myvesta/bin/v-lock-wordpress

94 lines
2.4 KiB
Bash

#!/bin/bash
# info: Lock WordPress files if they are potentially infected (somewhere) by PHP malware, in order to stop further infection
# options: DOMAIN
#----------------------------------------------------------#
# Variable&Function #
#----------------------------------------------------------#
whoami=$(whoami)
if [ "$whoami" != "root" ]; then
echo "You must be root to execute this script"
exit 1
fi
# Importing system environment
source /etc/profile
# Argument definition
domain=$1
user=$(/usr/local/vesta/bin/v-search-domain-owner $domain)
USER=$user
# Includes
source /usr/local/vesta/func/main.sh
if [ -z "$user" ]; then
check_result $E_NOTEXIST "domain $domain doesn't exist"
fi
unlock_folder() {
chown -R $user:$user $1/
# block .php execution inside folder
cat <<EOF >$1/.htaccess
RewriteEngine on
RewriteRule ^.*\.(?:php[1-6]?|pht|phtml?)$ - [NC,F]
EOF
chown root:root $1/.htaccess
}
#----------------------------------------------------------#
# Verifications #
#----------------------------------------------------------#
check_args '1' "$#" 'DOMAIN'
is_format_valid 'domain'
is_object_valid 'user' 'USER' "$user"
is_object_unsuspended 'user' 'USER' "$user"
if [ ! -d "/home/$user" ]; then
echo "User doesn't exist";
exit 1;
fi
if [ ! -d "/home/$user/web/$domain/public_html" ]; then
echo "Domain doesn't exist";
exit 1;
fi
#----------------------------------------------------------#
# Action #
#----------------------------------------------------------#
cd /home/$user/web/$domain
# lock files
chown -R www-data:www-data public_html/
# set correct chmod just in case
find public_html/ -type d -exec chmod 755 {} +
find public_html/ -type f -exec chmod 644 {} +
# unlock /wp-content/uploads/ for uploading
if [ -d "/home/$user/web/$domain/public_html/wp-content/uploads" ]; then
unlock_folder "public_html/wp-content/uploads"
fi
# unlock /wp-content/cache/ for caching
if [ -d "/home/$user/web/$domain/public_html/wp-content/cache" ]; then
unlock_folder "public_html/wp-content/cache"
fi
#----------------------------------------------------------#
# Vesta #
#----------------------------------------------------------#
echo "v-lock-wordpress: Done."
log_event "$OK" "$ARGUMENTS"
exit