From faf10fddc2593fb5e41f14227b6738e72f956c1c Mon Sep 17 00:00:00 2001 From: PovilasKondrotas <80691318+PovilasKondrotas@users.noreply.github.com> Date: Mon, 21 Oct 2024 18:49:41 +0300 Subject: [PATCH] Updated styling, fixed bugs, added more _pwsa for database clean Styling changes for making the UI easier to use. Changed backups procedure --- fix.sh | 166 ++++++++++++++++++++++++++++++++++++++++----------------- 1 file changed, 116 insertions(+), 50 deletions(-) diff --git a/fix.sh b/fix.sh index c7824c2..732fd41 100644 --- a/fix.sh +++ b/fix.sh @@ -7,7 +7,9 @@ BYELLOW='\033[1;33m' GREEN='\033[0;32m' BGREEN='\033[1;32m' BWHITE='\033[1;37m' -PURPLE='\033[0;35m' +BCYAN='\033[1;36m' +#'\033[0;35m' PURPLE not working on Powershell +PURPLE='\033[0m' CHECK="${BGREEN}\xE2\x9C\x85${NC}" CROSS="${BRED}\xE2\x9D\x8C${NC}" WAVE="\xF0\x9F\x91\x8B" @@ -20,23 +22,27 @@ DATE=$(date +%F"_"%H:%M:%S); clear function main { echo -e "\n${BWHITE}Welcome ${WAVE} This script is capable of:${NC}" - echo -e "1)${BGREEN} Search & Replace${NC} - you can search and replace domains/subdomains. ${BWHITE}All CMS compatible.${NC}" - echo -e "2)${BGREEN} List suspicious files${NC} - lists suspicious files in suspiciousFiles.txt. ${BWHITE}All CMS compatible.${NC}" - echo -e "3)${BGREEN} Malware Fix${NC} - tries to fix infected WordPress website." - echo -e "4)${BGREEN} Vulnerabilities checker${NC} ${BRED}[NEW]${NC} - checks for vulnerable WordPress plugins & themes." - echo -e "5)${BGREEN} Install SSL${NC} - generates SSL keys automatically. ${BWHITE}All CMS compatible.${NC}" - echo -e "6)${BGREEN} Update plugins${NC} - updates all WordPress plugins." - echo -e "7)${BGREEN} Update themes${NC} - updates all WordPress themes." - echo -e "8)${BGREEN} Update core files${NC} - updates WordPress core files." - echo -e "9)${BGREEN} Reinstall core files${NC} - reinstalls WordPress core files." - echo -e "10)${BGREEN} Repair database${NC} - repairs WordPress database." - echo -e "11)${BGREEN} Flush Elementor cache${NC} - flushes WordPress Elementor cache." - echo -e "12)${BGREEN} Flush LiteSpeed cache${NC} - flushes WordPress LiteSpeed cache." - echo -e "13)${BGREEN} Test PHP mail${NC} - allows to test PHP mail easier." - echo -e "14)${BGREEN} Scan and print databases${NC} - allows to see which databases belong to all domain/subdomain in WP sites." - echo -e "15)${BGREEN} Remove Japanese keyword hack${NC} - removes malicious Japanese content. (Only for Latin sites)" - echo -e "16)${BGREEN} Remove all injections in the database${NC} - removes all malicious database entries" - echo -e "17)${BGREEN} Malware scan in uploads folder${NC} - removes unwanted files within the WordPress Uploads folder" + echo -e "${BCYAN}Malware Cleanup${NC}" + echo -e "1)${BGREEN} Malware Fix${NC} - tries to fix infected WordPress website." + echo -e "2)${BGREEN} Remove Japanese keyword hack${NC} - removes malicious Japanese content. (Only for Latin sites)" + echo -e "3)${BGREEN} Remove all injections in the database${NC} - removes all malicious database entries" + echo -e "4)${BGREEN} Malware scan in uploads folder${NC} - removes unwanted files within the WordPress Uploads folder" + echo -e "5)${BGREEN} List suspicious files${NC} - lists suspicious files in suspiciousFiles.txt. ${BWHITE}All CMS compatible.${NC}" + echo -e "${BCYAN}Cache Clear${NC}" + echo -e "6)${BGREEN} Flush Elementor cache${NC} - flushes WordPress Elementor cache." + echo -e "7)${BGREEN} Flush LiteSpeed cache${NC} - flushes WordPress LiteSpeed cache." + echo -e "${BCYAN}Tools${NC}" + echo -e "8)${BGREEN} Search & Replace${NC} - you can search and replace domains/subdomains. ${BWHITE}All CMS compatible.