T.ME/BIBIL_0DAY
CasperSecurity


Server : Apache/2
System : Linux server-15-235-50-60 5.15.0-164-generic #174-Ubuntu SMP Fri Nov 14 20:25:16 UTC 2025 x86_64
User : gositeme ( 1004)
PHP Version : 8.2.29
Disable Function : exec,system,passthru,shell_exec,proc_close,proc_open,dl,popen,show_source,posix_kill,posix_mkfifo,posix_getpwuid,posix_setpgid,posix_setsid,posix_setuid,posix_setgid,posix_seteuid,posix_setegid,posix_uname
Directory :  /home/gositeme/domains/soundstudiopro.com/public_html/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Current File : /home/gositeme/domains/soundstudiopro.com/public_html/verify_htaccess_integrity.php
<?php
/**
 * Verify .htaccess integrity by checking MD5 hash
 * Run this to detect unauthorized modifications
 */

$htaccess_file = __DIR__ . '/.htaccess';
$hash_file = __DIR__ . '/.htaccess.md5';

if (!file_exists($htaccess_file)) {
    echo "ERROR: .htaccess file not found!\n";
    exit(1);
}

if (!file_exists($hash_file)) {
    echo "WARNING: Hash file not found. Creating initial hash...\n";
    $current_hash = md5_file($htaccess_file);
    file_put_contents($hash_file, $current_hash . "  .htaccess\n");
    echo "✅ Initial hash created: $current_hash\n";
    exit(0);
}

// Read stored hash
$stored_hash = trim(file_get_contents($hash_file));
$stored_hash = preg_split('/\s+/', $stored_hash)[0];

// Calculate current hash
$current_hash = md5_file($htaccess_file);

if ($current_hash === $stored_hash) {
    echo "✅ .htaccess integrity verified - No changes detected\n";
    exit(0);
} else {
    echo "🚨 ALERT: .htaccess has been modified!\n";
    echo "Stored hash: $stored_hash\n";
    echo "Current hash: $current_hash\n";
    echo "File modified: " . date('Y-m-d H:i:s', filemtime($htaccess_file)) . "\n";
    
    // Log alert
    $alert_log = __DIR__ . '/logs/htaccess_alerts.log';
    $alert_entry = date('Y-m-d H:i:s') . " - .htaccess MODIFIED!\n";
    $alert_entry .= "  Stored: $stored_hash\n";
    $alert_entry .= "  Current: $current_hash\n";
    $alert_entry .= "  Modified: " . date('Y-m-d H:i:s', filemtime($htaccess_file)) . "\n\n";
    file_put_contents($alert_log, $alert_entry, FILE_APPEND);
    
    // Check for malicious patterns
    $content = file_get_contents($htaccess_file);
    $malicious_patterns = [
        'about\.php.*Allow from all',
        'radio\.php.*Allow from all',
        'RequireAll.*Require all denied', // If blocking everything
    ];
    
    $found_malicious = false;
    foreach ($malicious_patterns as $pattern) {
        if (preg_match("/$pattern/i", $content)) {
            echo "🚨 CRITICAL: Malicious pattern detected: $pattern\n";
            $found_malicious = true;
        }
    }
    
    if ($found_malicious) {
        echo "⚠️  RECOMMENDATION: Restore from backup immediately!\n";
        echo "   Backup location: .htaccess.clean_backup.*\n";
    }
    
    exit(1);
}

CasperSecurity Mini