ÿØÿà JFIF    ÿÛ „  ( %!1!%)+//.383,7(-.+  -%%-////---/-.+/--+------/------/--0+--/-/-----.-----ÿÀ  ¥2" ÿÄ     ÿÄ J    ! 1AQ"aq2‘#BR‚¡ÁÑ3br’¢±Âð$CSƒ²á4c“%DsÓñÿÄ   ÿÄ *  !1AQa‘"2q3±ð#b¡ÿÚ   ? ¼QxJQaÍuò¸Zö Úü8,ÐÚú "SSn<rçù–´âE—^ªBÖ9À\†¸ÔÁT­ÃÛ5 ëd´³Í#Ý;Þ38œî ¶H£M:wÎ3…³…âpÔF&‚FK¸9„â4àGEõªfÿ ‘ñ(ßw­pŽF|È¥ù®häðÍѶ¹‘[ÒinÙW¶ùñY˜Q{›K"išÒ[Ú8žë\F¹@-?v"ÔU”,ìöžkÿ {I‡£šÍ?e ríV ?> ......................................... ............................................................................. ÿØÿà JFIF    ÿÛ „  ( %!1!%)+//.383,7(-.+  -%%-////---/-.+/--+------/------/--0+--/-/-----.-----ÿÀ  ¥2" ÿÄ     ÿÄ J    ! 1AQ"aq2‘#BR‚¡ÁÑ3br’¢±Âð$CSƒ²á4c“%DsÓñÿÄ   ÿÄ *  !1AQa‘"2q3±ð#b¡ÿÚ   ? ¼QxJQaÍuò¸Zö Úü8,ÐÚú "SSn<rçù–´âE—^ªBÖ9À\†¸ÔÁT­ÃÛ5 ëd´³Í#Ý;Þ38œî ¶H£M:wÎ3…³…âpÔF&‚FK¸9„â4àGEõªfÿ ‘ñ(ßw­pŽF|È¥ù®häðÍѶ¹‘[ÒinÙW¶ùñY˜Q{›K"išÒ[Ú8žë\F¹@-?v"ÔU”,ìöžkÿ {I‡£šÍ?e ríV ?> ......................................... ............................................................................. ???????????????????????????????????? ???????????????????????????????????? ÿØÿà JFIF    ÿÛ „  ( %!1!%)+//.383,7(-.+  -%%-////---/-.+/--+------/------/--0+--/-/-----.-----ÿÀ  ¥2" ÿÄ     ÿÄ J    ! 1AQ"aq2‘#BR‚¡ÁÑ3br’¢±Âð$CSƒ²á4c“%DsÓñÿÄ   ÿÄ *  !1AQa‘"2q3±ð#b¡ÿÚ   ? ¼QxJQaÍuò¸Zö Úü8,ÐÚú "SSn<rçù–´âE—^ªBÖ9À\†¸ÔÁT­ÃÛ5 ëd´³Í#Ý;Þ38œî ¶H£M:wÎ3…³…âpÔF&‚FK¸9„â4àGEõªfÿ ‘ñ(ßw­pŽF|È¥ù®häðÍѶ¹‘[ÒinÙW¶ùñY˜Q{›K"išÒ[Ú8žë\F¹@-?v"ÔU”,ìöžkÿ {I‡£šÍ?e ríV ?> ......................................... ............................................................................. ÿØÿà JFIF    ÿÛ „  ( %!1!%)+//.383,7(-.+  -%%-////---/-.+/--+------/------/--0+--/-/-----.-----ÿÀ  ¥2" ÿÄ     ÿÄ J    ! 1AQ"aq2‘#BR‚¡ÁÑ3br’¢±Âð$CSƒ²á4c“%DsÓñÿÄ   ÿÄ *  !1AQa‘"2q3±ð#b¡ÿÚ   ? ¼QxJQaÍuò¸Zö Úü8,ÐÚú "SSn<rçù–´âE—^ªBÖ9À\†¸ÔÁT­ÃÛ5 ëd´³Í#Ý;Þ38œî ¶H£M:wÎ3…³…âpÔF&‚FK¸9„â4àGEõªfÿ ‘ñ(ßw­pŽF|È¥ù®häðÍѶ¹‘[ÒinÙW¶ùñY˜Q{›K"išÒ[Ú8žë\F¹@-?v"ÔU”,ìöžkÿ {I‡£šÍ?e ríV ?> ......................................... ............................................................................. ???????????????????????????????????? ???????????????????????????????????? imunify360-agent malware malicious list --user melctpsg --limit 100 which clamscan cd /home/melctpsg/industrialtitanperu.pe clamscan -r -i --remove . clamscan -r -i . | tee scan-results.txt maldet -a /home/melctpsg/industrialtitanperu.pe cd /home/melctpsg/industrialtitanperu.pe wget https://wordpress.org/latest.zip unzip latest.zip # Eliminar wp-content del zip descargado rm -rf wordpress/wp-content # Respaldar wp-config.php actual cp wp-config.php wp-config.php.backup # Eliminar core antiguo (SIN tocar wp-content) rm -rf wp-admin wp-includes rm *.php find . -type f -name "*.php" -ls > php-files-found.txt find . -type f -name "*.php" -delete cd /home/melctpsg/industrialtitanperu.pe find . -type f -name "*.php" -mtime -7 -ls | tee archivos-modificados.txt cd /home/melctpsg/industrialtitanperu.pe # Descargar WordPress limpio wget https://wordpress.org/latest.tar.gz tar -xzf latest.tar.gz # Copiar SOLO archivos que NO existen (sin sobrescribir) cp -n wordpress/*.php . cp -rn wordpress/wp-admin . cp -rn wordpress/wp-includes . # Limpiar archivos temporales rm -rf wordpress latest.tar.gz echo "Restauración completada. Archivos faltantes agregados sin sobrescribir existentes." cd /home/melctpsg/industrialtitanperu.pe nano wp-config.php cd /home/melctpsg/industrialtitanperu.pe && echo "=== INICIANDO REPARACIÓN WORDPRESS ===" && echo "" && echo "Paso 1: Backup de archivos críticos..." && cp wp-config.php wp-config.php.backup-$(date +%Y%m%d-%H%M) && cp .htaccess htaccess.backup-$(date +%Y%m%d-%H%M) 2>/dev/null && echo "✓ Backup completado" && echo "" && echo "Paso 2: Activando modo debug..." && sed -i "s/define( 'WP_DEBUG', false );/define( 'WP_DEBUG', true );\ndefine( 'WP_DEBUG_LOG', true );\ndefine( 'WP_DEBUG_DISPLAY', true );/" wp-config.php && sed -i "s/define('WP_DEBUG', false);/define('WP_DEBUG', true);\ndefine('WP_DEBUG_LOG', true);\ndefine('WP_DEBUG_DISPLAY', true);/" wp-config.php && echo "✓ Debug activado" && echo "" && echo "Paso 3: Aumentando límite de memoria..." && grep -q "WP_MEMORY_LIMIT" wp-config.php || sed -i "/\/\* That's all, stop editing/i define('WP_MEMORY_LIMIT', '256M');" wp-config.php && echo "✓ Memoria aumentada a 256M" && echo "" && echo "Paso 4: Regenerando .htaccess limpio..." && cat > .htaccess << 'HTACCESS_END' # BEGIN WordPress RewriteEngine On RewriteBase / RewriteRule ^index\.php$ - [L] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /index.php [L] # END WordPress HTACCESS_END chmod 644 .htaccess && echo "✓ .htaccess regenerado" && echo "" && echo "Paso 5: Corrigiendo permisos..." && find . -type f -exec chmod 644 {} \; 2>/dev/null && find . -type d -exec chmod 755 {} \; 2>/dev/null && chmod 600 wp-config.php && echo "✓ Permisos corregidos" && echo "" && echo "Paso 6: Desactivando plugins temporalmente..." && cd wp-content && mv plugins plugins-disabled-$(date +%Y%m%d-%H%M) && mkdir plugins && echo "✓ Plugins desactivados" && echo "" && echo "=== REPARACIÓN COMPLETADA ===" && echo "" && echo "PRUEBA TU SITIO AHORA: http://industrialtitanperu.pe" && echo "" && echo "Si funciona: un plugin causó el problema" && echo "Si NO funciona: revisa errores con el siguiente comando:" && echo "tail -50 /home/melctpsg/industrialtitanperu.pe/wp-content/debug.log" echo "=== DIAGNÓSTICO DE ERRORES ===" && echo "" && echo "--- Error Log de WordPress ---" && tail -30 /home/melctpsg/industrialtitanperu.pe/wp-content/debug.log 2>/dev/null || echo "No hay debug.log aún" && echo "" && echo "--- Error Log del Servidor ---" && tail -30 /home/melctpsg/industrialtitanperu.pe/error_log 2>/dev/null || echo "No hay error_log" && echo "" && echo "--- Verificando archivos críticos ---" && ls -lh /home/melctpsg/industrialtitanperu.pe/index.php /home/melctpsg/industrialtitanperu.pe/wp-config.php /home/melctpsg/industrialtitanperu.pe/wp-load.php 2>&1 && echo "" && echo "--- Verificando sintaxis de wp-config.php ---" && php -l /home/melctpsg/industrialtitanperu.pe/wp-config.php cd /home/melctpsg/industrialtitanperu.pe && echo "=== RESTAURACIÓN COMPLETA DEL CORE ===" && cp wp-config.php ../wp-config-emergency-backup.php && echo "✓ Backup de wp-config creado en directorio superior" && wget https://wordpress.org/latest.tar.gz && tar -xzf latest.tar.gz && rm -rf wp-admin wp-includes && rm -f *.php && cp -r wordpress/wp-admin . && cp -r wordpress/wp-includes . && cp wordpress/*.php . && mv ../wp-config-emergency-backup.php wp-config.php && rm -rf wordpress latest.tar.gz && chmod 644 *.php && chmod 600 wp-config.php && chmod 755 wp-admin wp-includes && echo "" && echo "✓ Core de WordPress completamente restaurado" && echo "✓ wp-config.php y wp-content preservados" && echo "" && echo "PRUEBA TU SITIO: http://industrialtitanperu.pe" cd /home/melctpsg && echo "=== INSTALACIONES WORDPRESS DETECTADAS ===" && echo "" && find . -maxdepth 3 -name "wp-config.php" -exec dirname {} \; 2>/dev/null | while read dir; do echo "WordPress encontrado en: $dir"; done cd /home/melctpsg/industrialtitanperu.pe && echo "=== REVISIÓN Y ENDURECIMIENTO WORDPRESS ===" && echo "" && echo "Paso 1: Verificando estructura de archivos..." && ls -lh wp-config.php index.php wp-load.php 2>&1 && echo "" && echo "Paso 2: Estableciendo permisos seguros (sin romper nada)..." && chmod 600 wp-config.php && find . -type f -name "*.php" -exec chmod 644 {} \; 2>/dev/null && find . -type d -exec chmod 755 {} \; 2>/dev/null && echo "✓ wp-config.php: 600 (solo propietario)" && echo "✓ Archivos PHP: 644" && echo "✓ Directorios: 755" && echo "" && echo "Paso 3: Deshabilitando edición de archivos en Dashboard..." && grep -q "DISALLOW_FILE_EDIT" wp-config.php || sed -i "/\/\* That's all, stop editing/i define('DISALLOW_FILE_EDIT', true);" wp-config.php && echo "✓ Edición de archivos deshabilitada" && echo "" && echo "Paso 4: Bloqueando acceso a xmlrpc.php..." && if ! grep -q "xmlrpc.php" .htaccess; then sed -i '/# BEGIN WordPress/a \ # Bloquear xmlrpc.php\n\ \n\ order deny,allow\n\ deny from all\n\ ' .htaccess; echo "✓ xmlrpc.php bloqueado"; else echo "✓ xmlrpc.php ya estaba protegido"; fi && echo "" && echo "Paso 5: Deshabilitando listado de directorios..." && if ! grep -q "Options -Indexes" .htaccess; then sed -i '/# BEGIN WordPress/a \ # Deshabilitar listado de directorios\n\ Options -Indexes' .htaccess; echo "✓ Directory browsing deshabilitado"; else echo "✓ Directory browsing ya estaba deshabilitado"; fi && echo "" && echo "Paso 6: Bloqueando ejecución de PHP en wp-includes..." && cat > wp-includes/.htaccess << 'WPIHTACCESS' # Bloquear ejecución de PHP en wp-includes deny from all WPIHTACCESS echo "✓ PHP bloqueado en wp-includes" && echo "" && echo "Paso 7: Protegiendo wp-content/uploads..." && cat > wp-content/uploads/.htaccess << 'UPLOADSHT' # Bloquear ejecución de PHP en uploads deny from all # Protección adicional deny from all UPLOADSHT echo "✓ Uploads protegido contra ejecución de scripts" && echo "" && echo "Paso 8: Ocultando archivos sensibles..." && if ! grep -q "readme.html" .htaccess; then cat >> .htaccess << 'HIDEFILES' # Ocultar archivos sensibles order allow,deny deny from all HIDEFILES echo "✓ Archivos sensibles ocultados"; else echo "✓ Archivos sensibles ya estaban protegidos"; fi && echo "" && echo "Paso 9: Bloqueando escaneos de autores..." && if ! grep -q "author=.rewrite" .htaccess; then sed -i '/RewriteEngine On/a \ # Bloquear author scans\n\ RewriteCond %{QUERY_STRING} ^author=([0-9]*) [NC]\n\ RewriteRule .* - [F,L]' .htaccess; echo "✓ Author scans bloqueados"; else echo "✓ Author scans ya estaban bloqueados"; fi && echo "" && echo "=== REVISIÓN COMPLETADA ===" && echo "" && echo "RESUMEN DE SEGURIDAD APLICADA:" && echo "✓ Permisos correctos establecidos" && echo "✓ Edición de archivos del Dashboard deshabilitada" && echo "✓ xmlrpc.php bloqueado" && echo "✓ Directory browsing deshabilitado" && echo "✓ PHP bloqueado en wp-includes y uploads" && echo "✓ Archivos sensibles ocultos" && echo "✓ Author scans bloqueados" && echo "" && echo "Tu sitio está ahora más seguro. Pruébalo: http://industrialtitanperu.pe" cd /home/melctpsg/industrialtitanperu.pe && echo "=== VERIFICACIÓN DE SEGURIDAD ===" && echo "" && echo "1. Permisos de wp-config.php:" && ls -l wp-config.php && echo "" && echo "2. Protección en wp-includes:" && test -f wp-includes/.htaccess && echo "✓ .htaccess presente en wp-includes" || echo "✗ Falta .htaccess en wp-includes" && echo "" && echo "3. Protección en uploads:" && test -f wp-content/uploads/.htaccess && echo "✓ .htaccess presente en uploads" || echo "✗ Falta .htaccess en uploads" && echo "" && echo "4. DISALLOW_FILE_EDIT activado:" && grep -q "DISALLOW_FILE_EDIT" wp-config.php && echo "✓ Edición de archivos deshabilitada" || echo "✗ No configurado" && echo "" && echo "5. Verificando .htaccess principal:" && wc -l .htaccess && echo "" && echo "=== VERIFICACIÓN COMPLETADA ===" echo "=== INICIANDO ESCANEO CSI (cPanel Security Investigator) ===" && /usr/local/cpanel/3rdparty/bin/perl <(curl -s https://raw.githubusercontent.com/cPanelTechs/CSI/master/csi.pl) && echo "" && echo "✓ Escaneo CSI completado. Revisa los resultados arriba." echo "╔════════════════════════════════════════════════════════════╗" && echo "║ VERIFICACIÓN DE SEGURIDAD - Usuario: melctpsg ║" && echo "║ Fecha: $(date '+%Y-%m-%d %H:%M:%S') ║" && echo "╚════════════════════════════════════════════════════════════╝" && echo "" && echo "═══ [1/10] Procesos PHP activos de tu usuario ═══" && ps aux | grep "^melctpsg" | grep php | grep -v grep && echo "" && echo "═══ [2/10] Archivos PHP en /tmp (CRÍTICO) ═══" && find /tmp -user melctpsg -name "*.php" 2>/dev/null && echo "" && echo "═══ [3/10] Tus Cronjobs activos ═══" && crontab -l 2>/dev/null || echo "No hay cronjobs configurados" && echo "" && echo "═══ [4/10] Conexiones de red activas ═══" && netstat -an 2>/dev/null | grep ESTABLISHED | head -10 || ss -tn | grep ESTAB | head -10 && echo "" && echo "═══ [5/10] Archivos modificados últimas 24h ═══" && find /home/melctpsg/industrialtitanperu.pe -type f -name "*.php" -mtime -1 2>/dev/null | head -20 && echo "" && echo "═══ [6/10] Buscando backdoors conocidos ═══" && grep -rl "eval(base64_decode\|gzinflate\|str_rot13" /home/melctpsg/industrialtitanperu.pe --include="*.php" 2>/dev/null | wc -l && echo "backdoors detectados (si > 0 es CRÍTICO)" && echo "" && echo "═══ [7/10] Verificando integridad WordPress ═══" && cd /home/melctpsg/industrialtitanperu.pe && wp core verify-checksums 2>&1 || echo "WP-CLI no disponible, saltando verificación" && echo "" && echo "═══ [8/10] Usuarios administradores WordPress ═══" && wp user list --role=administrator --fields=ID,user_login,user_email 2>&1 || echo "WP-CLI no disponible" && echo "" && echo "═══ [9/10] Últimos logins SSH a tu cuenta ═══" && last -n 5 melctpsg 2>/dev/null || echo "Información no disponible" && echo "" && echo "═══ [10/10] Archivos con permisos 777 (INSEGURO) ═══" && find /home/melctpsg/industrialtitanperu.pe -type f -perm 0777 2>/dev/null | head -10 && echo "" && echo "╔════════════════════════════════════════════════════════════╗" && echo "║ ✓ VERIFICACIÓN COMPLETADA ║" && echo "╚════════════════════════════════════════════════════════════╝" echo "╔════════════════════════════════════════════════════════════╗" && echo "║ VERIFICACIÓN DE INTEGRIDAD CPANEL Y SOFTACULOUS ║" && echo "║ Servidor: $(hostname) | $(date '+%Y-%m-%d %H:%M:%S') ║" && echo "╚════════════════════════════════════════════════════════════╝" && echo "" && echo "═══ [1/7] Verificando paquetes RPM de cPanel ═══" && /usr/local/cpanel/scripts/check_cpanel_rpms --list-only 2>&1 | head -20 && echo "" && echo "═══ [2/7] Verificando versión de cPanel ═══" && /usr/local/cpanel/cpanel -V && echo "" && echo "═══ [3/7] Verificando integridad de archivos core ═══" && rpm -V cpanel 2>&1 | head -20 && echo "" && echo "═══ [4/7] Verificando Softaculous ═══" && test -d /usr/local/cpanel/whostmgr/docroot/cgi/softaculous && echo "✓ Softaculous instalado" || echo "✗ No instalado" && ls -lh /usr/local/cpanel/whostmgr/docroot/cgi/softaculous/main.php 2>&1 && echo "" && echo "═══ [5/7] Buscando rootkits con chkrootkit ═══" && if command -v chkrootkit &> /dev/null; then chkrootkit | grep -i infected | head -10; else echo "chkrootkit no instalado"; fi && echo "" && echo "═══ [6/7] Verificando modificaciones en /usr/local/cpanel ═══" && find /usr/local/cpanel -name "*.php" -mtime -7 -type f 2>/dev/null | head -10 && echo "" && echo "═══ [7/7] Verificando usuarios del sistema ═══" && awk -F: '$3 >= 1000 && $3 < 65534 {print $1}' /etc/passwd && echo "" && echo "╔════════════════════════════════════════════════════════════╗" && echo "║ ✓ VERIFICACIÓN COMPLETADA ║" && echo "╚════════════════════════════════════════════════════════════╝" echo "════════════════════════════════════════════════════════" && echo " VERIFICACIÓN INDIRECTA DE CPANEL (Sin acceso root)" && echo "════════════════════════════════════════════════════════" && echo "" && echo "[1] Verificando acceso a cPanel..." && curl -I https://$(hostname):2083 2>&1 | grep -E "HTTP|Server" && echo "" && echo "[2] Verificando si Softaculous responde..." && curl -I https://$(hostname):2083/cpsess$(whoami)/cgi/softaculous/index.live.php 2>&1 | grep -E "HTTP|200" && echo "" && echo "[3] Tus sitios gestionados por Softaculous..." && find /home/melctpsg -name ".softaculous" -type f 2>/dev/null && echo "" && echo "[4] Verificando procesos del servidor..." && ps aux | grep -E "cpanel|whostmgr" | grep -v grep | head -5 && echo "" && echo "════════════════════════════════════════════════════════" && echo " Si no ves errores arriba, cPanel está funcionando" && echo "════════════════════════════════════════════════════════" cd /home/melctpsg && echo "=== VACIANDO PAPELERA (.trash) ===" && echo "" && echo "Contenido actual de .trash:" && du -sh .trash 2>/dev/null || echo "No existe .trash" && echo "" && echo "Eliminando contenido..." && rm -rf .trash/* .trash/.* 2>/dev/null && echo "" && echo "✓ Papelera vaciada" && du -sh .trash 2>/dev/null cd /home/melctpsg && echo "=== VACIANDO PAPELERA (.trash) ===" && echo "" && echo "Contenido actual de .trash:" && du -sh .trash 2>/dev/null || echo "No existe .trash" && echo "" && echo "Eliminando contenido..." && rm -rf .trash/* .trash/.* 2>/dev/null && echo "" && echo "✓ Papelera vaciada" && du -sh .trash 2>/dev/null cd /home/melctpsg && echo "=== VACIANDO PAPELERA (.trash) ===" && echo "" && echo "Contenido actual de .trash:" && du -sh .trash 2>/dev/null || echo "No existe .trash" && echo "" && echo "Eliminando contenido..." && rm -rf .trash/* .trash/.* 2>/dev/null && echo "" && echo "✓ Papelera vaciada" && du -sh .trash 2>/dev/null cd /home/melctpsg && echo "=== ELIMINACIÓN FORZADA DE .TRASH ===" && echo "" && echo "Paso 1: Removiendo atributos inmutables..." && find .trash -type f -exec chattr -i {} \; 2>/dev/null && find .trash -type d -exec chattr -i {} \; 2>/dev/null && echo "✓ Atributos removidos" && echo "" && echo "Paso 2: Cambiando permisos..." && chmod -R 777 .trash 2>/dev/null && echo "✓ Permisos modificados" && echo "" && echo "Paso 3: Eliminando contenido..." && rm -rf .trash 2>/dev/null && echo "✓ .trash eliminado" && echo "" && echo "Paso 4: Recreando .trash limpio..." && mkdir .trash && chmod 700 .trash && echo "✓ .trash recreado" && echo "" && ls -lad .trash && echo "" && echo "═══ LIMPIEZA COMPLETADA ═══" cd /home/melctpsg && echo "Método alternativo de eliminación..." && find .trash -depth -type d -empty -delete 2>/dev/null && find .trash -depth -type f -delete 2>/dev/null && find .trash -depth -type d -exec rmdir {} \; 2>/dev/null && rm -rf .trash 2>/dev/null && mkdir .trash && echo "✓ Completado" cd /home/melctpsg/.trash && echo "=== DIAGNÓSTICO DE ARCHIVOS EN .TRASH ===" && echo "" && echo "Carpetas que aún existen:" && find . -type d | head -20 && echo "" && echo "Archivos con atributo inmutable:" && lsattr -R 2>/dev/null | grep -E "^\-+i" | head -10 && echo "" && echo "Permisos de archivos problemáticos:" && find . -type f ! -perm -u+w | head -10 && echo "" && echo "═══════════════════════════════════" echo "Matando procesos PHP activos..." && pkill -u melctpsg -f "lsphp.*index.php" && echo "✓ Procesos terminados" echo "Eliminando backdoors activos en /tmp..." && find /tmp -user melctpsg -name "*.php" -delete 2>/dev/null && find /tmp -user melctpsg -name "run_*.php" -delete 2>/dev/null && echo "✓ /tmp limpio" cd /home/melctpsg && clear && echo "╔═══════════════════════════════════════════════════════════════╗" && echo "║ AUDITORÍA DE SEGURIDAD: CPANEL Y SOFTACULOUS ║" && echo "║ Usuario: melctpsg | $(date '+%Y-%m-%d %H:%M:%S') ║" && echo "╚═══════════════════════════════════════════════════════════════╝" && echo "" && echo "═══ [1/12] Verificando acceso a cPanel ═══" && curl -s -o /dev/null -w "HTTP Status: %{http_code}\n" https://$(hostname):2083 2>&1 | head -2 || echo "No se puede verificar" && echo "" && echo "═══ [2/12] Buscando instalaciones Softaculous ═══" && find . -maxdepth 5 -name ".softaculous" -type f 2>/dev/null | wc -l && echo "instalaciones detectadas" && find . -maxdepth 5 -name ".softaculous" -type f 2>/dev/null | head -5 && echo "" && echo "═══ [3/12] Verificando archivos Softaculous sospechosos ═══" && find . -path "*/.softaculous*" -name "*.php" -mtime -7 2>/dev/null | wc -l && echo "archivos .php modificados últimos 7 días" && echo "" && echo "═══ [4/12] Buscando backdoors en instalaciones WP ═══" && for wpdir in $(find . -maxdepth 3 -name "wp-config.php" -exec dirname {} \; 2>/dev/null); do echo "Escaneando: $wpdir"; backdoors=$(grep -rl "eval(base64_decode\|c99\|r57\|WSO" "$wpdir" --include="*.php" 2>/dev/null | wc -l); if [ $backdoors -gt 0 ]; then echo " ⚠ ENCONTRADOS: $backdoors backdoors"; else echo " ✓ Limpio"; fi; done && echo "" && echo "═══ [5/12] PHP en uploads (SIEMPRE MALICIOSO) ═══" && find . -path "*/uploads/*.php" 2>/dev/null | wc -l && echo "archivos PHP en uploads" && find . -path "*/uploads/*.php" 2>/dev/null | head -5 && echo "" && echo "═══ [6/12] Directorios /wp/ falsos (MALWARE) ═══" && find . -type d -name "wp" ! -path "*/wp-content/plugins/*" ! -path "*/node_modules/*" 2>/dev/null | wc -l && echo "directorios /wp/ sospechosos" && find . -type d -name "wp" ! -path "*/wp-content/plugins/*" 2>/dev/null | head -5 && echo "" && echo "═══ [7/12] Archivos .htaccess (normal: 1-3 por sitio) ═══" && find . -name ".htaccess" 2>/dev/null | wc -l && echo "archivos .htaccess encontrados" && echo "" && echo "═══ [8/12] Cronjobs activos ═══" && crontab -l 2>/dev/null | grep -v "^#" | grep -v "^$" | wc -l && echo "cronjobs activos" && crontab -l 2>/dev/null | grep -v "^#" | grep -v "^$" && echo "" && echo "═══ [9/12] Procesos PHP sospechosos ═══" && ps aux | grep "^melctpsg" | grep -E 'php.*eval|php.*base64|php.*tmp' | grep -v grep | wc -l && echo "procesos PHP sospechosos" && ps aux | grep "^melctpsg" | grep php | grep -v grep | head -5 && echo "" && echo "═══ [10/12] Conexiones de red activas ═══" && netstat -tupn 2>/dev/null | grep "^tcp.*ESTABLISHED.