HEX
Server: LiteSpeed
System: Linux web0101.theory7.net 5.14.0-570.37.1.el9_6.x86_64 #1 SMP PREEMPT_DYNAMIC Tue Aug 26 10:33:12 EDT 2025 x86_64
User: t7x1378p822w (2195)
PHP: 8.4.12
Disabled: NONE
$ pwd: /home/t7x1378p822w/
Upload Files
File: /home/t7x1378p822w/.bash_history
ls
cd domains
ls
cd brabantvandaag.nl/
ls
cd public_html/
ls
rm wp-content__cad36e4/
rm rf wp-content__cad36e4/
rm -rf wp-content__cad36e4/
ls -ld 
ls /home/t7x1378p822w/domains/dierenvandaag.nl/public_html/wp-content/ 2>/dev/null || echo "MISSING"
ls /home/t7x1378p822w/domains/nieuwsvandaag.nl/public_html/ 2>/dev/null | head -30
ls /home/t7x1378p822w/domains/royaltynieuws.nl/public_html/ 2>/dev/null | head -30
ls /home/t7x1378p822w/domains/technieuws.nl/public_html/ 2>/dev/null | head -30
echo "---"
ls /home/t7x1378p822w/domains/brabantvandaag.nl/public_html/wp-content/themes/
for domain in brabantvandaag.nl dierenvandaag.nl nieuwsvandaag.nl royaltynieuws.nl technieuws.nl yepmediagroup.com; do   echo "=== $domain ===";   grep -i "wp_version\|version" /home/t7x1378p822w/domains/$domain/public_html/wp-includes/version.php 2>/dev/null | head -5;   echo ""; done
for domain in brabantvandaag.nl dierenvandaag.nl nieuwsvandaag.nl royaltynieuws.nl technieuws.nl yepmediagroup.com; do   echo "=== $domain ===";   PLUGIN_DIR="/home/t7x1378p822w/domains/$domain/public_html/wp-content/plugins";   for plugin in $(ls "$PLUGIN_DIR" 2>/dev/null | grep -v index.php); do     version=$(grep -i "^[[:space:]]*\*[[:space:]]*Version:" "$PLUGIN_DIR/$plugin"/*.php 2>/dev/null | head -1 | sed 's/.*Version:[[:space:]]*//');     if [ -z "$version" ]; then       version=$(grep -i "Stable tag:" "$PLUGIN_DIR/$plugin/readme.txt" 2>/dev/null | head -1 | sed 's/.*Stable tag:[[:space:]]*//');     fi;     echo "  $plugin: $version";   done;   echo ""; done
grep -ri "^Version:" /home/t7x1378p822w/domains/brabantvandaag.nl/public_html/wp-content/plugins/litespeed-cache/litespeed-cache.php 2>/dev/null | head -3
grep -ri "^Version:" /home/t7x1378p822w/domains/brabantvandaag.nl/public_html/wp-content/plugins/seo-by-rank-math/rank-math.php 2>/dev/null | head -3
find /home/t7x1378p822w/domains/ -path "*/wp-content/plugins/*/readme.txt" -exec grep -l "Stable tag:" {} \; 2>/dev/null | while read f; do   plugin=$(echo "$f" | awk -F'/' '{print $(NF-1)}');   domain=$(echo "$f" | awk -F'/' '{print $7}');   version=$(grep "Stable tag:" "$f" | head -1 | sed 's/.*Stable tag:[[:space:]]*//');   echo "$domain | $plugin | $version"; done
grep -i "Version\|Stable tag"   /home/t7x1378p822w/domains/brabantvandaag.nl/public_html/wp-content/plugins/td-composer/td-composer.php   2>/dev/null | head -5
# Newspaper theme versie
grep -i "Version"   /home/t7x1378p822w/domains/brabantvandaag.nl/public_html/wp-content/themes/Newspaper/style.css   2>/dev/null | head -3
# td-cloud-library versie  
grep -i "Version\|Stable tag"   /home/t7x1378p822w/domains/brabantvandaag.nl/public_html/wp-content/plugins/td-cloud-library/td-cloud-library.php   2>/dev/null | head -3
# maintenance plugin versie
grep -i "Version"   /home/t7x1378p822w/domains/royaltynieuws.nl/public_html/wp-content/plugins/maintenance/maintenance.php   2>/dev/null | head -3
# Check Rank Math versies
echo "=== LiteSpeed Cache versies ==="
