Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Whitelist #3

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

Whitelist #3

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
c32078f
Added a White List to exclude some known files from check
May 11, 2015
d54f90a
Added an example in whitelist file
desmonet May 11, 2015
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
42 changes: 33 additions & 9 deletions phpMalCodeScanner.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,12 +8,15 @@
Author URI: http://www.mikestowe.com
Credits: Based on the idea of Er. Rochak Chauhan (http://www.rochakchauhan.com/), rewritten for use with a cron job
License: GPL-2
*/

Modified on May 11 2015
Added exclude file list
*/

// Set to your email:
define('SEND_EMAIL_ALERTS_TO','[email protected]');

// Set to your email, and exclude files path:
define('SEND_EMAIL_ALERTS_TO','[email protected]');
define('EXCLUDE', '/var/www/html/whitelist');

############################################ START CLASS

Expand All @@ -22,13 +25,19 @@ class phpMalCodeScan {

public $infected_files = array();
private $scanned_files = array();


public $excluded_files = array();
function __construct() {
$this->readexclude(EXCLUDE);

$this->scan(dirname(__FILE__));
$this->sendalert();
}

function readexclude($excludefile) {
$tmp_array = file($excludefile);
$this->excluded_files = array_map('trim',$tmp_array);
}

function scan($dir) {
$this->scanned_files[] = $dir;
Expand All @@ -37,9 +46,8 @@ function scan($dir) {
if(!is_array($files)) {
throw new Exception('Unable to scan directory ' . $dir . '. Please make sure proper permissions have been set.');
}

foreach($files as $file) {
if(is_file($dir.'/'.$file) && !in_array($dir.'/'.$file,$this->scanned_files)) {
if(is_file($dir.'/'.$file) && !in_array($dir.'/'.$file,$this->scanned_files) && !in_array($dir.'/'.$file,$this->excluded_files)) {
$this->check(file_get_contents($dir.'/'.$file),$dir.'/'.$file);
} elseif(is_dir($dir.'/'.$file) && substr($file,0,1) != '.') {
$this->scan($dir.'/'.$file);
Expand All @@ -58,12 +66,28 @@ function check($contents,$file) {

function sendalert() {
if(count($this->infected_files) != 0) {
$message = "== MALICIOUS CODE FOUND == \n\n";
$hostname = php_uname('n');
$message = "== MALICIOUS CODE FOUND ON $hostname == \n\n";
$message .= "The following files appear to be infected: \n";
foreach($this->infected_files as $inf) {
$message .= " - $inf \n";
}
mail(SEND_EMAIL_ALERTS_TO,'Malicious Code Found!',$message,'FROM:');
$message .= "\nThe following files have been excluded from check: \n";
foreach($this->excluded_files as $inf) {
$message .= " - $inf \n";
}
mail(SEND_EMAIL_ALERTS_TO," $hostname -- Malicious Code Found!",$message,'FROM:');
}
else{
$hostname = php_uname('n');
$message = "== CODE CLEAN ON $hostname == \n\n";

$message .= "The following files have been excluded from check: \n";
foreach($this->excluded_files as $inf) {
$message .= " - $inf \n";
}

mail(SEND_EMAIL_ALERTS_TO," $hostname -- Code clean!",$message,'FROM:');
}
}

Expand Down
1 change: 1 addition & 0 deletions whitelist
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
/var/www/html/wp-content/plugins/scss.inc.php
2 changes: 2 additions & 0 deletions wordpressMalScan.cron
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
#!/bin/sh
php /var/www/html/phpMalCodeScanner.php