-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathwp-malware-scan.sh
More file actions
44 lines (32 loc) · 1.23 KB
/
wp-malware-scan.sh
File metadata and controls
44 lines (32 loc) · 1.23 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
#!/bin/bash
# WordPress Malware Scanner Script
# Compatible with Ubuntu 20.04–24.04
echo "---- Installing required tools ----"
sudo apt update
sudo apt install -y curl git clamav rkhunter libjson-perl
echo "---- Updating ClamAV signatures ----"
sudo freshclam
# Optional: Restart ClamAV daemon if enabled
sudo systemctl stop clamav-freshclam.service || true
echo "---- Downloading Linux Malware Detect (LMD) ----"
cd /opt/
sudo git clone https://github.com/rfxn/linux-malware-detect.git
cd linux-malware-detect
sudo ./install.sh
echo "---- Updating LMD malware signatures ----"
/usr/local/maldetect/maldet --update
# Load config
CONFIG_FILE="/etc/wp-malware-scan.conf"
if [ -f "$CONFIG_FILE" ]; then
source "$CONFIG_FILE"
else
WP_PATH="/var/www/html"
fi
echo "---- Scanning WordPress site at $WP_PATH ----"
/usr/local/maldetect/maldet --scan-all $WP_PATH
echo "---- Suggesting suspicious files ----"
/usr/local/maldetect/maldet --report recent
echo "---- Scanning for known PHP backdoors ----"
grep -r --include="*.php" -E "eval\(|base64_decode\(|gzinflate\(|shell_exec\(|passthru\(|system\(" $WP_PATH > ~/suspicious_php.txt
echo "Results saved in ~/suspicious_php.txt and /usr/local/maldetect/events/"
echo "---- Scan complete ----"