grep "Stable tag:" /home/t7x1378p822w/domains/*/public_html/wp-content/plugins/litespeed-cache/readme.txt 2>/dev/null
echo ""
echo "=== Rank Math versies ==="
grep "Stable tag:" /home/t7x1378p822w/domains/*/public_html/wp-content/plugins/seo-by-rank-math/readme.txt 2>/dev/null
echo ""
echo "=== Rank Math Pro versies ==="
grep "Stable tag:" /home/t7x1378p822w/domains/*/public_html/wp-content/plugins/seo-by-rank-math-pro/readme.txt 2>/dev/null
echo ""
echo "=== td-composer versies ==="
grep "Version:" /home/t7x1378p822w/domains/*/public_html/wp-content/plugins/td-composer/td-composer.php 2>/dev/null
echo ""
echo "=== td-cloud-library versies ==="
grep "Version:" /home/t7x1378p822w/domains/*/public_html/wp-content/plugins/td-cloud-library/td-cloud-library.php 2>/dev/null
echo ""
echo "=== Newspaper theme versies ==="
grep "^Version:" /home/t7x1378p822w/domains/*/public_html/wp-content/themes/Newspaper/style.css 2>/dev/null
echo "=== .htaccess bestanden ==="
for domain in brabantvandaag.nl dierenvandaag.nl nieuwsvandaag.nl royaltynieuws.nl technieuws.nl yepmediagroup.com; do   echo "--- $domain ---";   cat /home/t7x1378p822w/domains/$domain/public_html/.htaccess 2>/dev/null;   echo ""; done
for domain in brabantvandaag.nl dierenvandaag.nl nieuwsvandaag.nl royaltynieuws.nl technieuws.nl yepmediagroup.com; do   echo "=== $domain ===";   grep -E "DB_USER|DB_NAME|table_prefix|DISALLOW_FILE_EDIT|FORCE_SSL|WP_DEBUG|SECRET_KEY|AUTH_KEY"     /home/t7x1378p822w/domains/$domain/public_html/wp-config.php 2>/dev/null | grep -v "put your unique phrase here";   echo ""; done
grep -r "DISALLOW_FILE\|FORCE_SSL_ADMIN\|WP_DEBUG_LOG\|WP_DEBUG_DISPLAY"   /home/t7x1378p822w/domains/*/public_html/wp-config.php 2>/dev/null
echo "=== table_prefix check ==="
grep "table_prefix" /home/t7x1378p822w/domains/*/public_html/wp-config.php 2>/dev/null
echo "=== PHP bestanden in uploads mappen ==="
find /home/t7x1378p822w/domains/*/public_html/wp-content/uploads/ -name "*.php" -o -name "*.php5" -o -name "*.phtml" -o -name "*.php7" 2>/dev/null | head -50
echo ""
echo "=== Aantal gevonden ==="
find /home/t7x1378p822w/domains/*/public_html/wp-content/uploads/ -name "*.php*" 2>/dev/null | wc -l
echo "exit: $?"
for domain in brabantvandaag.nl dierenvandaag.nl nieuwsvandaag.nl royaltynieuws.nl technieuws.nl yepmediagroup.com; do   echo "=== $domain ===";   ls /home/t7x1378p822w/domains/$domain/public_html/wp-content/uploads/.htaccess 2>/dev/null && cat /home/t7x1378p822w/domains/$domain/public_html/wp-content/uploads/.htaccess || echo "GEEN .htaccess in uploads!"; done
echo "=== Verdachte PHP patronen in plugins ==="
grep -rl "eval(base64_decode\|eval(gzinflate\|eval(str_rot13\|assert(\$_\|preg_replace.*\/e\|passthru\|shell_exec\|system(\$_\|exec(\$_"   /home/t7x1378p822w/domains/*/public_html/wp-content/plugins/ 2>/dev/null | grep -v ".git" | head -30
echo "=== xmlrpc.php aanwezig ==="
for domain in brabantvandaag.nl dierenvandaag.nl nieuwsvandaag.nl royaltynieuws.nl technieuws.nl yepmediagroup.com; do   ls /home/t7x1378p822w/domains/$domain/public_html/xmlrpc.php 2>/dev/null && echo "$domain: xmlrpc.php AANWEZIG" || echo "$domain: xmlrpc.php afwezig"; done
echo ""
echo "=== readme.html aanwezig (geeft WP versie prijs) ==="
