fixed securetemps

2017-05-15 11:54:53 +02:00 · 2017-05-15 11:54:53 +02:00 · 87599975d6
commit 87599975d6
parent 41bd8c86dc
2 changed files with 27 additions and 10 deletions
--- a/sc.php
+++ b/sc.php
@ -49,8 +49,7 @@ $error = "Fatal error: Allowed memory size of 134217728 bytes exhausted (tried t
    <li><a href="?run=fixperms" style="color: #ff0000;">Fix File and Folder Permissions</a></li>
    <li><a href="?run=pwds" style="color: #ff0000;">Check password security</a></li>
    <li><a href="?run=optim" style="color: #ff0000;">MySQL DB Optimization</a></li>
-    <li><a href="?run=removezero" style="color: #ff0000;">Remove Empty Files</a></li>
-    <li><a href="?run=removezero" style="color: #ff0000;">Remove Error Logs</a></li>
+    <li><a href="?run=cleanupl" style="color: #ff0000;">Cleanup (error logs, .suspected, zero byte files)</a></li>
 </ul>
        </td>

@ -59,12 +58,9 @@ $error = "Fatal error: Allowed memory size of 134217728 bytes exhausted (tried t
    <ul>
    <li><a href="?run=cleanPL" style="color: #ff0000;">Clean.PL</b></a></li>
    <li><a href="?run=cleanPHP" style="color: #ff0000;">Clean.PHP</a></li>
-    <li><a href="?run=cleanerrorlogs" style="color: #ff0000;">Clear Error Logs</a></li>
    <li><a href="?run=cleanexif" style="color: #ff0000;">Clean EXIF</a></li>
    <li><a href="?run=cleangravity" style="color: #ff0000;">Clean Gravity Forms Exploit</a></li>

-    <li><a href="?run=cleanupl" style="color: #ff0000;">Remove PHP files from uploads dir (WP)</a></li>
-
 </ul>
 </td>

@ -151,9 +147,10 @@ system ("w | grep load");
 <?php

    function cleanupl(){
-        system("find ../*/wp-content/uploads/ -type f -name '*.php' -print -exec rm -rf {} \;"); /* clear PHP files from wp-content/uploads */
-        system('find ../ -type f -name "*.php.suspected" -print -exec rm -rf {} \;'); /* clear files renamed as *.suspected by the server AV */
-        system('find '.$GLOBALS["webroot"].' -type f -size 0 -print -exec rm -rf {} \;'); /* clear files with 0 bytes size */
+        system('find '.$GLOBALS["webroot"].'/*/wp-content/uploads/ -type f -name "*.php" -print -exec rm -rfv {} \;'); /* clear PHP files from wp-content/uploads */
+        system('find '.$GLOBALS["webroot"].' -type f -name "*.php.suspected" -print -exec rm -rfv {} \;'); /* clear files renamed as *.suspected by the server AV */
+        system('find '.$GLOBALS["webroot"].' -type f -name "*.php" -size 0 -print -exec rm -rfv {} \;'); /* clear files with 0 bytes size */
+        system('find '.$GLOBALS["webroot"].' -type f -name "error_log" -print -exec rm -rfv {} \;'); // clear the error logs
        
    }
    
@ -197,6 +194,25 @@ Deny from all
                    fclose($hta);

                }
+// patch for document root                
+if (file_exists("../wp-content"))
+{
+    if (file_exists("../wp-content/uploads"))
+    {
+		if ((is_dir("../wp-content/uploads/")) AND ($dir !== ".") AND ($dir !== "..")) 
+		{
+			if (file_exists("../wp-content/uploads/.htaccess")) 
+			{
+		   				  echo "";
+            }
+            else {
+                $hta = fopen("../wp-content/uploads/.htaccess", "w");
+                fwrite($hta, $htdata);
+                fclose($hta);
+            }
+        }
+    }
+}   

 //        system("for i in `find ../ -type d -path '*/tmp'`; do echo $i && echo -e '".$htdata."' >> \$i/.htaccess; done");
 /* Joomla /images may cause a ton of false positive patches so we'll research this further */
@ -227,6 +243,7 @@ require_once("./scan.php");
 /* Execute The PHP Cleaner */
    function cleanPHP(){
 require_once("./clean.php");
+
 }

 /* Execute the Perl Cleaners */
--- a/scan.php
+++ b/scan.php
@ -429,7 +429,7 @@ error_reporting(E_ALL);
    "visitorTracker_isMob",
    "this->privmsg(",
    "Starting call",
-    "Hacker",
+    "Hacked",
    "boff",
    "r57Shell Edited By Margu",
    "IRC_socket",