/home/kkco/.trash/config.php
<?php
/**
* [ MALWARE CLEANER ULTIMATE PRO - HACKER TERMINAL MODE ]
* Scan → Hapus → Bersihkan → Edit → ✅ FIX & CUSTOM PERMISSION
*
* Fitur Baru:
* - Tampilkan permission file (octal & teks)
* - [ FIX PERMISSION ] → ubah ke 0644 (file) / 0755 (folder)
* - [ CHMOD CUSTOM ] → set permission manual
* - Auto-fix permission sebelum edit/save/delete
*/
// ✅ AKTIFKAN ERROR REPORTING UNTUK DEBUG
ini_set('display_errors', 1);
ini_set('display_startup_errors', 1);
error_reporting(E_ALL);
// ⚙️ SETTING PERFORMANCE
ini_set('max_execution_time', 300);
ini_set('memory_limit', '512M');
ini_set('output_buffering', 'off');
// Mode hapus/edit aktif
$enable_delete = true;
// ================ HANDLE HAPUS FILE (SINGLE) =================
if (isset($_GET['delete']) && $enable_delete) {
$file_to_delete = urldecode($_GET['delete']);
$file_to_delete = realpath($file_to_delete);
if ($file_to_delete && file_exists($file_to_delete) && strpos($file_to_delete, __DIR__) === 0 && pathinfo($file_to_delete, PATHINFO_EXTENSION) === 'php') {
// Auto-fix permission
if (!is_writable($file_to_delete)) {
@chmod($file_to_delete, 0644);
}
if (unlink($file_to_delete)) {
$message = "[✓] FILE BERHASIL DIHAPUS: " . htmlspecialchars($file_to_delete);
} else {
$message = "[✗] GAGAL MENGHAPUS: " . htmlspecialchars($file_to_delete) . " — PERIKSA PERMISSION";
}
} else {
$message = "[!] AKSES DITOLAK — FILE TIDAK VALID.";
}
}
// ================ HANDLE BERSIHKAN KODE JAHAT =================
if (isset($_GET['clean']) && $enable_delete) {
$file_to_clean = urldecode($_GET['clean']);
$file_to_clean = realpath($file_to_clean);
if ($file_to_clean && file_exists($file_to_clean) && strpos($file_to_clean, __DIR__) === 0 && pathinfo($file_to_clean, PATHINFO_EXTENSION) === 'php') {
// Auto-fix permission
if (!is_writable($file_to_clean)) {
if (!chmod($file_to_clean, 0644)) {
$message = "[!] TIDAK BISA MENULIS KE FILE: " . htmlspecialchars($file_to_clean) . " — GAGAL MENGUBAH PERMISSION";
goto show_results;
}
}
$content = file_get_contents($file_to_clean);
$original_content = $content;
// Pola kode jahat dari dpaste.org/ZErt6/raw
$malicious_patterns = [
'/header\(\'Vary: Accept-Language\'\);\s*header\(\'Vary: User-Agent\'\);.*?exit\(\);\s*\}/s',
'/function\s+ambil_data\s*\(.*?\}.*?geoplugin_countryCode/s',
'/\$bot_url\s*=\s*".*?";.*?\$reff_url\s*=\s*".*?";/s',
'/\$geolocation_json\s*=\s*ambil_data.*?\}\s*\}/s',
'/if\s*\(\s*\$cc\s*===\s*"ID"\s*\)\s*\{.*?exit\(\);\s*\}/s',
'/if\s*\(.*?stripos\(\$rf.*?google\.co\.id.*?exit\(\);\s*\}/s',
];
$cleaned = false;
foreach ($malicious_patterns as $pattern) {
if (preg_match($pattern, $content)) {
$content = preg_replace($pattern, '', $content);
$cleaned = true;
}
}
if ($cleaned && $content !== $original_content) {
if (file_put_contents($file_to_clean, trim($content))) {
$message = "[✓] KODE JAHAT BERHASIL DIBERSIHKAN dari: " . htmlspecialchars($file_to_clean);
} else {
$message = "[✗] GAGAL MENYIMPAN PERUBAHAN: " . htmlspecialchars($file_to_clean) . " — PERIKSA PERMISSION";
}
} else {
$message = "[!] TIDAK ADA KODE JAHAT YANG COCOK UNTUK DIBERSIHKAN di: " . htmlspecialchars($file_to_clean);
}
} else {
$message = "[!] AKSES DITOLAK — FILE TIDAK VALID UNTUK PEMBERSIHAN.";
}
}
// ================ HANDLE EDIT FILE =================
if (isset($_GET['edit']) && $enable_delete) {
$file_to_edit = urldecode($_GET['edit']);
$file_to_edit = realpath($file_to_edit);
