File: //malssh_scanner_whm/malssh_scanner_whm.php
<?php
//Small API
$api_task = trim($_REQUEST['api_task']);
switch ($api_task) {
case 'get_scanned_accts':
$list_scanned_acc = [];
foreach(json_decode($_REQUEST['data'],true) as $key => $value){
$report_file_path = str_ireplace('public_html','',$value['docroot']) . 'malssh_report.txt';
if(file_exists($report_file_path)){
$report_file_path_content = file($report_file_path);
foreach($report_file_path_content as $item => $val){
if(stripos($val,'Infected files') !== false){
$num_inf_files = (int) trim(substr($val,strpos($val,":") + 1));
if($num_inf_files > 0 ){
$list_scanned_acc[] = array($value['user'],$num_inf_files);
break;
} else {
$list_scanned_acc[] = array($value['user'],0);
break;
}
}
}
}
}
header('Content-type: application/json');
echo json_encode($list_scanned_acc);
exit;
break;
}
//End Small API
define('MALSSH_VERSION','1.8');
require_once('/usr/local/cpanel/php/WHM.php');
WHM::header('MalSSH Scanner <span style="float:right;font-size:50%">ver. '.MALSSH_VERSION.'</span>', 0, 0);
?>
<script type="text/javascript">
function loadCSS(filename){
var file = document.createElement("link");
file.setAttribute("rel", "stylesheet");
file.setAttribute("type", "text/css");
file.setAttribute("href", filename);
document.head.appendChild(file);
}
loadCSS("assets/semantic.min.css");
</script>
<div class="ui main container" id="container_main" style="margin-left:0!important; padding-left:0!important">
<?php
function MalSSH_PrintBackButton()
{
?>
<p><a href="javascript:history.back();" class="ui button">Back</a></p>
<?php
}
function MalSSH_ShowErrorMessage($text, $header = '')
{
?>
<div class="ui negative message">
<?php
echo $header != '' ? '<div class="header">'.$header.'</div>' : '';
?>
<p><?php echo $text; ?></p>
</div>
<?php
}
function MalSSH_ShowHeader($title, $style = 'large dividing')
{
?>
<div style="margin-top:20px" class="ui <?php echo $style; ?> header"><?php echo $title; ?></div>
<?php
}
function MalSSH_ShowLoader($title, $text)
{
?>
<div class="ui icon message" id="malssh_loader">
<i class="asterisk loading icon"></i>
<div class="content">
<div class="header">
<?php echo $title; ?>
</div>
<p><?php echo $text; ?></p>
</div>
</div>
<?php
}
function MalSSH_EditLicense(){
?>
<div class="ui two column centered grid">
<div class="column">
<div class="ui secondary segment">
<h2 class="ui dividing centered aligned header">Enter registration code</h2>
<form class="ui form" method="POST" action="<?php echo $_SERVER["PHP_SELF"];?>">
<label>New Serial Number</label>
<input type="text" name="code" placeholder="Your serial number"><br><br>
<input type="hidden" name="task" value="save_new_code">
<button class="ui green button" type="submit">Edit</button>
<a href="javascript:history.back();" class="ui right floated button">Cancel</a>
<form>
</div>
</div>
</div>
<?php
}
function MalSSH_HideLoader()
{
?>
<script>
document.getElementById("malssh_loader").style.display = "none";
</script>
<?php
}
$task = trim($_REQUEST['task']);
switch ($task) {
case 'check_for_updates':
echo 'Checking for updates... <br>';
echo 'MalSSH extension version is ' . MALSSH_VERSION . '<br>';
$latest_version = json_decode(file_get_contents('https://www.siteguarding.com/files/updateinfo/malssh_whm.json'),true)['version'];
echo 'Latest version is ' . $latest_version . '<br>';
if(version_compare(MALSSH_VERSION, $latest_version ) == -1){
?><a class="ui right floated blue tiny button" href="<?php echo $_SERVER['PHP_SELF'] . '?task=update_version'; ?>"><i class="arrow up icon"></i>Update</a><?php
} else {
echo 'You are using latest version!<br>';
echo '<br>';
