Malin/LP-MSH-Scanner
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

updated .htaccess securing

Browse Source
This commit is contained in:
Palma Solutions LTD
2017-05-11 21:47:43 +02:00
parent a735fb233b
commit dceee7a49b
1 changed files with 28 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
sc.php
View File

@@ -165,6 +165,9 @@ function vulntheme(){
} }
function clear_cache(){
system("if [ $(find-name "cache" -maxdepth 0 -type d -empty 2>/dev/null) ]; then rm -rfv $i/*; echo "no cache dirs, or empty ones found"; fi");
}
/* cleaning the backdoor files of the Gravity Forms Exploit */ /* cleaning the backdoor files of the Gravity Forms Exploit */
function cleangravity(){ function cleangravity(){
system('find '.$this->web_dir.'./ -type f -name "*_input__test*" -print -exec rm -rf {} \;'); system('find '.$this->web_dir.'./ -type f -name "*_input__test*" -print -exec rm -rf {} \;');
@@ -179,18 +182,40 @@ echo "<pre>$output</pre>";
} }
/* secure the temporary directories against execution of malicious files */ /* secure the temporary directories against execution of malicious files */
// need to change this to PHP: https://gist.github.com/PalmaSolutions/3b5d2b69ac020c87ce53942785e39127
function securetemps(){ function securetemps(){
$htdata = ' $htdata = '
<FilesMatch "\.(php([0-9]|s)?|s?p?html|cgi|pl|exe)$"> <FilesMatch "\.(php([0-9]|s)?|s?p?html|cgi|pl|exe)$">
Order Deny,Allow Order Deny,Allow
Deny from all Deny from all
</FilesMatch> </FilesMatch>
'; ';
system("for i in `find ../ -type d -path '*/wp-content/uploads';`; do echo $i && echo -e '".$htdata."' >> \$i/.htaccess; done"); if (file_exists("wp-content"))
system("for i in `find ../ -type d -path '*/tmp'`; do echo $i && echo -e '".$htdata."' >> \$i/.htaccess; done");
{
if (file_exists("wp-content/uploads"))
{
if (is_dir("wp-content/uploads"))
{
if (file_exists("wp-content/uploads/.htaccess"))
{
echo "file exists - skipping\n"
else
$hta = fopen("wp-content/uploads/.htaccess", "w");
fwrite($hta, $htdata);
fclose($hta);
}
}
}
}
// system("for i in `find ../ -type d -path '*/wp-content/uploads';`; do echo $i && echo -e '".$htdata."' >> \$i/.htaccess; done");
// system("for i in `find ../ -type d -path '*/tmp'`; do echo $i && echo -e '".$htdata."' >> \$i/.htaccess; done");
/* Joomla /images may cause a ton of false positive patches so we'll research this further */ /* Joomla /images may cause a ton of false positive patches so we'll research this further */
// system("for i in `find ./ -type d -path '*/images' -print;`; do echo -e '".$htdata."' >> \$i/.htaccess; done"); // system("for i in `find ./ -type d -path '*/images' -print;`; do echo -e '".$htdata."' >> \$i/.htaccess; done");
echo "all patched\n"; //echo "all patched\n";
} }
/* Vulnerability check /* Vulnerability check