例
1、产生一张png的图片
2、为图片设置背景色
3、设置字体颜色和样式
4、产生4位数的随机的验证码
5、把产生的每个字符调整旋转角度和位置画到png图片上
6、加入噪点和干扰线防止注册机器分析原图片来恶意注册
7、输出图片
8、释放图片所占内存
authcode.php文件
代码
代码如下 | 复制代码 |
<?php session_start (); header ( 'Content-type: image/png' ); //创建图片 $im = imagecreate($x=130,$y=45 ); $bg = imagecolorallocate($im,rand(50,200),rand(0,155),rand(0,155)); //第一次对 imagecolorallocate() 的调用会给基于调色板的图像填充背景色 $fontColor = imageColorAllocate ( $im, 255, 255, 255 ); //字体颜色 $fontstyle = 'rock.ttf'; //字体样式,这个可以从c:windowsFonts文件夹下找到,我把它放到和authcode.php文件同一个目录,这里可以替换其他的字体样式 //产生随机字符 for($i = 0; $i < 4; $i ++) { $randAsciiNumArray = array (rand(48,57),rand(65,90)); $randAsciiNum = $randAsciiNumArray [rand ( 0, 1 )]; $randStr = chr ( $randAsciiNum ); imagettftext($im,30,rand(0,20)-rand(0,25),5+$i*30,rand(30,35),$fontColor,$fontstyle,$randStr); $authcode .= $randStr; } $_SESSION['authcode'] = $randFourStr;//用户和用户输入的验证码做比较 //干扰线 for ($i=0;$i<8;$i++){ $lineColor = imagecolorallocate($im,rand(0,255),rand(0,255),rand(0,255)); imageline ($im,rand(0,$x),0,rand(0,$x),$y,$lineColor); } //干扰点 for ($i=0;$i<250;$i++){ imagesetpixel($im,rand(0,$x),rand(0,$y),$fontColor); } imagepng($im); imagedestroy($im); ?> |
例2
•新建一个PHP文件captcha_code_file.php
代码如下 | 复制代码 |
//首先开启session 显示验证码页面index.php <?php |
例3
带有雪花背景的验证码
代码如下 | 复制代码 |
<?session_start();?>
//昨晚看到了chianren上的验证码效果,就考虑了一下,用PHP的GD库完成了类似功能
//$HTTP_SESSION_VARS[login_check_number] = strval(mt_rand("1111","9999")); //生成4位的随机数,放入session中
$aimg = imageCreate($img_height,$img_width); //生成图片
//下面该生成雪花背景了,其实就是在图片上生成一些符号
//上面生成了背景,现在就该把已经生成的随机数放上来了。道理和上面差不多,随机数1个1个地放,同时让他们的位置、大小、颜色都用成随机数~~ ?> |
代码如下 | 复制代码 |
<?php /********************** php扫描后门 **********************/ error_reporting(E_ERROR); ini_set('max_execution_time',20000); ini_set('memory_limit','512M'); header("content-Type: text/html; charset=gb2312"); $matches = array( '/function\_exists\s*\(\s*[\'|\"](popen|exec|proc\_open|system|passthru)+[\'|\"]\s*\)/i', '/(exec|shell\_exec|system|passthru)+\s*\(\s*\$\_(\w+)\[(.*)\]\s*\)/i', '/((udp|tcp)\:\/\/(.*)\;)+/i', '/preg\_replace\s*\((.*)\/e(.*)\,\s*\$\_(.*)\,(.*)\)/i', '/preg\_replace\s*\((.*)\(base64\_decode\(\$/i', '/(eval|assert|include|require|include\_once|require\_once)+\s*\(\s*(base64\_decode|str\_rot13|gz(\w+)|file\_(\w+)\_contents|(.*)php\:\/\/input)+/i', '/(eval|assert|include|require|include\_once|require\_once|array\_map|array\_walk)+\s*\(\s*\$\_(GET|POST|REQUEST|COOKIE|SERVER|SESSION)+\[(.*)\]\s*\)/i', '/eval\s*\(\s*\(\s*\$\$(\w+)/i', '/(include|require|include\_once|require\_once)+\s*\(\s*[\'|\"](\w+)\.(jpg|gif|ico|bmp|png|txt|zip|rar|htm|css|js)+[\'|\"]\s*\)/i', '/\$\_(\w+)(.*)(eval|assert|include|require|include\_once|require\_once)+\s*\(\s*\$(\w+)\s*\)/i', '/\(\s*\$\_FILES\[(.*)\]\[(.*)\]\s*\,\s*\$\_(GET|POST|REQUEST|FILES)+\[(.*)\]\[(.*)\]\s*\)/i', '/(fopen|fwrite|fputs|file\_put\_contents)+\s*\((.*)\$\_(GET|POST|REQUEST|COOKIE|SERVER)+\[(.*)\](.*)\)/i', '/echo\s*curl\_exec\s*\(\s*\$(\w+)\s*\)/i', '/new com\s*\(\s*[\'|\"]shell(.