网站被挂马…
监视文件夹: /home/wwwroot/www.xxx.com/
1
2
3
4
5
6
7
8
9
10
11
12
| #!/bin/sh
logfile="/var/log/cache_list.txt"
temp_logfile="/var/log/cache_tempfile.txt"
inotify_fun(){
/usr/bin/inotifywait -mrq --timefmt '%Y/%m/%d-%H:%M:%S' --format '%T %w %f' -e modify,delete,create,move,attrib /home/wwwroot/www.xxx.com/ \
| while read file
do
inotify_fun >> ${logfile} 2>&1 &
done
}
|
该方法会记录大量信息[modify,delete,create,move,attrib],记得清除当天的日志