setelah itu coba test deface/bubuhi backdoor,, waktu ngescan akan nemuin tuh file termodifikasi/ditambah.
silahkan dikembangkan lagi mw pake cronjob biar jalan otomatis berkala atw tambahin notice via email atw botnet gimananya, terserah ini basic source codenya..
PHP Code:
<?php/**
* @author Jasman
* @package Function.Site
* @subpackage Application
* @web http://www.pasbar.com/ and http://www.ihsana.com
* @copyright Copyright (C) 2011 Ihsana IT Solution. All rights reserved.
* @license GNU General Public License version 2 or later, see LICENSE.txt
*
* Scanner ini tidak bisa mendeteksi file yang telah dihapus.
* untuk versi pertama cuma base source aja.
* notice via email akan menyusul pada versi berikutnya.
* insya Allah untuk plugin wp dan joomla cooming soon :D
*/
error_reporting(0);/**
* ini adalah tempat dimana folder yang akan discan
*/$dir = dirname(__file__).DIRECTORY_SEPARATOR.'jz-cms/';/**
* ini adalah tempat dimana folder untuk database ceksum,
* letakan didalam folder yang tidak bisa dijangkau dari luar
* ini akan menghapus httacces dan menulisnya lagi, usahakan pada folder kosong.
*/$dir_db = dirname(__file__);
function scan_file($dir,$dir_db)
{
$data = null;
if(file_exists($dir_db.DIRECTORY_SEPARATOR."data.db"))
{
ob_start();
$fp = fopen($dir_db.DIRECTORY_SEPARATOR."data.db","r");
$str = fread($fp,filesize($dir_db.DIRECTORY_SEPARATOR."data.db"));
fclose($fp);
$str = explode("\n",$str);
for($i = 0; $i < count($str); $i++)
{
$str_db = explode('=>',$str[$i]);
$md5 = trim($str_db[0]);
$db[$md5]['file'] = trim($str_db[1]);
}
ob_end_flush();
//start scan
$path = '';
$stack[] = $dir;
while($stack)
{
$thisdir = @array_pop($stack);
if($dircont = @scandir($thisdir))
{
$i = 0;
while(isset($dircont[$i]))
{
if($dircont[$i] !== '.' && $dircont[$i] !== '..')
{
$current_file = $thisdir.DIRECTORY_SEPARATOR.$dircont[$i];
if(is_file($current_file))
{
$path[] = $thisdir.DIRECTORY_SEPARATOR.$dircont[$i];
$md5 = @md5_file($thisdir.DIRECTORY_SEPARATOR.$dircont[$i]);
$files[$md5]['hash'] = $md5;
$files[$md5]['file'] = $thisdir.DIRECTORY_SEPARATOR.$dircont[$i];
$files[$md5]['readable'] = is_readable($thisdir.DIRECTORY_SEPARATOR.$dircont[$i]);
$files[$md5]['writable'] = is_writable($thisdir.DIRECTORY_SEPARATOR.$dircont[$i]);
$files[$md5]['executable'] = is_executable($thisdir.DIRECTORY_SEPARATOR.$dircont[$i]);
$files[$md5]['modified'] = date("d-m-Y H:i:s",filemtime($thisdir.
DIRECTORY_SEPARATOR.$dircont[$i]));
$files[$md5]['created'] = date("d-m-Y H:i:s",filectime($thisdir.
DIRECTORY_SEPARATOR.$dircont[$i]));
} elseif(is_dir($current_file))
{
$stack[] = $current_file;
}
}
$i++;
}
}
}
$data = array_diff_key($files,$db);
}
else
{
$data[md5('jasman')]['file'] = $dir_db.DIRECTORY_SEPARATOR."data.db";
$data[md5('jasman')]['hash'] = '-';
$data[md5('jasman')]['writable'] = 'Not Found.';
}
return $data;
}
function write_db_file($dir,$dir_db)
{
$files = null;
$prot = fopen($dir_db.DIRECTORY_SEPARATOR.'.htaccess','w');
fwrite($prot,"<Files \"data.db\">\ndeny from all\n</Files>");
fclose($prot);
$fp = fopen($dir_db.DIRECTORY_SEPARATOR."data.db","a+");
$path = '';
$stack[] = $dir;
while($stack)
{
$thisdir = @array_pop($stack);
if($dircont = @scandir($thisdir))
{
$i = 0;
ob_start();
while(isset($dircont[$i]))
{
if($dircont[$i] !== '.' && $dircont[$i] !== '..')
{
$current_file = $thisdir.DIRECTORY_SEPARATOR.$dircont[$i];
if(is_file($current_file))
{
$path[] = $thisdir.DIRECTORY_SEPARATOR.$dircont[$i];
$md5 = @md5_file($thisdir.DIRECTORY_SEPARATOR.$dircont[$i]);
$files[$md5]['file'] = $thisdir.DIRECTORY_SEPARATOR.$dircont[$i];
$files[$md5]['hash'] = $md5;
$files[$md5]['readable'] = is_readable($thisdir.DIRECTORY_SEPARATOR.$dircont[$i]);
$files[$md5]['writable'] = is_writable($thisdir.DIRECTORY_SEPARATOR.$dircont[$i]);
$files[$md5]['executable'] = is_executable($thisdir.DIRECTORY_SEPARATOR.$dircont[$i]);
fwrite($fp,$md5."=>".$thisdir.DIRECTORY_SEPARATOR.$dircont[$i]."\n");
} elseif(is_dir($current_file))
{
$stack[] = $current_file;
}
}
ob_end_flush();
$i++;
}
}
}
fclose($fp);
return $files;
}
echo '<p>Setelah semua design web beres, <a href="./scanner.php?act=ceksum">Buat Ceksum</a> untuk semua file.</p>';
echo '<p>Apakah ada perubahan pada file anda klik <a href="./scanner.php?act=scan">scan</a> untuk memeriksa.</p>';
if($_GET['act'] == 'ceksum')
{
echo memory_get_usage();
echo '<hr/><pre>';
$str_files = write_db_file($dir,$dir_db);
print_r($str_files);
}
if($_GET['act'] == 'scan')
{
$scanner = @scan_file($dir,$dir_db);
$scannerx = @array_values($scanner);
echo '
<table border="1" style="border-collapse: collapse;">
<tr>
<td style="text-align: center; font-weight: bold;">No.</td>
<td style="text-align: center; font-weight: bold;">File</td>
<td style="text-align: center; font-weight: bold;">Writable</td>
<td style="text-align: center; font-weight: bold;">Modified</td>
<td style="text-align: center; font-weight: bold;">Created</td>
<td style="text-align: center; font-weight: bold;">Md5</td>
</tr>';
$i = 0;
while($i < count($scanner)):
$x = $i + 1;
echo '
<tr>
<td>'.$x.'</td>
<td style="text-align: left; font-size: 75%;">'.$scannerx[$i]['file'].
'</td>
<td style="text-align: center; font-size: 95%;">'.$scannerx[$i]['writable'].
'</td>
<td style="text-align: left; font-size: 75%;">'.$scannerx[$i]['modified'].
'</td>
<td style="text-align: left; font-size: 75%;">'.$scannerx[$i]['created'].
'</td>
<td style="text-align: center; font-size: 95%;">'.$scannerx[$i]['hash'].
'</td>
</tr>';
$i++;
endwhile;
echo '
</table>
';
}?>Source: http://devilzc0de.org/forum/thread-13982.html