From b88f0e56bf8e33ca6d77c0fbd0c419881452960e Mon Sep 17 00:00:00 2001 From: Peca Date: Tue, 15 Jul 2025 18:44:02 +0200 Subject: [PATCH] New command: v-delete-wordpress-uploads-php-files --- bin/v-delete-wordpress-uploads-php-files | 70 ++++++++++++++++++++++++ bin/v-desinfect-wordpress | 1 + 2 files changed, 71 insertions(+) create mode 100644 bin/v-delete-wordpress-uploads-php-files diff --git a/bin/v-delete-wordpress-uploads-php-files b/bin/v-delete-wordpress-uploads-php-files new file mode 100644 index 00000000..4ef12f1e --- /dev/null +++ b/bin/v-delete-wordpress-uploads-php-files @@ -0,0 +1,70 @@ +#!/bin/bash +# info: delete PHP files from WordPress uploads folder +# options: DOMAIN + +#----------------------------------------------------------# +# Variable & Function # +#----------------------------------------------------------# + +[ "$(whoami)" != "root" ] && { echo "You must be root to run this command."; exit 1; } +source /etc/profile + +DOMAIN="$1" +[ -z "$DOMAIN" ] && { echo "Usage: v-delete-wordpress-uploads-php-files DOMAIN"; exit 1; } + +USER="$(/usr/local/vesta/bin/v-search-domain-owner "$DOMAIN")" +[ -z "$USER" ] && { echo "Domain $DOMAIN does not exist."; exit 1; } + +WP_PATH="/home/$USER/web/$DOMAIN/public_html" +[ ! -f "$WP_PATH/wp-config.php" ] && { echo "WordPress is not installed on this domain."; exit 1; } + +quarantined=0; + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +cd "$WP_PATH" || exit 1 + +files=$(find wp-content/uploads/ -type f -name "*.php") + +if [ -z "$files" ]; then + echo "= No PHP files found in WordPress uploads folder." + exit 0; +fi + +echo "= Found PHP files in WordPress uploads folder for domain $DOMAIN :" +echo "-------------------------------------" +echo "$files" +echo "-------------------------------------" + +while true; do + read -r -p "Do you want to delete these files? (y/n): " RESPONSE < /dev/tty + if [ "$RESPONSE" == "y" ] || [ "$RESPONSE" == "Y" ]; then + for file in $files; do + source_file="/home/$USER/web/$DOMAIN/public_html/$file" + destination_file="/srv/wp-uploads-php-files-quarantine/$DOMAIN/$file" + destination_folder=$(dirname "$destination_file") + mkdir -p "$destination_folder" + chown $USER:$USER "$destination_folder" + mv "$source_file" "$destination_file" + echo "= File $source_file moved to $destination_file" + quarantined=1; + done + chown -R $USER:$USER "/srv/wp-uploads-php-files-quarantine/$DOMAIN" + break; + fi + if [ "$RESPONSE" == "n" ] || [ "$RESPONSE" == "N" ]; then + break; + fi +done + +echo "" +if [ $quarantined -eq 1 ]; then + echo "= All PHP files moved to quarantine." + echo "= You can find them in /srv/wp-uploads-php-files-quarantine/$DOMAIN" +else + echo "= No PHP files found in WordPress uploads folder." +fi + +exit 0; \ No newline at end of file diff --git a/bin/v-desinfect-wordpress b/bin/v-desinfect-wordpress index dbcda395..fcdc2f66 100644 --- a/bin/v-desinfect-wordpress +++ b/bin/v-desinfect-wordpress @@ -33,6 +33,7 @@ declare -a tasks=( "/usr/local/vesta/bin/v-change-wordpress-admin-passwords" "/usr/local/vesta/bin/v-fix-wordpress-core" "/usr/local/vesta/bin/v-delete-inactive-wordpress-plugins-and-themes" + "/usr/local/vesta/bin/v-delete-wordpress-uploads-php-files" "/usr/local/vesta/bin/v-wf-malware-hyperscan-with-remediate" "INTERACTIVE=1 /usr/local/vesta/bin/v-wf-malware-hyperscan-with-remediate" )