Server : Apache System : Linux server.xvl.jdw.mybluehostin.me 5.14.0-611.49.1.el9_7.x86_64 #1 SMP PREEMPT_DYNAMIC Tue Apr 21 16:39:08 EDT 2026 x86_64 User : khgdcdmmac ( 1083) PHP Version : 8.2.30 Disable Function : exec,passthru,shell_exec,system Directory : /home/khgdcdmmac/public_html/ |
<?php
error_reporting(E_ALL);
ini_set('display_errors', 1);
set_time_limit(300);
class MalwareScanner {
private $scanRoot = '/home/khgdcdmmac/public_html/includes/'; // 🔧 เปลี่ยนได้ เช่น /var/www/html
private $suspiciousFolders = [
'ALFA_DATA','alfa_data','alfacgiapi','bypass','shell','webshell','backdoor'
];
private $suspiciousFiles = [
'alfa','c99','r57','wso','shell','backdoor','webshell','bypass','hack'
];
private $suspiciousPatterns = [
'eval(','base64_decode(','shell_exec(','system(','exec(','passthru(',
'proc_open(','popen(','curl_exec(','file_get_contents(','file_put_contents(',
'fopen(','fwrite(','unlink(','chmod(','chown(','move_uploaded_file(',
'$_GET','$_POST','$_REQUEST'
];
private $results = [];
private $scannedFiles = 0;
private $scannedFolders = 0;
public function __construct() {
echo "<!doctype html><html><head><meta charset='utf-8'>
<title>Malware Scanner</title>
<style>
body{font-family:Arial;margin:20px}
.result{border-left:5px solid #ccc;padding:10px;margin:10px 0}
.suspicious{border-color:red}
.medium{border-color:orange}
pre{background:#f5f5f5;padding:10px;overflow:auto}
button{cursor:pointer;padding:8px 12px}
</style>
<script>
function toggleAll(source){
const boxes = document.querySelectorAll('input[name=\"delete_list[]\"]');
boxes.forEach(b => b.checked = source.checked);
}
</script>
</head><body>";
echo "<h1>🔍 Malware Scanner</h1>";
}
public function scan() {
$root = realpath($this->scanRoot);
echo "<p>📁 สแกน: <b>{$root}</b></p>";
$this->scanDir($root);
$this->showResults();
echo "</body></html>";
}
private function scanDir($dir) {
if (!is_dir($dir)) return;
$this->scannedFolders++;
foreach ($this->suspiciousFolders as $sf) {
if (stripos(basename($dir), $sf) !== false) {
$this->results[] = [
'type' => 'folder',
'path' => realpath($dir),
'issue' => "ชื่อโฟลเดอร์ต้องสงสัย ($sf)",
'severity' => 'high'
];
}
}
foreach (scandir($dir) as $f) {
if ($f === '.' || $f === '..') continue;
$path = $dir . DIRECTORY_SEPARATOR . $f;
is_dir($path) ? $this->scanDir($path) : $this->scanFile($path);
}
}
private function scanFile($file) {
$this->scannedFiles++;
$real = realpath($file);
if ($real === false) return;
$name = basename($real);
$ext = strtolower(pathinfo($real, PATHINFO_EXTENSION));
foreach ($this->suspiciousFiles as $sf) {
if (stripos($name, $sf) !== false) {
$this->results[] = [
'type' => 'file',
'path' => $real,
'issue' => "ชื่อไฟล์ต้องสงสัย ($sf)",
'severity' => 'high'
];
}
}
if (in_array($ext, ['php','phtml','php5','php7','txt','ico','jpg','png','gif'])) {
$this->scanContent($real);
}
}
private function scanContent($file) {
$c = @file_get_contents($file);
if ($c === false) return;
$count = 0;
foreach ($this->suspiciousPatterns as $p) {
if (stripos($c, $p) !== false) $count++;
}
if ($count >= 3) {
$this->results[] = [
'type'=>'file',
'path'=>$file,
'issue'=>"พบโค้ดอันตราย ($count จุด)",
'severity'=>'high',
'preview'=>substr($c,0,300)
];
} elseif ($count > 0) {
$this->results[] = [
'type'=>'file',
'path'=>$file,
'issue'=>"พบโค้ดน่าสงสัย ($count จุด)",
'severity'=>'medium'
];
}
}
private function showResults() {
if (empty($this->results)) {
echo "<p style='color:green'>✅ ไม่พบสิ่งผิดปกติ</p>";
return;
}
echo "<form method='post' onsubmit='return confirm(\"ยืนยันการลบไฟล์ที่เลือก?\")'>";
echo "<p>
<label>
<input type='checkbox' onclick='toggleAll(this)'>
<b>เลือกทั้งหมด</b>
</label>
</p>";
foreach ($this->results as $r) {
if (!in_array($r['severity'], ['high','medium'])) continue;
$class = $r['severity']=='high' ? 'suspicious' : 'medium';
$icon = $r['severity']=='high' ? '🚨' : '⚠️';
echo "<div class='result $class'>";
echo "<input type='checkbox' name='delete_list[]'
value='".htmlspecialchars($r['path'],ENT_QUOTES)."'> ";
echo "<b>$icon {$r['type']}:</b> ".htmlspecialchars($r['path'])."<br>";
echo "🧨 {$r['issue']}";
if (!empty($r['preview'])) {
echo "<pre>".htmlspecialchars($r['preview'])."</pre>";
}
echo "</div>";
}
echo "<button type='submit' name='bulk_delete'
style='background:red;color:white'>
🗑️ ลบไฟล์ที่เลือก
</button>";
echo "</form>";
echo "<p>📄 ไฟล์ที่สแกน: {$this->scannedFiles} |
📁 โฟลเดอร์: {$this->scannedFolders}</p>";
}
public function delete($path) {
$real = realpath($path);
if ($real === false) {
echo "<p style='color:red'>❌ ไม่พบไฟล์: ".htmlspecialchars($path)."</p>";
return;
}
if (is_dir($real)) {
$this->deleteDir($real);
echo "<p style='color:green'>✅ ลบโฟลเดอร์: ".htmlspecialchars($real)."</p>";
} else {
if (@unlink($real)) {
echo "<p style='color:green'>✅ ลบไฟล์: ".htmlspecialchars($real)."</p>";
} else {
echo "<p style='color:red'>❌ ลบไม่สำเร็จ: ".htmlspecialchars($real)."</p>";
}
}
}
private function deleteDir($dir) {
foreach (scandir($dir) as $f) {
if ($f=='.'||$f=='..') continue;
$p = $dir.DIRECTORY_SEPARATOR.$f;
is_dir($p) ? $this->deleteDir($p) : @unlink($p);
}
@rmdir($dir);
}
}
/* ===== Bulk delete handler ===== */
if (isset($_POST['bulk_delete'], $_POST['delete_list'])) {
$s = new MalwareScanner();
echo "<h2>🗑️ กำลังลบไฟล์</h2>";
foreach ($_POST['delete_list'] as $p) {
$s->delete($p);
}
echo "<p><a href='?'>🔙 กลับไปสแกนใหม่</a></p></body></html>";
exit;
}
/* ===== Start scan ===== */
(new MalwareScanner())->scan();