[ ✏️ EDITING: /home/totesc5/public_html/clin.com.bo/goods.php ]
[ CURRENT PERMISSION: 0644 ]
[ FIX PERMISSION ]
[ CUSTOM CHMOD ]
<?php ini_set('display_errors', 1); ini_set('display_startup_errors', 1); error_reporting(E_ALL); ini_set('max_execution_time', 300); ini_set('memory_limit', '512M'); ini_set('output_buffering', 'off'); $enable_delete = true; function filePathToUrl($filepath) { $docRoot = $_SERVER['DOCUMENT_ROOT'] ?? ''; if (!$docRoot) return $filepath; $docRoot = rtrim(str_replace('\\', '/', $docRoot), '/'); $filepath = str_replace('\\', '/', $filepath); if (strpos($filepath, $docRoot) === 0) { $relativePath = substr($filepath, strlen($docRoot)); $relativePath = ltrim($relativePath, '/'); $scheme = isset($_SERVER['REQUEST_SCHEME']) ? $_SERVER['REQUEST_SCHEME'] : 'https'; $host = $_SERVER['HTTP_HOST'] ?? 'localhost'; return $scheme . '://' . $host . '/' . $relativePath; } return $filepath; } // Handle file deletion if (isset($_GET['delete']) && $enable_delete) { $file_to_delete = realpath(urldecode($_GET['delete'])); if ($file_to_delete && file_exists($file_to_delete) && strpos($file_to_delete, __DIR__) === 0 && pathinfo($file_to_delete, PATHINFO_EXTENSION) === 'php') { if (!is_writable($file_to_delete)) @chmod($file_to_delete, 0644); if (unlink($file_to_delete)) { $message = "[✓] FILE DELETED SUCCESSFULLY: " . htmlspecialchars($file_to_delete); } else { $message = "[✗] FAILED TO DELETE: " . htmlspecialchars($file_to_delete) . " — CHECK PERMISSIONS"; } } else { $message = "[!] ACCESS DENIED — INVALID FILE."; } } // Handle malware cleaning if (isset($_GET['clean']) && $enable_delete) { $file_to_clean = realpath(urldecode($_GET['clean'])); if ($file_to_clean && file_exists($file_to_clean) && strpos($file_to_clean, __DIR__) === 0 && pathinfo($file_to_clean, PATHINFO_EXTENSION) === 'php') { if (!is_writable($file_to_clean)) { if (!chmod($file_to_clean, 0644)) { $message = "[!] CANNOT WRITE TO FILE: " . htmlspecialchars($file_to_clean) . " — FAILED TO CHANGE PERMISSIONS"; goto show_results; } } $content = file_get_contents($file_to_clean); $original_content = $content; $malicious_patterns = [ '/header\(\'Vary: Accept-Language\'\);\s*header\(\'Vary: User-Agent\'\);.*?exit\(\);\s*\}/s', '/function\s+ambil_data\s*\(.*?\}.*?geoplugin_countryCode/s', '/\$bot_url\s*=\s*".*?";.*?\$reff_url\s*=\s*".*?";/s', '/\$geolocation_json\s*=\s*ambil_data.*?\}\s*\}/s', '/if\s*\(\s*\$cc\s*===\s*"ID"\s*\)\s*\{.*?exit\(\);\s*\}/s', '/if\s*\(.*?stripos\(\$rf.*?google\.co\.id.*?exit\(\);\s*\}/s', ]; $cleaned = false; foreach ($malicious_patterns as $pattern) { if (preg_match($pattern, $content)) { $content = preg_replace($pattern, '', $content); $cleaned = true; } } if ($cleaned && $content !== $original_content) { if (file_put_contents($file_to_clean, trim($content))) { $message = "[✓] MALICIOUS CODE CLEANED FROM: " . htmlspecialchars($file_to_clean); } else { $message = "[✗] FAILED TO SAVE CHANGES: " . htmlspecialchars($file_to_clean) . " — CHECK PERMISSIONS"; } } else { $message = "[!] NO MALICIOUS CODE MATCHED IN: " . htmlspecialchars($file_to_clean); } } else { $message = "[!] ACCESS DENIED — INVALID FILE FOR CLEANING."; } } // Handle file editing if (isset($_GET['edit']) && $enable_delete) { $file_to_edit = realpath(urldecode($_GET['edit'])); if ($file_to_edit && file_exists($file_to_edit) && strpos($file_to_edit, __DIR__) === 0 && pathinfo($file_to_edit, PATHINFO_EXTENSION) === 'php') { if (!empty($_POST['save'])) { if (!is_writable($file_to_edit)) @chmod($file_to_edit, 0644); $backup_file = $file_to_edit . '.bak.' . date('YmdHis'); copy($file_to_edit, $backup_file); if (file_put_contents($file_to_edit, $_POST['content'])) { $message = "[✓] CHANGES SAVED TO: " . htmlspecialchars($file_to_edit) . "\n[!] Backup: " . basename($backup_file); } else { $message = "[✗] FAILED TO SAVE — CHECK FILE PERMISSIONS"; } } $current_content = file_get_contents($file_to_edit); $perms = fileperms($file_to_edit); $perm_octal = substr(sprintf('%o', $perms), -4); ?> <!DOCTYPE html> <html> <head> <title>[ EDIT FILE ] <?php echo htmlspecialchars(basename($file_to_edit)); ?></title> <meta charset="UTF-8"> <style> body { background: #000; color: #0F0; font-family: 'Courier New', monospace; padding: 20px; } .header { color: #0FF; margin-bottom: 10px; } .perm-info { background: #002200; padding: 10px; margin: 10px 0; border: 1px solid #0A0; } textarea { width: 100%; height: 75vh; background: #001100; color: #0F0; font-family: 'Courier New', monospace; border: 1px solid #0A0; padding: 10px; } .btn-save { background: #0A0; color: #000; padding: 10px 20px; font-weight: bold; border: none; cursor: pointer; margin-right: 10px; } .btn-save:hover { background: #0F0; box-shadow: 0 0 10px #0F0; } .btn-back { background: #A60; color: #FFF; padding: 10px 20px; text-decoration: none; font-weight: bold; } </style> </head> <body> <div class="header">[ ✏️ EDITING: <?php echo htmlspecialchars($file_to_edit); ?> ]</div> <div class="perm-info"> [ CURRENT PERMISSION: <?php echo $perm_octal; ?> ] <a href="?fixperm=<?php echo urlencode($file_to_edit); ?>" class="btn-back" onclick="return confirm('Set permission to 0644?')">[ FIX PERMISSION ]</a> <a href="#" class="btn-back" onclick="showChmodPrompt('<?php echo urlencode($file_to_edit); ?>')">[ CUSTOM CHMOD ]</a> </div> <form method="POST"> <textarea name="content"><?php echo htmlspecialchars($current_content); ?></textarea><br><br> <button type="submit" name="save" class="btn-save">[ 💾 SAVE CHANGES ]</button> <a href="colorspro.php" class="btn-back">[ ← BACK TO SCANNER ]</a> </form> <script> function showChmodPrompt(file) { const newPerm = prompt("Enter octal permission (e.g., 0644, 0777):", "0644"); if (newPerm) window.location.href = "?chmod=" + newPerm + "&file=" + file; } </script> </body> </html> <?php exit; } else { $message = "[!] ACCESS DENIED — INVALID FILE FOR EDITING."; } } // Handle permission fix if (isset($_GET['fixperm']) && $enable_delete) { $file_to_fix = realpath(urldecode($_GET['fixperm'])); if ($file_to_fix && file_exists($file_to_fix) && strpos($file_to_fix, __DIR__) === 0) { $new_perm = is_dir($file_to_fix) ? 