#!/bin/bash cd /var/www/pub/botnet/ponmocup/ponmocup-finder/ echo "date started: `date`" cat $1 | \ while read domain; do echo -ne "checking domain: $domain --> "; wget -Sv --tries=1 --connect-timeout=3 --read-timeout=3 --dns-timeout=10 --user-agent="Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Ponmocup-Finder_v1" --referer="http://www.google.com/search?q=ponmocup-finder+check" http://${domain}/ -O ${domain}_out.txt > ${domain}_wget_log.txt 2>&1 redir=`egrep -m 1 "Location: " ${domain}_wget_log.txt` ## match=`echo $redir | egrep "(/url\?sa=|/cgi-bin/r.cgi\?p=)" | wc -l` match=`echo $redir | cut -d"?" -f2- | egrep "$domain" | wc -l` if [ $match -gt 0 ] then redir_dom=`egrep -m 2 "Resolving " ${domain}_wget_log.txt | tail -1 | sed -e 's/\.\.\./ /g' | cut -d" " -f2` redir_dom2=`echo $redir | cut -d"/" -f3` if [ $domain != $redir_dom ] then echo -ne "seems to be INFECTED: " echo -ne `echo $redir | cut -d" " -f2 | cut -d"?" -f1` egrep -m 2 "Resolving " ${domain}_wget_log.txt | tail -1 | sed -e 's/Resolving/ --> DNS:/g' | sed -e 's/\.\.\./ \//g' else echo "seems to be CLEAN (false-positive detected)" fi else echo "seems to be CLEAN" rm ${domain}_out.txt mv ${domain}_wget_log.txt _wget-logs-clean fi done echo "date finished: `date`"