Script used to find vulnerable php files
#!/bin/bash
shellpattern=’r0nin|m0rtix|upl0ad|r57|c99|shellbot|phpshell|void\.ru|phpremoteview|directmail|bash_history|vulnscan|spymeta|raslan58′
for user in `/bin/ls /var/cpanel/users`
do
find /home/$user/public_html \( -name ‘*.php’ -o -name ‘*.cgi’ -o -name ‘*.inc’ \) -exec \
egrep -il “$shellpattern” {} \;
done
===