Yes, the @symbols are part of what is being checked. The current list is just preliminary and is not complete.
To give a little background. I run a small hosting company. One of my clients was running Zen Cart and it was exploited. While I was doing some of the forensic investigation to find out the cause and the damage, I thought a script to search for certain keywords used in the attack scripts could come in handy.
Once I make sure everything is coded the right way I plan on sharing this with other server admins in a similar situation. Which is why the added stuff to allow for checking a single users public_html directory exists.
I started off with a one liner but during testing found some issues. Checking /home/*/public_html has some drawbacks to my particular situation. I am running a Cpanel server and there are a few non-user directories located in the /home/.
Thanks for the feedback.
Brandon
Quote:
IMO it is nicely written,
P.S. Thank You. I have to admit this is a testament to the quality of help available on this site and others like it.