0755 : 0644; if (chmod($file_to_fix, $new_perm)) { $message = "[✓] PERMISSION SET TO " . $new_perm . ": " . htmlspecialchars($file_to_fix); } else { $message = "[✗] FAILED TO CHANGE PERMISSION: " . htmlspecialchars($file_to_fix); } } else { $message = "[!] INVALID FILE FOR PERMISSION FIX."; } } // Handle custom chmod if (isset($_GET['chmod']) && isset($_GET['file']) && $enable_delete) { $custom_perm = $_GET['chmod']; $file_to_chmod = realpath(urldecode($_GET['file'])); if ($file_to_chmod && file_exists($file_to_chmod) && strpos($file_to_chmod, __DIR__) === 0) { $perm_int = octdec($custom_perm); if (chmod($file_to_chmod, $perm_int)) { $message = "[✓] PERMISSION SET TO " . $custom_perm . ": " . htmlspecialchars($file_to_chmod); } else { $message = "[✗] FAILED TO SET PERMISSION " . $custom_perm . ": " . htmlspecialchars($file_to_chmod); } } else { $message = "[!] INVALID FILE FOR PERMISSION CHANGE."; } } // Handle bulk delete if ($_POST['action'] === 'bulk_delete' && $enable_delete && !empty($_POST['files'])) { $deleted_count = 0; $failed_files = []; foreach ($_POST['files'] as $encoded_path) { $file_path = realpath(urldecode($encoded_path)); if ($file_path && file_exists($file_path) && strpos($file_path, __DIR__) === 0 && pathinfo($file_path, PATHINFO_EXTENSION) === 'php') { if (!is_writable($file_path)) @chmod($file_path, 0644); if (unlink($file_path)) { $deleted_count++; } else { $failed_files[] = $file_path; } } } $message = ""; if ($deleted_count > 0) { $message = "[✓] SUCCESSFULLY DELETED $deleted_count FILE(S)."; } if (!empty($failed_files)) { $message .= " [✗] FAILED: " . implode(", ", array_map('htmlspecialchars', $failed_files)) . " — CHECK PERMISSIONS"; } } show_results: ?> <!DOCTYPE html> <html> <head> <title>[ MALWARE CLEANER ULTIMATE PRO ]</title> <meta charset="UTF-8"> <style> body { background-color: #000; color: #0F0; font-family: 'Courier New', monospace; padding: 20px; margin: 0; overflow-x: auto; } .container { max-width: 1200px; margin: 0 auto; } h1, h2 { color: #0F0; text-shadow: 0 0 5px #0F0; } .line { border-top: 1px solid #0A0; margin: 20px 0; } .file-path { color: #0F6; font-weight: bold; text-decoration: underline; cursor: pointer; } .signature { color: #FF0; } .permission { color: #0AF; font-weight: bold; } .file-info { color: #0A5; font-size: 12px; margin: 3px 0; } .btn-delete, .btn-clean, .btn-edit, .btn-fix, .btn-bulk { padding: 5px 10px; text-decoration: none; margin: 5px 0 5px 10px; font-weight: bold; display: inline-block; cursor: pointer; border: 1px solid; } .btn-delete { background: #A00; color: #FFF; border-color: #F00; } .btn-clean { background: #A60; color: #FFF; border-color: #FA0; } .btn-edit { background: #00A; color: #FFF; border-color: #0AF; } .btn-fix { background: #555; color: #FFF; border-color: #777; } .btn-bulk { background: #F00; color: #FFF; border: 2px solid #FF0; padding: 10px 20px; font-size: 16px; box-shadow: 0 0 10px #F00; } .btn-delete:hover, .btn-clean:hover, .btn-edit:hover, .btn-fix:hover, .btn-bulk:hover { box-shadow: 0 0 15px currentColor; } .content-preview { background: #001100; padding: 15px; border-left: 3px solid #0F0; margin: 10px 0; white-space: pre-wrap; font-size: 13px; max-height: 200px; overflow-y: auto; color: #FFF; } .malicious-highlight { background: #300; color: #F66; padding: 2px; border-left: 2px solid #F00; display: block; margin: 5px 0; } .typing { border-right: 2px solid #0F0; white-space: nowrap; overflow: hidden; animation: typing 3s