${NC}" + echo -e "9)${BGREEN} Update plugins${NC} - updates all WordPress plugins." + echo -e "10)${BGREEN} Update themes${NC} - updates all WordPress themes." + echo -e "11)${BGREEN} Update core files${NC} - updates WordPress core files." + echo -e "12)${BGREEN} Repair database${NC} - repairs WordPress database." + echo -e "13)${BGREEN} Scan and print databases${NC} - allows to see which databases belong to all domain/subdomain in WP sites." + echo -e "14)${BGREEN} Reinstall core files${NC} - reinstalls WordPress core files." + echo -e "${BCYAN}Disabled Tools${NC}" + echo -e "15)${BGREEN} Vulnerabilities checker${NC} - checks for vulnerable WordPress plugins & themes.${BRED}DISABLED${NC}" + echo -e "16)${BGREEN} Install SSL${NC} - generates SSL keys automatically. ${BWHITE}All CMS compatible.${BRED}DISABLED${NC}" + echo -e "17)${BGREEN} Test PHP mail${NC} - allows to test PHP mail easier.${BRED}DISABLED${NC}" echo -e "0)${BRED} Exit${NC} - exits the script." @@ -44,23 +50,23 @@ function main { while true; do read -r SELECT case "$SELECT" in - 1) SELECT=func_search_replace;; - 2) SELECT=func_list_suspicious_files;; - 3) SELECT=func_malware_fix;; - 4) SELECT=func_vulnerabilities_checkers;; - 5) SELECT=func_install_ssls;; - 6) SELECT=func_update_plugins;; - 7) SELECT=func_update_themes;; - 8) SELECT=func_update_cores;; - 9) SELECT=func_reinstall_cores;; - 10) SELECT=func_repair_dbs;; - 11) SELECT=func_elementors;; - 12) SELECT=func_litespeeds;; - 13) SELECT=func_php_mails;; - 14) SELECT=func_scan_databases;; - 15) SELECT=japanese_hack_cleanup;; - 16) SELECT=backup_and_clean_js_injections;; - 17) SELECT=malware_clear_uploads;; + 1) SELECT=func_malware_fix;; + 2) SELECT=japanese_hack_cleanup;; + 3) SELECT=backup_and_clean_js_injections;; + 4) SELECT=malware_clear_uploads;; + 5) SELECT=func_list_suspicious_files;; + 6) SELECT=func_elementors;; + 7) SELECT=func_litespeeds;; + 8) SELECT=func_search_replace;; + 9) SELECT=func_update_plugins;; + 10) SELECT=func_update_themes;; + 11) SELECT=func_update_cores;; + 12) SELECT=func_repair_dbs;; + 13) SELECT=func_scan_databases;; + 14) SELECT=func_reinstall_cores;; + 15) SELECT=func_vulnerabilities_checkers;; + 16) SELECT=func_install_ssls;; + 17) SELECT=func_php_mails;; 0) SELECT=exit;; *) echo -e "${BRED}Invalid selection, try again.${NC}"; continue esac @@ -305,7 +311,7 @@ function func_php_mails { ###-----------------------------------------------------------### -function func_backup_question { +function func_backup_question_disabled { echo -ne "Do you want to make files and database backup (y/n)?" read -r answer case ${answer:0:1} in y|Y ) @@ -370,7 +376,7 @@ function func_domain_selection { function func_search_replace { cwd=$(pwd) - func_backup_question; + func_backup_database_question; echo -e "${BYELLOW}Make sure you're running this script in website public_html folder!${NC}" echo -n "You are in"; pwd; echo -ne "\n${PURPLE}Enter domain name you want to replace (without TLD. If domain is abc.com, enter just abc): ${NC}"; read -r malwareDomain @@ -443,14 +449,19 @@ function func_list_suspicious_file_subdomain { function func_malware_fix () { echo -e "\nYou chose${BGREEN} Malware Fix ${NC}" - echo -e "${BYELLOW}WARNING: PLEASE CREATE BACKUPS BEFORE USE${NC}" - echo -e "Easy - Reinstall Core Files, Removes files from core folders, Reinstall all plugins/themes" - echo -e "Medium - Reinstall Core Files, Removes files from core folders, Reinstall all plugins/themes, Resets