php iframe_remove.php [path-to-scan] * * * This work is distributed within the terms of * creative commons attribution-share alike 2.0 germany * * See http://creativecommons.org/licenses/by-sa/2.0/ for more information * * @author Bernd Holzmueller * @revision 01 * @license http://creativecommons.org/licenses/by-sa/2.0/de/ Creative Commons Attribution-Share Alike 2.0 Germany * @homepage http://oss.tiggerswelt.net/iframe_remove.php * @copyright Copyright © 2008 tiggersWelt.net */ // Do not search files bigger than this define ("MAX_FILESIZE", 1024 * 500); // 500 KB // {{{ myScanDir /** * Scan a given directories for bad includes * * @param string $d Directory to scan * * @access public * @return void */ function myScanDir ($d) { // Open Handle on directory if (!($D = @dir ($d))) return; // Read entries from directory while ($f = $D->read ()) { // Check wheter to scan a file here if (is_file ($d . "/" . $f) && !(($d == ".") && ($f == basename ($_SERVER ["PHP_SELF"])))) { // Check Size-limitations if ((($fs = filesize ($d . "/" . $f)) > MAX_FILESIZE) || ($fs < 1)) continue; // Try to open the file if (!($fp = @fopen ($d . "/" . $f, "r"))) { print "Could not open " . $d . "/" . $f . "\n"; continue; } // Read the whole file into memory $buf = fread ($fp, $fs); fclose ($fp); // Search for encoded "http://" - no one serious would do this if (($p = strpos ($buf, "http")) === false) continue; // Report when found print "Found infected file $d/$f... "; $Found = false; // Search deeper ^^ while (($p = strpos ($buf, "