MOON
Server: Apache
System: Linux server30c.hostingraja.org 3.10.0-962.3.2.lve1.5.63.el7.x86_64 #1 SMP Fri Oct 8 12:03:35 UTC 2021 x86_64
User: jibhires (1887)
PHP: 8.1.30
Disabled: show_source, system, shell_exec, passthru, exec, popen, proc_open, allow_url_fopen, symlink, escapeshellcmd, pcntl_exec
$ pwd: /var/log/spamavoid/
Upload Files
File: //var/log/spamavoid/cxscgi.sh
#!/bin/sh
###############################################################################
# Copyright 2009-2015, Way to the Web Limited
# URL: http://www.configserver.com
# Email: sales@waytotheweb.com
###############################################################################
# The option --cgi MUST be used on the cxs command line here
#
# Examples (only use ONE line for cxs scanning):
#/usr/sbin/cxs --quiet --cgi --smtp --mail root "$1"
#/usr/sbin/cxs --quiet --cgi --smtp --mail root --quarantine /home/safe/ "$1"
#/usr/sbin/cxs --quiet --cgi --delete --logfile /var/log/cxs.log --cleanlog "$1"
#
# If you use --logfile, remember to chmod 666 [file] to allow write access
#
# You should include --smtp to allow the nobody user (which ModSecurity runs
# under) to send email.
#/usr/sbin/cxs --quiet --cgi --smtp --mail root "$1"
count=`grep -E -o '<\?php' $1 | wc -l`
echo "Count is $count" >> /var/log/spamavoid/cxscgi.log
if [ $count -gt 0 ]
then
    echo "SCRIPT_FILENAME  $SCRIPT_FILENAME SPT_DOCROOT $SPT_DOCROOT  HTTP_REFERER $HTTP_REFERER" >>  /var/log/spamavoid/cxscgi.log
    echo "REMOTE_ADDR $REMOTE_ADDR" >>  /var/log/spamavoid/cxscgi.log
   /usr/sbin/csf -d $REMOTE_ADDR >>  /var/log/spamavoid/cxscgi.log 2>&1
    echo "Pattern found , So deleting the file $1" >> /var/log/spamavoid/cxscgi.log
    head $1 >> /var/log/spamavoid/cxscgi.log
    mv $1 /home/adodisho/cxs
    rm $1
    echo "0 Error: PHP files not allowed" ;
    exit;
fi
@ Telegram