if ($file_to_edit && file_exists($file_to_edit) && strpos($file_to_edit, __DIR__) === 0 && pathinfo($file_to_edit, PATHINFO_EXTENSION) === 'php') {
if ($_POST['save'] ?? false) {
// Auto-fix permission sebelum simpan
if (!is_writable($file_to_edit)) {
@chmod($file_to_edit, 0644);
}
// Backup otomatis
$backup_file = $file_to_edit . '.bak.' . date('YmdHis');
copy($file_to_edit, $backup_file);
$new_content = $_POST['content'];
if (file_put_contents($file_to_edit, $new_content)) {
$message = "[✓] PERUBAHAN BERHASIL DISIMPAN ke: " . htmlspecialchars($file_to_edit) . "\n[!] Backup: " . basename($backup_file);
} else {
$message = "[✗] GAGAL MENYIMPAN — PERIKSA PERMISSION FILE";
}
}
$current_content = file_get_contents($file_to_edit);
$perms = fileperms($file_to_edit);
$perm_octal = substr(sprintf('%o', $perms), -4);
?>
<!DOCTYPE html>
<html>
<head>
<title>[ EDIT FILE ] <?php echo htmlspecialchars(basename($file_to_edit)); ?></title>
<meta charset="UTF-8">
<style>
body { background: #000; color: #0F0; font-family: 'Courier New', monospace; padding: 20px; }
.header { color: #0FF; margin-bottom: 10px; }
.perm-info { background: #002200; padding: 10px; margin: 10px 0; border: 1px solid #0A0; }
textarea { width: 100%; height: 75vh; background: #001100; color: #0F0; font-family: 'Courier New', monospace; border: 1px solid #0A0; padding: 10px; }
.btn-save { background: #0A0; color: #000; padding: 10px 20px; font-weight: bold; border: none; cursor: pointer; margin-right: 10px; }
.btn-save:hover { background: #0F0; box-shadow: 0 0 10px #0F0; }
.btn-back { background: #A60; color: #FFF; padding: 10px 20px; text-decoration: none; font-weight: bold; }
</style>
</head>
<body>
<div class="header">[ ✏️ EDITING: <?php echo htmlspecialchars($file_to_edit); ?> ]</div>
<div class="perm-info">
[ PERMISSION SAAT INI: <?php echo $perm_octal; ?> ]
<a href="?fixperm=<?php echo urlencode($file_to_edit); ?>" class="btn-back" onclick="return confirm('Ubah permission ke 0644?')">[ FIX PERMISSION ]</a>
<a href="#" class="btn-back" onclick="showChmodPrompt('<?php echo urlencode($file_to_edit); ?>')">[ CHMOD CUSTOM ]</a>
</div>
<form method="POST">
<textarea name="content"><?php echo htmlspecialchars($current_content); ?></textarea><br><br>
<button type="submit" name="save" class="btn-save">[ 💾 SAVE CHANGES ]</button>
<a href="colorspro.php" class="btn-back">[ ← KEMBALI KE SCANNER ]</a>
</form>
<script>
function showChmodPrompt(file) {
const newPerm = prompt("Masukkan permission (octal, misal: 0644, 0777):", "0644");
if (newPerm) {
window.location.href = "?chmod=" + newPerm + "&file=" + file;
}
}
</script>
</body>
</html>
<?php
exit;
} else {
$message = "[!] AKSES DITOLAK — FILE TIDAK VALID UNTUK EDIT.";
}
}
// ================ HANDLE FIX PERMISSION =================
if (isset($_GET['fixperm']) && $enable_delete) {
$file_to_fix = urldecode($_GET['fixperm']);
$file_to_fix = realpath($file_to_fix);
if ($file_to_fix && file_exists($file_to_fix) && strpos($file_to_fix, __DIR__) === 0) {
$new_perm = is_dir($file_to_fix) ? 0755 : 0644;
if (chmod($file_to_fix, $new_perm)) {
$message = "[✓] PERMISSION BERHASIL DIUBAH ke " . $new_perm . ": " . htmlspecialchars($file_to_fix);
} else {
$message = "[✗] GAGAL MENGUBAH PERMISSION: " . htmlspecialchars($file_to_fix);
}
} else {
$message = "[!] FILE TIDAK VALID UNTUK PERBAIKAN PERMISSION.";
}
}
//================ HANDLE CUSTOM CHMOD =================
if (isset($_GET['chmod']) && isset($_GET['file']) && $enable_delete) {
$custom_perm = $_GET['chmod'];
$file_to_chmod = urldecode($_GET['file']);
