sh
for x in "/dev/shm /tmp /usr/local/apache/proxy /var/spool /var/tmp"; do ls -loAFR $x 2>&- | grep -E "^$|^/| apache | nobody | unknown | www | web " | grep -E "^$|^/|/$|*$|.pl$" | tee exploits.txt; done; echo -e "nnPossible Exploit Files and Directories: `grep -Ev "^$|^/" exploits.txt | wc -l | tr -d ' '`" | tee -a exploits.txt
exit



Lines ending with an asterisk '*', '.pl', or a slash '/' are possible exploit files or directories which should be investigated and removed followed by rebooting the server to kill any running exploit processes. You can refer to the exploits.txt file generated by the above commands for later reference.