X7ROOT File Manager
Current Path:
/home/u126090504/domains/tncm.org.in
home
/
u126090504
/
domains
/
tncm.org.in
/
📁
..
📄
DO_NOT_UPLOAD_HERE
(0 B)
📁
admin
📄
cleanup_README.txt
(1.25 KB)
📄
license.txt
(133 B)
📄
licensee.txt
(133 B)
📁
public_html
📄
secure_upload.php
(2.87 KB)
📄
security_tool.php
(5.87 KB)
📄
showpath.php
(107 B)
Editing: security_tool.php
<?php /** * Security Tool (Strict Mode) * - Scan or Clean suspicious PHP files * - Any PHP file inside /images, /uploads, /files, /media is auto quarantined * - Safe whitelist logic for root-level PHP pages */ $rootDir = __DIR__; $quarantineDir = __DIR__ . '/quarantine'; // Create quarantine if not exists if (!is_dir($quarantineDir)) { mkdir($quarantineDir, 0755, true); } // Suspicious extensions $suspiciousExt = ['php','php2','php3','php4','php5','php6','php7','php8','phtml','phar']; // Suspicious functions (secondary filter for other folders) $suspiciousFunctions = ['eval','base64_decode','gzinflate','shell_exec','exec','system','passthru','popen','proc_open','assert']; // Exclude this script $selfBasename = basename(__FILE__); $excludeFiles = [$selfBasename]; // Restricted folders where PHP is never allowed $restrictedFolders = ['uploads','images','files','media']; $foundFiles = []; $movedFiles = []; /** * Scan directory recursively */ function scanDirectory($dir, $suspiciousExt, $suspiciousFunctions, &$foundFiles, &$movedFiles, $quarantineDir, $excludeFiles, $mode, $restrictedFolders) { $items = @scandir($dir); if ($items === false) return; foreach ($items as $item) { if ($item === '.' || $item === '..') continue; if (in_array($item, $excludeFiles)) continue; $path = $dir . DIRECTORY_SEPARATOR . $item; // Skip quarantine itself if (strpos(realpath($path), realpath($quarantineDir)) === 0) continue; if (is_dir($path)) { scanDirectory($path, $suspiciousExt, $suspiciousFunctions, $foundFiles, $movedFiles, $quarantineDir, $excludeFiles, $mode, $restrictedFolders); } else { $ext = strtolower(pathinfo($path, PATHINFO_EXTENSION)); if (in_array($ext, $suspiciousExt)) { $isRestricted = false; foreach ($restrictedFolders as $folder) { if (stripos($path, DIRECTORY_SEPARATOR . $folder . DIRECTORY_SEPARATOR) !== false) { $isRestricted = true; break; } } // Strict mode: PHP in restricted folders = always suspicious if ($isRestricted) { $foundFiles[] = $path; if ($mode === 'clean') { $newPath = $quarantineDir . '/' . basename($path) . '_' . time(); if (rename($path, $newPath)) { $movedFiles[] = $newPath; } } } else { // For other locations, check content for suspicious functions $content = @file_get_contents($path, false, null, 0, 4096); foreach ($suspiciousFunctions as $fn) { if (stripos($content, $fn) !== false) { $foundFiles[] = $path; if ($mode === 'clean') { $newPath = $quarantineDir . '/' . basename($path) . '_' . time(); if (rename($path, $newPath)) { $movedFiles[] = $newPath; } } break; } } } } } } } // Mode selection $mode = isset($_POST['mode']) && in_array(strtolower($_POST['mode']), ['scan','clean']) ? strtolower($_POST['mode']) : 'scan'; // Run on form submit if (isset($_POST['run'])) { scanDirectory($rootDir, $suspiciousExt, $suspiciousFunctions, $foundFiles, $movedFiles, $quarantineDir, $excludeFiles, $mode, $restrictedFolders); } ?><!doctype html> <html lang="en"> <head> <meta charset="utf-8"> <title>Security Tool - Strict Mode</title> <style> body{font-family:sans-serif;background:#f8f9fa;color:#222;padding:20px;} .card{background:#fff;padding:20px;border-radius:8px;box-shadow:0 2px 6px rgba(0,0,0,.1);max-width:900px;margin:auto;} h1{font-size:20px;margin-bottom:10px;} button{padding:8px 14px;margin-right:8px;border-radius:5px;border:1px solid #ccc;cursor:pointer;} ul{padding-left:20px;} .ok{color:green;} .warn{color:#c33;} .note{font-size:13px;color:#666;} </style> </head> <body> <div class="card"> <h1>🛡 Security Tool (Strict Mode)</h1> <p class="note">Scans and optionally quarantines suspicious PHP files. Any PHP inside <code>/uploads</code>, <code>/images</code>, <code>/files</code>, or <code>/media</code> is automatically treated as malicious.</p> <form method="post"> <label><input type="radio" name="mode" value="scan" <?php echo ($mode==='scan')?'checked':''; ?>> Scan only</label> <label><input type="radio" name="mode" value="clean" <?php echo ($mode==='clean')?'checked':''; ?>> Scan & Quarantine</label> <button type="submit" name="run">Run</button> </form> <?php if (isset($_POST['run'])): ?> <h2>Results (Mode: <?php echo strtoupper(htmlspecialchars($mode)); ?>)</h2> <?php if (!empty($foundFiles)): ?> <h3 class="warn">⚠️ Suspicious files:</h3> <ul> <?php foreach ($foundFiles as $f): ?> <li><?php echo htmlspecialchars($f); ?></li> <?php endforeach; ?> </ul> <?php if ($mode==='clean'): ?> <h3 class="ok">✅ Moved to quarantine:</h3> <ul> <?php foreach ($movedFiles as $m): ?> <li><?php echo htmlspecialchars($m); ?></li> <?php endforeach; ?> </ul> <p class="note">Quarantine folder: <?php echo htmlspecialchars($quarantineDir); ?></p> <?php endif; ?> <?php else: ?> <h3 class="ok">✅ No suspicious files found.</h3> <?php endif; ?> <?php endif; ?> </div> </body> </html>
Upload File
Create Folder