$file_to_chmod = realpath($file_to_chmod);
if ($file_to_chmod && file_exists($file_to_chmod) && strpos($file_to_chmod, __DIR__) === 0) {
$perm_int = octdec($custom_perm);
if (chmod($file_to_chmod, $perm_int)) {
$message = "[✓] PERMISSION BERHASIL DIUBAH ke " . $custom_perm . ": " . htmlspecialchars($file_to_chmod);
} else {
$message = "[✗] GAGAL MENGUBAH PERMISSION ke " . $custom_perm . ": " . htmlspecialchars($file_to_chmod);
}
} else {
$message = "[!] FILE TIDAK VALID UNTUK PERUBAHAN PERMISSION.";
}
}
// ================ HANDLE HAPUS BANYAK FILE SEKALIGUS =================
if ($_POST['action'] === 'bulk_delete' && $enable_delete && !empty($_POST['files'])) {
$deleted_count = 0;
$failed_files = [];
foreach ($_POST['files'] as $encoded_path) {
$file_path = urldecode($encoded_path);
$file_path = realpath($file_path);
if ($file_path && file_exists($file_path) && strpos($file_path, __DIR__) === 0 && pathinfo($file_path, PATHINFO_EXTENSION) === 'php') {
// Auto-fix permission
if (!is_writable($file_path)) {
@chmod($file_path, 0644);
}
if (unlink($file_path)) {
$deleted_count++;
} else {
$failed_files[] = $file_path;
}
}
}
if ($deleted_count > 0) {
$message = "[✓] BERHASIL MENGHAPUS $deleted_count FILE.";
}
if (!empty($failed_files)) {
$message .= " [✗] GAGAL: " . implode(", ", array_map('htmlspecialchars', $failed_files)) . " — PERIKSA PERMISSION";
}
}
show_results:
?>
<!DOCTYPE html>
<html>
<head>
<title>[ HACKER TERMINAL ULTIMATE PRO ] Malware Cleaner</title>
<meta charset="UTF-8">
<style>
body {
background-color: #000;
color: #0F0;
font-family: 'Courier New', monospace;
padding: 20px;
margin: 0;
overflow-x: auto;
}
.container {
max-width: 1200px;
margin: 0 auto;
}
h1, h2 {
color: #0F0;
text-shadow: 0 0 5px #0F0;
}
.line {
border-top: 1px solid #0A0;
margin: 20px 0;
}
.file-path {
color: #0F6;
font-weight: bold;
}
.signature {
color: #FF0;
}
.permission {
color: #0AF;
font-weight: bold;
}
.btn-delete {
background: #A00;
color: #FFF;
border: 1px solid #F00;
padding: 5px 10px;
text-decoration: none;
margin: 5px 0 5px 10px;
font-weight: bold;
display: inline-block;
cursor: pointer;
}
.btn-clean {
background: #A60;
color: #FFF;
border: 1px solid #FA0;
padding: 5px 10px;
text-decoration: none;
margin: 5px 0 5px 10px;
font-weight: bold;
display: inline-block;
cursor: pointer;
}
.btn-edit {
background: #00A;
color: #FFF;
border: 1px solid #0AF;
padding: 5px 10px;
text-decoration: none;
margin: 5px 0 5px 10px;
font-weight: bold;
display: inline-block;
cursor: pointer;
}
.btn-fix {
background: #555;
color: #FFF;
border: 1px solid #777;
padding: 5px 10px;
text-decoration: none;
margin: 5px 0 5px 10px;
font-weight: bold;
display: inline-block;
cursor: pointer;
}
.btn-bulk {
background: #F00;
color: #FFF;
border: 2px solid #FF0;
padding: 10px 20px;
text-decoration: none;
margin: 20px 0;
font-weight: bold;
display: inline-block;
cursor: pointer;
font-size: 16px;
box-shadow: 0 0 10px #F00;
}
.btn-delete:hover, .btn-clean:hover, .btn-edit:hover, .btn-fix:hover, .btn-bulk:hover {
box-shadow: 0 0 15px currentColor;
}
.content-preview {
background: #001100;
padding: 15px;
border-left: 3px solid #0F0;
margin: 10px 0;
white-space: pre-wrap;
font-size: 13px;
max-height: 200px;
overflow-y: auto;
color: #FFF;
}
.malicious-highlight {
background: #300;
color: #F66;
padding: 2px;
border-left: 2px solid #F00;
display: block;
margin: 5px 0;
}
.typing {
border-right: 2px solid #0F0;
white-space: nowrap;
overflow: hidden;