wp-config.php, Sets File Permissions, Reset .htaccess" - echo -e "Extreme - Reinstall Core Files, Removes files from core folders, Reinstall all plugins/themes, Resets wp-config.php, Sets File Permissions, Reset .htaccess, Looks for malicious injections" + echo -e "${RED}WARNING: PLEASE CREATE BACKUPS BEFORE USE${NC}" + echo -e "******" + echo -e "${BYELLOW}Easy - Reinstall Core Files, Removes files from core folders, Reinstall all plugins/themes${NC}" + echo -e "${BGREEN}Medium - Reinstall Core Files, Removes files from core folders, Reinstall all plugins/themes, Resets wp-config.php, Sets File Permissions, Reset .htaccess${NC}" + echo -e "${BRED}Extreme - Reinstall Core Files, Removes files from core folders, Reinstall all plugins/themes, Resets wp-config.php, Sets File Permissions, Reset .htaccess, Looks for malicious injections${NC}" + echo -e "******" echo -e "${BYELLOW}Make sure you're running this script in WordPress public_html folder!${NC}" + echo "For main domains, it's usually the 'public_html' directory." + echo "For subdomains, confirm the path in hPanel." echo -n "You are in "; pwd; cwd=$(pwd) func_backup_question + echo -e "Select the strenght of the fix:" levels=("Easy" "Medium" "Extreme" "Exit") select lvl in "${levels[@]}" @@ -491,20 +502,21 @@ function func_malware_fix () { WPDBHOST=$(cat wp-config.php | grep DB_HOST | cut -d \' -f 4) WPDBCHARSET=$(cat wp-config.php | grep DB_CHARSET | cut -d \' -f 4) WPTABLEPREFIX=$(cat wp-config.php | grep "\$table_prefix" | cut -d \' -f 2) - + + ESCAPED_PASS=$(printf '%s\n' "$WPDBPASS" | sed -e 's/[\/&]/\\&/g') # generates a default wp-config.php mv wp-config.php wp-config.php-OLD-DISABLED && wget -c https://brmb.org/wp-fix/wp-config.txt -O wp-config.php # fills in the correct DB credentials on the new wp-config.php file sed -i "/DB_NAME/s/'[^']*'/'${WPDBNAME}'/2" wp-config.php sed -i "/DB_USER/s/'[^']*'/'${WPDBUSER}'/2" wp-config.php - sed -i "/DB_PASSWORD/s/'[^']*'/'${WPDBPASS}'/2" wp-config.php + sed -i "/DB_PASSWORD/s/'[^']*'/'${ESCAPED_PASS}'/2" wp-config.php sed -i "/DB_HOST/s/'[^']*'/'${WPDBHOST}'/2" wp-config.php sed -i "/DB_CHARSET/s/'[^']*'/'${WPDBCHARSET}'/2" wp-config.php sed -i "/\$table_prefix/s/'[^']*'/'${WPTABLEPREFIX}'/1" wp-config.php wp config shuffle-salts - + # prevents add_filter and add_action in wp-config.php affecting wp-cli executions sed -i 's|^add_filter|if function_exists("add_filter") add_filter|g' wp-config.php; sed -i 's|^add_action|if function_exists("add_action") add_action|g' wp-config.php; @@ -514,7 +526,7 @@ function func_malware_fix () { for i in $(wp theme list --skip-themes --skip-plugins --fields=name | grep -v '^name'); do echo -e "-----\n$i\n-----"; wp theme install --skip-themes --skip-plugins --force "$i" --version="$(wp theme list --skip-themes --skip-plugins --name="$i" --fields=version | grep -v '^version')"; done echo -e "\n${YELLOW}Replacing current .htaccess with the default WordPress .htaccess..${NC}" - mv .htaccess .htaccess-OLD-DISABLED && wget -c https://brmb.org/wp-fix/htaccess.txt -O .htaccess + mv .htaccess .htaccess-OLD-DISABLED && wget -c https://brmb.org/wp-fix/wp-config.txt -O .htaccess echo -e "\n${YELLOW}Disabling .htaccess files in main folders..${NC}" mv /wp-admin/.htaccess /wp-admin/.htaccess-OLD-DISABLED && mv /wp-content/.htaccess /wp-content/.htaccess-OLD-DISABLED && mv /wp-includes/.htaccess /wp-includes/.htaccess-OLD-DISABLED echo -e "\n${YELLOW}Deleting .php files in /uploads/ folder..