diff --git a/bin/v-lock-wordpress b/bin/v-lock-wordpress new file mode 100644 index 00000000..e722abaa --- /dev/null +++ b/bin/v-lock-wordpress @@ -0,0 +1,70 @@ +#!/bin/bash +# info: Lock WordPress files if they are potentially infected (somewhere) by PHP malware, in order to stop further infection +# options: DOMAIN + +#----------------------------------------------------------# +# Variable&Function # +#----------------------------------------------------------# + +whoami=$(whoami) +if [ "$whoami" != "root" ]; then + echo "You must be root to execute this script" + exit 1 +fi + +# Argument definition +domain=$1 + +user=$(/usr/local/vesta/bin/v-search-domain-owner $domain) +if [ -z "$user" ]; then + check_result $E_NOTEXIST "domain $domain doesn't exist" +fi + +#----------------------------------------------------------# +# Verifications # +#----------------------------------------------------------# + +check_args '1' "$#" 'DOMAIN' +is_format_valid 'domain' +is_object_valid 'user' 'USER' "$user" +is_object_unsuspended 'user' 'USER' "$user" + +if [ ! -d "/home/$user" ]; then + echo "User doesn't exist"; + exit 1; +fi + +if [ ! -d "/home/$user/web/$domain/public_html" ]; then + echo "Domain doesn't exist"; + exit 1; +fi + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +cd /home/$user/web/$domain/public_html + +# lock files +chown -R www-data:www-data public_html/ + +# unlock /wp-content/uploads/ for uploading +chown -R $user:$user public_html/wp-content/uploads/ + +# block .php execution inside /wp-content/uploads/ +cat <public_html/wp-content/uploads/.htaccess +RewriteEngine on +RewriteRule ^.*\.(?:php[1-6]?|pht|phtml?)$ - [NC,F] +EOF + +chown root:root public_html/wp-content/uploads/.htaccess + +#----------------------------------------------------------# +# Vesta # +#----------------------------------------------------------# + +echo "v-lock-wordpress: Done." + +log_event "$OK" "$ARGUMENTS" + +exit