echo '<br>';
}
MalSSH_PrintBackButton();
exit;
break;
case 'update_version':
chdir("/");
$upgrade_url = json_decode(file_get_contents('https://www.siteguarding.com/files/updateinfo/malssh_whm.json'),true)['upgrade_url'];
exec('wget -O malssh_scanner.zip ' . $upgrade_url);
$malssh_content = file('/usr/bin/malssh');
foreach($malssh_content as $value){
if(stripos($value,"define( 'LICENSE'") !== false){
eval($value);
break;
}
}
exec('unzip -o malssh_scanner.zip');
exec('chmod 777 /usr/bin/malssh');
exec('chmod 777 /usr/bin/malssh_tmp');
exec('/bin/cp -R -f ./malssh_scanner_cpanel/* /usr/local/cpanel/base/frontend/paper_lantern/malssh_scanner_cpanel');
exec('/bin/cp -R -f ./malssh_scanner_whm/* /usr/local/cpanel/whostmgr/docroot/cgi/malssh_scanner_whm');
$tmp_malssh_code = file_get_contents('/usr/bin/malssh_tmp');
$new_malssh_code = str_replace('{LICENSE_KEY}',LICENSE,$tmp_malssh_code);
file_put_contents('/usr/bin/malssh',$new_malssh_code);
exec('rm -rf /malssh_scanner_cpanel');
exec('rm -rf /malssh_scanner_whm');
exec('rm -f /malssh_scanner.sh');
exec('rm -r /malssh_scanner.zip');
echo "Updated!";
MalSSH_PrintBackButton();
exit;
break;
case 'scan_selected':
$selected_accounts = $_REQUEST['accnts'];
MalSSH_ShowLoader('Scan status', 'Scan is in progress.');
foreach($selected_accounts as $key => $value){
$account_info = explode('|',$selected_accounts[$key]);
$scan_path = $account_info[2];
$account_name = $account_info[0];
$account_email = $account_info[1];
$report_path = $scan_path . '/malssh_report.txt';
unlink($report_path);
$status = exec("(/usr/bin/malssh --scan='" . $scan_path . "' --report='" . $report_path . "' -o='file') >/dev/null 2>&1 &", $output);
if ($status === false)
{
MalSSH_ShowErrorMessage(implode("<br>", $output), 'PHP exec returned false');
} else {
$output = implode("<br>", $output);
if (strpos($output, "Error:") !== false) MalSSH_ShowErrorMessage($output, 'MalSSH module returned error status');
else {
//if (file_exists($report_path)) echo "<pre>" . file_get_contents( $report_path ) . "</pre>";
//else MalSSH_ShowErrorMessage("Report file is absent <b>".$report_file."</b> or account is never scanned before.", 'Report is absent');
$i = 0;
//20 minutes
while($i < 1200){
sleep(1);
echo ' ';
$i++;
if(file_exists($report_path)){
echo "<pre>" . file_get_contents( $report_path ) . "</pre>";
//MalSSH_HideLoader();
break;
}
}
}
}
echo ($key + 1) . "/" . count($selected_accounts);
}
MalSSH_HideLoader();
MalSSH_PrintBackButton();
exit;
break;
case 'see_latest_report':
$malssh_report_content = file_get_contents($_REQUEST['report_path']);
if($malssh_report_content) {
echo '<pre>' . $malssh_report_content . '</pre>';
$search_string_line = strlen('Infected files : ');
$start_search_position = stripos($malssh_report_content,'Infected files : ') + $search_string_line;
$end_search_position = strpos($malssh_report_content,' ',$start_search_position) - 5;
$number_inf_files = substr($malssh_report_content, $start_search_position, $end_search_position - $start_search_position);
if((int) $number_inf_files > 0 ){
?>
<a class="btn" style="background-color:red;color:white;" target="_blank" href="https://www.siteguarding.com/en/services/malware-removal-service">Clean</a>
<br>
<br>
<?php
}
} else {
echo '<br>Not scanned yet.<br><br>' ;
}
MalSSH_PrintBackButton();
exit;
break;
case 'save_new_code':
$tmp_malssh_code = file_get_contents('/usr/bin/malssh_tmp');
$new_malssh_code = str_replace('{LICENSE_KEY}',$_REQUEST['code'],$tmp_malssh_code);
file_put_contents('/usr/bin/malssh',$new_malssh_code);
echo "<h5 style='color:green;'>Registraion code has beed changed.</h5>";
break;
case 'edit_license':