for domain in brabantvandaag.nl dierenvandaag.nl nieuwsvandaag.nl royaltynieuws.nl technieuws.nl yepmediagroup.com; do   ls /home/t7x1378p822w/domains/$domain/public_html/readme.html 2>/dev/null && echo "$domain: readme.html AANWEZIG" || echo "$domain: readme.html afwezig"; done
ls /home/t7x1378p822w/domains/nieuwsvandaag.nl/public_html/xmlrpc.php 2>/dev/null && echo "aanwezig" || echo "afwezig"
ls /home/t7x1378p822w/domains/royaltynieuws.nl/public_html/xmlrpc.php 2>/dev/null && echo "aanwezig" || echo "afwezig"
ls /home/t7x1378p822w/domains/technieuws.nl/public_html/xmlrpc.php 2>/dev/null && echo "aanwezig" || echo "afwezig"
ls /home/t7x1378p822w/domains/yepmediagroup.com/public_html/xmlrpc.php 2>/dev/null && echo "aanwezig" || echo "afwezig"
echo "---readme---"
ls /home/t7x1378p822w/domains/brabantvandaag.nl/public_html/readme.html 2>/dev/null && echo "aanwezig" || echo "afwezig"
ls /home/t7x1378p822w/domains/royaltynieuws.nl/public_html/readme.html 2>/dev/null && echo "aanwezig" || echo "afwezig"
echo "=== wp-config.php rechten ==="
stat -c "%a %n" /home/t7x1378p822w/domains/*/public_html/wp-config.php 2>/dev/null
echo ""
echo "=== wp-login.php rechten ==="
stat -c "%a %n" /home/t7x1378p822w/domains/*/public_html/wp-login.php 2>/dev/null
echo ""
echo "=== wp-admin map rechten ==="
stat -c "%a %n" /home/t7x1378p822w/domains/*/public_html/wp-admin 2>/dev/null
ls /home/t7x1378p822w/domains/brabantvandaag.nl/public_html/wp-admin/ | grep -v "\.php\|css\|images\|includes\|js\|maint\|network\|user" | head -20
echo "=== Controleer op verdachte .bk backup bestanden ==="
find /home/t7x1378p822w/domains/ -name "*.bk" -o -name "*.bak" -o -name "*.old" -o -name "*.orig" 2>/dev/null | head -20
echo ""
echo "=== Controleer op .htaccess backup ==="
find /home/t7x1378p822w/domains/ -name ".htaccess.bk" -o -name ".htaccess.bak" 2>/dev/null
# CVE-2024-50550: LiteSpeed Cache < 6.5.0.1 - Privilege Escalation via weak hash
# CVE-2024-28000: LiteSpeed Cache < 6.4 - Unauthenticated Privilege Escalation
# Versie 7.7 is actueel, geen kwetsbaarheid
# Controleer Rank Math Pro versie - zoek de echte versie
grep "Version:" /home/t7x1378p822w/domains/brabantvandaag.nl/public_html/wp-content/plugins/seo-by-rank-math-pro/rank-math-pro.php 2>/dev/null | head -3
# Bekijk welke versie Newspaper theme
grep "Version:" /home/t7x1378p822w/domains/yepmediagroup.com/public_html/wp-content/themes/Newspaper/style.css 2>/dev/null | head -3
# Bekijk td-composer versie alle domeinen
grep "Version:" /home/t7x1378p822w/domains/dierenvandaag.nl/public_html/wp-content/plugins/td-composer/td-composer.php 2>/dev/null | head -3
grep "Version:" /home/t7x1378p822w/domains/royaltynieuws.nl/public_html/wp-content/plugins/maintenance/maintenance.php 2>/dev/null | head -3
grep "Version:" /home/t7x1378p822w/domains/brabantvandaag.nl/public_html/wp-content/plugins/td-cloud-library/td-cloud-library.php 2>/dev/null | head -3
grep "Version:" /home/t7x1378p822w/domains/royaltynieuws.nl/public_html/wp-content/plugins/maintenance/maintenance.php 2>/dev/null | head -3
grep "^Version:" /home/t7x1378p822w/domains/brabantvandaag.nl/public_html/wp-content/themes/Newspaper/style.css 2>/dev/null
grep -n "wp-login" /home/t7x1378p822w/domains/brabantvandaag.nl/public_html/.htaccess 2>/dev/null
