Posts

bash + python script to find wordpress malware and delete it.

OK so there are three parts to this script. 1. An exclude list 2. The script 3. A python script to check for randomness. The idea is it finds spammy-looking filenames and then runs a python entropy script to check if the file is random-ish internally. It then offers to delete. Note that real virii have an entropy in the 5.8 region, because they use code obfuscators. If the entropy is lower than that rather skip deleting and manually check the file. I know about wordfence-cli but I do not like it. Flags are -f for find and -d to delete. It prompts for each delete. 1. The script sudo mkdir -p /scripts/wordpress/ sudo vi /scripts/wordpress/find_spam_crap.sh #!/bin/bash export TERM='xterm-256color' # File containing known, safe PHP filenames to ignore IGNORE_FILE="/scripts/wordpress/find_spam_crap.ignore" # File containing all known filenames for exhaustive English exclusion EXCLUDE_FILE="/scripts/wordpress/find_spam_crap.exclude" # Function to load ignore list