Code Cleaner

Hazem

New member
Found this code cleaner so I thought share it with you

copy the code
paste it in clean.txt
change ext .txt to .php
upload clean.php to your public_html folder
run http://YourDomain.xxx/clean.php
delete clean.php after it finish the clean process



PHP:
<?php
/**
 * Cleaner PHP (Wordpress Hack Fix)
 * Author: Nino Paolo Amarillento
 * Version: 2.10
 * URL: http://www.php-beginners.com/solve-wordpress-malware-script-attack-fix.html
 * 
 * If you have problem of your site just let me know and I'll be happy to help you!.
 */
 
ini_set('memory_limit','128M'); // If you have memory_limit problem just adjust to a higher value, like 256M

set_time_limit(0);
ob_start();
// header("Content-type:text/plain");
$root = "./";

$aPattern = array(
"^<\?php\s*\\\$md5\s*=\s*.*create_function\s*\(.*?\);\s*\\\$.*?\)\s*;\s*\?>\s*",
" echo \"<script type=\\\\\"text\/javascript\\\\\" src=\\\\\"http:\/\/.*\.js\\\\\"><\/script>\"; echo \"\";",
"<\?php\s*\@error_reporting\(0\);\s*if\s*\(\!isset\(([\$\w]+)\)\)\s*{[\$]+[^}]+}\s*\?>",
"<\?php\s*\/\*\w+_on\*\/.*\/\*\w+_off\*\/\s*\?>",
"<\?php\s*\/\*god_mode_on\*\/eval\(base64_decode\([\"'][^\"']{255,}[\"']\)\);\s*\/\*god_mode_off\*\/\s*\?>",
"<\?php\s*\?>",
"<IfModule\s*mod_rewrite\.c>\s*RewriteEngine\s*On\s*RewriteCond\s*%\{HTTP_REFERER\}\s*\^\.\*\([^\)]{255,}
[google|yahoo|bing|ask|wikipedia|youtube][^\)]{255,}[^<]*<\/IfModule>",
"ErrorDocument\s*(?:400|401|403|404|500)+\s*http:\/\/.*\.\w+",
"^<script>(.*)<\/script>",
"^<\?php\s*\\\$md5\s*=\s*[\"|']\w+[\"|'];\s*\\\$wp_salt\s*=\s*[\w\(\),\"\'\;\$]+\s*\\\$wp_add_filter\s*=\s*create_function\
(.*\);\s*\\\$wp_add_filter\(.*\);\s*\?>\s*",
"\s*eval\(base64_decode\([\"'][^\"']{255,}[\"']\)\);",
"if\(!function_exists\([^{]+\s*{\s*function[^}]+\s*}\s*[^\"']+\s*[\"'][^\"']+[\"'];\s*eval\s*\(.*\)\s*;\s*}\s*",
);

$find = '('.implode('|', $aPattern).')';

$except = array("rar", "zip", "mp3", "mp4", "mp3", "mov", "flv", "wmv", "swf", "png", "gif", "jpg", "bmp", "avi");
$only = array("php", "shtml", "html", "htm", "js", "css", "htaccess", "txt");
$infectedFiles = null;
$showOnlyInfectedFiles = true;
$cleanInfected = true;

echo "<h1>Scanning Files...</h1>";
echo "After scanning the files <a href='#infected-files' title='Found Infected Files'>click here to view found Infected files.</a>";


echo "<ol>";
$infectedFiles = startScan($root);
echo "</ol>";


echo "[br][br]<h1 id='infected-files'>". count($infectedFiles) ." Found Infected Files</h1>";
echo "<ol>";
if(is_array($infectedFiles))
foreach($infectedFiles AS $iFile){
	echo "<li>{$iFile}</li>";
}
echo "</ol>";


/* functions */
function getAllFiles($dir){
global $except, $only;
	$filenames = null;
	if ($handle = opendir($dir)){
		while (false !== ($file = readdir($handle))) 
			if ($file != "." && $file != ".." && !is_dir($dir.$file) && ($dir != "." && $file != basename(__FILE__))){
				$path_parts = pathinfo($file);
				if(isset($path_parts['extension']) && array_search(strtolower($path_parts['extension']), $except) === false)

if(array_search(strtolower($path_parts['basename']), $only) !== false 
|| array_search(strtolower($path_parts['extension']), $only) !== false || sizeof($only) < 1)
						$filenames[] = $file;
			}
		closedir($handle);
	}

	return $filenames;
}

function getAllDirectories($dir){
	$directories = null;
	if ($handle = opendir($dir)) {
		while (false !== ($file = readdir($handle)))
			if ($file != "." && $file != ".." && is_dir($dir.$file))
				$directories[] = $dir.$file;
		closedir($handle);
	}

	return $directories;
}

function startScan($root){
global $find, $infectedFiles, $showOnlyInfectedFiles, $cleanInfected;