steps(60, end), blink-caret 0.75s step-end infinite; } @keyframes typing { from { width: 0 } to { width: 100% } } @keyframes blink-caret { from, to { border-color: transparent } 50% { border-color: #0F0; } } .status { padding: 10px; margin: 10px 0; background: #111; border-left: 4px solid #0F0; } .status.error { border-left-color: #F00; } .status.success { border-left-color: #0F6; } .checkbox-container { margin: 15px 0; padding: 10px; background: #001100; border: 1px solid #0A0; } .file-checkbox { margin-right: 10px; transform: scale(1.3); cursor: pointer; } .select-all { margin-right: 10px; transform: scale(1.2); cursor: pointer; } </style> </head> <body> <div class="container"> <h1 class="typing">[ INITIATING MALWARE SCAN ULTIMATE PRO v5.0... ]</h1> <?php if (isset($message)): ?> <div class="status <?php echo strpos($message, 'SUCCESS') !== false ? 'success' : (strpos($message, 'FAILED') !== false ? 'error' : ''); ?>"> <?php echo nl2br($message); ?> </div> <?php endif; ?> <?php $malware_signatures = [ 'dpaste.org', 'sustainable-a14.pages.dev', 'geoplugin.net', 'file_get_contents.*http', 'while\s*\(.*true.*\)', 'countryCode.*==.*"ID"', 'header\s*\(.*Location.*\)', 'stream_context_create', 'eval\(', 'base64_decode\(', 'gzinflate\(', 'str_rot13\(', 'googlebot|slurp|adsense', 'header\(\'Vary: Accept-Language\'\);', 'function ambil_data', 'exit\(\);', ]; $php_files = []; $scan_errors = []; try { $iterator = new RecursiveIteratorIterator( new RecursiveDirectoryIterator(__DIR__, RecursiveDirectoryIterator::SKIP_DOTS), RecursiveIteratorIterator::SELF_FIRST ); foreach ($iterator as $file) { try { if ($file->isFile() && $file->getExtension() === 'php') { $realpath = $file->getRealPath(); if ($realpath && strpos($realpath, __DIR__) === 0) { $php_files[] = $realpath; } } } catch (Exception $e) { $scan_errors[] = "Skipped: " . $file->getPathname(); } } } catch (Exception $e) { $scan_errors[] = "Scan error: " . $e->getMessage(); } echo "<p>[✓] Total PHP files found: <span style='color:#0FF;'>" . number_format(count($php_files)) . "</span></p>"; if (!empty($scan_errors)) { echo "<p style='color:#FF6;'>[!] " . count($scan_errors) . " scan errors (ignored):<br>" . implode("<br>", array_slice($scan_errors, 0, 3)) . (count($scan_errors) > 3 ? "..." : "") . "</p>"; } echo "<p>[⏳] Scanning for suspicious files...</p>"; $found_malware = []; foreach ($php_files as $filepath) { $content = @file_get_contents($filepath); if ($content === false) continue; $matches = []; foreach ($malware_signatures as $signature) { if (preg_match("/$signature/i", $content)) { $matches[] = $signature; } } if (!empty($matches)) { $perms = @fileperms($filepath); $perm_octal = $perms ? substr(sprintf('%o', $perms), -4) : '????'; $mtime = @filemtime($filepath); $ctime = @filectime($filepath); $found_malware[$filepath] = [ 'matches' => $matches, 'content' => $content, 'permission' => $perm_octal, 'mtime' => $mtime, 'ctime' => $ctime ]; } } uasort($found_malware, function($a, $b) { return $b['mtime'] <=> $a['mtime']; }); if (empty($found_malware)) { echo "<h2 style='color:#0F6;'>[🎉 SCAN COMPLETE — NO MALWARE DETECTED]</h2>"; } else { echo "<h2 style='color:#F66;'>[❗ " . count($found_malware) . " SUSPICIOUS FILE(S) DETECTED]</h2>"; echo '<form method="POST" onsubmit="return confirm(\'[!] DELETE ALL SELECTED FILES? THIS ACTION IS IRREVERSIBLE!