MalSSH_EditLicense();
exit;
break;
case 'scan':
MalSSH_ShowHeader('Scan report');
MalSSH_ShowLoader('Scan status', 'Scan is in progress. Path: '.$_REQUEST['scan_path']);
$report_file = $_REQUEST['scan_path'] . "/malssh_report.txt";
//remove old report
unlink($report_file);
$status = exec("(/usr/bin/malssh --scan='" . $_REQUEST['scan_path'] . "' --report='" . $_REQUEST['scan_path'] . "/malssh_report.txt' -o='file') >/dev/null 2>&1 &",$output);
if ($status === false)
{
MalSSH_ShowErrorMessage(implode("<br>", $output), 'PHP exec returned false');
}
else {
$output = implode("<br>", $output);
if (strpos($output, "Error:") !== false) MalSSH_ShowErrorMessage($output, 'MalSSH module returned error status');
else {
$i = 0;
//20 minutes
while($i < 1200){
sleep(1);
echo ' ';
$i++;
if(file_exists($report_file)){
echo "<pre>" . file_get_contents( $report_file ) . "</pre>";
$report_text = file_get_contents($report_file);
$search_string_line = strlen('Infected files : ');
$start_search_position = stripos($report_text,'Infected files : ') + $search_string_line;
$end_search_position = strpos($report_text,' ',$start_search_position) - 5;
$number_inf_files = substr($report_text, $start_search_position, $end_search_position - $start_search_position);
if((int) $number_inf_files > 0 ){
?>
<a class="btn" style="background-color:red;color:white;" target="_blank" href="https://www.siteguarding.com/en/services/malware-removal-service">Clean</a>
<br>
<br>
<?php
}
MalSSH_HideLoader();
break;
}
}
}
}
MalSSH_PrintBackButton();
exit;
break;
case 'save_code':
if (isset($_REQUEST['code']) && !empty($_REQUEST['code'])) {
$content = file_get_contents('/usr/bin/malssh');
$new_line = "define( 'LICENSE', '" . $_REQUEST['code'] . "');";
file_put_contents('/usr/bin/malssh', str_replace("define( 'LICENSE', '{LICENSE_KEY}');", $new_line, $content));
}
break;
case 'save_options':
file_put_contents('settings', json_encode($_REQUEST));
$period = [1 => '0 0 * * * ', 2 => '0 0 * * 0 ', 3 => '0 015 * * ', 4 => '0 0 1 * * '];
if (isset($_REQUEST['cron']) && trim($_REQUEST['cron']) == "on") {
if (check_cron_task()) {
//edit cron
$crons = file("/var/spool/cron/root");
foreach ($crons as $key => $value) {
if (stripos($crons[$key], 'malssh_cron_executor.php') !== false) {
$crons[$key] = $period[$_REQUEST['period']] . '/usr/bin/php /usr/local/cpanel/whostmgr/docroot/cgi/malssh_scanner_whm/malssh_cron_executor.php' . PHP_EOL;
}
}
$crons_tmp = implode("", $crons);
file_put_contents("/var/spool/cron/root", $crons_tmp);
} else {
//add cron
file_put_contents("/var/spool/cron/root", $period[$_REQUEST['period']] . '/usr/bin/php /usr/local/cpanel/whostmgr/docroot/cgi/malssh_scanner_whm/malssh_cron_executor.php' . PHP_EOL, FILE_APPEND);
}
} else {
if (check_cron_task()) {
//remove cron
$crons = file("/var/spool/cron/root");
foreach ($crons as $key => $value) {
if (stripos($crons[$key], 'malssh_cron_executor.php') !== false) {
unset($crons[$key]);
}
}
$crons_tmp = implode("", $crons);
file_put_contents("/var/spool/cron/root", $crons_tmp);
}
}
break;
}
$content = file('/usr/bin/malssh');
foreach ($content as $v) {
if (strpos($v, 'LICENSE') !== false) {
eval($v);
break;
}
}
if(strpos(LICENSE,'{LICENSE_KEY}') !== false){
?>
<div class="ui two column centered grid">
<div class="column">
<div class="ui secondary segment">
<h2 class="ui dividing centered aligned header">Enter registration code</h2>
<form class="ui form" method="POST" action="<?php echo $_SERVER["PHP_SELF"];?>">
<label>Serial Number</label>
<input type="text" name="code" placeholder="Your serial number"><br><br>
<input type="hidden" name="task" value="save_code">
