LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Software (https://www.linuxquestions.org/questions/linux-software-2/)
-   -   Deleting directories from a cron (https://www.linuxquestions.org/questions/linux-software-2/deleting-directories-from-a-cron-424655/)

Jaysworld 03-14-2006 02:53 AM

Deleting directories from a cron
 
Hey all. I am looking to delete a directory named "olb" from users websites from a cron. It seems this directory is being used by a phishing campaign for a well know uk based bank. Since I run a free hosting service we have recieved several abuse emails asking us to take the offending websites off the internet for phishing for this banks information. The offending websites always share the same setup to mimic the banks setup. This setup resembles

olb/olb/olb/p/LoginMember.do/index.htm

I am looking to setup a cron that will run hourly or every 30 minutes that will delete directories named olb along with all the files they contain. I am however unsure how to do this. I tried rmdir var/www/virtual/*/olb with no success. I also tried varients of this such as /var/www/virtual/*./olb etc with no success. What am I doing wrong? I know there is a way to do this but how?

timmeke 03-14-2006 06:09 AM

You might try something like
Code:

dirs=`find /var/www/virtual -type d -name 'olb'`; for i in ${dirs}; do rm -rf ${i}; done
.
I recommend replacing the "rm -rf" with a simply "echo" first to see what the impact of the code is, just to be safe.

However, your solution is just a temporary one. The more final solution would be to block the offending sites completely and to improve your security agains phishing (if possible).

tredegar 03-14-2006 07:33 AM

It is not clear from your post whether it is your users who are phishing (in which case you should terminate their accounts at once, and give their details to the bank concerned) or your users who have been hacked and scammers are using their accounts. In either case you need to take your system offline until you have given some serious thought to security: It is irresponsible for you to allow your server(s) to be used in this way, and by tolerating this behaviour, you are putting yourself at risk of prosecution. There is helpful information in the Security forum of this board.

Simply deleting the olb directory is not the answer: They'll soon be using random names.


All times are GMT -5. The time now is 01:31 PM.