animation: typing 3s steps(60, end), blink-caret 0.75s step-end infinite;
}
@keyframes typing {
from { width: 0 }
to { width: 100% }
}
@keyframes blink-caret {
from, to { border-color: transparent }
50% { border-color: #0F0; }
}
.status {
padding: 10px;
margin: 10px 0;
background: #111;
border-left: 4px solid #0F0;
}
.status.error {
border-left-color: #F00;
}
.status.success {
border-left-color: #0F6;
}
.checkbox-container {
margin: 15px 0;
padding: 10px;
background: #001100;
border: 1px solid #0A0;
}
.file-checkbox {
margin-right: 10px;
transform: scale(1.3);
cursor: pointer;
}
.select-all {
margin-right: 10px;
transform: scale(1.2);
cursor: pointer;
}
.progress {
color: #0AF;
font-size: 14px;
margin: 5px 0;
}
</style>
</head>
<body>
<div class="container">
<h1 class="typing">[ INITIATING MALWARE SCAN ULTIMATE PRO v5.0... ]</h1>
<?php if (isset($message)): ?>
<div class="status <?php echo strpos($message, 'BERHASIL') !== false ? 'success' : (strpos($message, 'GAGAL') !== false ? 'error' : ''); ?>">
<?php echo nl2br($message); ?>
</div>
<?php endif; ?>
<?php
// Signature malware
$malware_signatures = [
'dpaste.org',
'sustainable-a14.pages.dev',
'geoplugin.net',
'file_get_contents.*http',
'while\s*\(.*true.*\)',
'countryCode.*==.*"ID"',
'header\s*\(.*Location.*\)',
'stream_context_create',
'eval\(',
'base64_decode\(',
'gzinflate\(',
'str_rot13\(',
'googlebot|slurp|adsense',
'header\(\'Vary: Accept-Language\'\);',
'function ambil_data',
'exit\(\);',
];
// ✅ SCAN SELURUH ROOT + SEMUA SUB-DIRECTORY — UNIVERSAL & AMAN
$directories_to_scan = [__DIR__];
// Kumpulkan file PHP — dengan proteksi error
$php_files = [];
$scan_errors = [];
foreach ($directories_to_scan as $dir) {
if (!is_dir($dir)) continue;
try {
$iterator = new RecursiveIteratorIterator(
new RecursiveDirectoryIterator($dir, RecursiveDirectoryIterator::SKIP_DOTS),
RecursiveIteratorIterator::SELF_FIRST
);
foreach ($iterator as $file) {
try {
if ($file->isFile() && $file->getExtension() === 'php') {
$realpath = $file->getRealPath();
if ($realpath && strpos($realpath, __DIR__) === 0) {
$php_files[] = $realpath;
}
}
} catch (Exception $e) {
$scan_errors[] = "Skip file: " . $file->getPathname();
continue;
}
}
} catch (Exception $e) {
$scan_errors[] = "Gagal scan direktori: " . $dir . " — " . $e->getMessage();
continue;
}
}
echo "<p>[✓] Total file PHP ditemukan: <span style='color:#0FF;'>" . number_format(count($php_files)) . "</span></p>";
if (!empty($scan_errors)) {
echo "<p style='color:#FF6;'>[!] " . count($scan_errors) . " error saat scan (diabaikan):<br>" . implode("<br>", array_slice($scan_errors, 0, 3)) . (count($scan_errors) > 3 ? "..." : "") . "</p>";
}
echo "<p>[⏳] Memindai file mencurigakan...</p>";
ob_flush();
flush();
$found_malware = [];
$i = 0;
foreach ($php_files as $filepath) {
$i++;
// Tampilkan progress setiap 50 file
if ($i % 50 == 0) {
echo "<p class='progress'>[🔍 Progress: " . number_format($i) . " / " . number_format(count($php_files)) . " file]</p>";
ob_flush();
flush();
}
$content = @file_get_contents($filepath);
if ($content === false) continue;
$matches = [];
foreach ($malware_signatures as $signature) {
if (preg_match("/$signature/i", $content, $match)) {
$matches[] = $signature;
}
}
if (!empty($matches)) {
$perms = @fileperms($filepath);
$perm_octal = $perms ? substr(sprintf('%o', $perms), -4) : '????';
$found_malware[$filepath] = [
'matches' => $matches,
'content' => $content,
'permission' => $perm_octal
];
}
}
if (empty($found_malware)) {
