fixed securetemps

sc.php

@@ -49,8 +49,7 @@ $error = "Fatal error: Allowed memory size of 134217728 bytes exhausted (tried t
     <li><a href="?run=fixperms" style="color: #ff0000;">Fix File and Folder Permissions</a></li>
     <li><a href="?run=pwds" style="color: #ff0000;">Check password security</a></li>
     <li><a href="?run=optim" style="color: #ff0000;">MySQL DB Optimization</a></li>
-    <li><a href="?run=removezero" style="color: #ff0000;">Remove Empty Files</a></li>
+    <li><a href="?run=cleanupl" style="color: #ff0000;">Cleanup (error logs, .suspected, zero byte files)</a></li>
-    <li><a href="?run=removezero" style="color: #ff0000;">Remove Error Logs</a></li>
 </ul>
         </td>
 
@@ -59,12 +58,9 @@ $error = "Fatal error: Allowed memory size of 134217728 bytes exhausted (tried t
     <ul>
     <li><a href="?run=cleanPL" style="color: #ff0000;">Clean.PL</b></a></li>
     <li><a href="?run=cleanPHP" style="color: #ff0000;">Clean.PHP</a></li>
-    <li><a href="?run=cleanerrorlogs" style="color: #ff0000;">Clear Error Logs</a></li>
     <li><a href="?run=cleanexif" style="color: #ff0000;">Clean EXIF</a></li>
     <li><a href="?run=cleangravity" style="color: #ff0000;">Clean Gravity Forms Exploit</a></li>
 
-    <li><a href="?run=cleanupl" style="color: #ff0000;">Remove PHP files from uploads dir (WP)</a></li>
-
 </ul>
 </td>
 
@@ -151,9 +147,10 @@ system ("w | grep load");
 <?php
 
     function cleanupl(){
-        system("find ../*/wp-content/uploads/ -type f -name '*.php' -print -exec rm -rf {} \;"); /* clear PHP files from wp-content/uploads */
+        system('find '.$GLOBALS["webroot"].'/*/wp-content/uploads/ -type f -name "*.php" -print -exec rm -rfv {} \;'); /* clear PHP files from wp-content/uploads */
-        system('find ../ -type f -name "*.php.suspected" -print -exec rm -rf {} \;'); /* clear files renamed as *.suspected by the server AV */
+        system('find '.$GLOBALS["webroot"].' -type f -name "*.php.suspected" -print -exec rm -rfv {} \;'); /* clear files renamed as *.suspected by the server AV */
-        system('find '.$GLOBALS["webroot"].' -type f -size 0 -print -exec rm -rf {} \;'); /* clear files with 0 bytes size */
+        system('find '.$GLOBALS["webroot"].' -type f -name "*.php" -size 0 -print -exec rm -rfv {} \;'); /* clear files with 0 bytes size */
+        system('find '.$GLOBALS["webroot"].' -type f -name "error_log" -print -exec rm -rfv {} \;'); // clear the error logs
         
     }
     
@@ -197,6 +194,25 @@ Deny from all
                     fclose($hta);
 
                 }
+// patch for document root                
+if (file_exists("../wp-content"))
+{
+    if (file_exists("../wp-content/uploads"))
+    {
+		if ((is_dir("../wp-content/uploads/")) AND ($dir !== ".") AND ($dir !== "..")) 
+		{
+			if (file_exists("../wp-content/uploads/.htaccess")) 
+			{
+		   				  echo "";
+            }
+            else {
+                $hta = fopen("../wp-content/uploads/.htaccess", "w");
+                fwrite($hta, $htdata);
+                fclose($hta);
+            }
+        }
+    }
+}   
 
 //        system("for i in `find ../ -type d -path '*/tmp'`; do echo $i && echo -e '".$htdata."' >> \$i/.htaccess; done");
 /* Joomla /images may cause a ton of false positive patches so we'll research this further */
@@ -225,8 +241,9 @@ require_once("./scan.php");
 }
 
 /* Execute The PHP Cleaner */
-function cleanPHP(){
+    function cleanPHP(){
 require_once("./clean.php");
+
 }
 
 /* Execute the Perl Cleaners */

scan.php

@@ -429,7 +429,7 @@ error_reporting(E_ALL);
     "visitorTracker_isMob",
     "this->privmsg(",
     "Starting call",
-    "Hacker",
+    "Hacked",
     "boff",
     "r57Shell Edited By Margu",
     "IRC_socket",