${NC}" @@ -554,14 +566,14 @@ function func_malware_fix () { WPDBHOST=$(cat wp-config.php | grep DB_HOST | cut -d \' -f 4) WPDBCHARSET=$(cat wp-config.php | grep DB_CHARSET | cut -d \' -f 4) WPTABLEPREFIX=$(cat wp-config.php | grep "\$table_prefix" | cut -d \' -f 2) - + ESCAPED_PASS=$(printf '%s\n' "$WPDBPASS" | sed -e 's/[\/&]/\\&/g') # generates a default wp-config.php mv wp-config.php wp-config.php-OLD-DISABLED && wget -c https://brmb.org/wp-fix/wp-config.txt -O wp-config.php # fills in the correct DB credentials on the new wp-config.php file sed -i "/DB_NAME/s/'[^']*'/'${WPDBNAME}'/2" wp-config.php sed -i "/DB_USER/s/'[^']*'/'${WPDBUSER}'/2" wp-config.php - sed -i "/DB_PASSWORD/s/'[^']*'/'${WPDBPASS}'/2" wp-config.php + sed -i "/DB_PASSWORD/s/'[^']*'/'${ESCAPED_PASS}'/2" wp-config.php sed -i "/DB_HOST/s/'[^']*'/'${WPDBHOST}'/2" wp-config.php sed -i "/DB_CHARSET/s/'[^']*'/'${WPDBCHARSET}'/2" wp-config.php sed -i "/\$table_prefix/s/'[^']*'/'${WPTABLEPREFIX}'/1" wp-config.php @@ -917,7 +929,7 @@ function set_uploads_path() { } # Function to create a backup of the uploads folder -function create_backup() { +function create_backup_uploads() { read -p "Do you want to create a backup of the uploads folder before scanning? (yes/no): " response response=$(echo "$response" | tr '[:upper:]' '[:lower:]') @@ -931,6 +943,59 @@ function create_backup() { fi } +# Function to create a backup of the current directory +function func_backup_question() { + read -p "Do you want to create a backup of the current directory? (yes/no): " response + response=$(echo "$response" | tr '[:upper:]' '[:lower:]') + + if [[ "$response" == "yes" ]]; then + # Use the predefined current_dir variable + FOLDER_NAME=$(basename "$current_dir") + + # Create the backup file name with date and time + backup_file="${FOLDER_NAME}_backup_$(date +%Y%m%d_%H%M%S).zip" + + echo "Creating backup of the current directory ($current_dir)..." + + # Create the zip backup of the current directory + zip -r "$backup_file" "$current_dir" + + echo "Backup created successfully: $backup_file" + else + echo "No backup created. Proceeding without backup." + fi +} + +function func_backup_database_question() { + read -p "Do you want to create a backup of the current database? (yes/no): " response + response=$(echo "$response" | tr '[:upper:]' '[:lower:]') + WP_CONFIG_FILE="./wp-config.php" + + if [[ "$response" == "yes" ]]; then + # Extract database credentials from wp-config.php + DB_NAME=$(extract_from_wp_config 'DB_NAME') + DB_USER=$(extract_from_wp_config 'DB_USER') + DB_PASSWORD=$(extract_from_wp_config 'DB_PASSWORD') + DB_HOST=$(extract_from_wp_config 'DB_HOST') + + # Create the backup file name with date and time + backup_file="${DB_NAME}_backup_$(date +%Y%m%d_%H%M%S).sql" + + echo "Creating backup of the current database ($DB_NAME)..." + + # Create the database backup using mysqldump + mysqldump -h "$DB_HOST" -u "$DB_USER" -p"$DB_PASSWORD" "$DB_NAME" > "$backup_file" + + if [[ $? -eq 0 ]]; then + echo "Database backup created successfully: $backup_file" + else + echo "Error: Failed to create database backup." + fi + else + echo "No backup created. Proceeding without backup." + fi +} + # Function to check for suspicious file extensions function check_suspicious_extensions() { echo "Checking for suspicious file extensions..." | tee -a "$LOG_FILE" @@ -991,7 +1056,7 @@ function malware_clear_uploads() { # Call the required functions ask_confirmation set_uploads_path - create_backup + create_backup_uploads check_suspicious_extensions check_malicious_content remove_suspicious_files @@ -1075,6 +1140,7 @@ function backup_and_clean_js_injections() { "%script>%" # Inline