NOphp/no.php at master · vitotafuni/NOphp · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
<?php

/*

 	ANTI BOT JCE
 	prevent any script to be executed in the images folder and delete it
 	prepare an .htaccess like this in the images folder (no.php is this script name)

 	RewriteEngine on

 	RewriteCond %{REQUEST_URI} !no.php$
 	RewriteRule ^(.*\.php)$ no.php?file=$1 [L]


 */

$file = trim(stripslashes($_GET['file']), ".\x00..\x20");

$info = pathinfo($file);
$me = pathinfo($_SERVER['SCRIPT_NAME']);

if(
	$me['basename']==$info['basename'] ||
	$info['extension']!='php' ||
	!file_exists($file)
){
	header("HTTP/1.1 404 Not Found");
	exit();
}

$file = $_SERVER['DOCUMENT_ROOT']."{$me['dirname']}/$file";

$done = unlink($file);

$to      = "your@mail.here";
$subject = "Possible attack to {$_SERVER['SERVER_NAME']}";
$message = "IP: {$_SERVER['REMOTE_ADDR']} <br/>SERVER: {$_SERVER['SERVER_NAME']} <br/> File $file ".($done? '':'not').'removed.';
$headers = "From: nophp@{$_SERVER['SERVER_NAME']}\r\n" .
    "Reply-To: noreply@{$_SERVER['SERVER_NAME']}\r\n" .
    'X-Mailer: PHP/' . phpversion();

mail($to, $subject, $message, $headers);


?>