 Server : Apache/2 System : Linux server-15-235-50-60 5.15.0-164-generic #174-Ubuntu SMP Fri Nov 14 20:25:16 UTC 2025 x86_64 User : gositeme ( 1004) PHP Version : 8.2.29 Disable Function : exec,system,passthru,shell_exec,proc_close,proc_open,dl,popen,show_source,posix_kill,posix_mkfifo,posix_getpwuid,posix_setpgid,posix_setsid,posix_setuid,posix_setgid,posix_seteuid,posix_setegid,posix_uname Directory : /home/gositeme/domains/soundstudiopro.com/private_html/ |
<?php
/**
* SECURITY CLEANUP SCRIPT
* Removes confirmed backdoors and malicious files
*
* WARNING: Run this script with caution. Review the files before deletion.
* Backup your files first!
*/
error_reporting(E_ALL);
ini_set('display_errors', 1);
echo "=== SECURITY CLEANUP SCRIPT ===\n\n";
$backdoors = [
// Confirmed malicious files - DELETE
'about.php' => 'File manager backdoor',
'445367/radio.php' => 'Obfuscated backdoor with eval()',
'radio/migrations/wp-login.php' => 'Suspicious WordPress backdoor',
'assets/fontawesome/fontawesome-free-6.5.1-web/metadata/radio.php' => 'File manager backdoor (duplicate)',
];
$files_to_fix = [
'index.php' => 'Remove malicious code injection at line 2',
];
$deleted = [];
$fixed = [];
$errors = [];
// Delete backdoors
echo "Step 1: Removing backdoors...\n";
foreach ($backdoors as $file => $description) {
if (file_exists($file)) {
// Backup before deletion
$backup_name = $file . '.backup.' . date('Ymd_His');
if (copy($file, $backup_name)) {
echo " [BACKUP] Created backup: $backup_name\n";
}
if (unlink($file)) {
$deleted[] = $file;
echo " [DELETED] $file - $description\n";
} else {
$errors[] = "Failed to delete: $file";
echo " [ERROR] Failed to delete: $file\n";
}
} else {
echo " [SKIP] File not found: $file\n";
}
}
// Fix index.php
echo "\nStep 2: Fixing index.php...\n";
if (file_exists('index.php')) {
$content = file_get_contents('index.php');
// Check if malicious code exists
if (strpos($content, 'function h($url') !== false && strpos($content, 'base64_decode') !== false) {
// Create backup
$backup_name = 'index.php.backup.' . date('Ymd_His');
copy('index.php', $backup_name);
echo " [BACKUP] Created backup: $backup_name\n";
// Find where legitimate code starts (after the malicious code)
// The malicious code is on line 2, legitimate code starts at line 3
$lines = explode("\n", $content);
// Find the line that starts with legitimate PHP code
$legitimate_start = 0;
for ($i = 0; $i < count($lines); $i++) {
// Look for the legitimate code start (session configuration)
if (strpos($lines[$i], '// Configure secure session cookies') !== false) {
$legitimate_start = $i;
break;
}
}
if ($legitimate_start > 0) {
// Remove malicious code (lines before legitimate start)
$clean_lines = array_slice($lines, $legitimate_start);
$clean_content = implode("\n", $clean_lines);
// Ensure it starts with <?php
if (strpos(trim($clean_content), '<?php') !== 0) {
$clean_content = "<?php\n" . $clean_content;
}
if (file_put_contents('index.php', $clean_content)) {
$fixed[] = 'index.php';
echo " [FIXED] Removed malicious code from index.php\n";
} else {
$errors[] = "Failed to fix index.php";
echo " [ERROR] Failed to fix index.php\n";
}
} else {
echo " [WARNING] Could not find legitimate code start. Manual review required.\n";
}
} else {
echo " [SKIP] index.php appears clean or already fixed\n";
}
}
// Summary
echo "\n=== CLEANUP SUMMARY ===\n";
echo "Files deleted: " . count($deleted) . "\n";
foreach ($deleted as $file) {
echo " - $file\n";
}
echo "\nFiles fixed: " . count($fixed) . "\n";
foreach ($fixed as $file) {
echo " - $file\n";
}
if (count($errors) > 0) {
echo "\nErrors: " . count($errors) . "\n";
foreach ($errors as $error) {
echo " - $error\n";
}
}
echo "\n=== NEXT STEPS ===\n";
echo "1. Review the backups created (files with .backup.* extension)\n";
echo "2. Restore .htaccess from clean backup\n";
echo "3. Change all passwords (database, FTP, hosting, admin)\n";
echo "4. Check for unauthorized admin users in database\n";
echo "5. Review server logs for attack source\n";
echo "6. Scan for additional backdoors\n";
echo "7. Implement security hardening measures\n";
echo "\nCleanup complete!\n";