<button class="ui green button" type="submit">Save</button>
<a class="ui right floated button" href="https://www.siteguarding.com/en/signup?server=1" target="_blank">Get your serial</a>
</form>
<div class="ui center aligned basic segment" style="padding-bottom:0">
<a href="https://www.siteguarding.com/en/malssh-manual" target="_blank">Get more information about MalSSH</a>
</div>
</div>
</div>
</div>
<?php
} else {
//get settings
$settings = '';
if(file_exists("settings")){
$settings = file_get_contents("settings");
}
$actual_link = (isset($_SERVER['HTTPS']) ? "https" : "http") . '://' . $_SERVER['HTTP_HOST']. ':' . $_SERVER['SERVER_PORT'] . $_SERVER['REQUEST_URI'];
$actual_link = explode('?',$actual_link );
$actual_link = $actual_link[0];
$api_link = str_replace('cgi/malssh_scanner_whm/malssh_scanner_whm.php', '',$actual_link);
$listaccts = $api_link . "json-api/listaccts?api.version=1";
$domaininfo = $api_link . "json-api/get_domain_info?api.version=1";
?>
<script type="text/javascript">
fetch('<?php echo $listaccts; ?>')
.then(function(response){
return response.json();
}).then(function(listaccts){
fetch('<?php echo $domaininfo; ?>')
.then(function(response2){
return response2.json();
}).then(function(domaininfo){
var list_acc = domaininfo.data.domains.filter(item => item.domain_type == "main").map(({docroot, user}) => ({docroot, user}));
fetch('<?php echo $actual_link; ?>' + '?api_task=get_scanned_accts&data=' + JSON.stringify(list_acc))
.then(function(response3){
return response3.json();
}).then(function(list_scan_accts){
var settings = '<?php echo $settings ?>';
if(settings != ''){
settings = JSON.parse(settings);
//regular scan
if(settings.cron != undefined){
document.getElementById("regular_scan").checked = true;
}
//scan repiod
if(settings.period != undefined){
document.getElementById("scan_repiod_" + settings.period).selected = true;
}
//send email to client
if(settings.send_client_email != undefined){
document.getElementById("send_email_client").checked = true;
}
//send email to admin
if(settings.send_admin_email != undefined){
document.getElementById("send_email_admin").checked = true;
}
//admin email
if(settings.admin_email != ''){
document.getElementById("admin_email").value = settings.admin_email;
}
}
var user_docroot = domaininfo.data.domains.filter(item => item.domain_type == "main");
var test = user_docroot.map(({docroot, user}) => ({docroot, user}));
var accts = listaccts.data.acct;
//start sort accts by acc name
var by_acc_name = accts.slice(0);
by_acc_name.sort(function(a,b) {
var x = a.user.toLowerCase();
var y = b.user.toLowerCase();
return x < y ? -1 : x > y ? 1 : 0;
});
//end sort accts by acc name
generate_options(user_docroot,by_acc_name,settings.accounts);
generate_manually_scan_content(user_docroot,by_acc_name,list_scan_accts);
})
})
});
function generate_manually_scan_content(user_docroot,accts,list_scan_accts){
var accts_lenght = accts.length;
var content = '';
for(var index=0, len = accts_lenght; index < len; ++index){
var flag_inf_accts = false;
var scan_path = user_docroot.find(item => item.user == accts[index].user).docroot.replace("/public_html","");
content += '<tr>';
content += '<td class="collapsing"><input type="checkbox" value="'+ accts[index].user +'|'+accts[index].email+'|'+scan_path+'" name="accnts[]"></td>';
content += '<td class="collapsing">' + accts[index].user + '</td>';
content += '<td class="collapsing">' + accts[index].email.replace(',','<br>') + '</td>';
content += '<td class="collapsing">' + scan_path + '</td>';
