HEX
Server: nginx/1.22.1
System: Linux iZuf67d4hh2ssx30nkok6dZ 3.10.0-1160.119.1.el7.x86_64 #1 SMP Tue Jun 4 14:43:51 UTC 2024 x86_64
User: www (1000)
PHP: 7.4.33
Disabled: passthru,exec,system,putenv,chroot,chgrp,chown,shell_exec,popen,proc_open,pcntl_exec,ini_alter,ini_restore,dl,openlog,syslog,readlink,symlink,popepassthru,pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,imap_open,apache_setenv
$ pwd: /tmp/
Upload Files
File: //tmp/delete_malicious_users_47.100.sh
#!/bin/bash
echo "=== 开始清理恶意用户 ==="

# 1. 删除 joyrun.cn 的 SEO 垃圾账户
echo ""
echo "【1/2】清理 joyrun.cn (40,979 个账户)..."
mysql -uzhuoyuns -p'zhuo2019yun18' zhuoyuns -e "DELETE FROM wp_users WHERE user_login LIKE '%blogspot%' AND user_registered > '2026-02-01';" 2>/dev/null
mysql -uzhuoyuns -p'zhuo2019yun18' zhuoyuns -e "DELETE FROM wp_usermeta WHERE user_id NOT IN (SELECT ID FROM wp_users);" 2>/dev/null
echo "✓ joyrun.cn 清理完成"

# 2. 删除 topcheersoftware.com 的恶意管理员
echo ""
echo "【2/2】清理 topcheersoftware.com (adminbackup)..."
config="/www/wwwroot/topcheersoftware.com/wp-config.php"
db_name=$(grep "DB_NAME" "$config" | cut -d "'" -f 4)
db_user=$(grep "DB_USER" "$config" | cut -d "'" -f 4)
db_pass=$(grep "DB_PASSWORD" "$config" | cut -d "'" -f 4)

mysql -u"$db_user" -p"$db_pass" "$db_name" -e "DELETE FROM wp_users WHERE ID = 2;" 2>/dev/null
mysql -u"$db_user" -p"$db_pass" "$db_name" -e "DELETE FROM wp_usermeta WHERE user_id = 2;" 2>/dev/null
echo "✓ topcheersoftware.com 清理完成"

echo ""
echo "=== 清理完成 ==="
@ Telegram