| Server IP : 103.119.228.120 / Your IP : 18.218.190.118 Web Server : Apache System : Linux v8.techscape8.com 3.10.0-1160.119.1.el7.tuxcare.els2.x86_64 #1 SMP Mon Jul 15 12:09:18 UTC 2024 x86_64 User : nobody ( 99) PHP Version : 5.6.40 Disable Function : shell_exec,symlink,system,exec,proc_get_status,proc_nice,proc_terminate,define_syslog_variables,syslog,openlog,closelog,escapeshellcmd,passthru,ocinum cols,ini_alter,leak,listen,chgrp,apache_note,apache_setenv,debugger_on,debugger_off,ftp_exec,dl,dll,myshellexec,proc_open,socket_bind,proc_close,escapeshellarg,parse_ini_filepopen,fpassthru,exec,passthru,escapeshellarg,escapeshellcmd,proc_close,proc_open,ini_alter,popen,show_source,proc_nice,proc_terminate,proc_get_status,proc_close,pfsockopen,leak,apache_child_terminate,posix_kill,posix_mkfifo,posix_setpgid,posix_setsid,posix_setuid,dl,symlink,shell_exec,system,dl,passthru,escapeshellarg,escapeshellcmd,myshellexec,c99_buff_prepare,c99_sess_put,fpassthru,getdisfunc,fx29exec,fx29exec2,is_windows,disp_freespace,fx29sh_getupdate,fx29_buff_prepare,fx29_sess_put,fx29shexit,fx29fsearch,fx29ftpbrutecheck,fx29sh_tools,fx29sh_about,milw0rm,imagez,sh_name,myshellexec,checkproxyhost,dosyayicek,c99_buff_prepare,c99_sess_put,c99getsource,c99sh_getupdate,c99fsearch,c99shexit,view_perms,posix_getpwuid,posix_getgrgid,posix_kill,parse_perms,parsesort,view_perms_color,set_encoder_input,ls_setcheckboxall,ls_reverse_all,rsg_read,rsg_glob,selfURL,dispsecinfo,unix2DosTime,addFile,system,get_users,view_size,DirFiles,DirFilesWide,DirPrintHTMLHeaders,GetFilesTotal,GetTitles,GetTimeTotal,GetMatchesCount,GetFileMatchesCount,GetResultFiles,fs_copy_dir,fs_copy_obj,fs_move_dir,fs_move_obj,fs_rmdir,SearchText,getmicrotime MySQL : ON | cURL : ON | WGET : ON | Perl : ON | Python : ON | Sudo : ON | Pkexec : ON Directory : /scripts/ |
Upload File : |
#!/usr/local/cpanel/3rdparty/bin/perl
# cpanel - scripts/httpspamdetect Copyright 2022 cPanel, L.L.C.
# All rights reserved.
# copyright@cpanel.net http://cpanel.net
# This code is subject to the cPanel license. Unauthorized copying is prohibited
use strict;
use warnings;
use Cpanel::AcctUtils::DomainOwner::Tiny ();
use Cpanel::SafeRun::Simple ();
use Socket;
my %HTTPPIDS;
my %HTTPVHOSTS;
my %HTTPURL;
my %HTTPOWNER;
my %PCOUNT;
eval {
$SIG{'ALRM'} = sub {
die;
};
alarm(30);
my $proto = getprotobyname('tcp');
socket( WHMS, AF_INET, SOCK_STREAM, $proto );
my $iaddr = inet_aton("127.0.0.1");
my $port = getservbyname( 'http', 'tcp' );
my $sin = sockaddr_in( $port, $iaddr );
connect( WHMS, $sin );
send WHMS, "GET /whm-server-status HTTP/1.0\r\n\r\n", 0;
shutdown( WHMS, 1 );
while ( my $nline = <WHMS> ) {
if ( $nline =~ m/^\<tr bgcolor=\"#ffffff\"\>\<td\>\<b\>\d+/ ) {
if ( $nline =~ m/\d+\-\d+\<[^\>]*\>\<[^\>]*\>(\d+)/ ) {
my $pid = $1;
$nline = <WHMS>;
$nline = <WHMS>;
if ( $nline =~ m/^\<td[^\>]*\>\<font[^\>]*\>[\d+\.]*\<[^\>]*\><[^\>]*\><[^\>]*\>([^\<]*)\<[^\>]*\>\<[^\>]*\>\<[^\>]*\>([^\<]*)/ ) {
my $vhost = $1;
my $req = $2;
my $url = ( split( /\s/, $req, 3 ) )[1];
my $user;
if ( $url && $url =~ m/^\/~([^\/]*)/ ) {
$user = $1;
}
else {
$user = Cpanel::AcctUtils::DomainOwner::Tiny::getdomainowner($vhost);
}
if ($user) {
$HTTPPIDS{$pid} = 1;
$HTTPVHOSTS{$pid} = $vhost;
$HTTPURL{$pid} = $url;
$HTTPOWNER{$pid} = $user;
}
}
}
}
}
alarm(0);
};
alarm(0);
shutdown( WHMS, 2 );
close(WHMS);
my @PROCS = Cpanel::SafeRun::Simple::saferun( 'ps', 'axo', 'user,pid,ppid,command' );
foreach (@PROCS) {
my ( $user, $pid, $ppid, $cmd ) = split( /\s+/, $_ );
if ( $cmd =~ m/exim/ || $cmd =~ m/mail/ ) {
$PCOUNT{ $HTTPOWNER{$ppid} }++;
if ( $HTTPPIDS{$ppid} == 1 && $PCOUNT{ $HTTPOWNER{$ppid} } > 6 ) {
print "Pid $ppid is mailing using [$cmd]..\n";
print "Host: $HTTPVHOSTS{$ppid}\n";
print "Url: $HTTPURL{$ppid}\n";
print "User: $HTTPOWNER{$ppid}\n\n";
}
}
}