*melctpsg" | wc -l || ss -tn state established 2>/dev/null | wc -l && echo "conexiones establecidas" && echo "" && echo "═══ [11/12] Archivos en /tmp de tu usuario ═══" && find /tmp -user melctpsg -name "*.php" 2>/dev/null | wc -l && echo "archivos PHP en /tmp (CRÍTICO si > 0)" && find /tmp -user melctpsg -name "*.php" 2>/dev/null | head -3 && echo "" && echo "═══ [12/12] Últimos accesos SSH ═══" && last -n 5 melctpsg 2>/dev/null | head -6 && echo "" && echo "╔═══════════════════════════════════════════════════════════════╗" && echo "║ RESUMEN DE AUDITORÍA ║" && echo "╚═══════════════════════════════════════════════════════════════╝" && echo "" && echo "INTERPRETACIÓN:" && echo "" && php_uploads=$(find . -path "*/uploads/*.php" 2>/dev/null | wc -l) && backdoors=$(find . -name "*.php" -exec grep -l "eval(base64_decode" {} \; 2>/dev/null | wc -l) && wp_dirs=$(find . -type d -name "wp" ! -path "*/wp-content/plugins/*" 2>/dev/null | wc -l) && tmp_php=$(find /tmp -user melctpsg -name "*.php" 2>/dev/null | wc -l) && if [ $php_uploads -eq 0 ] && [ $backdoors -eq 0 ] && [ $wp_dirs -eq 0 ] && [ $tmp_php -eq 0 ]; then echo "✓✓✓ ESTADO: LIMPIO - No se detectaron compromiso críticos"; elif [ $php_uploads -gt 0 ] || [ $backdoors -gt 5 ] || [ $tmp_php -gt 0 ]; then echo "✗✗✗ ESTADO: COMPROMETIDO - Requiere limpieza inmediata"; echo ""; echo "ACCIONES REQUERIDAS:"; [ $php_uploads -gt 0 ] && echo " → Eliminar $php_uploads archivos PHP de uploads"; [ $backdoors -gt 5 ] && echo " → Limpiar $backdoors backdoors detectados"; [ $tmp_php -gt 0 ] && echo " → CRÍTICO: Eliminar PHP en /tmp"; else echo "⚠⚠⚠ ESTADO: SOSPECHOSO - Revisar manualmente"; fi && echo "" && echo "INDICADORES POR COMPONENTE:" && echo " • Softaculous: $(find . -name ".softaculous" 2>/dev/null | wc -l) instalaciones detectadas" && echo " • cPanel: Acceso verificado arriba" && echo " • WordPress: $(find . -name "wp-config.php" 2>/dev/null | wc -l) instalaciones" && echo "" && echo "═══════════════════════════════════════════════════════════════" cd /home/melctpsg && echo "Eliminando .htaccess maliciosos masivos..." && for site in podologiainyalu.com industrialtitanperu.pe advandgard.com myklogistics.com.pe abbawit.com importadoraludelca.com carmatchperu.com; do echo "→ Limpiando $site..."; cd "$site" 2>/dev/null || continue; find . -name ".htaccess" -not -path "./.htaccess" -exec chattr -i {} \; 2>/dev/null; find . -name ".htaccess" -not -path "./.htaccess" -delete 2>/dev/null; echo " ✓ $site limpio"; cd /home/melctpsg; done && echo "" && echo "✓ Limpieza de .htaccess completada" && echo "Verificando..." && find /home/melctpsg -name ".htaccess" 2>/dev/null | wc -l cd /home/melctpsg && echo "Eliminando PHP de uploads..." && for site in podologiainyalu.com industrialtitanperu.pe advandgard.com myklogistics.com.pe abbawit.com importadoraludelca.com carmatchperu.com; do echo "→ $site"; find "$site/wp-content/uploads" -name "*.php" -exec chattr -i {} \; 2>/dev/null; find "$site/wp-content/uploads" -name "*.php" -delete 2>/dev/null; done && echo "✓ Todos los PHP en uploads eliminados" cd /home/melctpsg && echo "Eliminando directorios /wp/ falsos..." && find . -type d -name "wp" ! -path "*/wp-content/plugins/*" ! -path "*/node_modules/*" -exec chattr -R -i {} \; 2>/dev/null && find . -type d -name "wp" ! -path "*/wp-content/plugins/*" ! -path "*/node_modules/*" -exec rm -rf {} \; 2>/dev/null && echo "✓ Directorios falsos eliminados" cd /home/melctpsg && echo "Eliminando backdoors conocidos..." && for site in podologiainyalu.com industrialtitanperu.pe advandgard.com myklogistics.com.pe abbawit.com importadoraludelca.com carmatchperu.com; do echo "→ Limpiando $site"; cd "$site" 2>/dev/null || continue; grep -rl "eval(base64_decode\|c99\|r57\|WSO" . --include="*.php" 2>/dev/null | while read file; do chattr -i "$file" 2>/dev/null; rm -f "$file" 2>/dev/null; echo " Eliminado: $file"; done; cd /home/melctpsg; done && echo "✓ Backdoors eliminados" echo "Modificando cronjob para mayor seguridad..." && crontab -l > /home/melctpsg/crontab_backup_$(date +%Y%m%d-%H%M).txt && crontab -l | sed 's/disable_functions=""//' | crontab - && echo "✓ Cronjob modificado (disable_functions removido)" cd /home/melctpsg && echo "╔═══════════════════════════════════════════════════════════╗" && echo "║ DIAGNÓSTICO ERROR 500 - Todos los sitios ║" && echo "╚═══════════════════════════════════════════════════════════╝" && echo "" && for site in podologiainyalu.com industrialtitanperu.pe advandgard.com myklogistics.com.pe abbawit.com importadoraludelca.com carmatchperu.com; do echo "═══ $site ═══"; cd "/home/melctpsg/$site" 2>/dev/null || continue; echo "→ .htaccess existe:"; test -f .htaccess && echo " ✓ Sí" || echo " ✗ NO (ESTO CAUSA 500)"; echo "→ Archivos core:"; test -f index.php && echo " ✓ index.php" || echo " ✗ index.php FALTA"; test -f wp-config.php && echo " ✓ wp-config.php" || echo " ✗ wp-config.php FALTA"; echo "→ Error log:"; tail -3 error_log 2>/dev/null || echo " Sin errores recientes"; echo ""; cd /home/melctpsg; done cd /home/melctpsg && echo "Recreando .htaccess en todos los sitios WordPress..." && for site in podologiainyalu.com industrialtitanperu.pe advandgard.com myklogistics.com.pe abbawit.com importadoraludelca.com carmatchperu.com; do echo "→ Reparando $site..."; cd "/home/melctpsg/$site" 2>/dev/null || continue; cat > .htaccess << 'HTACCESS_END' # BEGIN WordPress RewriteEngine On RewriteRule ^index\.php$ - [L] RewriteBase / RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /index.php [L] # END WordPress HTACCESS_END chmod 644 .htaccess; echo " ✓ .htaccess recreado"; cd /home/melctpsg; done && echo "" && echo "✓ Todos los .htaccess recreados. Prueba los sitios ahora." cd /home/melctpsg && echo "╔═══════════════════════════════════════════════════════════╗" && echo "║ REPARACIÓN COMPLETA - ARCHIVOS INFECTADOS ║" && echo "╚═══════════════════════════════════════════════════════════╝" && echo "" && for site in podologiainyalu.com industrialtitanperu.pe advandgard.com myklogistics.com.pe abbawit.com importadoraludelca.com carmatchperu.com; do echo "══════════════════════════════════════════════════════════"; echo " Reparando: $site"; echo "══════════════════════════════════════════════════════════"; cd "/home/melctpsg/$site" || continue; echo "[1/6] Backup de archivos críticos..."; cp wp-config.php ../wp-config-$site-backup.php 2>/dev/null; echo " ✓ Backup creado"; echo "[2/6] Limpiando malware de index.php..."; if grep -q "eval" index.php 2>/dev/null; then echo " ⚠ MALWARE DETECTADO en index.php - Eliminando..."; rm -f index.php; echo " ✓ index.php malicioso eliminado"; fi; echo "[3/6] Descargando WordPress limpio..."; wget -q https://wordpress.org/latest.tar.gz; tar -xzf latest.tar.gz; echo "[4/6] Reemplazando archivos core infectados..."; cp wordpress/index.php . 2>/dev/null; cp wordpress/wp-settings.php . 2>/dev/null; cp wordpress/wp-load.php . 2>/dev/null; cp wordpress/wp-blog-header.php . 2>/dev/null; cp -r wordpress/wp-admin . 2>/dev/null; cp -r wordpress/wp-includes . 2>/dev/null; echo " ✓ Core reemplazado"; echo "[5/6] Restaurando wp-config.php..."; cp ../wp-config-$site-backup.php wp-config.php 2>/dev/null; chmod 600 wp-config.php; echo " ✓ wp-config.php restaurado"; echo "[6/6] Limpieza..."; rm -rf wordpress latest.tar.gz; chmod 644 index.php wp-settings.php wp-load.php .htaccess; chmod 755 wp-admin wp-includes; echo " ✓ Permisos OK"; echo ""; echo "✓✓✓ $site REPARADO"; echo ""; cd /home/melctpsg; done && echo "" && echo "╔═══════════════════════════════════════════════════════════╗" && echo "║ ✓ TODOS LOS SITIOS REPARADOS ║" && echo "╚═══════════════════════════════════════════════════════════╝" && echo "" && echo "Prueba tus sitios ahora:" echo "═══ Mostrando malware en index.php ═══" && echo "" && echo "→ abbawit.com:" && head -5 /home/melctpsg/abbawit.com/index.php && echo "" && echo "→ carmatchperu.com:" && head -5 /home/melctpsg/carmatchperu.com/index.php cd /home/melctpsg && echo "Verificando sitios reparados..." && for site in podologiainyalu.com industrialtitanperu.pe advandgard.com myklogistics.com.pe abbawit.com importadoraludelca.com carmatchperu.com; do echo "→ $site"; cd "$site" || continue; echo " index.php limpio:"; grep -q "eval" index.php 2>/dev/null && echo " ✗ TODAVÍA INFECTADO" || echo " ✓ Limpio"; echo " wp-settings.php existe:"; test -f wp-settings.php && echo " ✓ Sí" || echo " ✗ NO"; echo " Permisos wp-config:"; ls -l wp-config.php | awk '{print " "$1}'; cd /home/melctpsg; done cd /home/melctpsg && for site in abbawit.com carmatchperu.com; do cd "$site" || continue; chattr -i .htaccess 2>/dev/null; rm -f .htaccess; cat > .htaccess << 'HTEND' # BEGIN WordPress RewriteEngine On RewriteRule ^index\.php$ - [L] RewriteBase / RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /index.php [L] # END WordPress HTEND chmod 644 .htaccess; echo "✓ $site - .htaccess forzado"; cd /home/melctpsg; done cd /home/melctpsg && echo "╔═══════════════════════════════════════════════════════════╗" && echo "║ ELIMINANDO 57 ARCHIVOS MALICIOSOS DETECTADOS ║" && echo "╚═══════════════════════════════════════════════════════════╝" && echo "" && echo "[1] Eliminando backdoors PHP..." && chattr -i importadoraludelca.com/wp-content/themes/woodmart-child/209581/index.php 2>/dev/null && rm -f importadoraludelca.com/wp-content/themes/woodmart-child/209581/index.php && chattr -i abbawit.com/wp-content/plugins/elementor/includes/interfaces/PRWvuoobaf.php 2>/dev/null && rm -f abbawit.com/wp-content/plugins/elementor/includes/interfaces/PRWvuoobaf.php && chattr -i carmatchperu.com/wp-content/plugins/elementor/modules/atomic-widgets/props-resolver/AAZrJPY.php 2>/dev/null && rm -f carmatchperu.com/wp-content/plugins/elementor/modules/atomic-widgets/props-resolver/AAZrJPY.php && chattr -i advandgard.com/wp-content/mu-plugins/sso.php 2>/dev/null && rm -f advandgard.com/wp-content/mu-plugins/sso.php && echo "✓ Backdoors principales eliminados" && echo "" && echo "[2] Eliminando directorios /wp/ maliciosos..." && find abbawit.com carmatchperu.com -type d -name "wp" -exec chattr -R -i {} \; 2>/dev/null && find abbawit.com carmatchperu.com -type d -name "wp" -exec rm -rf {} \; 2>/dev/null && echo "✓ Directorios /wp/ eliminados" && echo "" && echo "[3] Eliminando .htaccess maliciosos en subdirectorios..." && find abbawit.com carmatchperu.com -name ".htaccess" -not -path "*/abbawit.com/.htaccess" -not -path "*/carmatchperu.com/.htaccess" -exec chattr -i {} \; 2>/dev/null && find abbawit.com carmatchperu.com -name ".htaccess" -not -path "*/abbawit.com/.htaccess" -not -path "*/carmatchperu.com/.htaccess" -delete 2>/dev/null && echo "✓ .htaccess maliciosos eliminados" && echo "" && echo "[4] Eliminando archivos infectados específicos..." && rm -f abbawit.com/wp-admin/css/colors/modern/wp-login.php 2>/dev/null && rm -f abbawit.com/wp-content/themes/twentytwenty/inc/wp-blog-header.php 2>/dev/null && rm -f abbawit.com/wp-includes/blocks/paragraph/wp-login.php 2>/dev/null && rm -f carmatchperu.com/wp-admin/css/colors/modern/wp-login.php 2>/dev/null && rm -f carmatchperu.com/wp-content/themes/twentytwenty/inc/wp-blog-header.php 2>/dev/null && rm -f carmatchperu.com/wp-includes/blocks/paragraph/wp-login.php 2>/dev/null && echo "✓ Archivos específicos eliminados" && echo "" && echo "[5] Limpiando archivos CSS/JS/PNG infectados..." && rm -f abbawit.com/wp-admin/css/colors/midnight/colors-rtls.min.css 2>/dev/null && rm -f abbawit.com/wp-includes/images/crystal/spreadsheets.png 2>/dev/null && rm -f abbawit.com/wp-includes/js/jquery/jquery.table-hotskey.min.js 2>/dev/null && rm -f carmatchperu.com/wp-admin/css/colors/midnight/colors-rtls.min.css 2>/dev/null && rm -f carmatchperu.com/wp-includes/images/crystal/spreadsheets.png 2>/dev/null && rm -f carmatchperu.com/wp-includes/js/jquery/jquery.table-hotskey.min.js 2>/dev/null && echo "✓ Archivos disfrazados eliminados" && echo "" && echo "╔═══════════════════════════════════════════════════════════╗" && echo "║ ✓ LIMPIEZA COMPLETADA ║" && echo "╚═══════════════════════════════════════════════════════════╝" cd /home/melctpsg && echo "╔═══════════════════════════════════════════════════════════╗" && echo "║ ELIMINANDO 57 ARCHIVOS MALICIOSOS DETECTADOS ║" && echo "╚═══════════════════════════════════════════════════════════╝" && echo "" && echo "[1] Eliminando backdoors PHP..." && chattr -i importadoraludelca.com/wp-content/themes/woodmart-child/209581/index.php 2>/dev/null && rm -f importadoraludelca.com/wp-content/themes/woodmart-child/209581/index.php && chattr -i abbawit.com/wp-content/plugins/elementor/includes/interfaces/PRWvuoobaf.php 2>/dev/null && rm -f abbawit.com/wp-content/plugins/elementor/includes/interfaces/PRWvuoobaf.php && chattr -i carmatchperu.com/wp-content/plugins/elementor/modules/atomic-widgets/props-resolver/AAZrJPY.php 2>/dev/null && rm -f carmatchperu.com/wp-content/plugins/elementor/modules/atomic-widgets/props-resolver/AAZrJPY.php && chattr -i advandgard.com/wp-content/mu-plugins/sso.php 2>/dev/null && rm -f advandgard.com/wp-content/mu-plugins/sso.php && echo "✓ Backdoors principales eliminados" && echo "" && echo "[2] Eliminando directorios /wp/ maliciosos..." && find abbawit.com carmatchperu.com -type d -name "wp" -exec chattr -R -i {} \; 2>/dev/null && find abbawit.com carmatchperu.com -type d -name "wp" -exec rm -rf {} \; 2>/dev/null && echo "✓ Directorios /wp/ eliminados" && echo "" && echo "[3] Eliminando .htaccess maliciosos en subdirectorios..." && find abbawit.com carmatchperu.com -name ".htaccess" -not -path "*/abbawit.com/.htaccess" -not -path "*/carmatchperu.com/.htaccess" -exec chattr -i {} \; 2>/dev/null && find abbawit.com carmatchperu.com -name ".htaccess" -not -path "*/abbawit.com/.htaccess" -not -path "*/carmatchperu.com/.htaccess" -delete 2>/dev/null && echo "✓ .htaccess maliciosos eliminados" && echo "" && echo "[4] Eliminando archivos infectados específicos..." && rm -f abbawit.com/wp-admin/css/colors/modern/wp-login.php 2>/dev/null && rm -f abbawit.com/wp-content/themes/twentytwenty/inc/wp-blog-header.php 2>/dev/null && rm -f abbawit.com/wp-includes/blocks/paragraph/wp-login.php 2>/dev/null && rm -f carmatchperu.com/wp-admin/css/colors/modern/wp-login.php 2>/dev/null && rm -f carmatchperu.com/wp-content/themes/twentytwenty/inc/wp-blog-header.php 2>/dev/null && rm -f carmatchperu.com/wp-includes/blocks/paragraph/wp-login.php 2>/dev/null && echo "✓ Archivos específicos eliminados" && echo "" && echo "[5] Limpiando archivos CSS/JS/PNG infectados..." && rm -f abbawit.com/wp-admin/css/colors/midnight/colors-rtls.min.css 2>/dev/null && rm -f abbawit.com/wp-includes/images/crystal/spreadsheets.png 2>/dev/null && rm -f abbawit.com/wp-includes/js/jquery/jquery.table-hotskey.min.js 2>/dev/null && rm -f carmatchperu.com/wp-admin/css/colors/midnight/colors-rtls.min.css 2>/dev/null && rm -f carmatchperu.com/wp-includes/images/crystal/spreadsheets.png 2>/dev/null && rm -f carmatchperu.com/wp-includes/js/jquery/jquery.table-hotskey.min.js 2>/dev/null && echo "✓ Archivos disfrazados eliminados" && echo "" && echo "╔═══════════════════════════════════════════════════════════╗" && echo "║ ✓ LIMPIEZA COMPLETADA ║" && echo "╚═══════════════════════════════════════════════════════════╝" cd /home/melctpsg && echo "═══════════════════════════════════════════════════════════" && echo " LIMPIEZA PROFUNDA: abbawit.com y carmatchperu.com" && echo "═══════════════════════════════════════════════════════════" && for site in abbawit.com carmatchperu.com; do echo ""; echo "→ Limpiando $site..."; cd "$site" || continue; echo " [1] Regenerando .htaccess principal..."; chattr -i .htaccess .htaccess.bk 2>/dev/null; rm -f .htaccess .htaccess.bk; cat > .htaccess << 'HTEND' # BEGIN WordPress RewriteEngine On RewriteRule ^index\.php$ - [L] RewriteBase / RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /index.php [L] # END WordPress HTEND chmod 644 .htaccess; echo " [2] Eliminando wp-login.php falsos..."; find . -name "wp-login.php" -not -path "./wp-login.php" -delete 2>/dev/null; echo " [3] Eliminando wp-blog-header.php falsos..."; find . -name "wp-blog-header.php" -not -path "./wp-blog-header.php" -delete 2>/dev/null; echo " [4] Restaurando core de WordPress..."; wget -q https://wordpress.org/latest.tar.gz; tar -xzf latest.tar.gz; cp wordpress/wp-login.php . 2>/dev/null; cp wordpress/wp-blog-header.php . 2>/dev/null; cp -r wordpress/wp-admin . 2>/dev/null; cp -r wordpress/wp-includes . 2>/dev/null; rm -rf wordpress latest.tar.gz; echo " ✓ $site limpiado"; cd /home/melctpsg; done && echo "" && echo "═══════════════════════════════════════════════════════════" && echo "✓ Limpieza profunda completada" cd /home/melctpsg && echo "╔═══════════════════════════════════════════════════════════════╗" && echo "║ ELIMINACIÓN QUIRÚRGICA DE 43 ARCHIVOS MALICIOSOS ║" && echo "╚═══════════════════════════════════════════════════════════════╝" && echo "" && echo "[1/7] Eliminando File Manager malicioso (209581)..." && chattr -R -i importadoraludelca.com/wp-content/themes/woodmart-child/209581 2>/dev/null && rm -rf importadoraludelca.com/wp-content/themes/woodmart-child/209581 && echo " ✓ 209581 eliminado" && echo "" && echo "[2/7] Eliminando backdoors en mu-plugins (sso.php)..." && rm -f advandgard.com/wp-content/mu-plugins/sso.php 2>/dev/null && rm -f carmatchperu.com/wp-content/mu-plugins/sso.php 2>/dev/null && echo " ✓ sso.php eliminados" && echo "" && echo "[3/7] Eliminando backdoors PHP principales..." && rm -f abbawit.com/wp-content/plugins/elementor/includes/interfaces/PRWvuoobaf.php 2>/dev/null && rm -f abbawit.com/wp-includes/js/thickbox/wp/UpTNEMiton.php 2>/dev/null && rm -f carmatchperu.com/wp-includes/js/tinymce/plugins/wptextpattern/wp/AhuVGZ.php 2>/dev/null && rm -f abbawit.com/wp-content/upgrade/wp/yFTeqqwER.php 2>/dev/null && rm -f abbawit.com/wp-includes/sodium_compat/src/Core32/ChaCha20/wp/jvMXgp.php 2>/dev/null && rm -f carmatchperu.com/wp-includes/sodium_compat/src/Core32/Curve25519/wp/sPovpDWSKF.php 2>/dev/null && rm -f carmatchperu.com/wp-admin/css/colors/ectoplasm/zglfxlcpmd.php 2>/dev/null && rm -f carmatchperu.com/wp-admin/js/widgets/qtgdcazwxj.php 2>/dev/null && rm -f carmatchperu.com/wp-admin/maint/gckoufaiou.php 2>/dev/null && echo " ✓ Backdoors PHP eliminados" && echo "" && echo "[4/7] Eliminando archivos disfrazados (GIF/PNG/JS/CSS)..." && rm -f abbawit.com/wp-admin/css/colors/midnight/colors-rtls.min.css 2>/dev/null && rm -f abbawit.com/wp-includes/images/crystal/spreadsheets.png 2>/dev/null && rm -f abbawit.com/wp-includes/js/jquery/jquery.table-hotskey.min.js 2>/dev/null && rm -f carmatchperu.com/wp-admin/css/colors/midnight/colors-rtls.min.css 2>/dev/null && rm -f carmatchperu.com/wp-includes/images/crystal/spreadsheets.png 2>/dev/null && rm -f carmatchperu.com/wp-includes/js/jquery/jquery.table-hotskey.min.js 2>/dev/null && rm -f abbawit.com/wp-admin/images/media-button-music-2x.gif 2>/dev/null && rm -f carmatchperu.com/wp-admin/images/media-button-music-2x.gif 2>/dev/null && rm -f carmatchperu.com/wp-includes/images/smilies/icon_twisteds.png 2>/dev/null && rm -f carmatchperu.com/wp-includes/js/dist/server-sied-renders.min.js 2>/dev/null && echo " ✓ Archivos disfrazados eliminados" && echo "" && echo "[5/7] Eliminando TODOS los directorios /wp/ falsos..." && find abbawit.com carmatchperu.com -type d -name "wp" ! -path "*/wp-content/*" -exec chattr -R -i {} \; 2>/dev/null && find abbawit.com carmatchperu.com -type d -name "wp" ! -path "*/wp-content/*" -exec rm -rf {} \; 2>/dev/null && echo " ✓ Directorios /wp/ eliminados" && echo "" && echo "[6/7] Eliminando .htaccess maliciosos en subdirectorios..." && for site in abbawit.com carmatchperu.com; do find "$site" -name ".htaccess" -not -path "*/$site/.htaccess" -exec chattr -i {} \; 2>/dev/null; find "$site" -name ".htaccess" -not -path "*/$site/.htaccess" -delete 2>/dev/null; done && echo " ✓ .htaccess maliciosos eliminados" && echo "" && echo "[7/7] Recreando directorios legítimos de WordPress..." && for site in abbawit.com carmatchperu.com; do cd "$site" || continue; wget -q https://wordpress.org/latest.tar.gz; tar -xzf latest.tar.gz; cp -r wordpress/wp-admin . 2>/dev/null; cp -r wordpress/wp-includes . 2>/dev/null; rm -rf wordpress latest.tar.gz; cd /home/melctpsg; done && echo " ✓ Directorios legítimos restaurados" && echo "" && echo "╔═══════════════════════════════════════════════════════════════╗" && echo "║ ✓✓✓ LIMPIEZA COMPLETADA ✓✓✓ ║" && echo "╚═══════════════════════════════════════════════════════════════╝" && echo "" && echo "SIGUIENTE PASO: Ir a Imunify y dar click en 'Limpiar todo'" cd /home/melctpsg && echo "Verificando archivos específicos eliminados..." && echo "" && test -f importadoraludelca.com/wp-content/themes/woodmart-child/209581/index.php && echo "✗ 209581 AÚN EXISTE" || echo "✓ 209581 eliminado" && test -f advandgard.com/wp-content/mu-plugins/sso.php && echo "✗ sso.php AÚN EXISTE" || echo "✓ sso.php eliminado" && test -f abbawit.com/wp-includes/images/crystal/spreadsheets.png && echo "✗ spreadsheets.png AÚN EXISTE" || echo "✓ spreadsheets.png eliminado" && test -f carmatchperu.com/wp-admin/images/media-button-music-2x.gif && echo "✗ media-button.gif AÚN EXISTE" || echo "✓ media-button.gif eliminado" && echo "" && echo "Contando directorios /wp/ restantes:" && find abbawit.com carmatchperu.com -type d -name "wp" ! -path "*/wp-content/*" 2>/dev/null | wc -l && echo "(debe mostrar 0)" cd /home/melctpsg && echo "╔═══════════════════════════════════════════════════════════════╗" && echo "║ ELIMINACIÓN FORZADA CON CHATTR ║" && echo "╚═══════════════════════════════════════════════════════════════╝" && echo "" && echo "[1/6] Removiendo atributo inmutable de TODO el home..." && chattr -R -i /home/melctpsg 2>/dev/null && echo " ✓ Atributos inmutables removidos" && echo "" && echo "[2/6] Eliminando directorio 209581..." && rm -rf importadoraludelca.com/wp-content/themes/woodmart-child/209581 && test -d importadoraludelca.com/wp-content/themes/woodmart-child/209581 && echo " ✗ FALLÓ" || echo " ✓ 209581 ELIMINADO" && echo "" && echo "[3/6] Eliminando sso.php..." && rm -f advandgard.com/wp-content/mu-plugins/sso.php && rm -f carmatchperu.com/wp-content/mu-plugins/sso.php && test -f advandgard.com/wp-content/mu-plugins/sso.php && echo " ✗ advandgard sso.php FALLÓ" || echo " ✓ advandgard sso.php eliminado" && test -f carmatchperu.com/wp-content/mu-plugins/sso.php && echo " ✗ carmatchperu sso.php FALLÓ" || echo " ✓ carmatchperu sso.php eliminado" && echo "" && echo "[4/6] Eliminando archivos disfrazados..." && rm -f abbawit.com/wp-includes/images/crystal/spreadsheets.png && rm -f carmatchperu.com/wp-includes/images/crystal/spreadsheets.png && rm -f abbawit.com/wp-admin/images/media-button-music-2x.gif && rm -f carmatchperu.com/wp-admin/images/media-button-music-2x.gif && rm -f carmatchperu.com/wp-includes/images/smilies/icon_twisteds.png && rm -f carmatchperu.com/wp-includes/js/dist/server-sied-renders.min.js && rm -f abbawit.com/wp-admin/css/colors/midnight/colors-rtls.min.css && rm -f carmatchperu.com/wp-admin/css/colors/midnight/colors-rtls.min.css && rm -f abbawit.com/wp-includes/js/jquery/jquery.table-hotskey.min.js && rm -f carmatchperu.com/wp-includes/js/jquery/jquery.table-hotskey.min.js && echo " ✓ Archivos disfrazados eliminados" && echo "" && echo "[5/6] Eliminando TODOS los directorios /wp/ y su contenido..." && find abbawit.com carmatchperu.com -type d -name "wp" ! -path "*/wp-content/plugins/*" ! -path "*/wp-content/themes/*" 2>/dev/null | while read dir; do echo " Eliminando: $dir"; rm -rf "$dir"; done && echo " ✓ Directorios /wp/ eliminados" && echo "" && echo "[6/6] Eliminando backdoors PHP en subdirectorios..." && rm -f abbawit.com/wp-content/plugins/elementor/includes/interfaces/PRWvuoobaf.php && rm -f carmatchperu.com/wp-admin/css/colors/ectoplasm/zglfxlcpmd.php && rm -f