WP Cleaner

habis jalan2 nemu script cleaner aku copas scriptnya PHP Code: <?php /**  * Cleaner PHP (Wordpress Hack Fix)  * Author: Nino Paolo Amarillento  * Version: 2.10  * URL: http://www.php-beginners.com/solve-wordpress-malware-script-attack-fix.html  *   * If you have problem of your site just let me know and I'll be happy to help you!.  */   ini_set('memory_limit','128M'); // If you have memory_limit problem just adjust to a higher value, like 256M set_time_limit(0); ob_start(); // header("Content-type:text/plain"); $root = "./"; $aPattern = array( "^<\?php\s*\\\$md5\s*=\s*.*create_function\s*\(.*?\);\s*\\\$.*?\)\s*;\s*\?>\s*", " echo \"<script type=\\\\\"text\/javascript\\\\\" src=\\\\\"http:\/\/.*\.js\\\\\"><\/script>\"; echo \"\";", "<\?php\s*\@error_reporting\(0\);\s*if\s*\(\!isset\(([\$\w]+)\)\)\s*{[\$]+[^}]+}\s*\?>", "<\?php\s*\/\*\w+_on\*\/.*\/\*\w+_off\*\/\s*\?>", "<\?php\s*\/\*god_mode_on\*\/eval\(base64_decode\([\"'][^\"']{255,}[\"']\)\);\s*\/\*god_mode_off\*\/\s*\?>", "<\?php\s*\?>", "<IfModule\s*mod_rewrite\.c>\s*RewriteEngine\s*On\s*RewriteCond\s*%\{HTTP_REFERER\}\s*\^\.\*\([^\)]{255,} [google|yahoo|bing|ask|wikipedia|youtube][^\)]{255,}[^<]*<\/IfModule>", "ErrorDocument\s*(?:400|401|403|404|500)+\s*http:\/\/.*\.\w+", "^<script>(.*)<\/script>", "^<\?php\s*\\\$md5\s*=\s*[\"|']\w+[\"|'];\s*\\\$wp_salt\s*=\s*[\w\(\),\"\'\;\$]+\s*\\\$wp_add_filter\s*=\s*create_function\ (.*\);\s*\\\$wp_add_filter\(.*\);\s*\?>\s*", "\s*eval\(base64_decode\([\"'][^\"']{255,}[\"']\)\);", "if\(!function_exists\([^{]+\s*{\s*function[^}]+\s*}\s*[^\"']+\s*[\"'][^\"']+[\"'];\s*eval\s*\(.*\)\s*;\s*}\s*", ); $find = '('.implode('|', $aPattern).')'; $except = array("rar", "zip", "mp3", "mp4", "mp3", "mov", "flv", "wmv", "swf", "png", "gif", "jpg", "bmp", "avi"); $only = array("php", "shtml", "html", "htm", "js", "css", "htaccess", "txt"); $infectedFiles = null; $showOnlyInfectedFiles = true; $cleanInfected = true; echo "<h1>Scanning Files...</h1>"; echo "After scanning the files <a href='#infected-files' title='Found Infected Files'>click here to view found Infected files.</a>"; echo "<ol>"; $infectedFiles = startScan($root); echo "</ol>"; echo "<br /><br /><h1 id='infected-files'>". count($infectedFiles) ." Found Infected Files</h1>"; echo "<ol>"; if(is_array($infectedFiles)) foreach($infectedFiles AS $iFile){     echo "<li>{$iFile}</li>"; } echo "</ol>"; /* functions */ function getAllFiles($dir){ global $except, $only;     $filenames = null;     if ($handle = opendir($dir)){         while (false !== ($file = readdir($handle)))              if ($file != "." && $file != ".." && !is_dir($dir.$file) && ($dir != "." && $file != basename(__FILE__))){                 $path_parts = pathinfo($file);                 if(isset($path_parts['extension']) && array_search(strtolower($path_parts['extension']), $except) === false) if(array_search(strtolower($path_parts['basename']), $only) !== false  || array_search(strtolower($path_parts['extension']), $only) !== false || sizeof($only) < 1)                         $filenames[] = $file;             }         closedir($handle);     }     return $filenames; } function getAllDirectories($dir){     $directories = null;     if ($handle = opendir($dir)) {         while (false !== ($file = readdir($handle)))             if ($file != "." && $file != ".." && is_dir($dir.$file))                 $directories[] = $dir.$file;         closedir($handle);     }     return $directories; } function startScan($root){ global $find, $infectedFiles, $showOnlyInfectedFiles, $cleanInfected;     $time_start = microtime_float();     $root = str_replace("//", "/", $root);     echo "<li>".$root;     $directories = getAllDirectories($root);          ob_implicit_flush();     ob_flush();     sleep(1);          if(is_array($directories)){              // get all files         if(($tmp = getAllFiles($root)) !== null){             echo "<ul>";             $files = $tmp;             foreach($files AS $file){                 $numMatches = checkMalware($root.$file, $find);                 if(!empty($numMatches)){                     if($cleanInfected)                         cleanInfected($root.