freshclam && clamscan -i -r –log=/root/clamscan.log /home/*/public_html &
find /home/*/public_html -type f \( -name “*.cgi” -o -name “*.php” \) -print0 | xargs -0 egrep ‘(\/tmp\/cmdtemp|SnIpEr_SA|Bhl
ynx|x2300|c99shell|r57shell|milw0rm|g00nshell|locus7|MyShell|PHP\ Shell|phpshell|PHPShell|PHPKonsole|Haxplorer|phpRemoteView|w4ck1ng|PHP-Proxy|Locus7s|ccteam)’ | cut -d ‘:’ -f1 | sort | uniq > shellcheck.txt && cat shellcheck.txt |mail -s “shellcheck from `hostname` on `date`” user@domain.com &
find /home/*/public_html -type f -print0 | xargs -0 egrep ‘(\/tmp\/cmdtemp|SnIpEr_SA|Bhlynx|x2300|c99shell|r57shell|milw0rm|g00nshell|w4ck1ng|PHP-Proxy|Locus7s|ccteam)’ | cut -d ‘:’ -f1 | sort | uniq >> shellcheck.txt && cat shellcheck.txt
find . /home*/*/public_html -type f -print | xargs grep cn:8080 > iframe.txt
for it in $(ddos|awk ‘{print $2}’|head -n 6);do csf -d $it;done
for it in $(cat out |awk ‘{print $2}’|cut -f1-4 -d.|sort|uniq -c|sort -rn|awk ‘{print $2}’|grep -v 67.227.152|grep -v 59.174|head -n 40);do csf -d $it;done
for it in $(ddos|awk ‘{print $2}’|head -n 8);do csf -d $it;done
more shellcheck.txt
cat shellcheck.txt | xargs ls -lart