File: //var/log/spamavoid/insertintodb.sh
#mysql -e "CREATE DATABASE IF NOT EXISTS adodisho_spam" ;
#mysql -e "use adodisho_spam; create table spamemailcount (cnt INT,path VARCHAR(255));"
#mysql -uadodisho_spam -pSpam6909 -e "use adodisho_spam; select * from spamemailcount"
#mysql -e "use adodisho_spam; delete from spamemailcount"
#mysql -uadodisho_spam -pSpam6909 -e "use adodisho_spam; select * from spamemailcount where cnt >= 50"
file=`echo $1 | sed 's/www.//g'`
res=`mysql -uadodisho_spam -pSpam6909 -e "use adodisho_spam; select cnt from spamemailcount where path = '$2' limit 0,1"`
cnt=`echo $res | cut -d' ' -f2`
echo "insertintodb.sh: File: $2 Count is $cnt" ;
if [ -z "$res" ]
then
mysql -uadodisho_spam -pSpam6909 -e "use adodisho_spam; INSERT INTO spamemailcount (cnt,path) VALUES(1,'$2');"
exit ;
fi
mysql -uadodisho_spam -pSpam6909 -e "use adodisho_spam; update spamemailcount SET cnt=cnt+1 where path = '$2'" ;
dom=`echo $file | cut -d/ -f1`
#Check if the file is there in the exception list.
grep $2 /var/log/spamavoid/php_email_sending_exception.txt
if [ $? == 0 ]
then
echo "This $2 is allowed to send emails, But keep a check on $cnt"
exit ;
fi
#sometimes we are not able to find out the exact file, which is sending the spam. We end up with only dir name.
#even if it is dir, and if it is exceeding the count.
if [[ -d $2 ]]
then
if [ $cnt -gt 20 ]
then
#If not present in the black list alreayd, add it.
grep $dom /var/log/spamavoid/email-blacklist.txt
if [ $? != 0 ]
then
echo "$dom" >> /var/log/spamavoid/email-blacklist.txt
echo "Adding the domain $dom in the black list with count, This is not a file, It is a dir"
fi
fi
fi
if [ $cnt -gt 5 ]
then
d=`date` ;
#If file exists
if [[ -f $2 ]]
then
grep -l eval $2 | xargs grep base64_decode
if [ $? -eq 0 ]; then
echo "===================================================================================> Pattern 1 matched, Count $cnt" ;
chmod 0000 $2
echo $2 $cnt $d >> /var/log/spamavoid/spam_sending_details.log
fi
grep -Z -m 1 eval $2 | grep strto | grep isset
if [ $? -eq 0 ]; then
echo "===================================================================================> Pattern 2 matched, Count $cnt" ;
chmod 0000 $2
echo $2 $cnt $d >> /var/log/spamavoid/spam_sending_details.log
fi
grep -E -l '(\[[0-9]+\][^\[]*){15,}' $2
if [ $? -eq 0 ]; then
echo "===================================================================================> Pattern 3 Matched: Count $cnt" ;
chmod 0000 $2
echo $2 $cnt $d >> /var/log/spamavoid/spam_sending_details.log
fi
fi
fi
if [ $cnt -gt 40 ]
then
#If file exists
if [[ -f $2 ]]
then
if [[ $2 == *"wp-comments-post.php"* ]]
then
sed -i '1s/^/This file is sending lots of spam Emails, May be due to not having captcha or your website is hacked. Please look into this problem\nWe are currently suspending this file. If needed, Please fix this problem correctly. If it sends spam Emails again, this file will be deleted automatically. \nIf you have any issues, Kindly send email to support@hostingraja.in/' $2
echo "Going to change the mode : $2" ;
chmod 0000 $2
elif [[ $2 == *"index.php" ]]
then
echo "This is index.php file" ;
grep $dom /var/log/spamavoid/email-blacklist.txt
if [ $? != 0 ]
then
echo "$dom" >> /var/log/spamavoid/email-blacklist.txt
echo "Adding the domain $dom in the black list with count"
fi
else
echo "Changing the mode : $2" ;
chmod 0000 $2
#rm -v $2
d=`date` ;
echo $2 $cnt $d >> /var/log/spamavoid/spam_sending_details.log
fi
fi
#If not present in the black list alreayd, add it.
grep $dom /var/log/spamavoid/email-blacklist.txt
if [ $? != 0 ]
then
echo "$dom" >> /var/log/spamavoid/email-blacklist.txt
echo "Adding the domain $dom in the black list with count"
fi
fi