No nonsense, directly affixed to the code.
The code is as follows:
<?php header (' CONTENT-TYPE:TEXT/HTML;CHARSET=GBK '); Set_time_limit (0)//Prevent timeout/** * * PHP directory Scan Monitor Enhanced version * * @version 1.0 * The following variables need to be manually set before use * **//*===================== process Order configuration =====================*/$pass = "Test";//Set Password $jkdir = "."; Set the directory for the monitoring scan, the current directory is '. ', the previous directory is '.. ', you can also set an absolute path, no trailing slashes, and the current directory $logfilename = "./m.log";//Set the path to store log, which can be placed anywhere $exclude =array (' data ', ' images ');/exclude Directory $danger = ' eval|cmd|passthru|gzuncompress ';//Set the dangerous function to find to determine whether the Trojan file $suffix = ' Php|inc '
//Set to scan the file suffix/*===================== configuration end =====================*/$filename =$_get[' filename '];
$check =$_get[' Check '];
$jumpoff =false;
$url = $_server[' php_self '];
$thisfile = End (Explode ('/', $url)); $jump = "{$thisfile}|".
Implode (' | ', $exclude);
$jkdir _num= $file _num= $danger _num=0;
Define (' M_path ', $jkdir);
Define (' M_log ', $logfilename);
if ($check = = ' Check ') {$safearr = explode ("|", $jump);
$start _time=microtime (TRUE);
Safe_check ($jkdir);
$end _time=microtime (TRUE);
$total = $end _time-$start _time; $file _num= $file _num-$jkdir _num;
$message = "Number of files:". $file _num;
$message. = "Number of folders:". $jkdir _num;
$message. = "Number of suspicious documents:". $danger _num;
$message. = "Execution time:". $total;
Echo $message; }else{if ($_get[' m ']== "del") Delete ()//Processing file deletion//Read file contents if (Isset ($_get[' ReadFile '))) {//Output view password, correct password checksum output file content if (emp Ty ($_post[' passchack ')) {echo "<form id=\" form1\ "name=\" form1\ "method=\" post\ ">". "<label>pass". "<input type=\" text\ "name=\" Passchack\ "/>". "</label>". "<input type=\" submit\ "name=\" submit\ "value=\" submitted \ "/>".
"</form>". "";
Exit }elseif (Isset ($_post[' passchack ']) &&$_post[' passchack ']== $pass) {$code =file_get_contents ($_get['
ReadFile ']); echo "<textarea name=\" code\ "cols=\" 150\ "rows=\" 30\ "id=\" code\ "style=" width:100%;height:450px;background:# CCCCCC; '
>{$code}</textarea> ";
Exit
}else{exit;
}}else{record_md5 (M_path);
if (file_exists (M_log)) {$log = Unserialize (file_get_contents (M_log)); }else{$log = Array ();
} if ($_get[' Savethis ']==1) {//Save current file MD5 to log file @unlink (M_log);
File_put_contents (M_log,serialize ($file _list)); echo "<a href= ' scandir.php ' > Save success!"
Click to return to </a> ";
Exit if (empty ($log)) {echo does not currently have a log file created!) Click [Save current] to create log file!
"; }else{if ($file _list== $log) {echo] No changes have been made to this folder!
