|
楼主 |
发表于 2011-9-27 11:17:23
|
显示全部楼层
附清除工具
使用方法:
复制代码保存为PHP文件。上传到网站根目录,URL打开即可。
- <?php
- set_time_limit(0);
- ob_start();
- $root = "./";
- $find ="^<\?php\s*\\\$md5\s*=\s*["|']\w+["|'];\s*\\\$wp_salt\s*=\s*[\w\(\),"\'\;\$]+\s*\\\$wp_add_filter\s*=\s*create_function\(.*\);\s*\\\$wp_add_filter\(.*\);\s*\?>\s*";
- $except = array("rar", "zip", "htaccess", "css", "js");
- $only = array("php");
- $infectedFiles = null;
- $showOnlyInfectedFiles = true;
- $cleanInfected = true;
- $infectedFiles = startScan($root);
- echo "<h1>Found Files</h1>";
- echo "<ol>";
- if(is_array($infectedFiles))
- foreach($infectedFiles AS $iFile){
- echo "<li>{$iFile}</li>";
- }
- echo "</ol>";
- /* functions */
- function getAllFiles($dir){
- global $except, $only;
- $filenames = null;
- if ($handle = opendir($dir)){
- while (false !== ($file = readdir($handle)))
- if ($file != "." && $file != ".." && !is_dir($dir.$file)){
- $path_parts = pathinfo($file);
- if(isset($path_parts['extension']) && array_search($path_parts['extension'], $except) === false)
- if(array_search($path_parts['basename'], $only) !== false || array_search($path_parts['extension'], $only) !== false || sizeof($only) < 1)
- $filenames[] = $file;
- }
- closedir($handle);
- }
- return $filenames;
- }
- function getAllDirectories($dir){
- $directories = null;
- if ($handle = opendir($dir)) {
- while (false !== ($file = readdir($handle)))
- if ($file != "." && $file != ".." && is_dir($dir.$file))
- $directories[] = $dir.$file;
- closedir($handle);
- }
- return $directories;
- }
- function startScan($root){
- global $find, $infectedFiles, $showOnlyInfectedFiles, $cleanInfected;
- $time_start = microtime_float();
- echo "<ol>";
- echo "<li>".$root;
- $directories = getAllDirectories($root);
- if(is_array($directories)){
-
- // get all files
- if(($tmp = getAllFiles($root)) !== null){
- echo "<ul>";
- $files = $tmp;
- foreach($files AS $file){
- $numMatches = checkMalware($root.$file, $find);
- if(!empty($numMatches)){
- if($cleanInfected)
- cleanInfected($root.$file, $find);
-
- echo "<li style='background-color:c00'><p style='padding:0 0 0 5px; margin:0; color:#fff'>".$infectedFiles[] = $root.$file;
- echo " - ".(microtime_float() - $time_start)."</p></li>";
- }elseif(!$showOnlyInfectedFiles){
- $infectedFiles[] = $root.$file;
- echo "<li>".$root.$file."</li>";
- }
- }
- echo "</ul>";
- }
-
- echo "<ol>";
- foreach($directories AS $dir){
- echo "<li>".$dir;
- ob_implicit_flush();
- ob_flush();
- sleep(1);
-
- // get all files
- if(($tmp = getAllFiles($dir)) !== null){
- echo "<ul>";
- $files = $tmp;
- foreach($files AS $file){
- if($dir[strlen($dir)-1] === "/") $dir = substr($dir, 0, -1);
- $numMatches = checkMalware($dir."/".$file, $find);
- if(!empty($numMatches)){
- if($cleanInfected)
- cleanInfected($dir."/".$file, $find);
-
- echo "<li style='background-color:c00'><p style='padding:0 0 0 5px; margin:0; color:#fff'>".$infectedFiles[] = $dir."/".$file;
- echo " - ".(microtime_float() - $time_start)."</p></li>";
- }elseif(!$showOnlyInfectedFiles){
- $infectedFiles[] = $dir."/".$file;
- echo "<li>".$infectedFiles[] = $dir."/".$file;
- echo "</li>";
- }
- }
- echo "</ul>";
- }
-
- // gel all directories
- if($root[strlen($root)-1] === "/") $tmp_root = substr($root, 0, -1);
- if(($tmp = getAllDirectories($dir."/")) !== null && $dir !== $tmp_root){
- foreach($tmp AS $d){
- $a = startScan($d."/");
- if(is_array($a))
- array_merge($infectedFiles, $a);
- }
-
- }
- echo "</li>";
- }
- echo "</ol>";
- }else{
- // get all files
- if(($tmp = getAllFiles($root)) !== null){
- echo "<ul>";
- $files = $tmp;
- foreach($files AS $file){
- $numMatches = checkMalware($root.$file, $find);
- if(!empty($numMatches)){
- if($cleanInfected)
- cleanInfected($root.$file, $find);
-
- echo "<li style='background-color:c00'><p style='padding:0 0 0 5px; margin:0; color:#fff'>".$infectedFiles[] = $root.$file;
- echo " - ".(microtime_float() - $time_start)."</p></li>";
- }elseif(!$showOnlyInfectedFiles){
- $infectedFiles[] = $root.$file;
- echo "<li>".$root.$file."</li>";
- }
- }
- echo "</ul>";
- }
- }
- echo "</li>";
- echo "</ol>";
-
- return $infectedFiles;
- }
- function checkMalware($filename, $find){
- $numMatches = null;
- $handle = fopen($filename, "r");
- if(filesize($filename) > 0){
- $contents = fread($handle, filesize($filename));
- $numMatches = preg_match('/'.$find.'/i', $contents, $matches);
- }
- fclose($handle);
- return $numMatches;
- }
- function cleanInfected($filename, $find){
- $handle = fopen($filename, "r");
- if(filesize($filename) > 0){
- $contents = fread($handle, filesize($filename));
- fclose($handle);
-
- $handle = fopen($filename, "w");
- $contents = preg_replace('/'.$find.'/i', '', $contents);
- fwrite($handle, $contents);
- }
- fclose($handle);
- }
- function microtime_float(){
- list($usec, $sec) = explode(" ", microtime());
- return ((float)$usec + (float)$sec);
- }
- ob_end_flush();
复制代码 |
|