grep -n "wp-login\|wp-admin" /home/t7x1378p822w/domains/royaltynieuws.nl/public_html/.htaccess 2>/dev/null
# Check wp-admin map op extra .htaccess bescherming
cat /home/t7x1378p822w/domains/brabantvandaag.nl/public_html/wp-admin/.htaccess 2>/dev/null || echo "Geen .htaccess in wp-admin voor brabantvandaag.nl"
cat /home/t7x1378p822w/domains/royaltynieuws.nl/public_html/wp-admin/.htaccess 2>/dev/null || echo "Geen .htaccess in wp-admin voor royaltynieuws.nl"
ls /home/t7x1378p822w/domains/royaltynieuws.nl/public_html/wp-admin/.htaccess 2>/dev/null && echo "bestaat" || echo "geen .htaccess in wp-admin"
echo "=== mu-plugins inhoud ==="
for domain in brabantvandaag.nl dierenvandaag.nl nieuwsvandaag.nl royaltynieuws.nl technieuws.nl yepmediagroup.com; do   echo "--- $domain ---";   ls /home/t7x1378p822w/domains/$domain/public_html/wp-content/mu-plugins/ 2>/dev/null || echo "(leeg of niet aanwezig)"; done
ls /home/t7x1378p822w/domains/nieuwsvandaag.nl/public_html/wp-content/mu-plugins/ 2>/dev/null
ls /home/t7x1378p822w/domains/royaltynieuws.nl/public_html/wp-content/mu-plugins/ 2>/dev/null
ls /home/t7x1378p822w/domains/technieuws.nl/public_html/wp-content/mu-plugins/ 2>/dev/null
ls /home/t7x1378p822w/domains/yepmediagroup.com/public_html/wp-content/mu-plugins/ 2>/dev/null
find /home/t7x1378p822w/domains/brabantvandaag.nl/public_html/ -perm -0777 -type f 2>/dev/null | head -20
echo "---"
# Controleer uploads mappen rechten
stat -c "%a %n" /home/t7x1378p822w/domains/brabantvandaag.nl/public_html/wp-content/uploads/ 2>/dev/null
stat -c "%a %n" /home/t7x1378p822w/domains/brabantvandaag.nl/public_html/wp-content/ 2>/dev/null
# Controleer ook of er debug logs zijn die gevoelige informatie bevatten
find /home/t7x1378p822w/domains/ -name "debug.log" 2>/dev/null | head -10
find /home/t7x1378p822w/domains/ -name "error_log" 2>/dev/null | head -10
echo ""
echo "=== Controleer op wordfence logs of security plugins ==="
ls /home/t7x1378p822w/domains/brabantvandaag.nl/public_html/wp-content/plugins/ | grep -i "wordfence\|ithemes\|all-in-one-wp-security\|better-wp-security\|sucuri"
echo "exit: $?"
# Controleer ook op object-cache.php - kan kwaadaardige code bevatten
head -20 /home/t7x1378p822w/domains/brabantvandaag.nl/public_html/wp-content/object-cache.php 2>/dev/null | head -10
echo "---"
# Controleer Newspaper theme en td-composer op bekende kwetsbaarheden
# Newspaper < 12.1.4 had XSS kwetsbaarheden (CVE-2024-5239)
# td-composer < 5.x had bekende problemen
ls /home/t7x1378p822w/domains/brabantvandaag.nl/public_html/wp-content/plugins/td-composer/ | head -10
# Newspaper had meerdere kritieke kwetsbaarheden in 2024:
# - XSS via td_block AJAX handler (CVE-2024-5239) - fix in 12.6.5
# - Broken Access Control (CVE-2024-6509) - fix in 12.7.1
# - LFI via td_ajax_block (CVE-2024-8854) - fix in 12.7.4
echo "Newspaper versie op alle sites:"
grep "^Version:" /home/t7x1378p822w/domains/brabantvandaag.nl/public_html/wp-content/themes/Newspaper/style.css
grep "^Version:" /home/t7x1378p822w/domains/dierenvandaag.nl/public_html/wp-content/themes/Newspaper/style.css
grep "^Version:" /home/t7x1378p822w/domains/nieuwsvandaag.nl/public_html/wp-content/themes/Newspaper/style.css