"; }else{if (count ($file _list) > 0) {foreach ($file _list as $file => $md 5) {if (!isset ($log [$file])) {echo "New file: <a href={$file} target= ' _blank ' >". $file. " </a> "." Creation Time: ". Date (" Y-m-d h:i:s ", Filectime ($file))." Modified: ". Date (" Y-m-d h:i:s ", Filemtime ($file))." <a href =?readfile={$file} target= ' _blank ' > Source </a><a href= '? m=del&filename={$file} ' target= ' _blank ' > Delete
</u></a><br/> "; }else{if ($log [$file]!= $MD 5) {echo modifies the file: <a href={$file} target= ' _blank ' > '. $file. " </a> "." Creation Time: ". Date (" Y-m-d h:i:s ", Filectime ($file))." Modified: ". Date (" Y-m-d h:i:s ", Filemtime ($file))." <a href =?readfile={$file} target= '_blank ' > Source </a><br/> ';
Unset ($log [$file]);
}else{unset ($log [$file]); Delete file: <a href={$file} if (count ($log) >0) {foreach ($log as $file => $md 5) {echo] Blank ' > '. $file. "
</a><br/> ";
Compute MD5 function RECORD_MD5 ($jkdir) {global $file _list, $exclude;
if (Is_dir ($jkdir)) {$file =scandir ($jkdir); foreach ($file as $f) {if ($f!= '. ' && $f!= ' ... ' &&!in_array ($f, $exclude)) {$p Ath = $jkdir. '
/'. $f;
if (Is_dir ($path)) {record_md5 ($path);
}else{$file _list[$path]=md5_file ($path); The {global $danger, $suffix, $jkdir _num, $file _nu safe_check ($jkdir)/
M, $danger _num;
) or Die (' folder does not exist '); while ($file = $hand->read ()) {$filename = $jkdir. '
/'. $file; if (! $jumpoff) {if (JumP ($filename)) continue; if (@is_dir ($filename) && $file!= '. ' && $file!= ' ... '
&& $file!= './... ')
{$jkdir _num++;
Safe_check ($filename); } if (Preg_match_all ("/\.") (
$suffix)/I ", $filename, $out)) {$str = ';
$fp = @fopen ($filename, ' r ') or Die (' no permissions ');
while (!feof ($fp)) {$str. = fgets ($fp, 1024);
} fclose ($FP); if (Preg_match_all ("/($danger) [\r\n\t]{0,} ([\[\ (])/I, $STR, $out)) {echo" <font color= ' green ' style= ' font-size: 14px ' > suspicious file: {$filename}</font> "." Creation Time: ". Date (" Y-m-d h:i:s ", Filectime ($filename))." Modified: ". Date (" Y-m-d h:i : S ", Filemtime ($filename))." <a href= '? readfile={$filename} ' target= ' _blank ' ><u> View Code </u></a
> <a href= '? m=del&filename= $filename ' target= ' _blank ' > Delete </u></a><br> ';
$danger _num++;
}} $file _num++;
} function Edit ()//view suspect file {global $filename;
$filename = Str_replace ("..", "", $filename);
$file = $filename; $content = "";
if (Is_file ($file)) {$fp = fopen ($file, "R") or Die (' no permissions ');
$content = Fread ($fp, FileSize ($file));
Fclose ($FP);
$content = Htmlspecialchars ($content); echo "<textarea name= ' str ' style= ' width:100%;height:450px;background: #cccccc; '
> $content </textarea>\r\n ";
Exit ();
The function Delete ()//deletes the file {global $filename, $pass; if (Empty ($_post[' passchack ')) {echo "<form id=\" form1\ "name=\" form1\ "method=\" post\ ">". "<label>pass". "<input type=\" text\ "name=\" Passchack\ "/>". "</label>". "<input type=\" submit\ "name=\" submit\ "value=\" submitted \ "/>".
"</form>". "";
Exit }elseif (Isset ($_post[' passchack ']) &&$_post[' passchack ']== $pass) {(Is_file ($filename))? ( $mes =unlink ($filename)? '
Delete successful ': ' Delete failed view permission '): ';
Echo $mes;
Exit (); }else{echo ' password is wrong!
';
Exit
} function Jump ($file)//Skip File {global $jump, $safearr; if ($jump!= ') {foreach ($safearr as $v) {if ($v = = ") ContiNue
if (eregi ($v, $file)) return true;
return false; ?> <a href= "scandir.php" >[view file changes]</a>|<a href= "Scandir.php?savethis=1" >[Save the current file fingerprint]</a> |<a href= "Scandir.php?check=check" >[scan for suspicious files]</a>
The above code is the PHP Web Trojan scanner code sharing, this article is accompanied by comments, there are not clear welcome to my message, I believe that the implementation of more than one of the methods, you are welcome to share a lot of different ways to achieve.
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