content += '<td class="center aligned collapsing">' + (accts[index].suspended ? '<span class="ui red horizontal label">Suspended</span>' : '<span class="ui green horizontal label">Not suspended</span>') + '</td>';
list_scan_accts.forEach(function(item,i,arr){
if(list_scan_accts[i][0] === accts[index].user){
flag_inf_accts = true;
if(list_scan_accts[i][1] > 0) {
content += '<td><span class="ui small red label">Infected</span><a href="'+ window.location.href + '?task=see_latest_report&report_path=' + scan_path + '/malssh_report.txt' +'"> Report</i></a> | <a target="_blank" href="https://www.siteguarding.com/en/services/malware-removal-service">Clean</a></td>';
} else {
content += '<td><span class="ui small green label">Clean</span><a href="'+ window.location.href + '?task=see_latest_report&report_path=' + scan_path + '/malssh_report.txt' +'"> Report</i></a></td>';
}
}
});
if(!flag_inf_accts) {
content += '<td>Never scanned before</td>';
}
content += '<td class="collapsing"><a class="ui small blue button" href="' + window.location.href + '?task=scan&user=' + accts[index].user + '&email=' + accts[index].email + '&scan_path=' + scan_path + '"><i class="crosshairs icon"></i> Scan</a></td>';
content += '</tr>';
}
var table = document.getElementById("manuallyscan");
table.insertAdjacentHTML("beforeend",content);
}
function generate_options(user_docroot,accts,selected_accts){
var accts_lenght = accts.length;
var content = '';
if(selected_accts != undefined){
var new_selected_accts = selected_accts.map(function (item){
return item.split('|')[0];
});
}
for(var index = 0, len = accts_lenght; index < len; ++index){
content += '<option ';
if(new_selected_accts != undefined && new_selected_accts.indexOf(accts[index].user) != -1){
content += 'selected';
}
content += ' value="' + accts[index].user + '|' + accts[index].email + '|' + user_docroot.find(item => item.user == accts[index].user).docroot.replace("/public_html","") + '">' + accts[index].user + '</option>';
}
var select = document.getElementById("accounts");
select.insertAdjacentHTML("afterbegin",content);
}
function StartScan(scan_path)
{
ShowLoader('Status', 'Scan is in progress. Path: '+scan_path);
}
function ShowLoader(h,t)
{
document.getElementById("container_main").style.display = "none";
document.getElementById("container_loader").style.display = "inline";
document.getElementById("loader_header").innerHTML = h;
document.getElementById("loader_text").innerHTML = t;
}
function selectAll(){
var elements = document.getElementsByName('accnts[]');
for(var i=0; i<elements.length; i++){
if(elements[i].type == 'checkbox'){
elements[i].checked = true;
}
}
}
function deselectAll(){
var elements = document.getElementsByName('accnts[]');
for(var i=0; i<elements.length; i++){
if(elements[i].type == 'checkbox'){
elements[i].checked = false;
}
}
}
</script>
<a class="ui right floated tiny button" href="<?php echo $_SERVER['PHP_SELF'] . '?task=check_for_updates'; ?>"><i class="redo alternate icon"></i>Check for Updates</a>
<a class="ui right floated tiny button" href="<?php echo $_SERVER['PHP_SELF'] . '?task=edit_license'; ?>"><i class="cogs icon"></i>License</a>
<a class="ui right floated tiny button" href="https://www.siteguarding.com/en/whm-cpanel-antivirus" target="_blank"><i class="info circle icon"></i>Help</a>
<?php
if(file_exists('update')){
$last_check_date = file_get_contents('update');
if((time() - $last_check_date) > 604800){
$update_info = json_decode(file_get_contents('https://www.siteguarding.com/files/updateinfo/malssh_whm.json'),true);
if($update_info['version'] !== MALSSH_VERSION){
?>
<a class="ui right floated blue tiny button" href="<?php echo $_SERVER['PHP_SELF'] . '?task=update_version'; ?>"><i class="arrow up icon"></i>Update</a>
