MMCT TEAM
Server IP : 217.21.91.233  /  Your IP : 216.73.216.58
Web Server : LiteSpeed
System : Linux in-mum-web832.main-hosting.eu 4.18.0-553.34.1.lve.el8.x86_64 #1 SMP Thu Jan 9 16:30:32 UTC 2025 x86_64
User : u952924200 ( 952924200)
PHP Version : 8.2.27
Disable Function : system, exec, shell_exec, passthru, mysql_list_dbs, ini_alter, dl, symlink, link, chgrp, leak, popen, apache_child_terminate, virtual, mb_send_mail
MySQL : OFF  |  cURL : ON  |  WGET : ON  |  Perl : OFF  |  Python : ON
Directory (0755) :  /home/u952924200/domains/nadeemtravels.in/public_html/

[  Home  ][  C0mmand  ][  Upload File  ]

Current File : /home/u952924200/domains/nadeemtravels.in/public_html/scan.php
<?php
// scanner.php - Accurate PHP Malware Scanner (Skips Itself)
set_time_limit(0);

$startDir = __DIR__;
$selfFile = basename(__FILE__);

$suspiciousFunctions = [
    'eval',
    'base64_decode',
    'gzinflate',
    'str_rot13',
    'gzuncompress',
    'shell_exec',
    'exec',
    'system',
    'passthru',
    'popen',
    'proc_open',
    'assert',
    'preg_replace',
    'create_function'
];

// These patterns are stricter, matching actual function calls (e.g. eval(, base64_decode( etc.)
$obfuscatedPatterns = [
    '\beval\s*\(',                   // matches "eval("
    '\bbase64_decode\s*\(',
    '\bgzinflate\s*\(',
    '\bgzuncompress\s*\(',
    '\bstr_rot13\s*\(',
    '\bshell_exec\s*\(',
    '\bexec\s*\(',
    '\bsystem\s*\(',
    '\bpassthru\s*\(',
    '\bpopen\s*\(',
    '\bproc_open\s*\(',
    '\bassert\s*\(',
    '\bcreate_function\s*\(',
    'preg_replace\s*\(.*\/e.*',     // deprecated /e modifier
    '\$[a-zA-Z0-9_]+\s*=\s*["\']\\x' // hex obfuscation
];

function scanFile($file)
{
    global $obfuscatedPatterns;
    $contents = @file_get_contents($file);
    $found = [];

    foreach ($obfuscatedPatterns as $pattern) {
        if (preg_match('/' . $pattern . '/i', $contents)) {
            $found[] = "Matched Pattern: " . $pattern;
        }
    }

    return $found;
}

function scanDirRecursive($dir, $selfFile)
{
    $rii = new RecursiveIteratorIterator(new RecursiveDirectoryIterator($dir));
    $foundFiles = [];

    foreach ($rii as $file) {
        if ($file->isDir()) continue;

        $path = $file->getPathname();
        $filename = basename($path);

        if ($filename === $selfFile) continue;
        if (!preg_match('/\.php$/i', $filename)) continue;

        $results = scanFile($path);
        if (!empty($results)) {
            $foundFiles[$path] = $results;
        }
    }

    return $foundFiles;
}

// Run the scan
echo "<pre>";
echo "Scanning directory: $startDir\n";
echo "Skipping file: $selfFile\n";

$results = scanDirRecursive($startDir, $selfFile);

if (empty($results)) {
    echo "\n✅ No suspicious code found.\n";
} else {
    echo "\n⚠️ Suspicious code detected:\n";
    foreach ($results as $file => $flags) {
        echo "\nFile: $file\n";
        foreach ($flags as $flag) {
            echo "  -> $flag\n";
        }
    }
}
echo "</pre>";

MMCT - 2023