grep "^Version:" /home/t7x1378p822w/domains/technieuws.nl/public_html/wp-content/themes/Newspaper/style.css
grep "^Version:" /home/t7x1378p822w/domains/yepmediagroup.com/public_html/wp-content/themes/Newspaper/style.css
# Laten we controleren of de AJAX handler aanwezig is
grep -r "td_ajax_block\|td_block_ajax" /home/t7x1378p822w/domains/brabantvandaag.nl/public_html/wp-content/plugins/td-composer/includes/ 2>/dev/null | head -5
echo "---"
# Controleer td-composer op kwetsbare code
grep -r "file_get_contents\|include.*\$\|require.*\$_\|eval" /home/t7x1378p822w/domains/brabantvandaag.nl/public_html/wp-content/plugins/td-composer/td-composer.php 2>/dev/null | head -10
# Controleer ook wp-cron misbruik en mogelijke SSRF kwetsbaarheden
# Controleer of DISABLE_WP_CRON is ingesteld
grep "DISABLE_WP_CRON\|ALTERNATE_WP_CRON" /home/t7x1378p822w/domains/brabantvandaag.nl/public_html/wp-config.php /home/t7x1378p822w/domains/royaltynieuws.nl/public_html/wp-config.php 2>/dev/null
echo "---"
# Controleer of er gevoelige index.html ontbreekt in admin mappen
ls /home/t7x1378p822w/domains/brabantvandaag.nl/public_html/wp-includes/index.php 2>/dev/null
ls /home/t7x1378p822w/domains/brabantvandaag.nl/public_html/wp-content/plugins/index.php 2>/dev/null
cat /home/t7x1378p822w/domains/royaltynieuws.nl/public_html/wp-config.php 2>/dev/null
# Eerst beschikbare logs bekijken
ls /home/t7x1378p822w/domains/brabantvandaag.nl/logs/ 2>/dev/null | head -20
ls /home/t7x1378p822w/domains/royaltynieuws.nl/logs/ 2>/dev/null | head -20
# Laten we de recentste log bekijken voor verdachte verzoeken
cd /tmp && tar -xzf /home/t7x1378p822w/domains/brabantvandaag.nl/logs/Apr-2026.tar.gz 2>/dev/null && ls .
# en verdachte file upload pogingen
echo "=== wp-login.php POST requests (brute force) ==="
grep "POST.*wp-login" /tmp/brabantvandaag.nl.log | tail -20
echo ""
echo "=== xmlrpc.php requests ==="
grep "xmlrpc.php" /tmp/brabantvandaag.nl.log | tail -20
ls -la /home/t7x1378p822w/domains/brabantvandaag.nl/public_html/geju.php 2>/dev/null || echo "geju.php niet meer aanwezig (na imunify scan)"
echo "---"
# Controleer de error log op PHP fouten die op exploits kunnen wijzen
head -50 /tmp/brabantvandaag.nl.error.log
echo "---"
wc -l /tmp/brabantvandaag.nl.error.log
grep -E "\.php\?|upload|shell|exec|cmd|eval|base64|passwd" /tmp/brabantvandaag.nl.log | grep -v "admin-ajax\|wp-cron\|sitemap\|robots\|wc-ajax\|Googlebot\|bingbot\|litespeed\|ClaudeBot\|facebook" | head -30
cd /tmp && mkdir -p logs_old && tar -xzf /home/t7x1378p822w/domains/brabantvandaag.nl/logs/Mar-2026.tar.gz -C /tmp/logs_old 2>/dev/null && ls /tmp/logs_old/
echo "=== geju.php of andere webshells ==="
grep -E "geju\.php|shell\.php|backdoor|cmd\.php|\.php\?cmd=|\.php\?c=" /tmp/logs_old/brabantvandaag.nl.log | head -20
echo ""
echo "=== Verdachte POST naar onbekende PHP bestanden ==="
grep "POST" /tmp/logs_old/brabantvandaag.nl.log | grep -v "wp-admin\|wp-json\|wp-cron\|xmlrpc\|litespeed\|rank-math\|Installatron\|woo\|comment\|contact\|graphql" | head -20
echo ""
echo "=== xmlrpc aanvallen ==="
grep "xmlrpc" /tmp/logs_old/brabantvandaag.nl.log | wc -l
# Zoek alle ShellBot activiteit
echo "=== ShellBot activiteit in Maart log ==="
grep "ShellBot\|admin\.php" /tmp/logs_old/brabantvandaag.nl.log | head -40
