#!/bin/bash
LOG=~/.maintenance-logs/verif-final-20260713.txt
exec > >(tee "$LOG") 2>&1
echo "########## RE-CHECK $(date) ##########"
SITES="abtan assayag azogui lahmi lasvergnas medicalesthetique medina miquel nassif s-hombrouck smileart-ads zeitoun-saal"
echo "==== 1. DB re-check par site (uredik / admins / elysian / plugins / url) ===="
for s in $SITES; do php ~/_verify.php "$s"; done
echo "==== 2. authorized_keys ===="
awk '{print "   ..."$NF}' ~/.ssh/authorized_keys 2>/dev/null; grep -c . ~/.ssh/authorized_keys 2>/dev/null | xargs echo "  total lignes:"
echo "==== 3. crontab ===="
crontab -l 2>/dev/null | grep -v '^#' | grep . || echo "  (vide)"
echo "==== 4. mu-plugins par site (attendu: 0-worker.php) ===="
for s in $SITES; do d=~/$s/wp-content/mu-plugins; [ -d "$d" ] && ls -1 "$d" 2>/dev/null | sed "s/^/  [$s] /"; done
echo "==== 5. hunt IOC (fichiers .php uniquement, par site) ===="
HIT=0
for s in $SITES; do
  r=$(grep -rlE --include='*.php' "elysianlink|KAPTAN2025|__LPK_IN__|linksparagon|isGoogleUserAgent|sinanyildiz5747" ~/$s 2>/dev/null)
  [ -n "$r" ] && { echo "$r" | sed "s/^/  [$s] IOC-> /"; HIT=1; }
done
[ $HIT -eq 0 ] && echo "  aucun IOC .php -> OK"
echo "==== 6. .php dans uploads (par site) ===="
U=0
for s in $SITES; do
  r=$(find -L ~/$s/wp-content/uploads -type f -name '*.php' 2>/dev/null | grep -vE '/index\.php$')
  [ -n "$r" ] && { echo "$r" | sed "s/^/  [$s] /"; U=1; }
done
[ $U -eq 0 ] && echo "  aucun .php exploitable en uploads -> OK"
echo "########## FIN RE-CHECK $(date) ##########"