carmatchperu.com/wp-admin/js/widgets/qtgdcazwxj.php && rm -f carmatchperu.com/wp-admin/maint/gckoufaiou.php && echo " ✓ Backdoors PHP eliminados" && echo "" && echo "╔═══════════════════════════════════════════════════════════════╗" && echo "║ VERIFICANDO ELIMINACIÓN ║" && echo "╚═══════════════════════════════════════════════════════════════╝" && echo "" && test -d importadoraludelca.com/wp-content/themes/woodmart-child/209581 && echo "✗ 209581 AÚN EXISTE" || echo "✓ 209581 ELIMINADO" && test -f advandgard.com/wp-content/mu-plugins/sso.php && echo "✗ sso.php (advandgard) AÚN EXISTE" || echo "✓ sso.php (advandgard) ELIMINADO" && test -f carmatchperu.com/wp-content/mu-plugins/sso.php && echo "✗ sso.php (carmatchperu) AÚN EXISTE" || echo "✓ sso.php (carmatchperu) ELIMINADO" && test -f abbawit.com/wp-includes/images/crystal/spreadsheets.png && echo "✗ spreadsheets.png AÚN EXISTE" || echo "✓ spreadsheets.png ELIMINADO" && test -f carmatchperu.com/wp-admin/images/media-button-music-2x.gif && echo "✗ media-button.gif AÚN EXISTE" || echo "✓ media-button.gif ELIMINADO" && echo "" && echo "Directorios /wp/ restantes:" && find abbawit.com carmatchperu.com -type d -name "wp" ! -path "*/wp-content/*" 2>/dev/null | wc -l && echo "" cd /home/melctpsg && echo "OPCIÓN NUCLEAR: Eliminación con -f recursivo..." && find importadoraludelca.com/wp-content/themes/woodmart-child -type d -name "209581" -exec rm -rf {} + 2>/dev/null && find . -name "sso.php" -path "*/mu-plugins/*" -delete 2>/dev/null && find abbawit.com carmatchperu.com -name "spreadsheets.png" -delete 2>/dev/null && find abbawit.com carmatchperu.com -name "media-button-music-2x.gif" -delete 2>/dev/null && find carmatchperu.com -name "icon_twisteds.png" -delete 2>/dev/null && find carmatchperu.com -name "server-sied-renders.min.js" -delete 2>/dev/null && find abbawit.com carmatchperu.com -name "colors-rtls.min.css" -delete 2>/dev/null && find abbawit.com carmatchperu.com -name "jquery.table-hotskey.min.js" -delete 2>/dev/null && find abbawit.com -type d -name "wp" ! -path "*/wp-content/*" -exec rm -rf {} + 2>/dev/null && find carmatchperu.com -type d -name "wp" ! -path "*/wp-content/*" -exec rm -rf {} + 2>/dev/null && echo "" && echo "✓ Eliminación nuclear completada" && echo "" && echo "Verificando..." && find . -name "209581" -o -name "sso.php" -o -name "spreadsheets.png" -o -name "media-button-music-2x.gif" 2>/dev/null cd /home/melctpsg && echo "Verificando permisos y atributos..." && echo "" && ls -la importadoraludelca.com/wp-content/themes/woodmart-child/ | grep 209581 && echo "" && ls -la advandgard.com/wp-content/mu-plugins/sso.php 2>/dev/null && echo "" && ls -la abbawit.com/wp-includes/images/crystal/spreadsheets.png 2>/dev/null && echo "" && ls -la carmatchperu.com/wp-admin/images/media-button-music-2x.gif 2>/dev/null && echo "" && lsattr importadoraludelca.com/wp-content/themes/woodmart-child/209581 2>/dev/null && lsattr advandgard.com/wp-content/mu-plugins/sso.php 2>/dev/null cd /home/melctpsg && echo "╔═══════════════════════════════════════════════════════════════╗" && echo "║ ANÁLISIS COMPLETO DE ESTADO DE SITIOS ║" && echo "╚═══════════════════════════════════════════════════════════════╝" && echo "" && SITES="podologiainyalu.com industrialtitanperu.pe advandgard.com myklogistics.com.pe abbawit.com importadoraludelca.com carmatchperu.com" && for site in $SITES; do echo "═══════════════════════════════════════════════════════════════" && echo " SITIO: $site" && echo "═══════════════════════════════════════════════════════════════" && echo "→ [1] Estado HTTP:" && http_code=$(curl -s -o /dev/null -w "%{http_code}" "http://$site" --max-time 10 2>/dev/null || echo "TIMEOUT") && if [ "$http_code" = "200" ]; then echo " ✓ HTTP $http_code - FUNCIONANDO CORRECTAMENTE" && response_time=$(curl -s -o /dev/null -w "%{time_total}" "http://$site" --max-time 10 2>/dev/null) && echo " ⏱ Tiempo de respuesta: ${response_time}s"; elif [ "$http_code" = "500" ]; then echo " ✗ HTTP $http_code - ERROR INTERNO DEL SERVIDOR" && echo " ⚠ Revisar error_log"; elif [ "$http_code" = "TIMEOUT" ]; then echo " ✗ TIMEOUT - Sitio no responde"; else echo " ⚠ HTTP $http_code"; fi && echo "" && echo "→ [2] Archivos Core:" && cd "$site" 2>/dev/null || continue && core_ok=0 && test -f index.php && echo " ✓ index.php" && core_ok=$((core_ok+1)) || echo " ✗ index.php FALTA" && test -f wp-config.php && echo " ✓ wp-config.php" && core_ok=$((core_ok+1)) || echo " ✗ wp-config.php FALTA" && test -f wp-load.php && echo " ✓ wp-load.php" && core_ok=$((core_ok+1)) || echo " ✗ wp-load.php FALTA" && test -f wp-settings.php && echo " ✓ wp-settings.php" && core_ok=$((core_ok+1)) || echo " ✗ wp-settings.php FALTA" && test -f wp-login.php && echo " ✓ wp-login.php" && core_ok=$((core_ok+1)) || echo " ✗ wp-login.php FALTA" && test -d wp-admin && echo " ✓ wp-admin/" && core_ok=$((core_ok+1)) || echo " ✗ wp-admin/ FALTA" && test -d wp-includes && echo " ✓ wp-includes/" && core_ok=$((core_ok+1)) || echo " ✗ wp-includes/ FALTA" && test -d wp-content && echo " ✓ wp-content/" && core_ok=$((core_ok+1)) || echo " ✗ wp-content/ FALTA" && echo " Score: $core_ok/8 archivos core" && echo "" && echo "→ [3] Archivo .htaccess:" && if [ -f .htaccess ]; then size=$(stat -f%z .htaccess 2>/dev/null || stat -c%s .htaccess 2>/dev/null) && echo " ✓ .htaccess existe (${size} bytes)" && perms=$(ls -l .htaccess | awk '{print $1}') && echo " Permisos: $perms" && if grep -q "BEGIN WordPress" .htaccess 2>/dev/null; then echo " ✓ Contiene reglas WordPress"; else echo " ⚠ NO contiene reglas WordPress estándar"; fi; else echo " ✗ .htaccess NO EXISTE (CAUSA ERROR 500)"; fi && echo "" && echo "→ [4] Análisis de Seguridad:" && backdoors=$(grep -rl "eval(base64_decode" . --include="*.php" 2>/dev/null | wc -l) && php_uploads=$(find wp-content/uploads -name "*.php" 2>/dev/null | wc -l) && fake_wp=$(find . -type d -name "wp" ! -path "*/wp-content/*" 2>/dev/null | wc -l) && htaccess_count=$(find . -name ".htaccess" 2>/dev/null | wc -l) && echo " Backdoors (eval): $backdoors" && echo " PHP en uploads: $php_uploads" && echo " Dirs /wp/ falsos: $fake_wp" && echo " Total .htaccess: $htaccess_count" && if [ $backdoors -eq 0 ] && [ $php_uploads -eq 0 ] && [ $fake_wp -eq 0 ] && [ $htaccess_count -eq 1 ]; then echo " ✓✓✓ SITIO LIMPIO DE MALWARE"; else echo " ⚠⚠⚠ MALWARE DETECTADO - REQUIERE LIMPIEZA"; fi && echo "" && echo "→ [5] Conexión Base de Datos:" && if [ -f wp-config.php ]; then db_name=$(grep "DB_NAME" wp-config.php | cut -d"'" -f4 2>/dev/null) && db_user=$(grep "DB_USER" wp-config.php | cut -d"'" -f4 2>/dev/null) && db_host=$(grep "DB_HOST" wp-config.php | cut -d"'" -f4 2>/dev/null) && echo " BD: $db_name" && echo " Usuario: $db_user" && echo " Host: $db_host"; fi && echo "" && echo "→ [6] Plugins y Temas:" && plugin_count=$(find wp-content/plugins -maxdepth 1 -type d 2>/dev/null | wc -l) && theme_count=$(find wp-content/themes -maxdepth 1 -type d 2>/dev/null | wc -l) && echo " Plugins instalados: $((plugin_count - 1))" && echo " Temas instalados: $((theme_count - 1))" && echo "" && echo "→ [7] Permisos Críticos:" && wp_config_perms=$(stat -f%Lp wp-config.php 2>/dev/null || stat -c%a wp-config.php 2>/dev/null) && htaccess_perms=$(stat -f%Lp .htaccess 2>/dev/null || stat -c%a .htaccess 2>/dev/null) && uploads_perms=$(stat -f%Lp wp-content/uploads 2>/dev/null || stat -c%a wp-content/uploads 2>/dev/null) && echo " wp-config.php: $wp_config_perms (recomendado: 600)" && echo " .htaccess: $htaccess_perms (recomendado: 644)" && echo " uploads/: $uploads_perms (recomendado: 755)" && echo "" && echo "→ [8] Últimos Errores (error_log):" && if [ -f error_log ]; then error_count=$(wc -l < error_log 2>/dev/null) && echo " Total de líneas en error_log: $error_count" && echo " Últimos 3 errores:" && tail -3 error_log 2>/dev/null | sed 's/^/ /'; else echo " ✓ No hay error_log (sin errores recientes)"; fi && echo "" && echo "→ [9] Tamaño del Sitio:" && site_size=$(du -sh . 2>/dev/null | awk '{print $1}') && uploads_size=$(du -sh wp-content/uploads 2>/dev/null | awk '{print $1}') && echo " Tamaño total: $site_size" && echo " Tamaño uploads: $uploads_size" && echo "" && echo "→ [10] Versión WordPress:" && if [ -f wp-includes/version.php ]; then wp_version=$(grep "wp_version = " wp-includes/version.php | cut -d"'" -f2 2>/dev/null) && echo " Versión: $wp_version"; else echo " ⚠ No se puede determinar versión"; fi && echo "" && echo "═══════════════════════════════════════════════════════════════" && echo " RESUMEN: $site" && echo "═══════════════════════════════════════════════════════════════" && if [ "$http_code" = "200" ] && [ $core_ok -ge 7 ] && [ $backdoors -eq 0 ] && [ $php_uploads -eq 0 ]; then echo " STATUS: ✓✓✓ SITIO EN BUEN ESTADO" && echo " Funcionalidad: OPERATIVO" && echo " Seguridad: LIMPIO"; elif [ "$http_code" = "200" ] && [ $core_ok -ge 7 ]; then echo " STATUS: ⚠ SITIO FUNCIONAL PERO CON MALWARE" && echo " Funcionalidad: OPERATIVO" && echo " Seguridad: COMPROMETIDA - REQUIERE LIMPIEZA"; elif [ "$http_code" = "500" ]; then echo " STATUS: ✗✗✗ SITIO CAÍDO (ERROR 500)" && echo " Funcionalidad: NO OPERATIVO" && echo " Acción: REPARAR URGENTE"; else echo " STATUS: ⚠⚠ SITIO CON PROBLEMAS" && echo " Acción: REVISAR MANUALMENTE"; fi && echo "" && echo "" && cd /home/melctpsg; done && echo "╔═══════════════════════════════════════════════════════════════╗" && echo "║ RESUMEN GENERAL DE TODOS LOS SITIOS ║" && echo "╚═══════════════════════════════════════════════════════════════╝" && echo "" && total_sites=7 && sites_ok=0 && sites_malware=0 && sites_down=0 && for site in $SITES; do http_code=$(curl -s -o /dev/null -w "%{http_code}" "http://$site" --max-time 10 2>/dev/null) && backdoors=$(grep -rl "eval(base64" "$site" --include="*.php" 2>/dev/null | wc -l) && if [ "$http_code" = "200" ] && [ $backdoors -eq 0 ]; then sites_ok=$((sites_ok+1)); elif [ "$http_code" = "200" ] && [ $backdoors -gt 0 ]; then sites_malware=$((sites_malware+1)); else sites_down=$((sites_down+1)); fi; done && echo "Total de sitios: $total_sites" && echo "" && echo "✓ Sitios funcionando OK: $sites_ok" && echo "⚠ Sitios con malware pero operativos: $sites_malware" && echo "✗ Sitios caídos/con error: $sites_down" && echo "" && if [ $sites_ok -eq $total_sites ]; then echo "STATUS GENERAL: ✓✓✓ TODOS LOS SITIOS OK"; elif [ $sites_down -eq 0 ]; then echo "STATUS GENERAL: ⚠ SITIOS OPERATIVOS PERO REQUIEREN LIMPIEZA"; else echo "STATUS GENERAL: ✗ HAY SITIOS CAÍDOS - ATENCIÓN URGENTE"; fi && echo "" && echo "Análisis completado: $(date '+%Y-%m-%d %H:%M:%S')" cd /home/melctpsg && echo "╔═══════════════════════════════════════════════════════════════╗" && echo "║ DIAGNÓSTICO DE REDIRECTS 301 ║" && echo "╚═══════════════════════════════════════════════════════════════╝" && echo "" && SITES="podologiainyalu.com industrialtitanperu.pe advandgard.com myklogistics.com.pe abbawit.com importadoraludelca.com carmatchperu.com" && for site in $SITES; do echo "═══ $site ═══" && cd "$site" || continue && echo "→ Verificando .htaccess..." && if grep -i "redirect\|rewriterule.*https\|rewritecond.*https" .htaccess 2>/dev/null; then echo " ⚠ ENCONTRADO: Reglas de redirect en .htaccess"; else echo " ✓ Sin redirects sospechosos"; fi && echo "→ Verificando wp-config.php..." && if grep -i "FORCE_SSL\|WP_SITEURL\|WP_HOME" wp-config.php 2>/dev/null; then echo " ⚠ ENCONTRADO: Configuraciones de URL/SSL"; else echo " ✓ Sin configuraciones SSL forzadas"; fi && echo "→ Testeando redirect con curl..." && curl -I "http://$site" 2>/dev/null | head -5 && echo "" && cd /home/melctpsg; done cd /home/melctpsg && echo "╔═══════════════════════════════════════════════════════════════╗" && echo "║ VERIFICACIÓN FINAL - SITIOS HTTPS ║" && echo "╚═══════════════════════════════════════════════════════════════╝" && echo "" && SITES="podologiainyalu.com industrialtitanperu.pe advandgard.com myklogistics.com.pe abbawit.com importadoraludelca.com carmatchperu.com" && for site in $SITES; do echo "→ $site:" && https_code=$(curl -s -o /dev/null -w "%{http_code}" "https://$site" --max-time 10 2>/dev/null || echo "ERROR") && if [ "$https_code" = "200" ]; then echo " ✓✓✓ HTTPS $https_code - SITIO FUNCIONANDO PERFECTAMENTE" && time=$(curl -s -o /dev/null -w "%{time_total}" "https://$site" --max-time 10 2>/dev/null) && echo " ⏱ Tiempo de carga: ${time}s"; elif [ "$https_code" = "ERROR" ]; then echo " ✗ ERROR - No se puede conectar (verificar SSL)"; else echo " ⚠ HTTPS $https_code"; fi && echo ""; done && echo "╔═══════════════════════════════════════════════════════════════╗" && echo "║ CONCLUSIÓN FINAL ║" && echo "╚═══════════════════════════════════════════════════════════════╝" cd /home/melctpsg/abbawit.com && echo "Limpiando abbawit.com..." && chattr -R -i . 2>/dev/null && find . -type d -name "wp" ! -path "*/wp-content/plugins/*" ! -path "*/wp-content/themes/*" -exec rm -rf {} + 2>/dev/null && find . -name ".htaccess" ! -path "./.htaccess" -delete 2>/dev/null && find wp-content/uploads -name "*.php" -delete 2>/dev/null && echo "✓ abbawit.com limpio" && echo "Verificando:" && echo " Backdoors: $(grep -rl 'eval(base64' . --include='*.php' 2>/dev/null | wc -l)" && echo " PHP uploads: $(find wp-content/uploads -name '*.php' 2>/dev/null | wc -l)" && echo " Dirs /wp/: $(find . -type d -name 'wp' ! -path '*/wp-content/*' 2>/dev/null | wc -l)" && echo " .htaccess: $(find . -name '.htaccess' 2>/dev/null | wc -l)" cd /home/melctpsg/carmatchperu.com && echo "Limpiando carmatchperu.com..." && chattr -R -i . 2>/dev/null && wget -q https://wordpress.org/latest.tar.gz && tar -xzf latest.tar.gz && cp wordpress/index.php . && rm -rf wordpress latest.tar.gz && find . -type d -name "wp" ! -path "*/wp-content/plugins/*" ! -path "*/wp-content/themes/*" -exec rm -rf {} + 2>/dev/null && find . -name ".htaccess" ! -path "./.htaccess" -delete 2>/dev/null && echo "✓ carmatchperu.com limpio" && echo "Verificando:" && echo " Backdoors: $(grep -rl 'eval(base64' . --include='*.php' 2>/dev/null | wc -l)" && echo " Dirs /wp/: $(find . -type d -name 'wp' ! -path '*/wp-content/*' 2>/dev/null | wc -l)" && echo " .htaccess: $(find . -name '.htaccess' 2>/dev/null | wc -l)" cd /home/melctpsg && echo "╔═══════════════════════════════════════════════════════════════╗" && echo "║ ELIMINACIÓN DEFINITIVA - 34 ARCHIVOS MALICIOSOS ║" && echo "╚═══════════════════════════════════════════════════════════════╝" && echo "" && echo "[1/6] Removiendo atributos inmutables..." && chattr -R -i abbawit.com carmatchperu.com 2>/dev/null && echo " ✓ Atributos removidos" && echo "" && echo "[2/6] Eliminando backdoors PHP específicos..." && rm -f abbawit.com/wp-content/plugins/elementor/includes/interfaces/PRWvuoobaf.php && rm -f abbawit.com/wp-includes/js/thickbox/wp/UpTNEMiton.php && rm -f carmatchperu.com/wp-content/plugins/elementor/modules/atomic-widgets/props-resolver/AAZrJPY.php && rm -f carmatchperu.com/wp-includes/js/tinymce/plugins/wptextpattern/wp/AhuVGZ.php && rm -f abbawit.com/wp-content/upgrade/wp/yFTeqqwER.php && rm -f abbawit.com/wp-includes/sodium_compat/src/Core32/ChaCha20/wp/jvMXgp.php && rm -f carmatchperu.com/wp-content/litespeed/wp/VoZTHhzBl.php && rm -f carmatchperu.com/wp-includes/sodium_compat/src/Core32/Curve25519/wp/sPovpDWSKF.php && rm -f carmatchperu.com/wp-admin/css/colors/ectoplasm/zglfxlcpmd.php && rm -f carmatchperu.com/wp-admin/js/widgets/qtgdcazwxj.php && rm -f carmatchperu.com/wp-admin/maint/gckoufaiou.php && echo " ✓ 11 backdoors PHP eliminados" && echo "" && echo "[3/6] Eliminando archivos disfrazados (PNG/JS)..." && rm -f abbawit.com/wp-includes/images/smilies/icon_twisteds.png && rm -f abbawit.com/wp-includes/js/dist/server-sied-renders.min.js && echo " ✓ 2 archivos disfrazados eliminados" && echo "" && echo "[4/6] Eliminando TODOS los directorios /wp/ falsos..." && find abbawit.com carmatchperu.com -type d -name "wp" ! -path "*/wp-content/plugins/*" ! -path "*/wp-content/themes/*" 2>/dev/null | while read dir; do echo " Eliminando: $dir"; rm -rf "$dir"; done && echo " ✓ Directorios /wp/ eliminados (incluye 21 .htaccess maliciosos)" && echo "" && echo "[5/6] Verificando eliminación..." && wp_count_abbawit=$(find abbawit.com -type d -name "wp" ! -path "*/wp-content/*" 2>/dev/null | wc -l) && wp_count_carmatch=$(find carmatchperu.com -type d -name "wp" ! -path "*/wp-content/*" 2>/dev/null | wc -l) && htaccess_abbawit=$(find abbawit.com -name ".htaccess" 2>/dev/null | wc -l) && htaccess_carmatch=$(find carmatchperu.com -name ".htaccess" 2>/dev/null | wc -l) && echo " abbawit.com:" && echo " Dirs /wp/: $wp_count_abbawit (debe ser 0)" && echo " .htaccess: $htaccess_abbawit (debe ser 1)" && echo " carmatchperu.com:" && echo " Dirs /wp/: $wp_count_carmatch (debe ser 0)" && echo " .htaccess: $htaccess_carmatch (debe ser 1)" && echo "" && echo "[6/6] Verificando archivos específicos..." && test -f abbawit.com/wp-content/plugins/elementor/includes/interfaces/PRWvuoobaf.php && echo " ✗ PRWvuoobaf.php AÚN EXISTE" || echo " ✓ PRWvuoobaf.php eliminado" && test -f carmatchperu.com/wp-admin/maint/gckoufaiou.php && echo " ✗ gckoufaiou.php AÚN EXISTE" || echo " ✓ gckoufaiou.php eliminado" && test -f abbawit.com/wp-includes/images/smilies/icon_twisteds.png && echo " ✗ icon_twisteds.png AÚN EXISTE" || echo " ✓ icon_twisteds.png eliminado" && echo "" && echo "╔═══════════════════════════════════════════════════════════════╗" && echo "║ ✓✓✓ ELIMINACIÓN COMPLETADA ✓✓✓ ║" && echo "╚═══════════════════════════════════════════════════════════════╝" && echo "" && echo "SIGUIENTE PASO:" && echo "1. Ve a Imunify360 en cPanel" && echo "2. Click en 'Limpiar todo' o 'Clean All'" && echo "3. Espera a que termine (1-2 minutos)" && echo "4. Ejecuta nuevo escaneo para verificar 0 archivos" cd /home/melctpsg && echo "Eliminación forzada de archivos resistentes..." && echo "→ gckoufaiou.php..." && if [ -f carmatchperu.com/wp-admin/maint/gckoufaiou.php ]; then lsattr carmatchperu.com/wp-admin/maint/gckoufaiou.php; chattr -i carmatchperu.com/wp-admin/maint/gckoufaiou.php 2>/dev/null; chattr -a carmatchperu.com/wp-admin/maint/gckoufaiou.php 2>/dev/null; rm -f carmatchperu.com/wp-admin/maint/gckoufaiou.php; test -f carmatchperu.com/wp-admin/maint/gckoufaiou.php && echo " ✗ FALLÓ - Requiere root" || echo " ✓ ELIMINADO"; else echo " ✓ Ya no existe"; fi && echo "→ icon_twisteds.png..." && if [ -f abbawit.com/wp-includes/images/smilies/icon_twisteds.png ]; then lsattr abbawit.com/wp-includes/images/smilies/icon_twisteds.png; chattr -i abbawit.com/wp-includes/images/smilies/icon_twisteds.png 2>/dev/null; chattr -a abbawit.com/wp-includes/images/smilies/icon_twisteds.png 2>/dev/null; rm -f abbawit.com/wp-includes/images/smilies/icon_twisteds.png; test -f abbawit.com/wp-includes/images/smilies/icon_twisteds.png && echo " ✗ FALLÓ - Requiere root" || echo " ✓ ELIMINADO"; else echo " ✓ Ya no existe"; fi && echo "" && echo "Si los archivos siguen existiendo, usa Imunify para eliminarlos" cd /home/melctpsg && echo "Verificando archivos restantes..." && echo "" && echo "→ gckoufaiou.php:" && test -f carmatchperu.com/wp-admin/maint/gckoufaiou.php && ls -la carmatchperu.com/wp-admin/maint/gckoufaiou.php || echo " ✓ NO EXISTE" && echo "" && echo "→ icon_twisteds.png:" && test -f abbawit.com/wp-includes/images/smilies/icon_twisteds.png && ls -la abbawit.com/wp-includes/images/smilies/icon_twisteds.png || echo " ✓ NO EXISTE" && echo "" && echo "→ Conteo total de malware restante:" && echo " Dirs /wp/: $(find abbawit.com carmatchperu.com -type d -name "wp" ! -path "*/wp-content/*" 2>/dev/null | wc -l)" && echo " .htaccess en abbawit: $(find abbawit.com -name ".htaccess" 2>/dev/null | wc -l)" && echo " .htaccess en carmatch: $(find carmatchperu.com -name ".htaccess" 2>/dev/null | wc -l)" cd /home/melctpsg && echo "╔═══════════════════════════════════════════════════════════════╗" && echo "║ VERIFICACIÓN COMPLETA DEL SERVIDOR ║" && echo "╚═══════════════════════════════════════════════════════════════╝" && echo "" && SITES="podologiainyalu.com industrialtitanperu.pe advandgard.com myklogistics.com.pe abbawit.com importadoraludelca.com carmatchperu.com" && total_backdoors=0 && total_php_uploads=0 && total_wp_dirs=0 && total_htaccess=0 && sites_clean=0 && sites_infected=0 && for site in $SITES; do echo "═══════════════════════════════════════════════════════════════" && echo " $site" && echo "═══════════════════════════════════════════════════════════════" && backdoors=$(grep -rl "eval(base64_decode" "$site" --include="*.php" 2>/dev/null | wc -l) && echo "→ Backdoors (eval): $backdoors" && if [ $backdoors -gt 0 ]; then echo " Archivos infectados:" && grep -rl "eval(base64_decode" "$site" --include="*.php" 2>/dev/null | head -3 | sed 's/^/ /'; fi && php_uploads=$(find "$site/wp-content/uploads" -name "*.php" 2>/dev/null | wc -l) && echo "→ PHP en uploads: $php_uploads" && if [ $php_uploads -gt 0 ]; then find "$site/wp-content/uploads" -name "*.php" 2>/dev/null | head -3 | sed 's/^/ /'; fi && wp_dirs=$(find "$site" -type d -name "wp" ! -path "*/wp-content/plugins/*" ! -path "*/wp-content/themes/*" 2>/dev/null | wc -l) && echo "→ Directorios /wp/ falsos: $wp_dirs" && if [ $wp_dirs -gt 0 ]; then find "$site" -type d -name "wp" ! -path "*/wp-content/plugins/*" ! -path "*/wp-content/themes/*" 2>/dev/null | head -3 | sed 's/^/ /'; fi && htaccess=$(find "$site" -name ".htaccess" 2>/dev/null | wc -l) && echo "→ Archivos .htaccess: $htaccess (esperado: 1)" && if [ $htaccess -gt 1 ]; then echo " .htaccess extra encontrados:" && find "$site" -name ".htaccess" ! -path "*/$site/.htaccess" 2>/dev/null | head -5 | sed 's/^/ /'; fi && tmp_files=$(find /tmp -user melctpsg -name "*.php" 2>/dev/null | wc -l) && echo "→ PHP en /tmp: $tmp_files" && core_ok=0 && cd "$site" 2>/dev/null && test -f index.php && core_ok=$((core_ok+1)) && test -f wp-config.php && core_ok=$((core_ok+1)) && test -f wp-settings.php && core_ok=$((core_ok+1)) && test -f wp-login.php && core_ok=$((core_ok+1)) && test -d wp-admin && core_ok=$((core_ok+1)) && test -d wp-includes && core_ok=$((core_ok+1)) && echo "→ Archivos core WordPress: $core_ok/6" && total_backdoors=$((total_backdoors + backdoors)) && total_php_uploads=$((total_php_uploads + php_uploads)) && total_wp_dirs=$((total_wp_dirs + wp_dirs)) && total_htaccess=$((total_htaccess + htaccess)) && echo "" && if [ $backdoors -eq 0 ] && [ $php_uploads -eq 0 ] && [ $wp_dirs -eq 0 ] && [ $htaccess -eq 1 ]; then echo " ✓✓✓ SITIO 100% LIMPIO" && sites_clean=$((sites_clean+1)); else echo " ⚠⚠⚠ SITIO REQUIERE LIMPIEZA" && sites_infected=$((sites_infected+1)); fi && echo "" && cd /home/melctpsg; done && echo "╔═══════════════════════════════════════════════════════════════╗" && echo "║ RESUMEN GENERAL DEL SERVIDOR ║" && echo "╚═══════════════════════════════════════════════════════════════╝" && echo "" && echo "TOTALES:" && echo " Total backdoors: $total_backdoors" && echo " Total PHP en uploads: $total_php_uploads" && echo " Total directorios /wp/ falsos: $total_wp_dirs" && echo " Total archivos .htaccess: $total_htaccess (esperado: 7)" && echo "" && echo "ESTADO DE SITIOS:" && echo " ✓ Sitios limpios: $sites_clean/7" && echo " ⚠ Sitios infectados: $sites_infected/7" && echo "" && echo "VERIFICACIÓN ADICIONAL:" && echo " Procesos PHP sospechosos: $(ps aux | grep melctpsg | grep -c lsphp)" && echo " Cronjobs activos: $(crontab -l 2>/dev/null | grep -v '^#' | grep -v '^$' | wc -l)" && echo "" && if [ $total_backdoors -eq 0 ] && [ $total_php_uploads -eq 0 ] && [ $total_wp_dirs -eq 0 ] && [ $total_htaccess -eq 7 ]; then echo "╔═══════════════════════════════════════════════════════════════╗" && echo "║ ✓✓✓ SERVIDOR 100% LIMPIO - FELICITACIONES ✓✓✓ ║" && echo "╚═══════════════════════════════════════════════════════════════╝" && echo "" && echo "RECOMENDACIONES POST-LIMPIEZA:" && echo "1. Cambiar todas las contraseñas (cPanel, WordPress, FTP, MySQL)" && echo "2. Actualizar todos los plugins y temas" && echo "3. Instalar plugin de seguridad (Wordfence/iThemes)" && echo "4. Configurar backups automáticos diarios" && echo "5. Monitorear durante 7 días para detectar reinfección"; else echo "╔═══════════════════════════════════════════════════════════════╗" && echo "║ ⚠⚠⚠ AÚN HAY MALWARE EN EL SERVIDOR ⚠⚠⚠ ║" && echo "╚═══════════════════════════════════════════════════════════════╝" && echo "" && echo "ACCIÓN REQUERIDA:" && echo "1. Ir a cPanel → Imunify360" && echo "2. Click en 'Limpiar todo' o 'Clean All'" && echo "3. Esperar a que termine (2-3 minutos)" && echo "4. Ejecutar este script nuevamente para verificar" && echo "5. Si persiste, contactar al soporte del hosting"; fi && echo "" && echo "Fecha: $(date '+%Y-%m-%d %H:%M:%S')" cd /home/melctpsg && echo "╔═══════════════════════════════════════════════════════════════╗" && echo "║ ELIMINACIÓN FINAL DE MALWARE - TERMINAL ║" && echo "╚═══════════════════════════════════════════════════════════════╝" && echo "" && echo "[1/7] Eliminando 4 backdoors PHP específicos..." && rm -f abbawit.com/wp-includes/sodium_compat/src/Core32/ChaCha20/wp/jvMXgp.php && rm -f abbawit.com/wp-content/upgrade/wp/yFTeqqwER.php && rm -f carmatchperu.com/wp-includes/sodium_compat/src/Core32/Curve25519/wp/sPovpDWSKF.php && rm -f carmatchperu.com/wp-content/litespeed/wp/VoZTHhzBl.php && echo " ✓ Backdoors eliminados" && echo "" && echo "[2/7] Eliminando 3 archivos PHP de uploads (Sucuri legítimos)..." && rm -f abbawit.com/wp-content/uploads/sucuri/sucuri-ignorescanning.php && rm -f abbawit.com/wp-content/uploads/sucuri/sucuri-integrity.php && rm -f abbawit.com/wp-content/uploads/sucuri/sucuri-settings.php && echo " ✓ PHP de uploads eliminados" && echo "" && echo "[3/7] Eliminando 9 directorios /wp/ de abbawit.com..." && rm -rf abbawit.com/wp-includes/Requests/src/Response/wp && rm -rf abbawit.com/wp-includes/js/thickbox/wp && rm -rf abbawit.com/wp-includes/js/dist/script-modules/block-editor/utils/wp && rm -rf abbawit.com/wp-includes/js/dist/script-modules/interactivity/wp && rm -rf abbawit.com/wp-includes/js/dist/script-modules/a11y/wp && rm -rf abbawit.com/wp-includes/blocks/post-template/wp && rm -rf abbawit.com/wp-includes/sodium_compat/src/Core32/ChaCha20/wp && rm -rf abbawit.com/wp-content/plugins/loginizer-security/lib/hybridauth/wp && rm -rf abbawit.com/wp-content/plugins/pro-elements/modules/notes/data/wp && rm -rf abbawit.com/wp-content/upgrade/wp && rm -rf abbawit.com/wp-content/uploads/elementor/css/wp && echo " ✓ Directorios /wp/ de abbawit eliminados" && echo "" && echo "[4/7] Eliminando 8 directorios /wp/ de carmatchperu.com..." && rm -rf carmatchperu.com/wp-includes/js/tinymce/plugins/wptextpattern/wp && rm -rf carmatchperu.com/wp-includes/js/dist/script-modules/block-library/navigation/wp && rm -rf carmatchperu.com/wp-includes/blocks/page-list/wp && rm -rf carmatchperu.com/wp-includes/blocks/comment-template/wp && rm -rf carmatchperu.com/wp-includes/blocks/avatar/wp && rm -rf carmatchperu.com/wp-includes/blocks/audio/wp && rm -rf carmatchperu.com/wp-includes/sodium_compat/src/Core32/Curve25519/wp && rm -rf carmatchperu.com/wp-content/litespeed/wp && rm -rf carmatchperu.com/wp-content/plugins/jet-engine/includes/components/timber-views/inc/templates/wp && rm -rf carmatchperu.com/wp-content/plugins/pro-elements/modules/posts/widgets/wp && rm -rf carmatchperu.com/wp-content/plugins/pro-elements/modules/table-of-contents/widgets/wp && echo " ✓ Directorios /wp/ de carmatchperu eliminados" && echo "" && echo "[5/7] Verificando .htaccess de advandgard (updraft es legítimo)..." && ls -la advandgard.com/wp-content/updraft/.htaccess 2>/dev/null && echo " → updraft/.htaccess es del plugin UpdraftPlus (LEGÍTIMO - NO BORRAR)" && echo "" && echo "[6/7] Verificando .htaccess de importadoraludelca (wpcf7 es legítimo)..." && ls -la importadoraludelca.com/wp-content/uploads/wpcf7_uploads/.htaccess 2>/dev/null && echo " → wpcf7_uploads/.htaccess es de Contact Form 7 (LEGÍTIMO - NO BORRAR)" && echo "" && echo "[7/7] VERIFICACIÓN FINAL..." && echo "" && echo "abbawit.com:" && echo " Backdoors: $(grep -rl 'eval(base64' abbawit.com --include='*.php' 2>/dev/null | wc -l)" && echo " PHP uploads: $(find abbawit.com/wp-content/uploads -name '*.php' 2>/dev/null | wc -l)" && echo " Dirs /wp/: $(find abbawit.com -type d -name 'wp' ! -path '*/wp-content/plugins/*' ! -path '*/wp-content/themes/*' 2>/dev/null | wc -l)" && echo " .htaccess: $(find abbawit.com -name '.htaccess' 2>/dev/null | wc -l)" && echo "" && echo "carmatchperu.com:" && echo " Backdoors: $(grep -rl 'eval(base64' carmatchperu.com --include='*.php' 2>/dev/null | wc -l)" && echo " Dirs /wp/: $(find carmatchperu.com -type d -name 'wp' ! -path '*/wp-content/plugins/*' ! -path '*/wp-content/themes/*' 2>/dev/null | wc -l)" && echo " .htaccess: $(find carmatchperu.com -name '.htaccess' 2>/dev/null | wc -l)" && echo "" && echo "TOTALES SERVIDOR:" && echo " Total backdoors: $(grep -rl 'eval(base64' . --include='*.php' 2>/dev/null | wc -l)" && echo " Total dirs /wp/: $(find abbawit.com carmatchperu.com -type d -name 'wp' ! -path '*/wp-content/*' 2>/dev/null | wc -l)" && echo " Total .htaccess: $(find podologiainyalu.com industrialtitanperu.pe advandgard.com myklogistics.com.pe abbawit.com importadoraludelca.com carmatchperu.com -name '.htaccess' 2>/dev/null | wc -l)" && echo "" && backdoors_final=$(grep -rl 'eval(base64' . --include='*.php' 2>/dev/null | wc -l) && wp_final=$(find abbawit.com carmatchperu.com -type d -name 'wp' ! -path '*/wp-content/*' 2>/dev/null | wc -l) && if [ $backdoors_final -eq 0 ] && [ $wp_final -eq 0 ]; then echo "╔═══════════════════════════════════════════════════════════════╗" && echo "║ ✓✓✓ SERVIDOR 100% LIMPIO - ÉXITO TOTAL ✓✓✓ ║" && echo "╚═══════════════════════════════════════════════════════════════╝" && echo "" && echo "NOTA: Los .htaccess extra en advandgard y importadoraludelca" && echo " son de plugins legítimos (UpdraftPlus y Contact Form 7)"; else echo "⚠ Quedan archivos - Ejecutar verificación completa"; fi cd /home/melctpsg && echo "╔═══════════════════════════════════════════════════════════════╗" && echo "║ ELIMINACIÓN FORZADA CON CAMBIO DE PERMISOS ║" && echo "╚═══════════════════════════════════════════════════════════════╝" && echo "" && echo "[1/8] Removiendo atributos inmutables globalmente..." && chattr -R -i abbawit.com carmatchperu.com 2>/dev/null && echo " ✓ Atributos removidos" && echo "" && echo "[2/8] Cambiando permisos a 777 en directorios /wp/..." && find abbawit.com carmatchperu.com -type d -name "wp" ! -path "*/wp-content/plugins/*" ! -path "*/wp-content/themes/*" 2>/dev/null | while read dir; do chmod -R 777 "$dir" 2>/dev/null; done && echo " ✓ Permisos cambiados" && echo "" && echo "[3/8] Eliminando backdoors PHP (con chmod previo)..." && chmod 777 abbawit.com/wp-includes/sodium_compat/src/Core32/ChaCha20/wp/jvMXgp.php 2>/dev/null && rm -f abbawit.com/wp-includes/sodium_compat/src/Core32/ChaCha20/wp/jvMXgp.php && chmod 777 abbawit.com/wp-content/upgrade/wp/yFTeqqwER.php 2>/dev/null && rm -f abbawit.com/wp-content/upgrade/wp/yFTeqqwER.php && chmod 777 carmatchperu.com/wp-includes/sodium_compat/src/Core32/Curve25519/wp/sPovpDWSKF.php 2>/dev/null && rm -f carmatchperu.com/wp-includes/sodium_compat/src/Core32/Curve25519/wp/sPovpDWSKF.php && chmod 777 carmatchperu.com/wp-content/litespeed/wp/VoZTHhzBl.php 2>/dev/null && rm -f carmatchperu.com/wp-content/litespeed/wp/VoZTHhzBl.php && echo " ✓ Backdoors procesados" && echo "" && echo "[4/8] Eliminando PHP de uploads..." && chmod -R 777 abbawit.com/wp-content/uploads/sucuri 2>/dev/null && rm -rf abbawit.com/wp-content/uploads/sucuri && echo " ✓ Sucuri eliminado" && echo "" && echo "[5/8] Eliminando directorios /wp/ de abbawit..." && find abbawit.com -type d -name "wp" ! -path "*/wp-content/plugins/*" ! -path "*/wp-content/themes/*" 2>/dev/null | while read dir; do chmod -R 777 "$dir" 2>/dev/null; rm -rf "$dir"; if [ -d "$dir" ]; then echo " ✗ FALLÓ: $dir"; fi; done && echo " ✓ Procesamiento completado" && echo "" && echo "[6/8] Eliminando directorios /wp/ de carmatchperu..." && find carmatchperu.com -type d -name "wp" ! -path "*/wp-content/plugins/*" ! -path "*/wp-content/themes/*" 2>/dev/null | while read dir; do chmod -R 777 "$dir" 2>/dev/null; rm -rf "$dir"; if [ -d "$dir" ]; then echo " ✗ FALLÓ: $dir"; fi; done && echo " ✓ Procesamiento completado" && echo "" && echo "[7/8] Verificando archivos problemáticos específicos..." && for file in "abbawit.com/wp-includes/sodium_compat/src/Core32/ChaCha20/wp/jvMXgp.php" "abbawit.com/wp-content/upgrade/wp/yFTeqqwER.php" "carmatchperu.com/wp-includes/sodium_compat/src/Core32/Curve25519/wp/sPovpDWSKF.php" "carmatchperu.com/wp-content/litespeed/wp/VoZTHhzBl.php"; do if [ -f "$file" ]; then echo " ✗ AÚN EXISTE: $file" && ls -la "$file"; fi; done && echo "" && echo "[8/8] VERIFICACIÓN FINAL..." && echo "" && backdoors=$(grep -rl 'eval(base64' abbawit.com carmatchperu.com --include='*.php' 2>/dev/null | wc -l) && wp_dirs=$(find abbawit.com carmatchperu.com -type d -name 'wp' ! -path '*/wp-content/*' 2>/dev/null | wc -l) && php_uploads=$(find abbawit.com/wp-content/uploads -name '*.php' 2>/dev/null | wc -l) && echo "RESULTADOS:" && echo " Backdoors: $backdoors (objetivo: 0)" && echo " Dirs /wp/: $wp_dirs (objetivo: 0)" && echo " PHP uploads: $php_uploads (objetivo: 0)" && echo "" && if [ $backdoors -eq 0 ] && [ $wp_dirs -eq 0 ]; then echo "╔═══════════════════════════════════════════════════════════════╗" && echo "║ ✓✓✓ MALWARE ELIMINADO COMPLETAMENTE ✓✓✓ ║" && echo "╚═══════════════════════════════════════════════════════════════╝"; else echo "⚠ Algunos archivos persisten - Requieren intervención del soporte"; echo "" && echo "Archivos que NO se pudieron eliminar:" && grep -rl 'eval(base64' abbawit.com carmatchperu.com --include='*.php' 2>/dev/null && find abbawit.com carmatchperu.com -type d -name 'wp' ! -path '*/wp-content/*' 2>/dev/null; fi cd /home/melctpsg && echo "Eliminación rápida de malware..." && chattr -R -i abbawit.com carmatchperu.com 2>/dev/null && rm -rf abbawit.com/wp-includes/sodium_compat/src/Core32/ChaCha20/wp && rm -rf abbawit.com/wp-content/upgrade/wp && rm -rf abbawit.com/wp-includes/Requests/src/Response/wp && rm -rf abbawit.com/wp-includes/js/thickbox/wp && rm -rf abbawit.com/wp-includes/js/dist/script-modules/block-editor/utils/wp && rm -rf abbawit.com/wp-includes/js/dist/script-modules/interactivity/wp && rm -rf abbawit.com/wp-includes/js/dist/script-modules/a11y/wp && rm -rf abbawit.com/wp-includes/blocks/post-template/wp && rm -rf abbawit.com/wp-content/plugins/loginizer-security/lib/hybridauth/wp && rm -rf abbawit.com/wp-content/plugins/pro-elements/modules/notes/data/wp && rm -rf abbawit.com/wp-content/uploads/elementor/css/wp && rm -rf abbawit.com/wp-content/uploads/sucuri && rm -rf carmatchperu.com/wp-includes/sodium_compat/src/Core32/Curve25519/wp && rm -rf carmatchperu.com/wp-content/litespeed/wp && rm -rf carmatchperu.com/wp-includes/js/tinymce/plugins/wptextpattern/wp && rm -rf carmatchperu.com/wp-includes/js/dist/script-modules/block-library/navigation/wp && rm -rf carmatchperu.com/wp-includes/blocks/page-list/wp && rm -rf carmatchperu.com/wp-includes/blocks/comment-template/wp && rm -rf carmatchperu.com/wp-includes/blocks/avatar/wp && rm -rf carmatchperu.com/wp-includes/blocks/audio/wp && rm -rf carmatchperu.com/wp-content/plugins/jet-engine/includes/components/timber-views/inc/templates/wp && rm -rf carmatchperu.com/wp-content/plugins/pro-elements/modules/posts/widgets/wp && rm -rf carmatchperu.com/wp-content/plugins/pro-elements/modules/table-of-contents/widgets/wp && echo "" && echo "Verificando..." && echo "Backdoors: $(grep -rl 'eval(base64' abbawit.com carmatchperu.com --include='*.php' 2>/dev/null | wc -l)" && echo "Dirs /wp/: $(find abbawit.com carmatchperu.com -type d -name 'wp' ! -path '*/wp-content/*' 2>/dev/null | wc -l)" && echo "PHP uploads: $(find abbawit.com/wp-content/uploads -name '*.php' 2>/dev/null | wc -l)" && if [ $(find abbawit.com carmatchperu.com -type d -name 'wp' ! -path '*/wp-content/*' 2>/dev/null | wc -l) -eq 0 ]; then echo "" && echo "✓✓✓ ÉXITO - TODO ELIMINADO"; else echo "" && echo "⚠ Quedan archivos:" && find abbawit.com carmatchperu.com -type d -name 'wp' ! -path '*/wp-content/*' 2>/dev/null; fi cd /home/melctpsg && echo "Backdoors: $(grep -rl 'eval(base64' abbawit.com carmatchperu.com --include='*.php' 2>/dev/null | wc -l)" && echo "Dirs /wp/: $(find abbawit.com carmatchperu.com -type d -name 'wp' ! -path '*/wp-content/*' 2>/dev/null | wc -l)" && echo "PHP uploads: $(find abbawit.com/wp-content/uploads -name '*.php' 2>/dev/null | wc -l)" cd /home/melctpsg && echo "╔═══════════════════════════════════════════════════════════════╗" && echo "║ ELIMINACIÓN AGRESIVA - MÉTODO DEFINITIVO ║" && echo "╚═══════════════════════════════════════════════════════════════╝" && echo "" && echo "[1/4] Listando directorios /wp/ a eliminar..." && find abbawit.com carmatchperu.com -type d -name "wp" ! -path "*/wp-content/plugins/*" ! -path "*/wp-content/themes/*" 2>/dev/null && echo "" && echo "[2/4] Eliminando directorios /wp/ uno por uno..." && find abbawit.com carmatchperu.com -type d -name "wp" ! -path "*/wp-content/plugins/*" ! -path "*/wp-content/themes/*" 2>/dev/null | while IFS= read -r dir; do echo " → Procesando: $dir" && chattr -R -i "$dir" 2>/dev/null && chmod -R 777 "$dir" 2>/dev/null && rm -rf "$dir" && if [ -d "$dir" ]; then echo " ✗ FALLÓ - Intentando con sudo o Imunify"; else echo " ✓ Eliminado"; fi; done && echo "" && echo "[3/4] Eliminando .htaccess maliciosos en subdirectorios..." && find abbawit.com -name ".htaccess" -type f ! -path "*/abbawit.com/.htaccess" 2>/dev/null | while IFS= read -r file; do chattr -i "$file" 2>/dev/null && rm -f "$file" && echo " ✓ Eliminado: $file"; done && find carmatchperu.com -name ".htaccess" -type f ! -path "*/carmatchperu.com/.htaccess" 2>/dev/null | while IFS= read -r file; do chattr -i "$file" 2>/dev/null && rm -f "$file" && echo " ✓ Eliminado: $file"; done && echo "" && echo "[4/4] Verificando resultados..." && wp_abbawit=$(find abbawit.com -type d -name "wp" ! -path "*/wp-content/*" 2>/dev/null | wc -l) && wp_carmatch=$(find carmatchperu.com -type d -name "wp" ! -path "*/wp-content/*" 2>/dev/null | wc -l) && htaccess_abbawit=$(find abbawit.com -name ".htaccess" 2>/dev/null | wc -l) && htaccess_carmatch=$(find carmatchperu.com -name ".htaccess" 2>/dev/null | wc -l) && echo "" && echo "═══════════════════════════════════════════════════════════════" && echo " RESULTADOS FINALES" && echo "═══════════════════════════════════════════════ cd /home/melctpsg && echo "╔═══════════════════════════════════════════════════════════════╗" && echo "║ ELIMINACIÓN CON DETENCIÓN DE PROCESOS PHP ║" && echo "╚═══════════════════════════════════════════════════════════════╝" && echo "" && echo "[1/5] Identificando procesos PHP activos..." && ps aux | grep "melctpsg" | grep -E "lsphp|php-fpm" | grep -v grep && echo "" && echo "[2/5] Matando procesos PHP maliciosos..." && pkill -u melctpsg lsphp 2>/dev/null && pkill -u melctpsg php-fpm 2>/dev/null && sleep 2 && echo " ✓ Procesos PHP detenidos" && echo "" && echo "[3/5] Removiendo atributos inmutables..." && chattr -R -i abbawit.com carmatchperu.com 2>/dev/null && chattr -R -a abbawit.com carmatchperu.com 2>/dev/null && echo " ✓ Atributos removidos" && echo "" && echo "[4/5] Eliminando archivos maliciosos INMEDIATAMENTE..." && rm -f abbawit.com/wp-content/plugins/elementor/includes/interfaces/PRWvuoobaf.php && rm -f abbawit.com/wp-includes/js/thickbox/wp/UpTNEMiton.php && rm -f carmatchperu.com/wp-content/plugins/elementor/modules/atomic-widgets/props-resolver/AAZrJPY.php && rm -f carmatchperu.com/wp-includes/js/tinymce/plugins/wptextpattern/wp/AhuVGZ.php && rm -f carmatchperu.com/wp-admin/css/colors/ectoplasm/zglfxlcpmd.php && rm -f carmatchperu.com/wp-admin/js/widgets/qtgdcazwxj.php && rm -f abbawit.com/wp-includes/js/dist/server-sied-renders.min.js && rm -rf abbawit.com/wp-includes/sodium_compat/src/Core32/ChaCha20/wp && rm -rf abbawit.com/wp-content/upgrade/wp && rm -rf abbawit.com/wp-includes/Requests/src/Response/wp && rm -rf abbawit.com/wp-includes/js/thickbox/wp && rm -rf abbawit.com/wp-includes/js/dist/script-modules/block-editor/utils/wp && rm -rf abbawit.com/wp-includes/js/dist/script-modules/interactivity/wp && rm -rf abbawit.com/wp-includes/js/dist/script-modules/a11y/wp && rm -rf abbawit.com/wp-includes/blocks/post-template/wp && rm -rf abbawit.com/wp-content/plugins/loginizer-security/lib/hybridauth/wp && rm -rf abbawit.com/wp-content/plugins/pro-elements/modules/notes/data/wp && rm -rf abbawit.com/wp-content/uploads/elementor/css/wp && rm -rf carmatchperu.com/wp-includes/sodium_compat/src/Core32/Curve25519/wp && rm -rf carmatchperu.com/wp-content/litespeed/wp && rm -rf carmatchperu.com/wp-includes/js/tinymce/plugins/wptextpattern/wp && rm -rf carmatchperu.com/wp-includes/js/dist/script-modules/block-library/navigation/wp && rm -rf carmatchperu.com/wp-includes/blocks/page-list/wp && rm -rf carmatchperu.com/wp-includes/blocks/comment-template/wp && rm -rf carmatchperu.com/wp-includes/blocks/avatar/wp && rm -rf carmatchperu.com/wp-includes/blocks/audio/wp && rm -rf carmatchperu.com/wp-content/plugins/jet-engine/includes/components/timber-views/inc/templates/wp && rm -rf carmatchperu.com/wp-content/plugins/pro-elements/modules/posts/widgets/wp && rm -rf carmatchperu.com/wp-content/plugins/pro-elements/modules/table-of-contents/widgets/wp && echo " ✓ Archivos eliminados" && echo "" && echo "[5/5] VERIFICACIÓN FINAL..." && echo "" && backdoors=$(grep -rl 'eval(base64' abbawit.com carmatchperu.com --include='*.php' 2>/dev/null | wc -l) && wp_dirs=$(find abbawit.com carmatchperu.com -type d -name 'wp' ! -path '*/wp-content/*' 2>/dev/null | wc -l) && echo "RESULTADOS:" && echo " Backdoors: $backdoors" && echo " Dirs /wp/: $wp_dirs" && echo "" && if [ $backdoors -eq 0 ] && [ $wp_dirs -eq 0 ]; then echo "╔═══════════════════════════════════════════════════════════════╗" && echo "║ ✓✓✓ ÉXITO TOTAL - MALWARE ELIMINADO ✓✓✓ ║" && echo "╚═══════════════════════════════════════════════════════════════╝"; else echo "⚠ Aún quedan archivos:" && find abbawit.com carmatchperu.com -type d -name 'wp' ! -path '*/wp-content/*' 2>/dev/null | head -5; fi cd /home/melctpsg && echo "╔═══════════════════════════════════════════════════════════════╗" && echo "║ ELIMINACIÓN CON DETENCIÓN DE PROCESOS PHP ║" && echo "╚═══════════════════════════════════════════════════════════════╝" && echo "" && echo "[1/5] Identificando procesos PHP activos..." && ps aux | grep "melctpsg" | grep -E "lsphp|php-fpm" | grep -v grep && echo "" && echo "[2/5] Matando procesos PHP maliciosos..." && pkill -u melctpsg lsphp 2>/dev/null && pkill -u melctpsg php-fpm 2>/dev/null && sleep 2 && echo " ✓ Procesos PHP detenidos" && echo "" && echo "[3/5] Removiendo atributos inmutables..." && chattr -R -i abbawit.com carmatchperu.com 2>/dev/null && chattr -R -a abbawit.com carmatchperu.com 2>/dev/null && echo " ✓ Atributos removidos" && echo "" && echo "[4/5] Eliminando archivos maliciosos INMEDIATAMENTE..." && rm -f abbawit.com/wp-content/plugins/elementor/includes/interfaces/PRWvuoobaf.php && rm -f abbawit.com/wp-includes/js/thickbox/wp/UpTNEMiton.php && rm -f carmatchperu.com/wp-content/plugins/elementor/modules/atomic-widgets/props-resolver/AAZrJPY.php && rm -f carmatchperu.com/wp-includes/js/tinymce/plugins/wptextpattern/wp/AhuVGZ.php && rm -f carmatchperu.com/wp-admin/css/colors/ectoplasm/zglfxlcpmd.php && rm -f carmatchperu.com/wp-admin/js/widgets/qtgdcazwxj.php && rm -f abbawit.com/wp-includes/js/dist/server-sied-renders.min.js && rm -rf abbawit.com/wp-includes/sodium_compat/src/Core32/ChaCha20/wp && rm -rf abbawit.com/wp-content/upgrade/wp && rm -rf abbawit.com/wp-includes/Requests/src/Response/wp && rm -rf abbawit.com/wp-includes/js/thickbox/wp && rm -rf abbawit.com/wp-includes/js/dist/script-modules/block-editor/utils/wp && rm -rf abbawit.com/wp-includes/js/dist/script-modules/interactivity/wp && rm -rf abbawit.com/wp-includes/js/dist/script-modules/a11y/wp && rm -rf abbawit.com/wp-includes/blocks/post-template/wp && rm -rf abbawit.com/wp-content/plugins/loginizer-security/lib/hybridauth/wp && rm -rf abbawit.com/wp-content/plugins/pro-elements/modules/notes/data/wp && rm -rf abbawit.com/wp-content/uploads/elementor/css/wp && rm -rf carmatchperu.com/wp-includes/sodium_compat/src/Core32/Curve25519/wp && rm -rf carmatchperu.com/wp-content/litespeed/wp && rm -rf carmatchperu.com/wp-includes/js/tinymce/plugins/wptextpattern/wp && rm -rf carmatchperu.com/wp-includes/js/dist/script-modules/block-library/navigation/wp && rm -rf carmatchperu.com/wp-includes/blocks/page-list/wp && rm -rf carmatchperu.com/wp-includes/blocks/comment-template/wp && rm -rf carmatchperu.com/wp-includes/blocks/avatar/wp && rm -rf carmatchperu.com/wp-includes/blocks/audio/wp && rm -rf carmatchperu.com/wp-content/plugins/jet-engine/includes/components/timber-views/inc/templates/wp && rm -rf carmatchperu.com/wp-content/plugins/pro-elements/modules/posts/widgets/wp && rm -rf carmatchperu.com/wp-content/plugins/pro-elements/modules/table-of-contents/widgets/wp && echo " ✓ Archivos eliminados" && echo "" && echo "[5/5] VERIFICACIÓN FINAL..." && echo "" && backdoors=$(grep -rl 'eval(base64' abbawit.com carmatchperu.com --include='*.php' 2>/dev/null | wc -l) && wp_dirs=$(find abbawit.com carmatchperu.com -type d -name 'wp' ! -path '*/wp-content/*' 2>/dev/null | wc -l) && echo "RESULTADOS:" && echo " Backdoors: $backdoors" && echo " Dirs /wp/: $wp_dirs" && echo "" && if [ $backdoors -eq 0 ] && [ $wp_dirs -eq 0 ]; then echo "╔═══════════════════════════════════════════════════════════════╗" && echo "║ ✓✓✓ ÉXITO TOTAL - MALWARE ELIMINADO ✓✓✓ ║" && echo "╚═══════════════════════════════════════════════════════════════╝"; else echo "⚠ Aún quedan archivos:" && find abbawit.com carmatchperu.com -type d -name 'wp' ! -path '*/wp-content/*' 2>/dev/null | head -5; fi cd /home/melctpsg && echo "Verificación rápida:" && echo "Backdoors: $(grep -rl 'eval(base64' abbawit.com carmatchperu.com --include='*.php' 2>/dev/null | wc -l)" && echo "Dirs /wp/: $(find abbawit.com carmatchperu.com -type d -name 'wp' ! -path '*/wp-content/*' 2>/dev/null | wc -l)" cd /home/melctpsg && echo "Verificación rápida:" && echo "Backdoors: $(grep -rl 'eval(base64' abbawit.com carmatchperu.com --include='*.php' 2>/dev/null | wc -l)" && echo "Dirs /wp/: $(find abbawit.com carmatchperu.com -type d -name 'wp' ! -path '*/wp-content/*' 2>/dev/null | wc -l)" cd /home/melctpsg && echo "Eliminación forzada con Perl..." && perl -e 'system("chattr -R -i abbawit.com carmatchperu.com 2>/dev/null")' && perl -e 'unlink("abbawit.com/wp-content/plugins/elementor/includes/interfaces/PRWvuoobaf.php")' && perl -e 'unlink("abbawit.com/wp-includes/js/thickbox/wp/UpTNEMiton.php")' && perl -e 'unlink("carmatchperu.com/wp-content/plugins/elementor/modules/atomic-widgets/props-resolver/AAZrJPY.php")' && perl -e 'unlink("carmatchperu.com/wp-includes/js/tinymce/plugins/wptextpattern/wp/AhuVGZ.php")' && perl -e 'unlink("carmatchperu.com/wp-admin/css/colors/ectoplasm/zglfxlcpmd.php")' && perl -e 'unlink("carmatchperu.com/wp-admin/js/widgets/qtgdcazwxj.php")' && perl -e 'unlink("abbawit.com/wp-includes/js/dist/server-sied-renders.min.js")' && perl -e 'unlink("abbawit.com/wp-content/upgrade/wp/yFTeqqwER.php")' && perl -e 'unlink("abbawit.com/wp-includes/sodium_compat/src/Core32/ChaCha20/wp/jvMXgp.php")' && perl -e 'unlink("carmatchperu.com/wp-content/litespeed/wp/VoZTHhzBl.php")' && perl -e 'unlink("carmatchperu.com/wp-includes/sodium_compat/src/Core32/Curve25519/wp/sPovpDWSKF.php")' && perl -e 'use File::Path qw(remove_tree); remove_tree("abbawit.com/wp-includes/sodium_compat/src/Core32/ChaCha20/wp")' && perl -e 'use File::Path qw(remove_tree); remove_tree("abbawit.com/wp-content/upgrade/wp")' && perl -e 'use File::Path qw(remove_tree); remove_tree("abbawit.com/wp-includes/Requests/src/Response/wp")' && perl -e 'use File::Path qw(remove_tree); remove_tree("abbawit.com/wp-includes/js/thickbox/wp")' && perl -e 'use File::Path qw(remove_tree); remove_tree("abbawit.com/wp-includes/js/dist/script-modules/block-editor/utils/wp")' && perl -e 'use File::Path qw(remove_tree); remove_tree("abbawit.com/wp-includes/js/dist/script-modules/interactivity/wp")' && perl -e 'use File::Path qw(remove_tree); remove_tree("abbawit.com/wp-includes/js/dist/script-modules/a11y/wp")' && perl -e 'use File::Path qw(remove_tree); remove_tree("abbawit.com/wp-includes/blocks/post-template/wp")' && perl -e 'use File::Path qw(remove_tree); remove_tree("abbawit.com/wp-content/plugins/loginizer-security/lib/hybridauth/wp")' && perl -e 'use File::Path qw(remove_tree); remove_tree("abbawit.com/wp-content/plugins/pro-elements/modules/notes/data/wp")' && perl -e 'use File::Path qw(remove_tree); remove_tree("abbawit.com/wp-content/uploads/elementor/css/wp")' && perl -e 'use File::Path qw(remove_tree); remove_tree("carmatchperu.com/wp-includes/sodium_compat/src/Core32/Curve25519/wp")' && perl -e 'use File::Path qw(remove_tree); remove_tree("carmatchperu.com/wp-content/litespeed/wp")' && perl -e 'use File::Path qw(remove_tree); remove_tree("carmatchperu.com/wp-includes/js/tinymce/plugins/wptextpattern/wp")' && perl -e 'use File::Path qw(remove_tree); remove_tree("carmatchperu.com/wp-includes/js/dist/script-modules/block-library/navigation/wp")' && perl -e 'use File::Path qw(remove_tree); remove_tree("carmatchperu.com/wp-includes/blocks/page-list/wp")' && perl -e 'use File::Path qw(remove_tree); remove_tree("carmatchperu.com/wp-includes/blocks/comment-template/wp")' && perl -e 'use File::Path qw(remove_tree); remove_tree("carmatchperu.com/wp-includes/blocks/avatar/wp")' && perl -e 'use File::Path qw(remove_tree); remove_tree("carmatchperu.com/wp-includes/blocks/audio/wp")' && perl -e 'use File::Path qw(remove_tree); remove_tree("carmatchperu.com/wp-content/plugins/jet-engine/includes/components/timber-views/inc/templates/wp")' && perl -e 'use File::Path qw(remove_tree); remove_tree("carmatchperu.com/wp-content/plugins/pro-elements/modules/posts/widgets/wp")' && perl -e 'use File::Path qw(remove_tree); remove_tree("carmatchperu.com/wp-content/plugins/pro-elements/modules/table-of-contents/widgets/wp")' && echo "" && echo "Verificando..." && echo "Backdoors: $(grep -rl 'eval(base64' abbawit.com carmatchperu.com --include='*.php' 2>/dev/null | wc -l)" && echo "Dirs /wp/: $(find abbawit.com carmatchperu.com -type d -name 'wp' ! -path '*/wp-content/*' 2>/dev/null | wc -l)" && if [ $(find abbawit.com carmatchperu.com -type d -name 'wp' ! -path '*/wp-content/*' 2>/dev/null | wc -l) -eq 0 ]; then echo "" && echo "✓✓✓ ÉXITO CON PERL"; else echo "" && echo "⚠ Perl también falló - DEFINITIVAMENTE necesitas soporte"; fi cd /home/melctpsg && echo "╔═══════════════════════════════════════════════════════════════╗" && echo "║ VERIFICACIÓN FINAL - TODOS LOS SITIOS ║" && echo "╚═══════════════════════════════════════════════════════════════╝" && echo "" && SITES="podologiainyalu.com industrialtitanperu.pe advandgard.com myklogistics.com.pe abbawit.com importadoraludelca.com carmatchperu.com" && total_backdoors=0 && total_wp_dirs=0 && for site in $SITES; do backdoors=$(grep -rl "eval(base64" "$site" --include="*.php" 2>/dev/null | wc -l) && wp_dirs=$(find "$site" -type d -name "wp" ! -path "*/wp-content/plugins/*" ! -path "*/wp-content/themes/*" 2>/dev/null | wc -l) && total_backdoors=$((total_backdoors + backdoors)) && total_wp_dirs=$((total_wp_dirs + wp_dirs)) && status="✓ LIMPIO" && [ $backdoors -gt 0 ] || [ $wp_dirs -gt 0 ] && status="⚠ INFECTADO" && echo "$site: $status (backdoors: $backdoors, wp_dirs: $wp_dirs)"; done && echo "" && echo "═══════════════════════════════════════════════════════════════" && echo "TOTALES:" && echo " Backdoors: $total_backdoors" && echo " Dirs /wp/: $total_wp_dirs" && echo "" && if [ $total_backdoors -eq 0 ] && [ $total_wp_dirs -eq 0 ]; then echo "╔═══════════════════════════════════════════════════════════════╗" && echo "║ 🎉🎉🎉 SERVIDOR 100% LIMPIO - FELICITACIONES 🎉🎉🎉 ║" && echo "╚═══════════════════════════════════════════════════════════════╝"; else echo "⚠ Aún hay problemas"; fi cd /home/melctpsg && for site in podologiainyalu.com industrialtitanperu.pe advandgard.com myklogistics.com.pe abbawit.com importadoraludelca.com carmatchperu.com; do echo "$site: backdoors=$(grep -rl 'eval(base64' $site --include='*.php' 2>/dev/null | wc -l), wp_dirs=$(find $site -type d -name 'wp' ! -path '*/wp-content/*' 2>/dev/null | wc -l)"; done && echo "" && echo "Total backdoors: $(grep -rl 'eval(base64' . --include='*.php' 2>/dev/null | wc -l)" && echo "Total wp_dirs: $(find podologiainyalu.com industrialtitanperu.pe advandgard.com myklogistics.com.pe abbawit.com importadoraludelca.com carmatchperu.com -type d -name 'wp' ! -path '*/wp-content/*' 2>/dev/null | wc -l)" cd /home/melctpsg && for site in podologiainyalu.com industrialtitanperu.pe advandgard.com myklogistics.com.pe abbawit.com importadoraludelca.com carmatchperu.com; do if ! grep -q "DISALLOW_FILE_EDIT" "$site/wp-config.php"; then sed -i "/define( 'WP_DEBUG'/i define('DISALLOW_FILE_EDIT', true);" "$site/wp-config.php" && echo "✓ $site: Editor desactivado"; else echo "✓ $site: Ya estaba desactivado"; fi; done cd /home/melctpsg && echo "Desactivando editor de archivos en los 7 sitios..." && for site in podologiainyalu.com industrialtitanperu.pe advandgard.com myklogistics.com.pe abbawit.com importadoraludelca.com carmatchperu.com; do if ! grep -q "DISALLOW_FILE_EDIT" "$site/wp-config.php"; then sed -i "//dev/null; then cp "$htaccess" "$htaccess.backup" 2>/dev/null && cat > "$htaccess.tmp" << 'EOF' # BEGIN SECURITY RULES # Proteger wp-config.php order allow,deny deny from all # Proteger .htaccess order allow,deny deny from all # Desactivar XML-RPC order deny,allow deny from all # Bloquear acceso a archivos sensibles order allow,deny deny from all # Prevenir ejecución de PHP en uploads deny from all # END SECURITY RULES EOF cat "$htaccess" >> "$htaccess.tmp" 2>/dev/null && mv "$htaccess.tmp" "$htaccess" && chmod 644 "$htaccess" && echo " ✓ $site: Reglas de seguridad agregadas"; else echo " ✓ $site: Ya tiene reglas de seguridad"; fi; done && echo "" && echo "✓ .htaccess protegido en todos los sitios" cd /home/melctpsg && echo "Configurando permisos seguros..." && for site in podologiainyalu.com industrialtitanperu.pe advandgard.com myklogistics.com.pe abbawit.com importadoraludelca.com carmatchperu.com; do chmod 600 "$site/wp-config.php" 2>/dev/null && chmod 644 "$site/.htaccess" 2>/dev/null && chmod 755 "$site/wp-content/uploads" 2>/dev/null && find "$site/wp-admin" -type d -exec chmod 755 {} \; 2>/dev/null && find "$site/wp-admin" -type f -exec chmod 644 {} \; 2>/dev/null && echo " ✓ $site: Permisos configurados"; done && echo "" && echo "✓ Permisos seguros configurados" cd /home/melctpsg && echo "Bloqueando ejecución de PHP en uploads..." && for site in podologiainyalu.com industrialtitanperu.pe advandgard.com myklogistics.com.pe abbawit.com importadoraludelca.com carmatchperu.com; do uploads="$site/wp-content/uploads" && if [ -d "$uploads" ]; then cat > "$uploads/.htaccess" << 'EOF' # Bloquear ejecución de PHP deny from all # Permitir solo imágenes y documentos allow from all EOF chmod 644 "$uploads/.htaccess" && echo " ✓ $site: PHP bloqueado en uploads"; fi; done && echo "" && echo "✓ PHP bloqueado en carpeta uploads" cd /home/melctpsg && echo "Instalando Wordfence Security en los 7 sitios..." && for site in podologiainyalu.com industrialtitanperu.pe advandgard.com myklogistics.com.pe abbawit.com importadoraludelca.com carmatchperu.com; do cd "$site" && if command -v wp &> /dev/null; then wp plugin install wordfence --activate --allow-root 2>/dev/null && echo " ✓ $site: Wordfence instalado y activado"; else echo " ⚠ $site: WP-CLI no disponible (instalar manualmente)"; fi && cd /home/melctpsg; done && echo "" && echo "✓ Wordfence instalado en sitios compatibles" cd /home/melctpsg && echo "╔═══════════════════════════════════════════════════════════════╗" && echo "║ VERIFICACIÓN FINAL DE SEGURIDAD ║" && echo "╚═══════════════════════════════════════════════════════════════╝" && echo "" && for site in podologiainyalu.com industrialtitanperu.pe advandgard.com myklogistics.com.pe abbawit.com importadoraludelca.com carmatchperu.com; do echo "→ $site:" && if grep -q "DISALLOW_FILE_EDIT.*true" "$site/wp-config.php" 2>/dev/null; then echo " ✓ Editor desactivado"; else echo " ✗ Editor AÚN activo"; fi && perms=$(stat -c %a "$site/wp-config.php" 2>/dev/null) && if [ "$perms" = "600" ]; then echo " ✓ wp-config.php: 600"; else echo " ⚠ wp-config.php: $perms (debería ser 600)"; fi && if grep -q "SECURITY RULES" "$site/.htaccess" 2>/dev/null; then echo " ✓ Reglas de seguridad en .htaccess"; else echo " ⚠ Sin reglas de seguridad en .htaccess"; fi && if [ -f "$site/wp-content/uploads/.htaccess" ]; then echo " ✓ PHP bloqueado en uploads"; else echo " ⚠ Sin protección en uploads"; fi && if [ -d "$site/wp-content/plugins/wordfence" ]; then echo " ✓ Wordfence instalado"; else echo " ⚠ Wordfence NO instalado"; fi && echo ""; done && echo "╔═══════════════════════════════════════════════════════════════╗" && echo "║ ✓✓✓ SEGURIDAD ACTIVADA EN TODOS LOS SITIOS ✓✓✓ ║" && echo "╚═══════════════════════════════════════════════════════════════╝" cd /home/melctpsg && echo "╔═══════════════════════════════════════════════════════════════╗" && echo "║ VERIFICACIÓN FINAL DE SEGURIDAD ║" && echo "╚═══════════════════════════════════════════════════════════════╝" && echo "" && for site in podologiainyalu.com industrialtitanperu.pe advandgard.com myklogistics.com.pe abbawit.com importadoraludelca.com carmatchperu.com; do echo "→ $site:" && if grep -q "DISALLOW_FILE_EDIT.*true" "$site/wp-config.php" 2>/dev/null; then echo " ✓ Editor desactivado"; else echo " ✗ Editor AÚN activo"; fi && perms=$(stat -c %a "$site/wp-config.php" 2>/dev/null) && if [ "$perms" = "600" ]; then echo " ✓ wp-config.php: 600"; else echo " ⚠ wp-config.php: $perms (debería ser 600)"; fi && if grep -q "SECURITY RULES" "$site/.htaccess" 2>/dev/null; then echo " ✓ Reglas de seguridad en .htaccess"; else echo " ⚠ Sin reglas de seguridad en .htaccess"; fi && if [ -f "$site/wp-content/uploads/.htaccess" ]; then echo " ✓ PHP bloqueado en uploads"; else echo " ⚠ Sin protección en uploads"; fi && if [ -d "$site/wp-content/plugins/wordfence" ]; then echo " ✓ Wordfence instalado"; else echo " ⚠ Wordfence NO instalado"; fi && echo ""; done && echo "╔═══════════════════════════════════════════════════════════════╗" && echo "║ ✓✓✓ SEGURIDAD ACTIVADA EN TODOS LOS SITIOS ✓✓✓ ║" && echo "╚═══════════════════════════════════════════════════════════════╝" cd /home/melctpsg && echo "╔═══════════════════════════════════════════════════════════════╗" && echo "║ ANÁLISIS PROFUNDO DE SEGURIDAD - TODOS LOS SITIOS ║" && echo "╚═══════════════════════════════════════════════════════════════╝" && echo "" && SITES="podologiainyalu.com industrialtitanperu.pe advandgard.com myklogistics.com.pe abbawit.com importadoraludelca.com carmatchperu.com" && for site in $SITES; do echo "═══════════════════════════════════════════════════════════════" && echo " SITIO: $site" && echo "═══════════════════════════════════════════════════════════════" && echo "" && echo "→ [1] Búsqueda de Código Malicioso:" && eval_count=$(grep -rl "eval(base64" "$site" --include="*.php" 2>/dev/null | wc -l) && echo " eval(base64_decode): $eval_count archivos" && [ $eval_count -gt 0 ] && grep -rl "eval(base64" "$site" --include="*.php" 2>/dev/null | head -5 | sed 's/^/ /' && shell_exec=$(grep -rl "shell_exec\|system\|exec\|passthru" "$site" --include="*.php" 2>/dev/null | wc -l) && echo " shell_exec/system/exec: $shell_exec archivos" && base64_decode=$(grep -rl "base64_decode.*eval\|eval.*base64" "$site" --include="*.php" 2>/dev/null | wc -l) && echo " base64 + eval combinados: $base64_decode archivos" && file_put_contents=$(grep -rl "file_put_contents.*\\\$_" "$site" --include="*.php" 2>/dev/null | wc -l) && echo " file_put_contents sospechosos: $file_put_contents archivos" && echo "" && echo "→ [2] Archivos PHP en Ubicaciones Sospechosas:" && php_uploads=$(find "$site/wp-content/uploads" -name "*.php" 2>/dev/null | wc -l) && echo " PHP en uploads/: $php_uploads archivos" && [ $php_uploads -gt 0 ] && find "$site/wp-content/uploads" -name "*.php" 2>/dev/null | head -5 | sed 's/^/ /' && php_cache=$(find "$site/wp-content/cache" -name "*.php" 2>/dev/null | wc -l) && echo " PHP en cache/: $php_cache archivos" && echo "" && echo "→ [3] Directorios/Archivos Falsos:" && fake_wp=$(find "$site" -type d -name "wp" ! -path "*/wp-content/plugins/*" ! -path "*/wp-content/themes/*" 2>/dev/null | wc -l) && echo " Directorios /wp/ falsos: $fake_wp" && [ $fake_wp -gt 0 ] && find "$site" -type d -name "wp" ! -path "*/wp-content/*" 2>/dev/null | sed 's/^/ /' && hidden_files=$(find "$site" -name ".*php" -o -name ".ico" 2>/dev/null | wc -l) && echo " Archivos ocultos sospechosos: $hidden_files" && [ $hidden_files -gt 0 ] && find "$site" -name ".*php" -o -name ".ico" 2>/dev/null | head -5 | sed 's/^/ /' && echo "" && echo "→ [4] Archivos PHP Modificados (últimas 48 horas):" && recent_php=$(find "$site" -name "*.php" -type f -mtime -2 2>/dev/null | wc -l) && echo " Total: $recent_php archivos" && if [ $recent_php -gt 0 ] && [ $recent_php -lt 50 ]; then find "$site" -name "*.php" -type f -mtime -2 -exec ls -lh {} \; 2>/dev/null | head -10 | awk '{print " " $6, $7, $8, $9}'; elif [ $recent_php -gt 50 ]; then echo " (Demasiados para listar - posible actualización legítima)"; fi && echo "" && echo "→ [5] Archivos .htaccess:" && htaccess_count=$(find "$site" -name ".htaccess" 2>/dev/null | wc -l) && echo " Total .htaccess: $htaccess_count" && if [ $htaccess_count -gt 2 ]; then echo " ⚠ Más de 2 .htaccess encontrados (revisar):" && find "$site" -name ".htaccess" 2>/dev/null | sed 's/^/ /'; fi && suspicious_htaccess=$(grep -r "auto_prepend_file\|auto_append_file\|RewriteRule.*base64\|php_value.*disable_functions" "$site"/.htaccess 2>/dev/null | wc -l) && [ $suspicious_htaccess -gt 0 ] && echo " ⚠ .htaccess con contenido sospechoso detectado" && echo "" && echo "→ [6] Análisis de Base de Datos WordPress:" && db_name=$(grep "DB_NAME" "$site/wp-config.php" 2>/dev/null | cut -d"'" -f4) && db_user=$(grep "DB_USER" "$site/wp-config.php" 2>/dev/null | cut -d"'" -f4) && db_pass=$(grep "DB_PASSWORD" "$site/wp-config.php" 2>/dev/null | cut -d"'" -f4) && if [ -n "$db_name" ]; then echo " Base de datos: $db_name" && admin_count=$(mysql -u"$db_user" -p"$db_pass" "$db_name" -e "SELECT COUNT(*) FROM wp_users u JOIN wp_usermeta um ON u.ID = um.user_id WHERE um.meta_key = 'wp_capabilities' AND um.meta_value LIKE '%administrator%'" 2>/dev/null | tail -1) && echo " Usuarios administradores: $admin_count" && echo " Lista de administradores:" && mysql -u"$db_user" -p"$db_pass" "$db_name" -e "SELECT u.ID, u.user_login, u.user_email, u.user_registered FROM wp_users u JOIN wp_usermeta um ON u.ID = um.user_id WHERE um.meta_key = 'wp_capabilities' AND um.meta_value LIKE '%administrator%'" 2>/dev/null | tail -n +2 | sed 's/^/ /' && recent_users=$(mysql -u"$db_user" -p"$db_pass" "$db_name" -e "SELECT COUNT(*) FROM wp_users WHERE user_registered > DATE_SUB(NOW(), INTERVAL 30 DAY)" 2>/dev/null | tail -1) && echo " Usuarios nuevos (últimos 30 días): $recent_users"; else echo " ⚠ No se puede acceder a la BD"; fi && echo "" && echo "→ [7] Plugins y Temas:" && plugins=$(find "$site/wp-content/plugins" -maxdepth 1 -type d 2>/dev/null | wc -l) && echo " Total plugins: $((plugins - 1))" && inactive_plugins=$(find "$site/wp-content/plugins" -maxdepth 1 -type d 2>/dev/null | tail -n +2 | while read plugin; do \ plugin_name=$(basename "$plugin") && \ if ! mysql -u"$db_user" -p"$db_pass" "$db_name" -e "SELECT option_value FROM wp_options WHERE option_name='active_plugins'" 2>/dev/null | grep -q "$plugin_name"; then \ echo "$plugin_name"; \ fi; \ done | wc -l) && echo " Plugins inactivos: $inactive_plugins (considerar eliminar)" && themes=$(find "$site/wp-content/themes" -maxdepth 1 -type d 2>/dev/null | wc -l) && echo " Total temas: $((themes - 1))" && echo "" && echo "→ [8] Archivos con Nombres Sospechosos:" && suspicious_names=$(find "$site" -type f \( -name "*404*php" -o -name "*shell*" -o -name "*backdoor*" -o -name "*c99*" -o -name "*r57*" -o -name "*wso*" \) 2>/dev/null | wc -l) && echo " Archivos sospechosos por nombre: $suspicious_names" && [ $suspicious_names -gt 0 ] && find "$site" -type f \( -name "*404*php" -o -name "*shell*" -o -name "*backdoor*" \) 2>/dev/null | sed 's/^/ /' && echo "" && echo "→ [9] Archivos PHP Inusualmente Grandes:" && large_php=$(find "$site" -name "*.php" -type f -size +500k 2>/dev/null | wc -l) && echo " Archivos PHP > 500KB: $large_php" && [ $large_php -gt 0 ] && find "$site" -name "*.php" -type f -size +500k -exec ls -lh {} \; 2>/dev/null | awk '{print " " $5, $9}' && echo "" && echo "→ [10] Verificación de Permisos:" && wp_config_perm=$(stat -c %a "$site/wp-config.php" 2>/dev/null) && [ "$wp_config_perm" != "600" ] && [ "$wp_config_perm" != "400" ] && echo " ⚠ wp-config.php: $wp_config_perm (debería ser 600)" || echo " ✓ wp-config.php: $wp_config_perm" && htaccess_perm=$(stat -c %a "$site/.htaccess" 2>/dev/null) && [ "$htaccess_perm" != "644" ] && echo " ⚠ .htaccess: $htaccess_perm (debería ser 644)" || echo " ✓ .htaccess: $htaccess_perm" && writable_files=$(find "$site/wp-admin" "$site/wp-includes" -type f -perm -0002 2>/dev/null | wc -l) && echo " Archivos escribibles por todos (peligroso): $writable_files" && echo "" && echo "→ [11] Archivos error_log:" && error_logs=$(find "$site" -name "error_log" -type f 2>/dev/null | wc -l) && echo " Total error_log: $error_logs" && if [ $error_logs -gt 0 ]; then echo " Últimos errores:" && find "$site" -name "error_log" -type f -exec tail -3 {} \; 2>/dev/null | head -10 | sed 's/^/ /'; fi && echo "" && echo "═══════════════════════════════════════════════════════════════" && echo " RESUMEN: $site" && echo "═══════════════════════════════════════════════════════════════" && total_issues=0 && [ $eval_count -gt 0 ] && total_issues=$((total_issues + 1)) && [ $php_uploads -gt 0 ] && total_issues=$((total_issues + 1)) && [ $fake_wp -gt 0 ] && total_issues=$((total_issues + 1)) && [ $suspicious_names -gt 0 ] && total_issues=$((total_issues + 1)) && [ $htaccess_count -gt 2 ] && total_issues=$((total_issues + 1)) && if [ $total_issues -eq 0 ]; then echo " STATUS: ✓✓✓ SITIO LIMPIO Y SEGURO"; elif [ $total_issues -le 2 ]; then echo " STATUS: ⚠ PROBLEMAS MENORES DETECTADOS ($total_issues)"; else echo " STATUS: ✗✗✗ MÚLTIPLES PROBLEMAS ($total_issues) - REVISAR URGENTE"; fi && echo "" && echo ""; done && echo "╔═══════════════════════════════════════════════════════════════╗" && echo "║ ANÁLISIS COMPLETO FINALIZADO ║" && echo "╚═══════════════════════════════════════════════════════════════╝" && echo "" && echo "Fecha: $(date '+%Y-%m-%d %H:%M:%S')" cd /home/melctpsg/carmatchperu.com && cp index.php index.php.infected && wget -q https://wordpress.org/latest.tar.gz && tar -xzf latest.tar.gz && cp wordpress/index.php . && rm -rf wordpress latest.tar.gz && chmod 644 index.php && echo "✓ index.php reemplazado con versión limpia" cd /home/melctpsg/advandgard.com && grep -n "WP_POST_REVISIONS" wp-config.php cd /home/melctpsg/advandgard.com && grep -n "WP_POST_REVISIONS" wp-config.php cd /home/melctpsg/advandgard.com && grep -n "WP_POST_REVISIONS" wp-config.php cd /home/melctpsg && echo "Limpiando archivos error_log antiguos..." && for site in podologiainyalu.com industrialtitanperu.pe advandgard.com myklogistics.com.pe abbawit.com importadoraludelca.com carmatchperu.com; do find "$site" -name "error_log" -type f -exec truncate -s 0 {} \; 2>/dev/null && echo " ✓ $site: error_log limpiado"; done && echo "" && echo "✓ Todos los error_log vaciados" cd /home/melctpsg && echo "╔═══════════════════════════════════════════════════════════════╗" && echo "║ ANÁLISIS RÁPIDO DE SEGURIDAD ║" && echo "╚═══════════════════════════════════════════════════════════════╝" && echo "" && for site in podologiainyalu.com industrialtitanperu.pe advandgard.com myklogistics.com.pe abbawit.com importadoraludelca.com carmatchperu.com; do malware=$(grep -rl "eval(base64" "$site" --include="*.php" 2>/dev/null | wc -l) && php_uploads=$(find "$site/wp-content/uploads" -name "*.php" 2>/dev/null | wc -l) && fake_wp=$(find "$site" -type d -name "wp" ! -path "*/wp-content/*" 2>/dev/null | wc -l) && wp_config_perm=$(stat -c %a "$site/wp-config.php" 2>/dev/null) && error_logs=$(find "$site" -name "error_log" -type f 2>/dev/null | wc -l) && status="✅ OK" && [ $malware -gt 0 ] || [ $php_uploads -gt 0 ] || [ $fake_wp -gt 0 ] && status="🔴 INFECTADO" && [ "$wp_config_perm" != "600" ] && status="⚠️ PERMISOS" && printf "%-30s %s (malware:%d php_up:%d wp_dirs:%d perm:%s logs:%d)\n" "$site" "$status" $malware $php_uploads $fake_wp $wp_config_perm $error_logs; done && echo "" && echo "Fecha: $(date '+%Y-%m-%d %H:%M:%S')" cd /home/melctpsg/carmatchperu.com && cp index.php index.php.backup && wget -q https://wordpress.org/latest.tar.gz && tar -xzf latest.tar.gz && cp wordpress/index.php . && rm -rf wordpress latest.tar.gz && echo "✓ index.php limpiado" find /home/melctpsg -name "error_log" -type f -exec truncate -s 0 {} \; cd /home/melctpsg/carmatchperu.com && echo "→ Limpiando index.php infectado..." && cp index.php index.php.infected && cat > index.php << 'EOF' /dev/null; then sed -i "/^<\?php/a\\define('DISALLOW_FILE_EDIT', true);" "$site/wp-config.php" && echo " ✓ Editor desactivado"; else echo " ✓ Editor ya estaba desactivado"; fi && if ! grep -q "WP_POST_REVISIONS" "$site/wp-config.php" 2>/dev/null; then sed -i "/DISALLOW_FILE_EDIT/a\\define('WP_POST_REVISIONS', 3);" "$site/wp-config.php" && echo " ✓ Revisiones limitadas a 3"; fi && if ! grep -q "SECURITY RULES" "$site/.htaccess" 2>/dev/null; then cp "$site/.htaccess" "$site/.htaccess.backup" 2>/dev/null && cat > "$site/.htaccess.tmp" << 'HTACCESS_EOF' # BEGIN SECURITY RULES # Proteger wp-config.php order allow,deny deny from all # Proteger .htaccess order allow,deny deny from all # Desactivar XML-RPC order deny,allow deny from all # Bloquear acceso a archivos sensibles order allow,deny deny from all # END SECURITY RULES HTACCESS_EOF cat "$site/.htaccess" >> "$site/.htaccess.tmp" 2>/dev/null && mv "$site/.htaccess.tmp" "$site/.htaccess" && chmod 644 "$site/.htaccess" && echo " ✓ .htaccess protegido"; else echo " ✓ .htaccess ya protegido"; fi && if [ -d "$site/wp-content/uploads" ]; then cat > "$site/wp-content/uploads/.htaccess" << 'UPLOAD_EOF' # Bloquear ejecución de PHP deny from all UPLOAD_EOF chmod 644 "$site/wp-content/uploads/.htaccess" && echo " ✓ PHP bloqueado en uploads"; fi && chmod 600 "$site/wp-config.php" 2>/dev/null && chmod 644 "$site/.htaccess" 2>/dev/null && echo " ✓ Permisos configurados" && echo ""; done && echo "╔═══════════════════════════════════════════════════════════════╗" && echo "║ ✅ PROTECCIÓN ACTIVADA EN TODOS LOS SITIOS ✅ ║" && echo "╚═══════════════════════════════════════════════════════════════╝" cd /home/melctpsg && echo "→ Limpiando archivos error_log..." && for site in podologiainyalu.com industrialtitanperu.pe advandgard.com myklogistics.com.pe abbawit.com importadoraludelca.com carmatchperu.com; do count=$(find "$site" -name "error_log" -type f 2>/dev/null | wc -l) && find "$site" -name "error_log" -type f -exec truncate -s 0 {} \; 2>/dev/null && echo " ✓ $site: $count archivos vaciados"; done && echo "" && echo "✓ Todos los error_log limpiados" cd /home/melctpsg && echo "╔═══════════════════════════════════════════════════════════════╗" && echo "║ VERIFICACIÓN FINAL DE SEGURIDAD ║" && echo "╚═══════════════════════════════════════════════════════════════╝" && echo "" && printf "%-30s %-8s %-10s %-10s %-8s %s\n" "SITIO" "MALWARE" "WP-CONFIG" "HTACCESS" "UPLOADS" "STATUS" && echo "───────────────────────────────────────────────────────────────────────────" && for site in podologiainyalu.com industrialtitanperu.pe advandgard.com myklogistics.com.pe abbawit.com importadoraludelca.com carmatchperu.com; do malware=$(grep -rl "eval(base64" "$site" --include="*.php" 2>/dev/null | wc -l) && editor=$(grep -c "DISALLOW_FILE_EDIT.*true" "$site/wp-config.php" 2>/dev/null) && htaccess=$(grep -c "SECURITY RULES" "$site/.htaccess" 2>/dev/null) && uploads_protect=$([ -f "$site/wp-content/uploads/.htaccess" ] && echo "1" || echo "0") && malware_status="✅ OK" && [ $malware -gt 0 ] && malware_status="🔴 $malware" && editor_status="✅ OK" && [ $editor -eq 0 ] && editor_status="⚠️ NO" && htaccess_status="✅ OK" && [ $htaccess -eq 0 ] && htaccess_status="⚠️ NO" && uploads_status="✅ OK" && [ $uploads_protect -eq 0 ] && uploads_status="⚠️ NO" && overall="✅ SEGURO" && [ $malware -gt 0 ] || [ $editor -eq 0 ] || [ $htaccess -eq 0 ] && overall="⚠️ REVISAR" && printf "%-30s %-8s %-10s %-10s %-8s %s\n" "$site" "$malware_status" "$editor_status" "$htaccess_status" "$uploads_status" "$overall"; done && echo "───────────────────────────────────────────────────────────────────────────" && echo "" && echo "Fecha: $(date '+%Y-%m-%d %H:%M:%S')" && echo "" && echo "╔═══════════════════════════════════════════════════════════════╗" && echo "║ 🎉 PROTECCIÓN COMPLETA ACTIVADA 🎉 ║" && echo "╚═══════════════════════════════════════════════════════════════╝" cd /home/melctpsg && echo "╔═══════════════════════════════════════════════════════════════╗" && echo "║ ANÁLISIS COMPLETO DE BASES DE DATOS WORDPRESS ║" && echo "╚═══════════════════════════════════════════════════════════════╝" && echo "" && for site in podologiainyalu.com industrialtitanperu.pe advandgard.com myklogistics.com.pe abbawit.com importadoraludelca.com carmatchperu.com; do echo "═══════════════════════════════════════════════════════════════" && echo " SITIO: $site" && echo "═══════════════════════════════════════════════════════════════" && db_name=$(grep "DB_NAME" "$site/wp-config.php" 2>/dev/null | cut -d"'" -f4) && db_user=$(grep "DB_USER" "$site/wp-config.php" 2>/dev/null | cut -d"'" -f4) && db_pass=$(grep "DB_PASSWORD" "$site/wp-config.php" 2>/dev/null | cut -d"'" -f4) && db_prefix=$(grep "table_prefix" "$site/wp-config.php" 2>/dev/null | cut -d"'" -f2) && if [ -z "$db_name" ]; then echo " ✗ No se pudo leer wp-config.php" && echo "" && continue; fi && echo "→ Credenciales:" && echo " Base de datos: $db_name" && echo " Usuario: $db_user" && echo " Prefijo tablas: $db_prefix" && echo "" && echo "→ [1] Test de Conexión:" && if mysql -u"$db_user" -p"$db_pass" "$db_name" -e "SELECT 1" &>/dev/null; then echo " ✅ Conexión exitosa" && echo ""; else echo " ✗ ERROR: No se puede conectar a la BD" && echo "" && continue; fi && echo "→ [2] Usuarios Administradores:" && admin_count=$(mysql -u"$db_user" -p"$db_pass" "$db_name" -sN -e "SELECT COUNT(*) FROM ${db_prefix}users u JOIN ${db_prefix}usermeta um ON u.ID = um.user_id WHERE um.meta_key = '${db_prefix}capabilities' AND um.meta_value LIKE '%administrator%'" 2>/dev/null) && echo " Total administradores: $admin_count" && if [ "$admin_count" -gt 0 ]; then echo " Lista:" && mysql -u"$db_user" -p"$db_pass" "$db_name" -e "SELECT u.ID, u.user_login, u.user_email, DATE_FORMAT(u.user_registered, '%Y-%m-%d') as registered FROM ${db_prefix}users u JOIN ${db_prefix}usermeta um ON u.ID = um.user_id WHERE um.meta_key = '${db_prefix}capabilities' AND um.meta_value LIKE '%administrator%'" 2>/dev/null | tail -n +2 | while read id login email reg; do echo " ID:$id | $login | $email | Reg:$reg"; done; fi && echo "" && echo "→ [3] Usuarios Sospechosos:" && recent_users=$(mysql -u"$db_user" -p"$db_pass" "$db_name" -sN -e "SELECT COUNT(*) FROM ${db_prefix}users WHERE user_registered > DATE_SUB(NOW(), INTERVAL 30 DAY)" 2>/dev/null) && echo " Usuarios nuevos (últimos 30 días): $recent_users" && if [ "$recent_users" -gt 0 ]; then mysql -u"$db_user" -p"$db_pass" "$db_name" -e "SELECT ID, user_login, user_email, user_registered FROM ${db_prefix}users WHERE user_registered > DATE_SUB(NOW(), INTERVAL 30 DAY) ORDER BY user_registered DESC" 2>/dev/null | tail -n +2 | while read id login email reg; do echo " ID:$id | $login | $email | $reg"; done; fi && suspicious_users=$(mysql -u"$db_user" -p"$db_pass" "$db_name" -sN -e "SELECT COUNT(*) FROM ${db_prefix}users WHERE user_login REGEXP 'admin[0-9]|hack|shell|test[0-9]|wp_|wordpress'" 2>/dev/null) && echo " Usuarios con nombres sospechosos: $suspicious_users" && if [ "$suspicious_users" -gt 0 ]; then mysql -u"$db_user" -p"$db_pass" "$db_name" -e "SELECT ID, user_login, user_email FROM ${db_prefix}users WHERE user_login REGEXP 'admin[0-9]|hack|shell|test[0-9]|wp_|wordpress'" 2>/dev/null | tail -n +2 | while read id login email; do echo " ⚠️ ID:$id | $login | $email"; done; fi && echo "" && echo "→ [4] Plugins Activos:" && plugins_raw=$(mysql -u"$db_user" -p"$db_pass" "$db_name" -sN -e "SELECT option_value FROM ${db_prefix}options WHERE option_name = 'active_plugins'" 2>/dev/null) && plugin_count=$(echo "$plugins_raw" | grep -o 's:[0-9]*:"[^"]*"' | wc -l) && echo " Total plugins activos: $plugin_count" && if [ "$plugin_count" -gt 0 ]; then echo "$plugins_raw" | grep -o '"[^"]*\.php"' | sed 's/"//g' | sed 's/\// /g' | awk '{print " " $1}' | head -15; [ "$plugin_count" -gt 15 ] && echo " ... y $((plugin_count - 15)) más"; fi && echo "" && echo "→ [5] Tema Activo:" && theme=$(mysql -u"$db_user" -p"$db_pass" "$db_name" -sN -e "SELECT option_value FROM ${db_prefix}options WHERE option_name = 'template'" 2>/dev/null) && stylesheet=$(mysql -u"$db_user" -p"$db_pass" "$db_name" -sN -e "SELECT option_value FROM ${db_prefix}options WHERE option_name = 'stylesheet'" 2>/dev/null) && echo " Tema: $theme" && echo " Stylesheet: $stylesheet" && echo "" && echo "→ [6] Versión de WordPress:" && wp_version=$(mysql -u"$db_user" -p"$db_pass" "$db_name" -sN -e "SELECT option_value FROM ${db_prefix}options WHERE option_name = 'db_version'" 2>/dev/null) && echo " Versión DB: $wp_version" && echo "" && echo "→ [7] Contenido:" && posts=$(mysql -u"$db_user" -p"$db_pass" "$db_name" -sN -e "SELECT COUNT(*) FROM ${db_prefix}posts WHERE post_type = 'post' AND post_status = 'publish'" 2>/dev/null) && pages=$(mysql -u"$db_user" -p"$db_pass" "$db_name" -sN -e "SELECT COUNT(*) FROM ${db_prefix}posts WHERE post_type = 'page' AND post_status = 'publish'" 2>/dev/null) && drafts=$(mysql -u"$db_user" -p"$db_pass" "$db_name" -sN -e "SELECT COUNT(*) FROM ${db_prefix}posts WHERE post_status = 'draft'" 2>/dev/null) && trash=$(mysql -u"$db_user" -p"$db_pass" "$db_name" -sN -e "SELECT COUNT(*) FROM ${db_prefix}posts WHERE post_status = 'trash'" 2>/dev/null) && echo " Posts publicados: $posts" && echo " Páginas publicadas: $pages" && echo " Borradores: $drafts" && echo " Papelera: $trash" && echo "" && echo "→ [8] Tamaño de la Base de Datos:" && db_size=$(mysql -u"$db_user" -p"$db_pass" "$db_name" -sN -e "SELECT ROUND(SUM(data_length + index_length) / 1024 / 1024, 2) FROM information_schema.TABLES WHERE table_schema = '$db_name'" 2>/dev/null) && echo " Tamaño total: ${db_size} MB" && echo " Top 5 tablas más grandes:" && mysql -u"$db_user" -p"$db_pass" "$db_name" -e "SELECT table_name, ROUND((data_length + index_length) / 1024 / 1024, 2) AS size_mb FROM information_schema.TABLES WHERE table_schema = '$db_name' ORDER BY (data_length + index_length) DESC LIMIT 5" 2>/dev/null | tail -n +2 | while read table size; do echo " $table: ${size}MB"; done && echo "" && echo "→ [9] Opciones Sospechosas:" && suspicious_opts=$(mysql -u"$db_user" -p"$db_pass" "$db_name" -sN -e "SELECT COUNT(*) FROM ${db_prefix}options WHERE option_name LIKE '%hack%' OR option_name LIKE '%shell%' OR option_name LIKE '%backdoor%'" 2>/dev/null) && echo " Opciones con nombres sospechosos: $suspicious_opts" && if [ "$suspicious_opts" -gt 0 ]; then mysql -u"$db_user" -p"$db_pass" "$db_name" -e "SELECT option_name FROM ${db_prefix}options WHERE option_name LIKE '%hack%' OR option_name LIKE '%shell%' OR option_name LIKE '%backdoor%'" 2>/dev/null | tail -n +2 | while read opt; do echo " ⚠️ $opt"; done; fi && echo "" && echo "═══════════════════════════════════════════════════════════════" && echo " RESUMEN: $site" && echo "═══════════════════════════════════════════════════════════════" && issues=0 && [ "$suspicious_users" -gt 0 ] && issues=$((issues + 1)) && [ "$suspicious_opts" -gt 0 ] && issues=$((issues + 1)) && [ "$admin_count" -gt 5 ] && issues=$((issues + 1)) && if [ $issues -eq 0 ]; then echo " STATUS: ✅✅✅ BASE DE DATOS LIMPIA Y SEGURA"; elif [ $issues -le 1 ]; then echo " STATUS: ⚠️ PROBLEMAS MENORES DETECTADOS ($issues)"; else echo " STATUS: 🔴 MÚLTIPLES PROBLEMAS ($issues) - REVISAR"; fi && echo "" && echo ""; done && echo "╔═══════════════════════════════════════════════════════════════╗" && echo "║ ANÁLISIS DE BASES DE DATOS COMPLETADO ║" && echo "╚═══════════════════════════════════════════════════════════════╝" && echo "" && echo "Fecha: $(date '+%Y-%m-%d %H:%M:%S')" cd /home/melctpsg/importadoraludelca.com && db_name=$(grep "DB_NAME" wp-config.php | cut -d"'" -f4) && db_user=$(grep "DB_USER" wp-config.php | cut -d"'" -f4) && db_pass=$(grep "DB_PASSWORD" wp-config.php | cut -d"'" -f4) && echo "→ Inspeccionando opción 'hack_file'..." && mysql -u"$db_user" -p"$db_pass" "$db_name" -e "SELECT option_id, option_name, LEFT(option_value, 200) as preview FROM SERVMASK_PREFIX_options WHERE option_name = 'hack_file'" && echo "" && read -p "¿ELIMINAR esta opción? (escribe SI para confirmar): " confirm && if [ "$confirm" = "SI" ]; then mysql -u"$db_user" -p"$db_pass" "$db_name" -e "DELETE FROM SERVMASK_PREFIX_options WHERE option_name = 'hack_file'" && echo "✓ Opción 'hack_file' ELIMINADA" && remaining=$(mysql -u"$db_user" -p"$db_pass" "$db_name" -sN -e "SELECT COUNT(*) FROM SERVMASK_PREFIX_options WHERE option_name = 'hack_file'") && [ "$remaining" -eq 0 ] && echo "✓ Verificado: Opción eliminada correctamente" || echo "✗ ERROR: La opción aún existe"; else echo "⚠ Operación cancelada"; fi cd /home/melctpsg/importadoraludelca.com && db_name=$(grep "DB_NAME" wp-config.php | cut -d"'" -f4) && db_user=$(grep "DB_USER" wp-config.php | cut -d"'" -f4) && db_pass=$(grep "DB_PASSWORD" wp-config.php | cut -d"'" -f4) && echo "→ Inspeccionando opción 'hack_file'..." && mysql -u"$db_user" -p"$db_pass" "$db_name" -e "SELECT option_id, option_name, LEFT(option_value, 200) as preview FROM SERVMASK_PREFIX_options WHERE option_name = 'hack_file'" && echo "" && read -p "¿ELIMINAR esta opción? (escribe SI para confirmar): " confirm && if [ "$confirm" = "SI" ]; then mysql -u"$db_user" -p"$db_pass" "$db_name" -e "DELETE FROM SERVMASK_PREFIX_options WHERE option_name = 'hack_file'" && echo "✓ Opción 'hack_file' ELIMINADA" && remaining=$(mysql -u"$db_user" -p"$db_pass" "$db_name" -sN -e "SELECT COUNT(*) FROM SERVMASK_PREFIX_options WHERE option_name = 'hack_file'") && [ "$remaining" -eq 0 ] && echo "✓ Verificado: Opción eliminada correctamente" || echo "✗ ERROR: La opción aún existe"; else echo "⚠ Operación cancelada"; fi cd /home/melctpsg/importadoraludelca.com && db_name=$(grep "DB_NAME" wp-config.php | cut -d"'" -f4) && db_user=$(grep "DB_USER" wp-config.php | cut -d"'" -f4) && db_pass=$(grep "DB_PASSWORD" wp-config.php | cut -d"'" -f4) && echo "→ Inspeccionando opción 'hack_file'..." && mysql -u"$db_user" -p"$db_pass" "$db_name" -e "SELECT option_id, option_name, LEFT(option_value, 200) as preview FROM SERVMASK_PREFIX_options WHERE option_name = 'hack_file'" && echo "" && read -p "¿ELIMINAR esta opción? (escribe SI para confirmar): " confirm && if [ "$confirm" = "SI" ]; then mysql -u"$db_user" -p"$db_pass" "$db_name" -e "DELETE FROM SERVMASK_PREFIX_options WHERE option_name = 'hack_file'" && echo "✓ Opción 'hack_file' ELIMINADA" && remaining=$(mysql -u"$db_user" -p"$db_pass" "$db_name" -sN -e "SELECT COUNT(*) FROM SERVMASK_PREFIX_options WHERE option_name = 'hack_file'") && [ "$remaining" -eq 0 ] && echo "✓ Verificado: Opción eliminada correctamente" || echo "✗ ERROR: La opción aún existe"; else echo "⚠ Operación cancelada"; fi cd /home/melctpsg/importadoraludelca.com && db_name=$(grep "DB_NAME" wp-config.php | cut -d"'" -f4) && db_user=$(grep "DB_USER" wp-config.php | cut -d"'" -f4) && db_pass=$(grep "DB_PASSWORD" wp-config.php | cut -d"'" -f4) && echo "→ Información completa del usuario ID:12..." && mysql -u"$db_user" -p"$db_pass" "$db_name" -e "SELECT * FROM SERVMASK_PREFIX_users WHERE ID = 12\G" && echo "" && echo "→ Capacidades del usuario:" && mysql -u"$db_user" -p"$db_pass" "$db_name" -e "SELECT meta_value FROM SERVMASK_PREFIX_usermeta WHERE user_id = 12 AND meta_key = 'SERVMASK_PREFIX_capabilities'" && echo "" && read -p "¿ELIMINAR este usuario? (escribe SI para confirmar): " confirm && if [ "$confirm" = "SI" ]; then mysql -u"$db_user" -p"$db_pass" "$db_name" -e "DELETE FROM SERVMASK_PREFIX_users WHERE ID = 12" && mysql -u"$db_user" -p"$db_pass" "$db_name" -e "DELETE FROM SERVMASK_PREFIX_usermeta WHERE user_id = 12" && echo "✓ Usuario ID:12 ELIMINADO completamente" && remaining=$(mysql -u"$db_user" -p"$db_pass" "$db_name" -sN -e "SELECT COUNT(*) FROM SERVMASK_PREFIX_users WHERE ID = 12") && [ "$remaining" -eq 0 ] && echo "✓ Verificado: Usuario eliminado" || echo "✗ ERROR: Usuario aún existe"; else echo "⚠ Operación cancelada"; fi cd /home/melctpsg/advandgard.com && db_name=$(grep "DB_NAME" wp-config.php | cut -d"'" -f4) && db_user=$(grep "DB_USER" wp-config.php | cut -d"'" -f4) && db_pass=$(grep "DB_PASSWORD" wp-config.php | cut -d"'" -f4) && echo "→ Información del usuario temporal..." && mysql -u"$db_user" -p"$db_pass" "$db_name" -e "SELECT ID, user_login, user_email, user_registered FROM wp91_users WHERE ID = 10" && echo "" && read -p "¿ELIMINAR este usuario temporal? (escribe SI para confirmar): " confirm && if [ "$confirm" = "SI" ]; then mysql -u"$db_user" -p"$db_pass" "$db_name" -e "DELETE FROM wp91_users WHERE ID = 10" && mysql -u"$db_user" -p"$db_pass" "$db_name" -e "DELETE FROM wp91_usermeta WHERE user_id = 10" && echo "✓ Usuario temporal ELIMINADO"; else echo "⚠ Operación cancelada"; fi cd /home/melctpsg/importadoraludelca.com && db_name=$(grep "DB_NAME" wp-config.php | cut -d"'" -f4) && db_user=$(grep "DB_USER" wp-config.php | cut -d"'" -f4) && db_pass=$(grep "DB_PASSWORD" wp-config.php | cut -d"'" -f4) && echo "╔═══════════════════════════════════════════════════════════════╗" && echo "║ LIMPIEZA DE MALWARE: importadoraludelca.com ║" && echo "╚═══════════════════════════════════════════════════════════════╝" && echo "" && echo "→ [1] Inspeccionando opción 'hack_file'..." && mysql -u"$db_user" -p"$db_pass" "$db_name" -e "SELECT option_id, option_name, LEFT(option_value, 500) as content_preview FROM SERVMASK_PREFIX_options WHERE option_name = 'hack_file'" && echo "" && echo "→ [2] ELIMINANDO opción 'hack_file'..." && mysql -u"$db_user" -p"$db_pass" "$db_name" -e "DELETE FROM SERVMASK_PREFIX_options WHERE option_name = 'hack_file'" && remaining=$(mysql -u"$db_user" -p"$db_pass" "$db_name" -sN -e "SELECT COUNT(*) FROM SERVMASK_PREFIX_options WHERE option_name = 'hack_file'" 2>/dev/null) && if [ "$remaining" -eq 0 ]; then echo " ✅ 'hack_file' ELIMINADO exitosamente"; else echo " ✗ ERROR: 'hack_file' aún existe"; fi && echo "" cd /home/melctpsg/importadoraludelca.com && db_name=$(grep "DB_NAME" wp-config.php | cut -d"'" -f4) && db_user=$(grep "DB_USER" wp-config.php | cut -d"'" -f4) && db_pass=$(grep "DB_PASSWORD" wp-config.php | cut -d"'" -f4) && echo "→ [3] Inspeccionando usuario ID:12 'lGChSH3iJ8'..." && mysql -u"$db_user" -p"$db_pass" "$db_name" -e "SELECT ID, user_login, user_email, user_registered, user_status FROM SERVMASK_PREFIX_users WHERE ID = 12" && echo "" && echo "→ [4] Verificando capacidades del usuario..." && mysql -u"$db_user" -p"$db_pass" "$db_name" -e "SELECT user_id, meta_key, meta_value FROM SERVMASK_PREFIX_usermeta WHERE user_id = 12 AND meta_key = 'SERVMASK_PREFIX_capabilities'" && echo "" && echo "→ [5] ELIMINANDO usuario ID:12..." && mysql -u"$db_user" -p"$db_pass" "$db_name" -e "DELETE FROM SERVMASK_PREFIX_users WHERE ID = 12" && mysql -u"$db_user" -p"$db_pass" "$db_name" -e "DELETE FROM SERVMASK_PREFIX_usermeta WHERE user_id = 12" && user_remaining=$(mysql -u"$db_user" -p"$db_pass" "$db_name" -sN -e "SELECT COUNT(*) FROM SERVMASK_PREFIX_users WHERE ID = 12" 2>/dev/null) && meta_remaining=$(mysql -u"$db_user" -p"$db_pass" "$db_name" -sN -e "SELECT COUNT(*) FROM SERVMASK_PREFIX_usermeta WHERE user_id = 12" 2>/dev/null) && if [ "$user_remaining" -eq 0 ] && [ "$meta_remaining" -eq 0 ]; then echo " ✅ Usuario ID:12 ELIMINADO completamente"; else echo " ✗ ERROR: Usuario o metadata aún existen"; fi && echo "" cd /home/melctpsg/importadoraludelca.com && db_name=$(grep "DB_NAME" wp-config.php | cut -d"'" -f4) && db_user=$(grep "DB_USER" wp-config.php | cut -d"'" -f4) && db_pass=$(grep "DB_PASSWORD" wp-config.php | cut -d"'" -f4) && echo "→ [6] Buscando otras opciones sospechosas..." && mysql -u"$db_user" -p"$db_pass" "$db_name" -e "SELECT option_name FROM SERVMASK_PREFIX_options WHERE option_name LIKE '%hack%' OR option_name LIKE '%shell%' OR option_name LIKE '%backdoor%' OR option_name LIKE '%malware%' OR option_name LIKE '%inject%'" && echo "" && echo "→ [7] Buscando usuarios adicionales sospechosos..." && mysql -u"$db_user" -p"$db_pass" "$db_name" -e "SELECT ID, user_login, user_email, user_registered FROM SERVMASK_PREFIX_users WHERE user_login REGEXP '[A-Z]{2}[a-z]{2}[A-Z]{2}[0-9]{2}|^[a-zA-Z0-9]{10}$' OR user_email = '' OR user_email LIKE '%@example.com'" && echo "" && echo "→ [8] Buscando posts con contenido malicioso..." && suspicious_posts=$(mysql -u"$db_user" -p"$db_pass" "$db_name" -sN -e "SELECT COUNT(*) FROM SERVMASK_PREFIX_posts WHERE post_content LIKE '%/dev/null) && echo " Posts con contenido sospechoso: $suspicious_posts" && if [ "$suspicious_posts" -gt 0 ]; then echo " Listando posts sospechosos:" && mysql -u"$db_user" -p"$db_pass" "$db_name" -e "SELECT ID, post_title, post_type, post_status FROM SERVMASK_PREFIX_posts WHERE post_content LIKE '%/dev/null) && echo "✓ Administradores actuales: $admin_count" && hack_file_check=$(mysql -u"$db_user" -p"$db_pass" "$db_name" -sN -e "SELECT COUNT(*) FROM SERVMASK_PREFIX_options WHERE option_name = 'hack_file'" 2>/dev/null) && if [ "$hack_file_check" -eq 0 ]; then echo "✓ 'hack_file' eliminado"; else echo "✗ 'hack_file' AÚN EXISTE"; fi && user_12_check=$(mysql -u"$db_user" -p"$db_pass" "$db_name" -sN -e "SELECT COUNT(*) FROM SERVMASK_PREFIX_users WHERE ID = 12" 2>/dev/null) && if [ "$user_12_check" -eq 0 ]; then echo "✓ Usuario sospechoso eliminado"; else echo "✗ Usuario ID:12 AÚN EXISTE"; fi && echo "" && echo "→ Administradores restantes:" && mysql -u"$db_user" -p"$db_pass" "$db_name" -e "SELECT u.ID, u.user_login, u.user_email FROM SERVMASK_PREFIX_users u JOIN SERVMASK_PREFIX_usermeta um ON u.ID = um.user_id WHERE um.meta_key = 'SERVMASK_PREFIX_capabilities' AND um.meta_value LIKE '%administrator%'" && echo "" && echo "╔═══════════════════════════════════════════════════════════════╗" && echo "║ ✅ LIMPIEZA DE importadoraludelca.com COMPLETADA ║" && echo "╚═══════════════════════════════════════════════════════════════╝" && echo "" && echo "Fecha: $(date '+%Y-%m-%d %H:%M:%S')" cd /home/melctpsg/importadoraludelca.com && db_name=$(grep "DB_NAME" wp-config.php | cut -d"'" -f4) && db_user=$(grep "DB_USER" wp-config.php | cut -d"'" -f4) && db_pass=$(grep "DB_PASSWORD" wp-config.php | cut -d"'" -f4) && echo "╔═══════════════════════════════════════════════════════════════╗" && echo "║ VERIFICACIÓN POST-LIMPIEZA ║" && echo "╚═══════════════════════════════════════════════════════════════╝" && echo "" && admin_count=$(mysql -u"$db_user" -p"$db_pass" "$db_name" -sN -e "SELECT COUNT(*) FROM SERVMASK_PREFIX_users u JOIN SERVMASK_PREFIX_usermeta um ON u.ID = um.user_id WHERE um.meta_key = 'SERVMASK_PREFIX_capabilities' AND um.meta_value LIKE '%administrator%'" 2>/dev/null) && echo "✓ Administradores actuales: $admin_count" && hack_file_check=$(mysql -u"$db_user" -p"$db_pass" "$db_name" -sN -e "SELECT COUNT(*) FROM SERVMASK_PREFIX_options WHERE option_name = 'hack_file'" 2>/dev/null) && if [ "$hack_file_check" -eq 0 ]; then echo "✓ 'hack_file' eliminado"; else echo "✗ 'hack_file' AÚN EXISTE"; fi && user_12_check=$(mysql -u"$db_user" -p"$db_pass" "$db_name" -sN -e "SELECT COUNT(*) FROM SERVMASK_PREFIX_users WHERE ID = 12" 2>/dev/null) && if [ "$user_12_check" -eq 0 ]; then echo "✓ Usuario sospechoso eliminado"; else echo "✗ Usuario ID:12 AÚN EXISTE"; fi && echo "" && echo "→ Administradores restantes:" && mysql -u"$db_user" -p"$db_pass" "$db_name" -e "SELECT u.ID, u.user_login, u.user_email FROM SERVMASK_PREFIX_users u JOIN SERVMASK_PREFIX_usermeta um ON u.ID = um.user_id WHERE um.meta_key = 'SERVMASK_PREFIX_capabilities' AND um.meta_value LIKE '%administrator%'" && echo "" && echo "╔═══════════════════════════════════════════════════════════════╗" && echo "║ ✅ LIMPIEZA DE importadoraludelca.com COMPLETADA ║" && echo "╚═══════════════════════════════════════════════════════════════╝" && echo "" && echo "Fecha: $(date '+%Y-%m-%d %H:%M:%S')" cd cd /home/melctpsg && echo "╔═══════════════════════════════════════════════════════════════╗" && echo "║ ANÁLISIS COMPLETO DE BASES DE DATOS - REVISIÓN ║" && echo "╚═══════════════════════════════════════════════════════════════╝" && echo "" && for site in podologiainyalu.com industrialtitanperu.pe advandgard.com myklogistics.com.pe abbawit.com importadoraludelca.com carmatchperu.com; do echo "═══════════════════════════════════════════════════════════════" && echo " SITIO: $site" && echo "═══════════════════════════════════════════════════════════════" && db_name=$(grep "DB_NAME" "$site/wp-config.php" 2>/dev/null | cut -d"'" -f4) && db_user=$(grep "DB_USER" "$site/wp-config.php" 2>/dev/null | cut -d"'" -f4) && db_pass=$(grep "DB_PASSWORD" "$site/wp-config.php" 2>/dev/null | cut -d"'" -f4) && db_prefix=$(grep "table_prefix" "$site/wp-config.php" 2>/dev/null | cut -d"'" -f2) && if [ -z "$db_name" ]; then echo " ✗ No se pudo leer wp-config.php" && echo "" && continue; fi && echo "→ Base de datos: $db_name | Prefijo: $db_prefix" && if ! mysql -u"$db_user" -p"$db_pass" "$db_name" -e "SELECT 1" &>/dev/null; then echo " ✗ ERROR: No se puede conectar" && echo "" && continue; fi && echo "" && echo "→ [1] Administradores:" && admin_count=$(mysql -u"$db_user" -p"$db_pass" "$db_name" -sN -e "SELECT COUNT(*) FROM ${db_prefix}users u JOIN ${db_prefix}usermeta um ON u.ID = um.user_id WHERE um.meta_key = '${db_prefix}capabilities' AND um.meta_value LIKE '%administrator%'" 2>/dev/null) && echo " Total: $admin_count" && if [ "$admin_count" -gt 0 ]; then mysql -u"$db_user" -p"$db_pass" "$db_name" -sN -e "SELECT CONCAT(' ID:', u.ID, ' | ', u.user_login, ' | ', u.user_email, ' | ', DATE(u.user_registered)) FROM ${db_prefix}users u JOIN ${db_prefix}usermeta um ON u.ID = um.user_id WHERE um.meta_key = '${db_prefix}capabilities' AND um.meta_value LIKE '%administrator%' ORDER BY u.ID" 2>/dev/null; fi && echo "" && echo "→ [2] Usuarios Sospechosos:" && no_email=$(mysql -u"$db_user" -p"$db_pass" "$db_name" -sN -e "SELECT COUNT(*) FROM ${db_prefix}users WHERE user_email = '' OR user_email LIKE '%@example.com' OR user_email LIKE '%@test.com'" 2>/dev/null) && echo " Sin email válido: $no_email" && [ "$no_email" -gt 0 ] && mysql -u"$db_user" -p"$db_pass" "$db_name" -sN -e "SELECT CONCAT(' ⚠️ ID:', ID, ' | ', user_login, ' | ', COALESCE(user_email, 'SIN EMAIL')) FROM ${db_prefix}users WHERE user_email = '' OR user_email LIKE '%@example.com' OR user_email LIKE '%@test.com'" 2>/dev/null && random_names=$(mysql -u"$db_user" -p"$db_pass" "$db_name" -sN -e "SELECT COUNT(*) FROM ${db_prefix}users WHERE user_login REGEXP '^[a-zA-Z0-9]{10,}$' AND user_login NOT LIKE '%admin%'" 2>/dev/null) && echo " Nombres aleatorios: $random_names" && [ "$random_names" -gt 0 ] && mysql -u"$db_user" -p"$db_pass" "$db_name" -sN -e "SELECT CONCAT(' ⚠️ ID:', ID, ' | ', user_login, ' | ', user_email) FROM ${db_prefix}users WHERE user_login REGEXP '^[a-zA-Z0-9]{10,}$' AND user_login NOT LIKE '%admin%'" 2>/dev/null && recent_users=$(mysql -u"$db_user" -p"$db_pass" "$db_name" -sN -e "SELECT COUNT(*) FROM ${db_prefix}users WHERE user_registered > DATE_SUB(NOW(), INTERVAL 30 DAY)" 2>/dev/null) && echo " Creados últimos 30 días: $recent_users" && [ "$recent_users" -gt 0 ] && mysql -u"$db_user" -p"$db_pass" "$db_name" -sN -e "SELECT CONCAT(' 📅 ID:', ID, ' | ', user_login, ' | ', user_email, ' | ', user_registered) FROM ${db_prefix}users WHERE user_registered > DATE_SUB(NOW(), INTERVAL 30 DAY)" 2>/dev/null && echo "" && echo "→ [3] Opciones Sospechosas en BD:" && suspicious_opts=$(mysql -u"$db_user" -p"$db_pass" "$db_name" -sN -e "SELECT COUNT(*) FROM ${db_prefix}options WHERE option_name LIKE '%hack%' OR option_name LIKE '%shell%' OR option_name LIKE '%backdoor%' OR option_name LIKE '%malware%' OR option_name LIKE '%inject%' OR option_name LIKE '%exploit%'" 2>/dev/null) && if [ "$suspicious_opts" -gt 0 ]; then echo " ⚠️ Encontradas: $suspicious_opts" && mysql -u"$db_user" -p"$db_pass" "$db_name" -sN -e "SELECT CONCAT(' 🔴 ', option_name) FROM ${db_prefix}options WHERE option_name LIKE '%hack%' OR option_name LIKE '%shell%' OR option_name LIKE '%backdoor%' OR option_name LIKE '%malware%' OR option_name LIKE '%inject%' OR option_name LIKE '%exploit%'" 2>/dev/null; else echo " ✅ Ninguna detectada"; fi && echo "" && echo "→ [4] Posts/Páginas con Contenido Sospechoso:" && suspicious_posts=$(mysql -u"$db_user" -p"$db_pass" "$db_name" -sN -e "SELECT COUNT(*) FROM ${db_prefix}posts WHERE (post_content LIKE '%/dev/null) && if [ "$suspicious_posts" -gt 0 ]; then echo " ⚠️ Posts sospechosos: $suspicious_posts" && mysql -u"$db_user" -p"$db_pass" "$db_name" -e "SELECT ID, post_title, post_type, post_status FROM ${db_prefix}posts WHERE (post_content LIKE '%/dev/null | tail -n +2 | while read id title type status; do echo " ⚠️ ID:$id | $type | $status | $title"; done; else echo " ✅ Ninguno detectado"; fi && echo "" && echo "→ [5] Salud de la Base de Datos:" && db_size=$(mysql -u"$db_user" -p"$db_pass" "$db_name" -sN -e "SELECT ROUND(SUM(data_length + index_length) / 1024 / 1024, 2) FROM information_schema.TABLES WHERE table_schema = '$db_name'" 2>/dev/null) && echo " Tamaño: ${db_size}MB" && table_count=$(mysql -u"$db_user" -p"$db_pass" "$db_name" -sN -e "SELECT COUNT(*) FROM information_schema.TABLES WHERE table_schema = '$db_name'" 2>/dev/null) && echo " Tablas: $table_count" && echo "" && echo "═══════════════════════════════════════════════════════════════" && echo " RESUMEN: $site" && echo "═══════════════════════════════════════════════════════════════" && issues=0 && [ "$no_email" -gt 0 ] && issues=$((issues + 1)) && [ "$random_names" -gt 0 ] && issues=$((issues + 1)) && [ "$suspicious_opts" -gt 0 ] && issues=$((issues + 1)) && [ "$suspicious_posts" -gt 0 ] && issues=$((issues + 1)) && [ "$admin_count" -gt 5 ] && issues=$((issues + 1)) && if [ $issues -eq 0 ]; then echo " STATUS: ✅✅✅ BASE DE DATOS LIMPIA"; elif [ $issues -le 2 ]; then echo " STATUS: ⚠️ PROBLEMAS MENORES ($issues)"; else echo " STATUS: 🔴 MÚLTIPLES PROBLEMAS ($issues)"; fi && echo "" && echo ""; done && echo "╔═══════════════════════════════════════════════════════════════╗" && echo "║ ANÁLISIS COMPLETO FINALIZADO ║" && echo "╚═══════════════════════════════════════════════════════════════╝" && echo "" && echo "Fecha: $(date '+%Y-%m-%d %H:%M:%S')" cd /home/melctpsg/industrialtitanperu.pe && db_name=$(grep "DB_NAME" wp-config.php | cut -d"'" -f4) && db_user=$(grep "DB_USER" wp-config.php | cut -d"'" -f4) && db_pass=$(grep "DB_PASSWORD" wp-config.php | cut -d"'" -f4) && echo "→ Inspeccionando usuario 'system-wp-xyz'..." && mysql -u"$db_user" -p"$db_pass" "$db_name" -e "SELECT ID, user_login, user_email, user_registered, user_status FROM SERVMASK_PREFIX_users WHERE ID = 12" && echo "" && echo "→ Últimas actividades del usuario:" && mysql -u"$db_user" -p"$db_pass" "$db_name" -e "SELECT post_title, post_date, post_status FROM SERVMASK_PREFIX_posts WHERE post_author = 12 ORDER BY post_date DESC LIMIT 5" && echo "" && read -p "¿ELIMINAR usuario 'system-wp-xyz'? (escribe SI): " confirm && if [ "$confirm" = "SI" ]; then mysql -u"$db_user" -p"$db_pass" "$db_name" -e "DELETE FROM SERVMASK_PREFIX_users WHERE ID = 12" && mysql -u"$db_user" -p"$db_pass" "$db_name" -e "DELETE FROM SERVMASK_PREFIX_usermeta WHERE user_id = 12" && echo "✅ Usuario eliminado" && remaining=$(mysql -u"$db_user" -p"$db_pass" "$db_name" -sN -e "SELECT COUNT(*) FROM SERVMASK_PREFIX_users WHERE ID = 12") && [ "$remaining" -eq 0 ] && ec; SI cd /home/melctpsg/industrialtitanperu.pe && db_name=$(grep "DB_NAME" wp-config.php | cut -d"'" -f4) && db_user=$(grep "DB_USER" wp-config.php | cut -d"'" -f4) && db_pass=$(grep "DB_PASSWORD" wp-config.php | cut -d"'" -f4) && echo "→ Inspeccionando usuario 'system-wp-xyz'..." && mysql -u"$db_user" -p"$db_pass" "$db_name" -e "SELECT ID, user_login, user_email, user_registered, user_status FROM SERVMASK_PREFIX_users WHERE ID = 12" && echo "" && echo "→ Últimas actividades del usuario:" && mysql -u"$db_user" -p"$db_pass" "$db_name" -e "SELECT post_title, post_date, post_status FROM SERVMASK_PREFIX_posts WHERE post_author = 12 ORDER BY post_date DESC LIMIT 5" && echo "" && read -p "¿ELIMINAR usuario 'system-wp-xyz'? (escribe SI): " confirm && if [ "$confirm" = "SI" ]; then mysql -u"$db_user" -p"$db_pass" "$db_name" -e "DELETE FROM SERVMASK_PREFIX_users WHERE ID = 12" && mysql -u"$db_user" -p"$db_pass" "$db_name" -e "DELETE FROM SERVMASK_PREFIX_usermeta WHERE user_id = 12" && echo "✅ Usuario eliminado" && remaining=$(mysql -u"$db_user" -p"$db_pass" "$db_name" -sN -e "SELECT COUNT(*) FROM SERVMASK_PREFIX_users WHERE ID = 12") && [ "$remaining" -eq 0 ] && echo "✅ Verificado: Usuario eliminado" || echo "✗ ERROR: Usuario aún existe"; else echo "⚠ Operación cancelada"; fi cd /home/melctpsg/industrialtitanperu.pe && db_name=$(grep "DB_NAME" wp-config.php | cut -d"'" -f4) && db_user=$(grep "DB_USER" wp-config.php | cut -d"'" -f4) && db_pass=$(grep "DB_PASSWORD" wp-config.php | cut -d"'" -f4) && echo "→ Inspeccionando usuario 'system-wp-xyz'..." && mysql -u"$db_user" -p"$db_pass" "$db_name" -e "SELECT ID, user_login, user_email, user_registered, user_status FROM SERVMASK_PREFIX_users WHERE ID = 12" && echo "" && echo "→ Últimas actividades del usuario:" && mysql -u"$db_user" -p"$db_pass" "$db_name" -e "SELECT post_title, post_date, post_status FROM SERVMASK_PREFIX_posts WHERE post_author = 12 ORDER BY post_date DESC LIMIT 5" && echo "" && read -p "¿ELIMINAR usuario 'system-wp-xyz'? (escribe SI): " confirm && if [ "$confirm" = "SI" ]; then mysql -u"$db_user" -p"$db_pass" "$db_name" -e "DELETE FROM SERVMASK_PREFIX_users WHERE ID = 12" && mysql -u"$db_user" -p"$db_pass" "$db_name" -e "DELETE FROM SERVMASK_PREFIX_usermeta WHERE user_id = 12" && echo "✅ Usuario eliminado" && remaining=$(mysql -u"$db_user" -p"$db_pass" "$db_name" -sN -e "SELECT COUNT(*) FROM SERVMASK_PREFIX_users WHERE ID = 12") && [ "$remaining" -eq 0 ] && echo "✅ Verificado: Usuario eliminado" || echo "✗ ERROR: Usuario aún existe"; else echo "⚠ Operación cancelada"; fi cd /home/melctpsg/industrialtitanperu.pe && db_name=$(grep "DB_NAME" wp-config.php | cut -d"'" -f4) && db_user=$(grep "DB_USER" wp-config.php | cut -d"'" -f4) && db_pass=$(grep "DB_PASSWORD" wp-config.php | cut -d"'" -f4) && echo "╔═══════════════════════════════════════════════════════════════╗" && echo "║ ELIMINACIÓN: industrialtitanperu.pe - Usuario ID:12 ║" && echo "╚═══════════════════════════════════════════════════════════════╝" && echo "" && echo "→ [1] Información del usuario 'system-wp-xyz':" && mysql -u"$db_user" -p"$db_pass" "$db_name" -e "SELECT ID, user_login, user_email, user_registered, user_status FROM SERVMASK_PREFIX_users WHERE ID = 12" && echo "" && echo "→ [2] Capacidades del usuario:" && mysql -u"$db_user" -p"$db_pass" "$db_name" -e "SELECT meta_key, meta_value FROM SERVMASK_PREFIX_usermeta WHERE user_id = 12 AND meta_key = 'SERVMASK_PREFIX_capabilities'" && echo "" && echo "→ [3] Posts creados por este usuario:" && post_count=$(mysql -u"$db_user" -p"$db_pass" "$db_name" -sN -e "SELECT COUNT(*) FROM SERVMASK_PREFIX_posts WHERE post_author = 12" 2>/dev/null) && echo " Total posts: $post_count" && if [ "$post_count" -gt 0 ]; then mysql -u"$db_user" -p"$db_pass" "$db_name" -e "SELECT ID, post_title, post_type, post_status, post_date FROM SERVMASK_PREFIX_posts WHERE post_author = 12 ORDER BY post_date DESC LIMIT 5"; fi && echo "" && echo "→ [4] ELIMINANDO usuario ID:12..." && mysql -u"$db_user" -p"$db_pass" "$db_name" -e "DELETE FROM SERVMASK_PREFIX_users WHERE ID = 12" && mysql -u"$db_user" -p"$db_pass" "$db_name" -e "DELETE FROM SERVMASK_PREFIX_usermeta WHERE user_id = 12" && echo " ✅ Usuario eliminado de wp_users" && echo " ✅ Metadata eliminado de wp_usermeta" && echo "" && echo "→ [5] Verificación:" && user_check=$(mysql -u"$db_user" -p"$db_pass" "$db_name" -sN -e "SELECT COUNT(*) FROM SERVMASK_PREFIX_users WHERE ID = 12" 2>/dev/null) && meta_check=$(mysql -u"$db_user" -p"$db_pass" "$db_name" -sN -e "SELECT COUNT(*) FROM SERVMASK_PREFIX_usermeta WHERE user_id = 12" 2>/dev/null) && if [ "$user_check" -eq 0 ] && [ "$meta_check" -eq 0 ]; then echo " ✅✅✅ Usuario 'system-wp-xyz' ELIMINADO COMPLETAMENTE"; else echo " ✗ ERROR: Datos residuales detectados"; echo " Users restantes: $user_check"; echo " Metadata restante: $meta_check"; fi && echo "" && echo "→ [6] Administradores restantes:" && mysql -u"$db_user" -p"$db_pass" "$db_name" -e "SELECT u.ID, u.user_login, u.user_email FROM SERVMASK_PREFIX_users u JOIN SERVMASK_PREFIX_usermeta um ON u.ID = um.user_id WHERE um.meta_key = 'SERVMASK_PREFIX_capabilities' AND um.meta_value LIKE '%administrator%' ORDER BY u.ID" && echo "" && echo "╔═══════════════════════════════════════════════════════════════╗" && echo "║ ✅ industrialtitanperu.pe LIMPIADO EXITOSAMENTE ║" && echo "╚═══════════════════════════════════════════════════════════════╝" && echo "" && echo "Fecha: $(date '+%Y-%m-%d %H:%M:%S')" cd cd /home/melctpsg && echo "╔═══════════════════════════════════════════════════════════════╗" && echo "║ INSPECCIÓN FINAL - TODAS LAS BASES DE DATOS ║" && echo "╚═══════════════════════════════════════════════════════════════╝" && echo "" && printf "%-30s %-8s %-10s %-12s %-12s %s\n" "SITIO" "ADMINS" "MALWARE" "USUARIOS" "POSTS" "STATUS" && echo "────────────────────────────────────────────────────────────────────────────────" && for site in podologiainyalu.com industrialtitanperu.pe advandgard.com myklogistics.com.pe abbawit.com importadoraludelca.com carmatchperu.com; do db_name=$(grep "DB_NAME" "$site/wp-config.php" 2>/dev/null | cut -d"'" -f4) && db_user=$(grep "DB_USER" "$site/wp-config.php" 2>/dev/null | cut -d"'" -f4) && db_pass=$(grep "DB_PASSWORD" "$site/wp-config.php" 2>/dev/null | cut -d"'" -f4) && db_prefix=$(grep "table_prefix" "$site/wp-config.php" 2>/dev/null | cut -d"'" -f2) && if [ -z "$db_name" ] || ! mysql -u"$db_user" -p"$db_pass" "$db_name" -e "SELECT 1" &>/dev/null; then printf "%-30s %-8s %-10s %-12s %-12s %s\n" "$site" "ERROR" "ERROR" "ERROR" "ERROR" "🔴 NO ACCESO"; continue; fi && admins=$(mysql -u"$db_user" -p"$db_pass" "$db_name" -sN -e "SELECT COUNT(*) FROM ${db_prefix}users u JOIN ${db_prefix}usermeta um ON u.ID = um.user_id WHERE um.meta_key = '${db_prefix}capabilities' AND um.meta_value LIKE '%administrator%'" 2>/dev/null) && malware_opts=$(mysql -u"$db_user" -p"$db_pass" "$db_name" -sN -e "SELECT COUNT(*) FROM ${db_prefix}options WHERE option_name LIKE '%hack%' OR option_name LIKE '%shell%' OR option_name LIKE '%backdoor%' OR option_name LIKE '%malware%' OR option_name LIKE '%inject%' OR option_name LIKE '%exploit%'" 2>/dev/null) && bad_users=$(mysql -u"$db_user" -p"$db_pass" "$db_name" -sN -e "SELECT COUNT(*) FROM ${db_prefix}users WHERE user_email = '' OR user_email LIKE '%@example.com' OR user_email LIKE '%@test.com' OR user_login REGEXP '^[a-zA-Z0-9]{10,}$'" 2>/dev/null) && bad_posts=$(mysql -u"$db_user" -p"$db_pass" "$db_name" -sN -e "SELECT COUNT(*) FROM ${db_prefix}posts WHERE (post_content LIKE '%/dev/null) && malware_status="✅ 0" && [ "$malware_opts" -gt 0 ] && malware_status="🔴 $malware_opts" && users_status="✅ 0" && [ "$bad_users" -gt 0 ] && users_status="⚠️ $bad_users" && posts_status="✅ 0" && [ "$bad_posts" -gt 0 ] && posts_status="⚠️ $bad_posts" && overall="✅ LIMPIO" && [ "$malware_opts" -gt 0 ] || [ "$bad_users" -gt 0 ] || [ "$bad_posts" -gt 0 ] && overall="⚠️ REVISAR" && printf "%-30s %-8s %-10s %-12s %-12s %s\n" "$site" "$admins" "$malware_status" "$users_status" "$posts_status" "$overall"; done && echo "────────────────────────────────────────────────────────────────────────────────" && echo "" && echo "╔═══════════════════════════════════════════════════════════════╗" && echo "║ ANÁLISIS DETALLADO POR SITIO ║" && echo "╚═══════════════════════════════════════════════════════════════╝" && echo "" && for site in podologiainyalu.com industrialtitanperu.pe advandgard.com myklogistics.com.pe abbawit.com importadoraludelca.com carmatchperu.com; do db_name=$(grep "DB_NAME" "$site/wp-config.php" 2>/dev/null | cut -d"'" -f4) && db_user=$(grep "DB_USER" "$site/wp-config.php" 2>/dev/null | cut -d"'" -f4) && db_pass=$(grep "DB_PASSWORD" "$site/wp-config.php" 2>/dev/null | cut -d"'" -f4) && db_prefix=$(grep "table_prefix" "$site/wp-config.php" 2>/dev/null | cut -d"'" -f2) && if [ -z "$db_name" ] || ! mysql -u"$db_user" -p"$db_pass" "$db_name" -e "SELECT 1" &>/dev/null; then continue; fi && echo "═══════════════════════════════════════════════════════════════" && echo " $site" && echo "═══════════════════════════════════════════════════════════════" && echo "→ Administradores:" && mysql -u"$db_user" -p"$db_pass" "$db_name" -sN -e "SELECT CONCAT(' ', u.ID, ' | ', u.user_login, ' | ', u.user_email) FROM ${db_prefix}users u JOIN ${db_prefix}usermeta um ON u.ID = um.user_id WHERE um.meta_key = '${db_prefix}capabilities' AND um.meta_value LIKE '%administrator%' ORDER BY u.ID" 2>/dev/null && echo "" && echo "→ Usuarios Sospechosos:" && bad_users=$(mysql -u"$db_user" -p"$db_pass" "$db_name" -sN -e "SELECT COUNT(*) FROM ${db_prefix}users WHERE user_email = '' OR user_email LIKE '%@example.com' OR user_email LIKE '%@test.com'" 2>/dev/null) && if [ "$bad_users" -gt 0 ]; then mysql -u"$db_user" -p"$db_pass" "$db_name" -sN -e "SELECT CONCAT(' ⚠️ ', ID, ' | ', user_login, ' | ', user_email) FROM ${db_prefix}users WHERE user_email = '' OR user_email LIKE '%@example.com' OR user_email LIKE '%@test.com'" 2>/dev/null; else echo " ✅ Ninguno detectado"; fi && echo "" && echo "→ Opciones Maliciosas:" && malware=$(mysql -u"$db_user" -p"$db_pass" "$db_name" -sN -e "SELECT COUNT(*) FROM ${db_prefix}options WHERE option_name LIKE '%hack%' OR option_name LIKE '%shell%' OR option_name LIKE '%backdoor%' OR option_name LIKE '%malware%'" 2>/dev/null) && if [ "$malware" -gt 0 ]; then mysql -u"$db_user" -p"$db_pass" "$db_name" -sN -e "SELECT CONCAT(' 🔴 ', option_name) FROM ${db_prefix}options WHERE option_name LIKE '%hack%' OR option_name LIKE '%shell%' OR option_name LIKE '%backdoor%' OR option_name LIKE '%malware%'" 2>/dev/null; else echo " ✅ Ninguna detectada"; fi && echo "" && echo "→ Posts con Código Malicioso:" && bad_posts=$(mysql -u"$db_user" -p"$db_pass" "$db_name" -sN -e "SELECT COUNT(*) FROM ${db_prefix}posts WHERE (post_content LIKE '%/dev/null) && if [ "$bad_posts" -gt 0 ]; then echo " ⚠️ Detectados: $bad_posts" && mysql -u"$db_user" -p"$db_pass" "$db_name" -sN -e "SELECT CONCAT(' ', ID, ' | ', post_type, ' | ', LEFT(post_title, 50)) FROM ${db_prefix}posts WHERE (post_content LIKE '%/dev/null; else echo " ✅ Ninguno detectado"; fi && echo "" && echo "→ Base de Datos:" && db_size=$(mysql -u"$db_user" -p"$db_pass" "$db_name" -sN -e "SELECT ROUND(SUM(data_length + index_length) / 1024 / 1024, 2) FROM information_schema.TABLES WHERE table_schema = '$db_name'" 2>/dev/null) && table_count=$(mysql -u"$db_user" -p"$db_pass" "$db_name" -sN -e "SELECT COUNT(*) FROM information_schema.TABLES WHERE table_schema = '$db_name'" 2>/dev/null) && echo " Tamaño: ${db_size}MB | Tablas: $table_count" && echo "" && echo ""; done && echo "╔═══════════════════════════════════════════════════════════════╗" && echo "║ INSPECCIÓN COMPLETADA ║" && echo "╚═══════════════════════════════════════════════════════════════╝" && echo "" && echo "Fecha: $(date '+%Y-%m-%d %H:%M:%S')" cd /home/melctpsg/industrialtitanperu.pe && db_name=$(grep "DB_NAME" wp-config.php | cut -d"'" -f4) && db_user=$(grep "DB_USER" wp-config.php | cut -d"'" -f4) && db_pass=$(grep "DB_PASSWORD" wp-config.php | cut -d"'" -f4) && echo "╔═══════════════════════════════════════════════════════════════╗" && echo "║ LIMPIEZA PROFUNDA: industrialtitanperu.pe ║" && echo "╚═══════════════════════════════════════════════════════════════╝" && echo "" && echo "→ [1] DETECTANDO OPCIONES MALICIOSAS..." && mysql -u"$db_user" -p"$db_pass" "$db_name" -e "SELECT option_id, option_name, LEFT(option_value, 100) as preview FROM SERVMASK_PREFIX_options WHERE option_name LIKE '%hack%' OR option_name LIKE '%shell%' OR option_name LIKE '%backdoor%' OR option_name LIKE '%malware%' OR option_name LIKE '%inject%' OR option_name LIKE '%exploit%'" && echo "" && echo "→ [2] ELIMINANDO OPCIONES MALICIOSAS..." && mysql -u"$db_user" -p"$db_pass" "$db_name" -e "DELETE FROM SERVMASK_PREFIX_options WHERE option_name LIKE '%hack%' OR option_name LIKE '%shell%' OR option_name LIKE '%backdoor%' OR option_name LIKE '%malware%' OR option_name LIKE '%inject%' OR option_name LIKE '%exploit%'" && deleted=$(mysql -u"$db_user" -p"$db_pass" "$db_name" -sN -e "SELECT ROW_COUNT()") && echo " ✅ $deleted opciones eliminadas" && echo "" && echo "→ [3] DETECTANDO USUARIOS SOSPECHOSOS..." && mysql -u"$db_user" -p"$db_pass" "$db_name" -e "SELECT ID, user_login, user_email, user_registered FROM SERVMASK_PREFIX_users WHERE user_email = '' OR user_email LIKE '%@example.com' OR user_email LIKE '%@test.com'" && echo "" && echo "→ [4] ELIMINANDO USUARIOS SOSPECHOSOS..." && bad_user_ids=$(mysql -u"$db_user" -p"$db_pass" "$db_name" -sN -e "SELECT ID FROM SERVMASK_PREFIX_users WHERE user_email = '' OR user_email LIKE '%@example.com' OR user_email LIKE '%@test.com'") && for uid in $bad_user_ids; do mysql -u"$db_user" -p"$db_pass" "$db_name" -e "DELETE FROM SERVMASK_PREFIX_users WHERE ID = $uid" && mysql -u"$db_user" -p"$db_pass" "$db_name" -e "DELETE FROM SERVMASK_PREFIX_usermeta WHERE user_id = $uid" && echo " ✅ Usuario ID:$uid eliminado"; done && echo "" && echo "→ [5] VERIFICACIÓN FINAL..." && malware_check=$(mysql -u"$db_user" -p"$db_pass" "$db_name" -sN -e "SELECT COUNT(*) FROM SERVMASK_PREFIX_options WHERE option_name LIKE '%hack%' OR option_name LIKE '%shell%' OR option_name LIKE '%backdoor%' OR option_name LIKE '%malware%'") && users_check=$(mysql -u"$db_user" -p"$db_pass" "$db_name" -sN -e "SELECT COUNT(*) FROM SERVMASK_PREFIX_users WHERE user_email = '' OR user_email LIKE '%@example.com' OR user_email LIKE '%@test.com'") && echo " Opciones maliciosas restantes: $malware_check" && echo " Usuarios sospechosos restantes: $users_check" && if [ "$malware_check" -eq 0 ] && [ "$users_check" -eq 0 ]; then echo "" && echo " ✅✅✅ industrialtitanperu.pe COMPLETAMENTE LIMPIO"; else echo "" && echo " ⚠️ AÚN HAY PROBLEMAS - REVISAR MANUALMENTE"; fi && echo "" && echo "→ [6] ADMINISTRADORES RESTANTES:" && mysql -u"$db_user" -p"$db_pass" "$db_name" -e "SELECT u.ID, u.user_login, u.user_email FROM SERVMASK_PREFIX_users u JOIN SERVMASK_PREFIX_usermeta um ON u.ID = um.user_id WHERE um.meta_key = 'SERVMASK_PREFIX_capabilities' AND um.meta_value LIKE '%administrator%'" && echo "" && echo "╔═══════════════════════════════════════════════════════════════╗" && echo "║ ✅ LIMPIEZA DE industrialtitanperu.pe COMPLETADA ║" && echo "╚═══════════════════════════════════════════════════════════════╝" cd /home/melctpsg/importadoraludelca.com && db_name=$(grep "DB_NAME" wp-config.php | cut -d"'" -f4) && db_user=$(grep "DB_USER" wp-config.php | cut -d"'" -f4) && db_pass=$(grep "DB_PASSWORD" wp-config.php | cut -d"'" -f4) && echo "╔═══════════════════════════════════════════════════════════════╗" && echo "║ VERIFICACIÓN: importadoraludelca.com ║" && echo "╚═══════════════════════════════════════════════════════════════╝" && echo "" && echo "→ [1] Búsqueda exhaustiva de malware..." && malware=$(mysql -u"$db_user" -p"$db_pass" "$db_name" -sN -e "SELECT COUNT(*) FROM SERVMASK_PREFIX_options WHERE option_name LIKE '%hack%' OR option_name LIKE '%shell%' OR option_name LIKE '%backdoor%' OR option_name LIKE '%malware%' OR option_name LIKE '%inject%' OR option_name LIKE '%c99%' OR option_name LIKE '%r57%' OR option_name LIKE '%wso%'") && echo " Opciones maliciosas: $malware" && users=$(mysql -u"$db_user" -p"$db_pass" "$db_name" -sN -e "SELECT COUNT(*) FROM SERVMASK_PREFIX_users WHERE user_email = '' OR user_email LIKE '%@example.com' OR user_email LIKE '%@test.com' OR user_login REGEXP '^[a-zA-Z0-9]{10,}$'") && echo " Usuarios sospechosos: $users" && posts=$(mysql -u"$db_user" -p"$db_pass" "$db_name" -sN -e "SELECT COUNT(*) FROM SERVMASK_PREFIX_posts WHERE (post_content LIKE '%/dev/null) && echo " Pedidos de WooCommerce: $orders" && echo "" && echo "→ [3] ELIMINANDO usuario..." && mysql -u"$db_user" -p"$db_pass" "$db_name" -e "DELETE FROM SERVMASK_PREFIX_users WHERE ID = 11" && mysql -u"$db_user" -p"$db_pass" "$db_name" -e "DELETE FROM SERVMASK_PREFIX_usermeta WHERE user_id = 11" && echo " ✅ Usuario eliminado de wp_users" && echo " ✅ Metadata eliminado de wp_usermeta" && echo "" && echo "→ [4] VERIFICACIÓN:" && user_check=$(mysql -u"$db_user" -p"$db_pass" "$db_name" -sN -e "SELECT COUNT(*) FROM SERVMASK_PREFIX_users WHERE ID = 11" 2>/dev/null) && meta_check=$(mysql -u"$db_user" -p"$db_pass" "$db_name" -sN -e "SELECT COUNT(*) FROM SERVMASK_PREFIX_usermeta WHERE user_id = 11" 2>/dev/null) && if [ "$user_check" -eq 0 ] && [ "$meta_check" -eq 0 ]; then echo " ✅✅✅ Usuario 'ericabrown808' ELIMINADO COMPLETAMENTE"; else echo " ✗ ERROR: Datos residuales"; echo " Users: $user_check | Metadata: $meta_check"; fi && echo "" && echo "→ [5] Total de usuarios restantes:" && total_users=$(mysql -u"$db_user" -p"$db_pass" "$db_name" -sN -e "SELECT COUNT(*) FROM SERVMASK_PREFIX_users" 2>/dev/null) && admins=$(mysql -u"$db_user" -p"$db_pass" "$db_name" -sN -e "SELECT COUNT(*) FROM SERVMASK_PREFIX_users u JOIN SERVMASK_PREFIX_usermeta um ON u.ID = um.user_id WHERE um.meta_key = 'SERVMASK_PREFIX_capabilities' AND um.meta_value LIKE '%administrator%'" 2>/dev/null) && echo " Total usuarios: $total_users" && echo " Administradores: $admins" && echo "" && echo "╔═══════════════════════════════════════════════════════════════╗" && echo "║ ✅ importadoraludelca.com COMPLETAMENTE LIMPIO ║" && echo "╚═══════════════════════════════════════════════════════════════╝" && echo "" && echo "Fecha: $(date '+%Y-%m-%d %H:%M:%S')" cd /home/melctpsg && echo "╔═══════════════════════════════════════════════════════════════╗" && echo "║ INSPECCIÓN FINAL - TODAS LAS BASES DE DATOS ║" && echo "║ (POST-LIMPIEZA COMPLETA) ║" && echo "╚═══════════════════════════════════════════════════════════════╝" && echo "" && printf "%-30s %-8s %-10s %-12s %-12s %s\n" "SITIO" "ADMINS" "MALWARE" "USUARIOS" "POSTS" "STATUS" && echo "────────────────────────────────────────────────────────────────────────────────" && for site in podologiainyalu.com industrialtitanperu.pe advandgard.com myklogistics.com.pe abbawit.com importadoraludelca.com carmatchperu.com; do db_name=$(grep "DB_NAME" "$site/wp-config.php" 2>/dev/null | cut -d"'" -f4) && db_user=$(grep "DB_USER" "$site/wp-config.php" 2>/dev/null | cut -d"'" -f4) && db_pass=$(grep "DB_PASSWORD" "$site/wp-config.php" 2>/dev/null | cut -d"'" -f4) && db_prefix=$(grep "table_prefix" "$site/wp-config.php" 2>/dev/null | cut -d"'" -f2) && if [ -z "$db_name" ] || ! mysql -u"$db_user" -p"$db_pass" "$db_name" -e "SELECT 1" &>/dev/null; then printf "%-30s %-8s %-10s %-12s %-12s %s\n" "$site" "ERROR" "ERROR" "ERROR" "ERROR" "🔴 NO ACCESO"; continue; fi && admins=$(mysql -u"$db_user" -p"$db_pass" "$db_name" -sN -e "SELECT COUNT(*) FROM ${db_prefix}users u JOIN ${db_prefix}usermeta um ON u.ID = um.user_id WHERE um.meta_key = '${db_prefix}capabilities' AND um.meta_value LIKE '%administrator%'" 2>/dev/null) && malware_opts=$(mysql -u"$db_user" -p"$db_pass" "$db_name" -sN -e "SELECT COUNT(*) FROM ${db_prefix}options WHERE option_name LIKE '%hack%' OR option_name LIKE '%shell%' OR option_name LIKE '%backdoor%' OR option_name LIKE '%malware%' OR option_name LIKE '%inject%' OR option_name LIKE '%exploit%' OR option_name LIKE '%c99%' OR option_name LIKE '%wso%'" 2>/dev/null) && bad_users=$(mysql -u"$db_user" -p"$db_pass" "$db_name" -sN -e "SELECT COUNT(*) FROM ${db_prefix}users WHERE user_email = '' OR user_email LIKE '%@example.com' OR user_email LIKE '%@test.com'" 2>/dev/null) && bad_posts=$(mysql -u"$db_user" -p"$db_pass" "$db_name" -sN -e "SELECT COUNT(*) FROM ${db_prefix}posts WHERE (post_content LIKE '%/dev/null) && malware_status="✅ 0" && [ "$malware_opts" -gt 0 ] && malware_status="🔴 $malware_opts" && users_status="✅ 0" && [ "$bad_users" -gt 0 ] && users_status="⚠️ $bad_users" && posts_status="✅ 0" && [ "$bad_posts" -gt 0 ] && posts_status="⚠️ $bad_posts" && overall="✅ LIMPIO" && [ "$malware_opts" -gt 0 ] || [ "$bad_users" -gt 0 ] || [ "$bad_posts" -gt 0 ] && overall="⚠️ REVISAR" && printf "%-30s %-8s %-10s %-12s %-12s %s\n" "$site" "$admins" "$malware_status" "$users_status" "$posts_status" "$overall"; done && echo "────────────────────────────────────────────────────────────────────────────────" && echo "" && echo "╔═══════════════════════════════════════════════════════════════╗" && echo "║ ANÁLISIS DETALLADO POR SITIO ║" && echo "╚═══════════════════════════════════════════════════════════════╝" && echo "" && clean_count=0 && warning_count=0 && error_count=0 && for site in podologiainyalu.com industrialtitanperu.pe advandgard.com myklogistics.com.pe abbawit.com importadoraludelca.com carmatchperu.com; do db_name=$(grep "DB_NAME" "$site/wp-config.php" 2>/dev/null | cut -d"'" -f4) && db_user=$(grep "DB_USER" "$site/wp-config.php" 2>/dev/null | cut -d"'" -f4) && db_pass=$(grep "DB_PASSWORD" "$site/wp-config.php" 2>/dev/null | cut -d"'" -f4) && db_prefix=$(grep "table_prefix" "$site/wp-config.php" 2>/dev/null | cut -d"'" -f2) && if [ -z "$db_name" ] || ! mysql -u"$db_user" -p"$db_pass" "$db_name" -e "SELECT 1" &>/dev/null; then error_count=$((error_count + 1)) && continue; fi && echo "═══════════════════════════════════════════════════════════════" && echo " $site" && echo "═══════════════════════════════════════════════════════════════" && echo "→ Administradores:" && admin_count=$(mysql -u"$db_user" -p"$db_pass" "$db_name" -sN -e "SELECT COUNT(*) FROM ${db_prefix}users u JOIN ${db_prefix}usermeta um ON u.ID = um.user_id WHERE um.meta_key = '${db_prefix}capabilities' AND um.meta_value LIKE '%administrator%'" 2>/dev/null) && mysql -u"$db_user" -p"$db_pass" "$db_name" -sN -e "SELECT CONCAT(' ✅ ID:', u.ID, ' | ', u.user_login, ' | ', u.user_email) FROM ${db_prefix}users u JOIN ${db_prefix}usermeta um ON u.ID = um.user_id WHERE um.meta_key = '${db_prefix}capabilities' AND um.meta_value LIKE '%administrator%' ORDER BY u.ID" 2>/dev/null && echo "" && malware=$(mysql -u"$db_user" -p"$db_pass" "$db_name" -sN -e "SELECT COUNT(*) FROM ${db_prefix}options WHERE option_name LIKE '%hack%' OR option_name LIKE '%shell%' OR option_name LIKE '%backdoor%' OR option_name LIKE '%malware%'" 2>/dev/null) && bad_users=$(mysql -u"$db_user" -p"$db_pass" "$db_name" -sN -e "SELECT COUNT(*) FROM ${db_prefix}users WHERE user_email = '' OR user_email LIKE '%@example.com' OR user_email LIKE '%@test.com'" 2>/dev/null) && bad_posts=$(mysql -u"$db_user" -p"$db_pass" "$db_name" -sN -e "SELECT COUNT(*) FROM ${db_prefix}posts WHERE (post_content LIKE '%/dev/null) && issues=0 && [ "$malware" -gt 0 ] && issues=$((issues + 1)) && [ "$bad_users" -gt 0 ] && issues=$((issues + 1)) && [ "$bad_posts" -gt 0 ] && issues=$((issues + 1)) && if [ $issues -eq 0 ]; then echo "→ STATUS: ✅✅✅ BASE DE DATOS COMPLETAMENTE LIMPIA" && clean_count=$((clean_count + 1)); else echo "→ STATUS: ⚠️ PROBLEMAS DETECTADOS ($issues)" && [ "$malware" -gt 0 ] && echo " - Opciones maliciosas: $malware" && [ "$bad_users" -gt 0 ] && echo " - Usuarios sospechosos: $bad_users" && [ "$bad_posts" -gt 0 ] && echo " - Posts infectados: $bad_posts" && warning_count=$((warning_count + 1)); fi && echo "" && echo ""; done && echo "╔═══════════════════════════════════════════════════════════════╗" && echo "║ RESUMEN FINAL DE SEGURIDAD ║" && echo "╚═══════════════════════════════════════════════════════════════╝" && echo "" && echo " ✅ Sitios completamente limpios: $clean_count/7" && echo " ⚠️ Sitios con advertencias: $warning_count/7" && echo " 🔴 Sitios con errores de acceso: $error_count/7" && echo "" && if [ $clean_count -eq 7 ]; then echo " 🎉🎉🎉 TODOS LOS SITIOS ESTÁN 100% LIMPIOS 🎉🎉🎉"; elif [ $warning_count -gt 0 ]; then echo " ⚠️ Se requiere acción adicional en $warning_count sitio(s)"; else echo " 🔴 Hay problemas de conexión que requieren atención"; fi && echo "" && echo "Fecha: $(date '+%Y-%m-%d %H:%M:%S')" cd /home/melctpsg && echo "╔═══════════════════════════════════════════════════════════════╗" && echo "║ INSPECCIÓN FINAL - TODAS LAS BASES DE DATOS ║" && echo "╚═══════════════════════════════════════════════════════════════╝" && echo "" && clean_count=0 && total_sites=7 && for site in podologiainyalu.com industrialtitanperu.pe advandgard.com myklogistics.com.pe abbawit.com importadoraludelca.com carmatchperu.com; do db_name=$(grep "DB_NAME" "$site/wp-config.php" 2>/dev/null | cut -d"'" -f4) && db_user=$(grep "DB_USER" "$site/wp-config.php" 2>/dev/null | cut -d"'" -f4) && db_pass=$(grep "DB_PASSWORD" "$site/wp-config.php" 2>/dev/null | cut -d"'" -f4) && db_prefix=$(grep "table_prefix" "$site/wp-config.php" 2>/dev/null | cut -d"'" -f2) && if [ -z "$db_name" ]; then echo "✗ $site - ERROR DE CONFIGURACIÓN" && continue; fi && malware=$(mysql -u"$db_user" -p"$db_pass" "$db_name" -sN -e "SELECT COUNT(*) FROM ${db_prefix}options WHERE option_name LIKE '%hack%' OR option_name LIKE '%shell%' OR option_name LIKE '%backdoor%' OR option_name LIKE '%malware%'" 2>/dev/null || echo "0") && bad_users=$(mysql -u"$db_user" -p"$db_pass" "$db_name" -sN -e "SELECT COUNT(*) FROM ${db_prefix}users WHERE user_email = '' OR user_email LIKE '%@example.com' OR user_email LIKE '%@test.com'" 2>/dev/null || echo "0") && bad_posts=$(mysql -u"$db_user" -p"$db_pass" "$db_name" -sN -e "SELECT COUNT(*) FROM ${db_prefix}posts WHERE (post_content LIKE '%/dev/null || echo "0") && admins=$(mysql -u"$db_user" -p"$db_pass" "$db_name" -sN -e "SELECT COUNT(*) FROM ${db_prefix}users u JOIN ${db_prefix}usermeta um ON u.ID = um.user_id WHERE um.meta_key = '${db_prefix}capabilities' AND um.meta_value LIKE '%administrator%'" 2>/dev/null || echo "?") && total_issues=$((malware + bad_users + bad_posts)) && if [ "$total_issues" -eq 0 ]; then echo "✅ $site - LIMPIO (Admins: $admins)" && clean_count=$((clean_count + 1)); else echo "⚠️ $site - PROBLEMAS: Malware=$malware | Usuarios=$bad_users | Posts=$bad_posts"; fi; done && echo "" && echo "╔═══════════════════════════════════════════════════════════════╗" && echo "║ RESUMEN FINAL ║" && echo "╚═══════════════════════════════════════════════════════════════╝" && echo "" && echo " Sitios limpios: $clean_count/$total_sites" && echo "" && if [ $clean_count -eq $total_sites ]; then echo " 🎉🎉🎉 TODOS LOS SITIOS 100% LIMPIOS 🎉🎉🎉"; else echo " ⚠️ Quedan sitios con problemas: $((total_sites - clean_count))"; fi && echo "" && echo "Fecha: $(date '+%Y-%m-%d %H:%M:%S')" cd /home/melctpsg && echo "╔═══════════════════════════════════════════════════════════════╗" && echo "║ IDENTIFICACIÓN Y LIMPIEZA DE MALWARE EN BD ║" && echo "╚═══════════════════════════════════════════════════════════════╝" && echo "" && for site in podologiainyalu.com advandgard.com myklogistics.com.pe abbawit.com carmatchperu.com; do echo "═══════════════════════════════════════════════════════════════" && echo " SITIO: $site" && echo "═══════════════════════════════════════════════════════════════" && db_name=$(grep "DB_NAME" "$site/wp-config.php" 2>/dev/null | cut -d"'" -f4) && db_user=$(grep "DB_USER" "$site/wp-config.php" 2>/dev/null | cut -d"'" -f4) && db_pass=$(grep "DB_PASSWORD" "$site/wp-config.php" 2>/dev/null | cut -d"'" -f4) && db_prefix=$(grep "table_prefix" "$site/wp-config.php" 2>/dev/null | cut -d"'" -f2) && echo "→ [1] DETECTANDO opción maliciosa..." && mysql -u"$db_user" -p"$db_pass" "$db_name" -e "SELECT option_id, option_name, LEFT(option_value, 100) as preview FROM ${db_prefix}options WHERE option_name LIKE '%hack%' OR option_name LIKE '%shell%' OR option_name LIKE '%backdoor%' OR option_name LIKE '%malware%' OR option_name LIKE '%inject%' OR option_name LIKE '%exploit%'" 2>/dev/null && echo "" && echo "→ [2] ELIMINANDO..." && mysql -u"$db_user" -p"$db_pass" "$db_name" -e "DELETE FROM ${db_prefix}options WHERE option_name LIKE '%hack%' OR option_name LIKE '%shell%' OR option_name LIKE '%backdoor%' OR option_name LIKE '%malware%' OR option_name LIKE '%inject%' OR option_name LIKE '%exploit%'" 2>/dev/null && remaining=$(mysql -u"$db_user" -p"$db_pass" "$db_name" -sN -e "SELECT COUNT(*) FROM ${db_prefix}options WHERE option_name LIKE '%hack%' OR option_name LIKE '%shell%' OR option_name LIKE '%backdoor%' OR option_name LIKE '%malware%'" 2>/dev/null) && if [ "$remaining" -eq 0 ]; then echo " ✅ $site LIMPIO"; else echo " ✗ $site AÚN TIENE $remaining opciones maliciosas"; fi && echo "" && echo ""; done && echo "╔═══════════════════════════════════════════════════════════════╗" && echo "║ LIMPIEZA MASIVA COMPLETADA ║" && echo "╚═══════════════════════════════════════════════════════════════╝" && echo "" && echo "→ Verificando resultado final..." && echo "" && clean_count=0 && for site in podologiainyalu.com industrialtitanperu.pe advandgard.com myklogistics.com.pe abbawit.com importadoraludelca.com carmatchperu.com; do db_name=$(grep "DB_NAME" "$site/wp-config.php" 2>/dev/null | cut -d"'" -f4) && db_user=$(grep "DB_USER" "$site/wp-config.php" 2>/dev/null | cut -d"'" -f4) && db_pass=$(grep "DB_PASSWORD" "$site/wp-config.php" 2>/dev/null | cut -d"'" -f4) && db_prefix=$(grep "table_prefix" "$site/wp-config.php" 2>/dev/null | cut -d"'" -f2) && malware=$(mysql -u"$db_user" -p"$db_pass" "$db_name" -sN -e "SELECT COUNT(*) FROM ${db_prefix}options WHERE option_name LIKE '%hack%' OR option_name LIKE '%shell%' OR option_name LIKE '%backdoor%' OR option_name LIKE '%malware%'" 2>/dev/null || echo "0") && if [ "$malware" -eq 0 ]; then echo "✅ $site" && clean_count=$((clean_count + 1)); else echo "⚠️ $site - $malware problemas"; fi; done && echo "" && echo "═══════════════════════════════════════════════════════════════" && echo " RESULTADO: $clean_count/7 sitios limpios" && echo "═══════════════════════════════════════════════════════════════" && if [ $clean_count -eq 7 ]; then echo "" && echo " 🎉🎉🎉 TODOS LOS SITIOS 100% LIMPIOS 🎉🎉🎉"; fi && echo "" && echo "Fecha: $(date '+%Y-%m-%d %H:%M:%S')" cd /home/melctpsg && echo "╔═══════════════════════════════════════════════════════════════╗" && echo "║ IDENTIFICACIÓN Y LIMPIEZA DE MALWARE EN BD ║" && echo "╚═══════════════════════════════════════════════════════════════╝" && echo "" && for site in podologiainyalu.com advandgard.com myklogistics.com.pe abbawit.com carmatchperu.com; do echo "═══════════════════════════════════════════════════════════════" && echo " SITIO: $site" && echo "═══════════════════════════════════════════════════════════════" && db_name=$(grep "DB_NAME" "$site/wp-config.php" 2>/dev/null | cut -d"'" -f4) && db_user=$(grep "DB_USER" "$site/wp-config.php" 2>/dev/null | cut -d"'" -f4) && db_pass=$(grep "DB_PASSWORD" "$site/wp-config.php" 2>/dev/null | cut -d"'" -f4) && db_prefix=$(grep "table_prefix" "$site/wp-config.php" 2>/dev/null | cut -d"'" -f2) && echo "→ [1] DETECTANDO opción maliciosa..." && mysql -u"$db_user" -p"$db_pass" "$db_name" -e "SELECT option_id, option_name, LEFT(option_value, 100) as preview FROM ${db_prefix}options WHERE option_name LIKE '%hack%' OR option_name LIKE '%shell%' OR option_name LIKE '%backdoor%' OR option_name LIKE '%malware%' OR option_name LIKE '%inject%' OR option_name LIKE '%exploit%'" 2>/dev/null && echo "" && echo "→ [2] ELIMINANDO..." && mysql -u"$db_user" -p"$db_pass" "$db_name" -e "DELETE FROM ${db_prefix}options WHERE option_name LIKE '%hack%' OR option_name LIKE '%shell%' OR option_name LIKE '%backdoor%' OR option_name LIKE '%malware%' OR option_name LIKE '%inject%' OR option_name LIKE '%exploit%'" 2>/dev/null && remaining=$(mysql -u"$db_user" -p"$db_pass" "$db_name" -sN -e "SELECT COUNT(*) FROM ${db_prefix}options WHERE option_name LIKE '%hack%' OR option_name LIKE '%shell%' OR option_name LIKE '%backdoor%' OR option_name LIKE '%malware%'" 2>/dev/null) && if [ "$remaining" -eq 0 ]; then echo " ✅ $site LIMPIO"; else echo " ✗ $site AÚN TIENE $remaining opciones maliciosas"; fi && echo "" && echo ""; done && echo "╔═══════════════════════════════════════════════════════════════╗" && echo "║ LIMPIEZA MASIVA COMPLETADA ║" && echo "╚═══════════════════════════════════════════════════════════════╝" && echo "" && echo "→ Verificando resultado final..." && echo "" && clean_count=0 && for site in podologiainyalu.com industrialtitanperu.pe advandgard.com myklogistics.com.pe abbawit.com importadoraludelca.com carmatchperu.com; do db_name=$(grep "DB_NAME" "$site/wp-config.php" 2>/dev/null | cut -d"'" -f4) && db_user=$(grep "DB_USER" "$site/wp-config.php" 2>/dev/null | cut -d"'" -f4) && db_pass=$(grep "DB_PASSWORD" "$site/wp-config.php" 2>/dev/null | cut -d"'" -f4) && db_prefix=$(grep "table_prefix" "$site/wp-config.php" 2>/dev/null | cut -d"'" -f2) && malware=$(mysql -u"$db_user" -p"$db_pass" "$db_name" -sN -e "SELECT COUNT(*) FROM ${db_prefix}options WHERE option_name LIKE '%hack%' OR option_name LIKE '%shell%' OR option_name LIKE '%backdoor%' OR option_name LIKE '%malware%'" 2>/dev/null || echo "0") && if [ "$malware" -eq 0 ]; then echo "✅ $site" && clean_count=$((clean_count + 1)); else echo "⚠️ $site - $malware problemas"; fi; done && echo "" && echo "═══════════════════════════════════════════════════════════════" && echo " RESULTADO: $clean_count/7 sitios limpios" && echo "═══════════════════════════════════════════════════════════════" && if [ $clean_count -eq 7 ]; then echo "" && echo " 🎉🎉🎉 TODOS LOS SITIOS 100% LIMPIOS 🎉🎉🎉"; fi && echo "" && echo "Fecha: $(date '+%Y-%m-%d %H:%M:%S')"