\x20\40\x20\40 HEX
HEX
Server: Apache
System: Linux web1.jenscom.net 4.18.0-553.111.1.el8_10.x86_64 #1 SMP Sun Mar 8 20:06:07 EDT 2026 x86_64
User: sps (1059)
PHP: 8.3.30
Disabled: NONE
$ pwd: /malssh_scanner_whm/
Upload Files
File: //malssh_scanner_whm/malssh_cron_executor.php
<?php

if(file_exists('settings')){
	
	$data = json_decode(file_get_contents('settings'),true);
	
	if($data['cron'] == 'on'){
		foreach($data['accounts'] as $key => $value){
			
			$account_info = explode('|',$data['accounts'][$key]);
			
			$scan_path = $account_info[2];
			$account_name = $account_info[0];
			$account_email = $account_info[1];
			
			$report_path = $scan_path . '/malssh_report.txt';
			
			exec("/usr/bin/malssh --scan='" . $scan_path . "' --report='" . $report_path . "' -o='file'");
			
			if(check_if_account_hacked($report_path)){
				
				if($data['send_client_email'] == 'on' && $account_email !== '*unknown*'){
					mail($account_email, $account_name . ' is hacked!', $account_name . ' is hacked! Please clean it immediately, otherwise hosting support team will block it!');
				}
				
				if($data['send_admin_email'] == 'on'){
					mail($data['admin_email'], $account_name . ' is hacked!', $account_name . ' is hacked! Please see report ' . $report_path . ' !' );
				}
			}
			
		}
	}
}

function check_if_account_hacked($report){
	$data = file($report);
	foreach($data as $value){
		if(stripos($value,'Infected files') !== false){
			$inf_file = trim(explode(":",$value)[1]);
			break;
		}
	}
	
	return ($inf_file > 0) ? true : false;
}
@ Telegram