mohsinrasool · February 4, 2015 15:27 · earthcub · Dec 18, 2016
diff --git a/ftp-delete-files.php b/ftp-delete-files.php
 <?php
 /**
 *  This script deletes all the provided files from FTP server. 
 *
 *  Application: This script helps when server is being compromised and several malicious files has detected. Some common spams are 
 *  
 *  HG.PHP.Shell.25968.UNOFFICIAL
 *  JCDEF.Obfus.CreateFunc.BackDoorEval-23
 *  JCDEF.Obfus.CreateFunc.BackDoorEval-26
 *  JCDEF.Obfus.CreateFunc.BackDoorEval-21
 *  JCDEF.Obfus.CreateFunc.BackDoorEval-21
 *  JCDEF.Obfus.CreateFunc.BackDoorEval-25
 *
 *  It happend to one of my hosting on iPage
 *  
 */

 define('MAX_DELETES_PER_CYCLE',60);


 $conn_id = null;
 // set up a connection or die
 if(!empty($_POST['host'])) {
 	$ftp_server = $_POST['host'];
 	$conn_id = ftp_connect($ftp_server) or die("Couldn't connect to $ftp_server"); 
 }

 $log = '';

 if(!empty($_POST['username']) && !empty($_POST['password'])){

 	$ftp_user = $_POST['username'];
 	$ftp_pass = $_POST['password'];

 	if (@ftp_login($conn_id, $ftp_user, $ftp_pass)) {
 	    
 		if(!empty($_POST['filesToDelete'])) {
 			$files = explode("\n", $_POST['filesToDelete']);
 			$i = 0;
 			foreach ($files as $index => $file) {
 				$file = trim($file);

 				// if its a direcotry			
 				if(ftp_is_dir($conn_id, $file)) {
 					$log .= $file." is Directory"."<br/>";
 				}
 				else {
 					$size = ftp_size($conn_id, $file);
 					if($size == -1) {
 						$log .= "<em>".$file."</em> does not exist.<br/>";
 					}
 					else {
 						if(ftp_delete($conn_id, $file)) {
 							$log .= "<strong>".$file."</strong> Deleted ".$size."<br/>";
 							
 						}
 						else
 							$log .= "<em>".$file."</em>: could not delete.<br/>";
 					}
 						
 				}

 				// remove it... so it is not processed again.
 				unset($files[$index]);

 				if($i++ >= MAX_DELETES_PER_CYCLE)
 					break;
 			}

 		}

 	} else {
 	    echo "Couldn't connect as $ftp_user\n";
 	}

 }

 if($conn_id)
 	ftp_close($conn_id);  
 ?>
 <html>
 <body>
 	<form action="" method="post">
 		<p>
 			<strong>FTP details:</strong><br/>
 			<input type="text" name="host" placeholder="Host name or IP" value="<?php echo !empty($_POST['host']) ? $_POST['host']: ''; ?>" /> &nbsp;&nbsp;&nbsp;
 			<input type="text" name="username" placeholder="FTP Username" value="<?php echo !empty($_POST['username']) ? $_POST['username']: ''; ?>" /> &nbsp;&nbsp;&nbsp;
 			<input type="password" name="password" placeholder="Password" value="<?php echo !empty($_POST['password']) ? $_POST['password']: ''; ?>" />
 		</p>
 		<p>
 			<strong>Files to delete: (complete path of file, one at each line)</strong><br/>e.g. <em>/www/file-to-delete.php</em><br/>
 			<textarea name="filesToDelete" rows=20 cols=100><?php echo @implode("\n", $files) ?></textarea>
 		</p>
 		<input type="submit" value="- Submit -" />

 	</form>

 	<p>50 files will be deleted in each cycle and remaining will be filled up again in above area. You just need to re-submit it.</p>

 	<h2>Log</h2>

 	<?php echo $log; ?>
 </body>
 </html>

 <?php

 function ftp_is_dir($ftp, $dir) 
 { 
    $pushd = ftp_pwd($ftp);

    if ($pushd !== false && @ftp_chdir($ftp, $dir))
    {
        ftp_chdir($ftp, $pushd);   
        return true;
    }

    return false;

    // Directory does not exist 
    return false; 
 } 


 ?>