How to find specific files and send alerts

Maintaining a shared hosting server is a full time job but tools and proper checks and balances can help make this burden lot less. I manage a shared hosting server for one of my friends and numerous times the scripts that people have installed over on their websites have vulnerabilities and hackers exploit it to upload stuff that mass-email or do other nasty stuff. Luckily, most of these exploits have common patterns like files names or other signatures that make them traceable (most of the time the so called hackers are just kiddy scripts)

Create a file and put this in it

#!/bin/bash
find /home -name 'paypal.com*' | mail -s '[Woodcrest] Phishing Alert!' me@mydomain.com
find /home -name 'rout.php' | mail -s '[Woodcrest] Phishing Alert - Mail Bomber!' me@mydomain.com

This is a small script that finds specific named scripts in the /home directory (mostly cPanel servers). You can put this in the crontab to do a scan every x hours or so.

Have any questions or comments? feel free to post them below!