	$time_start = microtime_float();
	$root = str_replace("//", "/", $root);
	echo "<li>".$root;
	$directories = getAllDirectories($root);
	
	ob_implicit_flush();
	ob_flush();
	sleep(1);
	
	if(is_array($directories)){
	
		// get all files
		if(($tmp = getAllFiles($root)) !== null){
			echo "<ul>";
			$files = $tmp;
			foreach($files AS $file){
				$numMatches = checkMalware($root.$file, $find);
				if(!empty($numMatches)){
					if($cleanInfected)
						cleanInfected($root.$file, $find);
						
					echo "<li style='background-color:c00'><p style='padding:0 0 0 5px; margin:0; color:#fff'>".$infectedFiles[] =
 $root.$file;
					echo " - ".(microtime_float() - $time_start)."</p></li>";
				}elseif(!$showOnlyInfectedFiles){
					$infectedFiles[] = $root.$file;
					echo "<li>".$file."</li>"; // $root.$file
				}
			}
			echo "</ul>";
		}
		
		
		echo "<ol>";
		foreach($directories AS $dir){
			echo "<li>".$dir;
			 ob_implicit_flush();
			 ob_flush();
			 sleep(1);
			 
			// get all files
			if(($tmp = getAllFiles($dir)) !== null){
				echo "<ul>";
				$files = $tmp;
				foreach($files AS $file){
					if($dir[strlen($dir)-1] === "/") $dir = substr($dir, 0, -1); 
					$numMatches = checkMalware($dir."/".$file, $find);
					if(!empty($numMatches)){
						if($cleanInfected)
							cleanInfected($dir."/".$file, $find);
							
echo "<li style='background-color:c00'><p style='padding:0 0 0 5px; margin:0; color:#fff'>".$infectedFiles[] = $dir."/".$file;
						echo " - ".(microtime_float() - $time_start)."</p></li>";
					}elseif(!$showOnlyInfectedFiles){
						$infectedFiles[] = $dir."/".$file;
						echo "<li>".$file."</li>";
					}
				}
				echo "</ul>";
			}
			
			// gel all directories
			if($root[strlen($root)-1] === "/") $tmp_root = substr($root, 0, -1); 
			if(($tmp = getAllDirectories($dir."/")) !== null && $dir !== $tmp_root){
				foreach($tmp AS $d){
					$a = startScan($d."/");
					if(is_array($a))
						array_merge($infectedFiles, $a);
				}
				
			}
			echo "</li>";
		}
		echo "</ol>";
	}else{
		// get all files
		if(($tmp = getAllFiles($root)) !== null){
			echo "<ul>";
			$files = $tmp;
			foreach($files AS $file){
				$numMatches = checkMalware($root.$file, $find);
				if(!empty($numMatches)){
					if($cleanInfected)
						cleanInfected($root.$file, $find);
						
echo "<li style='background-color:c00'><p style='padding:0 0 0 5px; margin:0; color:#fff'>".$infectedFiles[] = $root.$file;
					echo " - ".(microtime_float() - $time_start)."</p></li>";
				}elseif(!$showOnlyInfectedFiles){
					$infectedFiles[] = $root.$file;
					echo "<li>".$file."</li>"; // $root.$file
				}
			}
			echo "</ul>";
		}
	}
	echo "</li>";
	
 return $infectedFiles;
}

function checkMalware($filename, $find){
	$numMatches = null;
	$handle = fopen($filename, "r");
	if(filesize($filename) > 0){
		$contents = fread($handle, filesize($filename));
		$numMatches = preg_match_all('/'.$find.'/is', $contents, $matches);
	}
	fclose($handle);
	return $numMatches;
}

function cleanInfected($filename, $find){

	$handle = fopen($filename, "r");
	if(filesize($filename) > 0){
		$contents = fread($handle, filesize($filename));
		fclose($handle);
		
		$handle = fopen($filename, "w");
		$contents = preg_replace('/'.$find.'/is', "", $contents);
		
		fwrite($handle, $contents);
	}
	fclose($handle);
}

function microtime_float(){
    list($usec, $sec) = explode(" ", microtime());
    return ((float)$usec + (float)$sec);
}

ob_end_flush();
ob_end_flush();
 

Maximus

New member
Great stuff thanks Hazem. Will be sure to use that. Particularly if I'm going to start a Word Press Website, as Word Press has a great knack for getting messy with the codes. :cool:
 

hydra

New member
Awesome @Hazem! This is a really good idea and code! I check my codes once every 2 months now thanks to you. :) Much appreciated!

Hydra