 Server : Apache/2 System : Linux server-15-235-50-60 5.15.0-164-generic #174-Ubuntu SMP Fri Nov 14 20:25:16 UTC 2025 x86_64 User : gositeme ( 1004) PHP Version : 8.2.29 Disable Function : exec,system,passthru,shell_exec,proc_close,proc_open,dl,popen,show_source,posix_kill,posix_mkfifo,posix_getpwuid,posix_setpgid,posix_setsid,posix_setuid,posix_setgid,posix_seteuid,posix_setegid,posix_uname Directory : /home/gositeme/domains/soundstudiopro.com/public_html/ |
<?php
/**
* FIX ALL MALICIOUS .HTACCESS FILES
* Removes attacker's malicious rules from all .htaccess files
*/
error_reporting(E_ALL);
ini_set('display_errors', 1);
echo "=== FIXING ALL .HTACCESS FILES ===\n\n";
$malicious_pattern = '<FilesMatch ".(py|exe|php)$">
Order allow,deny
Deny from all
</FilesMatch>
<FilesMatch "^(about.php|radio.php|index.php|content.php|lock360.php|admin.php|wp-login.php|wp-l0gin.php|wp-theme.php|wp-scripts.php|wp-editor.php|mah.php|jp.php|ext.php)$">
Order allow,deny
Allow from all
</FilesMatch>';
$directories_to_allow_php = [
'auth',
'api',
'admin',
'studio',
'radio',
];
$directories_to_block_php = [
'config',
'includes',
'utils',
'vendor',
'uploads',
'assets',
'logs',
'database',
'cron',
'migrations',
'webhooks',
'components',
'admin_includes',
'artist_includes',
'task_results',
'audio_files',
'lang',
'home',
];
$fixed = 0;
$skipped = 0;
$errors = [];
// Find all .htaccess files
$htaccess_files = [];
exec('find . -name ".htaccess" -type f 2>/dev/null', $htaccess_files);
foreach ($htaccess_files as $file) {
// Skip vendor and node_modules
if (strpos($file, '/vendor/') !== false || strpos($file, '/node_modules/') !== false) {
continue;
}
$content = file_get_contents($file);
// Check if it contains malicious code
if (strpos($content, 'FilesMatch ".(py|exe|php)$"') !== false) {
$dir = dirname($file);
$dir_name = basename($dir);
// Create backup
$backup = $file . '.backup.' . date('Ymd_His');
copy($file, $backup);
echo " [BACKUP] $backup\n";
// Determine what to do based on directory
if (in_array($dir_name, $directories_to_allow_php)) {
// These directories NEED PHP files - remove all blocking
$new_content = "# Allow PHP files in this directory\n";
$new_content .= "<IfModule mod_rewrite.c>\n";
$new_content .= "RewriteEngine On\n";
$new_content .= "RewriteBase /$dir_name/\n";
$new_content .= "</IfModule>\n";
if (file_put_contents($file, $new_content)) {
echo " [FIXED] $file - Removed blocking, allows PHP\n";
$fixed++;
} else {
echo " [ERROR] Failed to fix: $file\n";
$errors[] = $file;
}
} elseif (in_array($dir_name, $directories_to_block_php)) {
// These directories should block PHP - keep blocking but remove malicious rules
$new_content = "# Block PHP files in this directory (security)\n";
$new_content .= "<FilesMatch \"\\.(py|exe|php)$\">\n";
$new_content .= " Order allow,deny\n";
$new_content .= " Deny from all\n";
$new_content .= "</FilesMatch>\n";
if (file_put_contents($file, $new_content)) {
echo " [FIXED] $file - Removed malicious rules, kept legitimate blocking\n";
$fixed++;
} else {
echo " [ERROR] Failed to fix: $file\n";
$errors[] = $file;
}
} else {
// Other directories - just remove malicious code, keep rewrite rules if any
$new_content = preg_replace('/<FilesMatch "\.\(py\|exe\|php\)">.*?<\/FilesMatch>/s', '', $content);
$new_content = preg_replace('/<FilesMatch "\^\(about\.php\|.*?\)\$">.*?<\/FilesMatch>/s', '', $new_content);
$new_content = preg_replace('/Order allow,deny\s+Deny from all\s+Allow from all/s', '', $new_content);
// Clean up extra blank lines
$new_content = preg_replace('/\n{3,}/', "\n\n", $new_content);
$new_content = trim($new_content) . "\n";
if (file_put_contents($file, $new_content)) {
echo " [FIXED] $file - Removed malicious code\n";
$fixed++;
} else {
echo " [ERROR] Failed to fix: $file\n";
$errors[] = $file;
}
}
} else {
$skipped++;
}
}
echo "\n=== SUMMARY ===\n";
echo "Files fixed: $fixed\n";
echo "Files skipped (already clean): $skipped\n";
if (count($errors) > 0) {
echo "Errors: " . count($errors) . "\n";
foreach ($errors as $error) {
echo " - $error\n";
}
}
echo "\n✅ Done! All .htaccess files have been cleaned.\n";