echo ""
echo "=== admin.php nog aanwezig? ==="
ls -la /home/t7x1378p822w/domains/brabantvandaag.nl/public_html/admin.php 2>/dev/null || echo "admin.php niet meer aanwezig"
# Zoek wanneer de EERSTE toegang tot admin.php was in alle logs
echo "=== Eerste toegang admin.php in Maart log ==="
grep "admin\.php" /tmp/logs_old/brabantvandaag.nl.log | head -5
echo ""
echo "=== Kijk naar wp-includes/SIibfyHmWkj.php - een andere backdoor ==="
ls -la /home/t7x1378p822w/domains/brabantvandaag.nl/public_html/wp-includes/SIibfyHmWkj.php 2>/dev/null || echo "SIibfyHmWkj.php niet meer aanwezig"
echo ""
# Zoek naar andere verdachte .php bestanden in wp-includes
echo "=== Niet-standaard PHP bestanden in wp-includes ==="
ls /home/t7x1378p822w/domains/brabantvandaag.nl/public_html/wp-includes/ | grep -v "^functions\|^class-\|^ms-\|^wp-\|^rest-api\|^pomo\|^ID3\|^SimplePie\|^css\|^blocks\|^js" | grep "\.php$" | head -20
grep "30/Mar/2026:07:4[0-7]" /tmp/logs_old/brabantvandaag.nl.log | head -30
# Kijk of er een WP-admin inlog succes was net voor de ShellBot
echo "=== Succesvolle wp-login (200) op 30 Maart voor eerst ShellBot ==="
grep "30/Mar/2026:07:4[0-7]" /tmp/logs_old/brabantvandaag.nl.log | head -30
echo "" 
echo "=== wp-login 200 status (succesvolle inlogpogingen) in gehele Maart ==="
grep "wp-login" /tmp/logs_old/brabantvandaag.nl.log | grep '" 200 ' | head -20
ls /home/t7x1378p822w/domains/brabantvandaag.nl/logs/
echo "---"
# Log voor 30 Maart is al de Maart maandlog
# Kijk naar het WP-admin gebruik vlak voor ShellBot:
echo "=== WP-admin activiteit vóór ShellBot op 30 Maart ==="
grep "30/Mar/2026:07:3[0-9]\|30/Mar/2026:07:4[0-6]" /tmp/logs_old/brabantvandaag.nl.log | grep -v "meta-externalagent\|Googlebot\|bingbot\|AhrefsBot\|feed\|sitemap" | head -20
cd /tmp && mkdir -p logs_royal && tar -xzf /home/t7x1378p822w/domains/royaltynieuws.nl/logs/Mar-2026.tar.gz -C /tmp/logs_royal 2>/dev/null && ls -lh /tmp/logs_royal/
grep "ShellBot\|admin\.php\|geju\.php" /tmp/logs_royal/royaltynieuws.nl.log | head -20
echo "---"
# Zoek verdachte 200 POST requests
grep "POST" /tmp/logs_royal/royaltynieuws.nl.log | grep '" 200 ' | grep -v "wp-admin\|wp-json\|wp-cron\|litespeed\|rank-math\|woo\|comment\|contact\|xmlrpc\|graphql\|Installatron" | head -20
grep -i "shell\|\.php\?cmd\|\.php\?c=\|eval\|base64\|webshell\|backdoor\|upload.*\.php" /tmp/logs_royal/royaltynieuws.nl.log | head -20
# Controleer ook: hoeveel WP en niet-WP bestanden zijn er in public_html van elk domein?
echo "=== royaltynieuws.nl - index.html.backup ==="
ls /home/t7x1378p822w/domains/royaltynieuws.nl/public_html/index.html* 2>/dev/null
echo ""
echo "=== Rank Math Pro versie op seo-by-rank-math-pro ==="
grep "Stable tag\|Version" /home/t7x1378p822w/domains/brabantvandaag.nl/public_html/wp-content/plugins/seo-by-rank-math-pro/readme.txt 2>/dev/null | head -3
echo ""
echo "=== Controleer of wp-config.php buiten public_html staat (aanbevolen) ==="
for domain in brabantvandaag.nl dierenvandaag.nl nieuwsvandaag.nl royaltynieuws.nl technieuws.nl yepmediagroup.com; do   ls /home/t7x1378p822w/domains/$domain/public_html/wp-config.php 2>/dev/null > /dev/null && echo "$domain: wp-config.php IN public_html (niet ideaal)" ; done
@ Telegram