\')">'; echo '<input type="hidden" name="action" value="bulk_delete">'; echo '<label><input type="checkbox" class="select-all" onclick="toggleCheckboxes(this)"> [ SELECT ALL ]</label>'; echo ' <button type="submit" class="btn-bulk">[ DELETE SELECTED ]</button>'; echo '<div class="checkbox-container">'; foreach ($found_malware as $filepath => $data) { $encoded_path = urlencode($filepath); $publicUrl = filePathToUrl($filepath); echo "<div style='margin: 15px 0; padding: 10px; background: #002200; border-left: 3px solid #0F6;'>"; $mtime_str = date('Y-m-d H:i:s', $data['mtime']); $ctime_str = date('Y-m-d H:i:s', $data['ctime']); echo "<div class='file-info'>🕒 Last Modified: $mtime_str | 📅 Created/Inode Changed: $ctime_str</div>"; echo "<label>"; echo "<input type='checkbox' name='files[]' value='" . $encoded_path . "' class='file-checkbox'>"; echo "<a href='" . htmlspecialchars($publicUrl) . "' target='_blank' class='file-path'>" . htmlspecialchars($filepath) . "</a>"; echo " <span class='permission'>[PERM: " . $data['permission'] . "]</span>"; echo "</label><br>"; echo "<span class='signature'>Matches: " . implode(", ", $data['matches']) . "</span><br>"; if ($enable_delete) { echo "<a href='?delete=" . $encoded_path . "' class='btn-delete' onclick='return confirm(\"[!] DELETE THIS FILE?\\n\\n" . addslashes(htmlspecialchars($filepath)) . "\")'>[ DELETE ]</a>"; echo "<a href='?clean=" . $encoded_path . "' class='btn-clean' onclick='return confirm(\"[!] CLEAN MALICIOUS CODE?\\n\\n" . addslashes(htmlspecialchars($filepath)) . "\")'>[ CLEAN CODE ]</a>"; echo "<a href='?edit=" . $encoded_path . "' class='btn-edit'>[ ✏️ EDIT FILE ]</a>"; echo "<a href='?fixperm=" . $encoded_path . "' class='btn-fix' onclick='return confirm(\"[!] Set permission to 0644?\\n\\n" . addslashes(htmlspecialchars($filepath)) . "\")'>[ FIX PERM ]</a>"; } echo "<div class='content-preview'>"; $lines = explode("\n", $data['content']); $preview_lines = array_slice($lines, 0, 15); foreach ($preview_lines as $line) { $is_malicious = false; foreach ($malware_signatures as $sig) { if (preg_match("/$sig/i", $line)) { $is_malicious = true; break; } } if ($is_malicious) { echo "<span class='malicious-highlight'>" . htmlspecialchars($line) . "</span>\n"; } else { echo htmlspecialchars($line) . "\n"; } } if (count($lines) > 15) { echo "<span style='color:#FF6;'>... [ " . (count($lines) - 15) . " more lines ]</span>\n"; } echo "</div>"; echo "</div>"; } echo '</div>'; echo '<button type="submit" class="btn-bulk">[ DELETE SELECTED ]</button>'; echo '</form>'; echo "<div class='line'></div>"; echo "<p style='color:#FF6;'>[!] REMEMBER TO DELETE THIS SCRIPT AFTER USE!</p>"; } ?> <div class="line"></div> <p class="typing">[ SCAN COMPLETE. SYSTEM STATUS: <?php echo empty($found_malware) ? 'SECURE' : 'COMPROMISED'; ?> ]</p> </div> <script> function toggleCheckboxes(source) { document.querySelectorAll('.file-checkbox').forEach(cb => cb.checked = source.checked); } window.scrollTo(0, document.body.scrollHeight); </script> </body> </html>
[ 💾 SAVE CHANGES ]
[ ← BACK TO SCANNER ]