$file, $find);                                              echo "<li style='background-color:c00'><p style='padding:0 0 0 5px; margin:0; color:#fff'>".$infectedFiles[] =  $root.$file;                     echo " - ".(microtime_float() - $time_start)."</p></li>";                 }elseif(!$showOnlyInfectedFiles){                     $infectedFiles[] = $root.$file;                     echo "<li>".$file."</li>"; // $root.$file                 }             }             echo "</ul>";         }                           echo "<ol>";         foreach($directories AS $dir){             echo "<li>".$dir;              ob_implicit_flush();              ob_flush();              sleep(1);                           // get all files             if(($tmp = getAllFiles($dir)) !== null){                 echo "<ul>";                 $files = $tmp;                 foreach($files AS $file){                     if($dir[strlen($dir)-1] === "/") $dir = substr($dir, 0, -1);                      $numMatches = checkMalware($dir."/".$file, $find);                     if(!empty($numMatches)){                         if($cleanInfected)                             cleanInfected($dir."/".$file, $find);                              echo "<li style='background-color:c00'><p style='padding:0 0 0 5px; margin:0; color:#fff'>".$infectedFiles[] = $dir."/".$file;                         echo " - ".(microtime_float() - $time_start)."</p></li>";                     }elseif(!$showOnlyInfectedFiles){                         $infectedFiles[] = $dir."/".$file;                         echo "<li>".$file."</li>";                     }                 }                 echo "</ul>";             }                          // gel all directories             if($root[strlen($root)-1] === "/") $tmp_root = substr($root, 0, -1);              if(($tmp = getAllDirectories($dir."/")) !== null && $dir !== $tmp_root){                 foreach($tmp AS $d){                     $a = startScan($d."/");                     if(is_array($a))                         array_merge($infectedFiles, $a);                 }                              }             echo "</li>";         }         echo "</ol>";     }else{         // get all files         if(($tmp = getAllFiles($root)) !== null){             echo "<ul>";             $files = $tmp;             foreach($files AS $file){                 $numMatches = checkMalware($root.$file, $find);                 if(!empty($numMatches)){                     if($cleanInfected)                         cleanInfected($root.$file, $find);                          echo "<li style='background-color:c00'><p style='padding:0 0 0 5px; margin:0; color:#fff'>".$infectedFiles[] = $root.$file;                     echo " - ".(microtime_float() - $time_start)."</p></li>";                 }elseif(!$showOnlyInfectedFiles){                     $infectedFiles[] = $root.$file;                     echo "<li>".$file."</li>"; // $root.$file                 }             }             echo "</ul>";         }     }     echo "</li>";       return $infectedFiles; } function checkMalware($filename, $find){     $numMatches = null;     $handle = fopen($filename, "r");     if(filesize($filename) > 0){         $contents = fread($handle, filesize($filename));         $numMatches = preg_match_all('/'.$find.'/is', $contents, $matches);     }     fclose($handle);     return $numMatches; } function cleanInfected($filename, $find){     $handle = fopen($filename, "r");     if(filesize($filename) > 0){         $contents = fread($handle, filesize($filename));         fclose($handle);                  $handle = fopen($filename, "w");         $contents = preg_replace('/'.$find.'/is', "", $contents);                  fwrite($handle, $contents);     }     fclose($handle); } function microtime_float(){     list($usec, $sec) = explode(" ", microtime());     return ((float)$usec + (float)$sec); } ob_end_flush(); ob_end_flush(); simpan/upload di public_html kalau mau scan semua folder. kalau mau scan folder + subfolder tertentu doang, uploadnya ke folder yg mau di scan jalankan scriptnya untuk scan wp dari script yg berbahaya dan cleaning kalau ditemukan. setelah selesai scan n clean, hapus lagi file cleaner tersebut. untuk selain wp jg bisa.