<?php
}
}
} else {
file_put_contents('update',time());
$update_info = json_decode(file_get_contents('https://www.siteguarding.com/files/updateinfo/malssh_whm.json'),true);
if($update_info['version'] !== MALSSH_VERSION){
?>
<a class="ui right floated blue tiny button" href="<?php echo $_SERVER['PHP_SELF'] . '?task=update_version'; ?>"><i class="arrow up icon"></i>Update</a>
<?php
}
}
?>
<h2 class="ui dividing header">Sheduled scan</h2>
<form method="POST" action="<?php echo $_SERVER["PHP_SELF"];?>">
<table class="ui celled collapsing table form" id="crontable">
<tr>
<td style="text-align:right;">Regular scan?</td>
<td style="text-align:center;"><input id="regular_scan" type="checkbox" name="cron"></td>
</tr>
<tr>
<td style="text-align:right;">How often to scan?</td>
<td style="text-align:center;">
<select name="period" class="ui fluid dropdown">
<option id="scan_repiod_1" value="1" >every day</option>
<option id="scan_repiod_2" value="2" >every week</option>
<option id="scan_repiod_3" value="3" >two times per month</option>
<option id="scan_repiod_4" value="4" >once a month</option>
</select>
</td>
</tr>
<tr>
<td style="text-align:right;">Send an email to client if site is hacked?</td>
<td style="text-align:center;"><input id="send_email_client" type="checkbox" name="send_client_email"></td>
</tr>
<tr>
<td style="text-align:right;">Send an email to admin if site is hacked?</td>
<td style="text-align:center;"><input id="send_email_admin" type="checkbox" name="send_admin_email"></td>
</tr>
<tr>
<td style="text-align:right;">Admin email</td>
<td style="text-align:center;"><input id="admin_email" type="text" name="admin_email"></td>
</tr>
<tr>
<td colspan="2" style="text-align:left;">
<select id="accounts" multiple name="accounts[]" style="width:500px;height:400px;">
</select>
</td>
</tr>
</table>
<input type="hidden" name="task" value="save_options">
<b>Multiselect</b>. You can press <b>CTRL</b> and select multiple items.
<br/>
<br/>
<input class="ui button" type="submit" value="Save">
</form>
<br/>
<br/>
<div class="ui icon info mini message">
<i class="info icon"></i>
<div class="content">
<p>For more accurate scan use <a href="https://www.siteguarding.com/en/website-antivirus" target="_blank">https://www.siteguarding.com/en/website-antivirus</a> You will be able to check SQL records, blacklist status and files with heuristic logic algorithms.</p>
</div>
</div>
<h2 class="ui dividing header">Manual scan</h2>
<form method="POST" action="<?php echo $_SERVER["PHP_SELF"] . '?task=scan_selected';?>">
<div>
<input class="ui small button" type="button" onclick="selectAll();" value="Select All">
<input class="ui small button" type="button" onclick="deselectAll();" value="Deselect All">
<input class="ui small blue button" style="float:right;" type="submit" value="Scan Selected">
</div>
<table class="ui celled selectable table" id="manuallyscan">
<thead>
<tr>
<th></th>
<th>Username</th>
<th>Email</th>
<th>Scan folder</th>
<th>Account status</th>
<th>Latest report</th>
<th>Action</th>
</tr>
</thead>
</table>
</form>
<?php
}
?>
</div>
<div class="ui main container" id="container_loader" style="display:none;margin-left:0!important; padding-left:0!important">
<div class="ui icon message" id="malssh_loader">
<i class="asterisk loading icon"></i>
<div class="content">
<div class="header" id="loader_header">
</div>
<p id="loader_text"></p>
</div>
</div>
</div>
<?php
function check_cron_task(){
$crons = file_get_contents("/var/spool/cron/root");
if(stripos($crons,'malssh_cron_executor.php') !== false){
return true;
} else {
return false;
}
}
WHM::footer();
?>