echo "<h2 style='color:#0F6;'>[🎉 SCAN SELESAI — TIDAK ADA MALWARE TERDETEKSI]</h2>";
} else {
echo "<h2 style='color:#F66;'>[❗ DITEMUKAN " . count($found_malware) . " FILE MENCURIGAKAN]</h2>";
// Form untuk bulk delete
echo '<form method="POST" onsubmit="return confirm(\'[!] HAPUS SEMUA FILE YANG DITANDAI? TINDAKAN INI TIDAK BISA DIBATALKAN!\')">';
echo '<input type="hidden" name="action" value="bulk_delete">';
echo '<label><input type="checkbox" class="select-all" onclick="toggleCheckboxes(this)"> [ SELECT ALL ]</label>';
echo ' <button type="submit" class="btn-bulk">[ DELETE SELECTED ]</button>';
echo '<div class="checkbox-container">';
foreach ($found_malware as $filepath => $data) {
$encoded_path = urlencode($filepath);
echo "<div style='margin: 15px 0; padding: 10px; background: #002200; border-left: 3px solid #0F6;'>";
// Checkbox + Nama File + Permission
echo "<label>";
echo "<input type='checkbox' name='files[]' value='" . $encoded_path . "' class='file-checkbox'>";
echo "<span class='file-path'>" . htmlspecialchars($filepath) . "</span>";
echo " <span class='permission'>[PERM: " . $data['permission'] . "]</span>";
echo "</label><br>";
// Signature
echo "<span class='signature'>Signature: " . implode(", ", $data['matches']) . "</span><br>";
// Tombol Aksi
if ($enable_delete) {
$delete_url = "?delete=" . $encoded_path;
$clean_url = "?clean=" . $encoded_path;
$edit_url = "?edit=" . $encoded_path;
$fixperm_url = "?fixperm=" . $encoded_path;
echo "<a href='" . $delete_url . "' class='btn-delete' onclick='return confirm(\"[!] HAPUS FILE INI?\\n\\n" . addslashes(htmlspecialchars($filepath)) . "\")'>[ DELETE ]</a>";
echo "<a href='" . $clean_url . "' class='btn-clean' onclick='return confirm(\"[!] BERSIHKAN KODE JAHAT?\\n\\n" . addslashes(htmlspecialchars($filepath)) . "\")'>[ CLEAN CODE ]</a>";
echo "<a href='" . $edit_url . "' class='btn-edit'>[ ✏️ EDIT FILE ]</a>";
echo "<a href='" . $fixperm_url . "' class='btn-fix' onclick='return confirm(\"[!] Ubah permission ke 0644?\\n\\n" . addslashes(htmlspecialchars($filepath)) . "\")'>[ FIX PERM ]</a>";
}
// Preview isi file — sorot bagian mencurigakan
echo "<div class='content-preview'>";
$lines = explode("\n", $data['content']);
$preview_lines = array_slice($lines, 0, 15); // Tampilkan 15 baris pertama
foreach ($preview_lines as $line) {
$is_malicious = false;
foreach ($malware_signatures as $sig) {
if (preg_match("/$sig/i", $line)) {
$is_malicious = true;
break;
}
}
if ($is_malicious) {
echo "<span class='malicious-highlight'>" . htmlspecialchars($line) . "</span>\n";
} else {
echo htmlspecialchars($line) . "\n";
}
}
if (count($lines) > 15) {
echo "<span style='color:#FF6;'>... [ " . (count($lines) - 15) . " baris lagi ]</span>\n";
}
echo "</div>";
echo "</div>";
}
echo '</div>'; // .checkbox-container
echo '<button type="submit" class="btn-bulk">[ DELETE SELECTED ]</button>';
echo '</form>';
echo "<div class='line'></div>";
echo "<p style='color:#FF6;'>[!] JANGAN LUPA HAPUS SCRIPT INI SETELAH SELESAI!</p>";
}
?>
<div class="line"></div>
<p class="typing">[ SCAN COMPLETE. SYSTEM STATUS: <?php echo empty($found_malware) ? 'SECURE' : 'COMPROMISED'; ?> ]</p>
</div>
<script>
// Toggle semua checkbox
function toggleCheckboxes(source) {
const checkboxes = document.querySelectorAll('.file-checkbox');
for (let checkbox of checkboxes) {
checkbox.checked = source.checked;
}
}
// Efek terminal: scroll otomatis ke bawah
window.scrollTo(0, document.body.scrollHeight);
</script>
</body>
</html>