grep '[0-9]G\>'
+echo
+echo '[*]Fixing file and folder permissions:';
+    #directories
+    find public_html/ -perm 0000 -follow -type d -print -exec chmod 755 {} \;
+    find public_html/ -perm +og+w -follow -type d -print -exec chmod 755 {} \;
+    # files
+    find public_html/ -perm 0000 -follow -type f -print -exec chmod 644 {} \;
+    find public_html/ -perm 0400 -follow -type f -print -exec chmod 644 {} \;
+    find public_html/ -perm 0440 -follow -type f -print -exec chmod 644 {} \;
+    find public_html/ -perm 0444 -follow -type f -print -exec chmod 644 {} \;
+    find public_html/ -perm +og+w -follow -type f -print -exec chmod 644 {} \;
+    # Perl/CGI
+    find public_html/ -perm +og+w -follow -type f -name "*.cgi" -print -exec chmod 755 {} \;
+    find public_html/ -perm +og+w -follow -type f -name "*.pl" -print -exec chmod 755 {} \;
+echo
+echo '[*] Files with more than 10M size:';
+    find ./ -size +10000k -exec du -sh {} \;
+echo
+echo '[*] Running the malware cleaner:'
+    perl /home/$(whoami)/public_html/LP-MSH-Scanner/malwaresh.pl $(whoami)
+echo
+echo '[*] Running the Python scanner :'
+    python /home/$(whoami)/public_html/LP-MSH-Scanner/scan.py --minscore=10 /home/$(whoami) | grep filename
+echo
+echo '[*] Running the CMS Version Scanner:'
+    php -d memory_limit=512M /home/$(whoami)/public_html/LP-MSH-Scanner/cms-vss.php $(whoami)
+echo
+echo '[*] Running the PHP Scanner:'
+    cd /home/$(whoami)/public_html/LP-MSH-Scanner && php -d memory_limit=512M scan.php
+