Every time, a hacker would mutilate the index.htm, index.php or index.html file in public_html and also "exult" by appending "Hacked by" somewhere.

Run the following script via cron on a regular base to discover whether an index file in any user public_html directory was hacked or not.

Just copy this code into a file, save it somewhere as hackers.sh, chmod 755 and run via cron daily.

Code:
#!/bin/sh 
for i in `cat /etc/trueuserdomains| awk {'print $2'}`; 
do grep -rl "Hacked" /home/$i/public_html/index.htm; 
done | mail -s "Infected Files" your@emailaddress

for i in `cat /etc/trueuserdomains| awk {'print $2'}`; 
do grep -rl "Hacked" /home/$i/public_html/index.html; 
done | mail -s "Infected Files" your@emailaddress

for i in `cat /etc/trueuserdomains| awk {'print $2'}`; 
do grep -rl "Hacked" /home/$i/public_html/index.php; 
done | mail -s "Infected Files" your@emailaddress
Was this answer helpful? 0 Users Found This Useful (0 Votes)