*)[\'|\"]\s*\)/i', '/\$(.*)\s*\((.*)\/e(.*)\,\s*\$\_(.*)\,(.*)\)/i', '/\$\_\=(.*)\$\_/i', '/\$\_(GET|POST|REQUEST|COOKIE|SERVER)+\[(.*)\]\(\s*\$(.*)\)/i', '/\$(\w+)\s*\(\s*\$\_(GET|POST|REQUEST|COOKIE|SERVER)+\[(.*)\]\s*\)/i', '/\$(\w+)\(\$\{(.*)\}/i' ); function antivirus($dir,$exs,$matches) { if(($handle = @opendir($dir)) == NULL) return false; while(false !== ($name = readdir($handle))) { if($name == '.' || $name == '..') continue; $path = $dir.$name; if(is_dir($path)) { if(is_readable($path)) antivirus($path.'/',$exs,$matches); } elseif(strpos($name,';') > -1 || strpos($name,'%00') > -1 || strpos($name,'/') > -1) { echo '<p>特征 <input type="text" style="width:218px;" value="解析漏洞"> '.$path.'</p>'; flush(); ob_flush(); } else { if(!preg_match($exs,$name)) continue; if(filesize($path) > 10000000) continue; $fp = fopen($path,'r'); $code = fread($fp,filesize($path)); fclose($fp); if(empty($code)) continue; foreach($matches as $matche) { $array = array(); preg_match($matche,$code,$array); if(!$array) continue; if(strpos($array[0],"\x24\x74\x68\x69\x73\x2d\x3e")) continue; $len = strlen($array[0]); if($len > 10 && $len < 1500) { echo '<p>特征 <input type="text" style="width:218px;" value="'.htmlspecialchars($array[0]).'"> '.$path.'</p>'; flush(); ob_flush(); break; } } unset($code,$array); } } closedir($handle); return true; } function strdir($str) { return str_replace(array('\\','//','//'),array('/','/','/'),chop($str)); } echo '<form method="POST">'; echo '<p>路径: <input type="text" name="dir" value="'.($_POST['dir'] ? strdir($_POST['dir'].'/') : strdir($_SERVER['DOCUMENT_ROOT'].'/')).'" style="width:398px;"></p>'; echo '<p>后缀: <input type="text" name="exs" value="'.($_POST['exs'] ? $_POST['exs'] : '.php|.inc|.phtml').'" style="width:398px;"></p>'; echo '<p>操作: <input type="submit" style="width:80px;" value="scan"></p>'; echo '</form>'; if(file_exists($_POST['dir']) && $_POST['exs']) { $dir = strdir($_POST['dir'].'/'); $exs = '/('.str_replace('.','\\.',$_POST['exs']).')/i'; echo antivirus($dir,$exs,$matches) ? '<p>扫描完毕</p>' : '<p>扫描中断</p>'; } ?> |
在网站的登陆和注册的时候,经常会用到验证码来防止别人用机械暴力注册或登陆,加上验证码这样一定程度上让网站安全很多,下面是一个比较简单的验证码生成,同时给session赋值。
代码如下 | 复制代码 |
<?php //逐行炫耀背景,全屏用1或0 //设置字体大小 //设置印上去的文字 //获取第1个随机文字 //获取第2个随机文字 //获取第3个随机文字 //获取第4个随机文字 //将显示的数组赋值给session //写入随机字串 |
代码如下 | 复制代码 |
$_COOKIE = addslashes_deep($_COOKIE); function addslashes_deep($value) |
在linux中我们可以使用命令来搜查木马文件,到代码安装目录执行下面命令
代码如下 | 复制代码 |
find ./ -iname "*.php" | xargs grep -H -n "eval(base64_decode" |
搜出来接近100条结果,这个结果列表很重要,木马都在里面,要一个一个文件打开验证是否是木马,如果是,马上删除掉
最后找到10个木马文件,存放在各种目录,都是php webshell,功能很齐全,用base64编码
如果你在windows中查找目录直接使用windows文件搜索就可以了,可以搜索eval或最近修改文件,然后如果是dedecms我们要查看最新dedecms漏洞呀然后修补。
下面给个php木马查找工具,直接放到你站点根目录
代码如下 | 复制代码 |
<?php /**************PHP Web木马扫描器************************/ /* [+] 作者: alibaba */ /* [+] QQ: 1499281192 * www.111cn.net/ /* [+] MSN: weeming21@hotmail.com */ /* [+] 首发: t00ls.net , 转载请注明t00ls */ /* [+] 版本: v1.0 */ /* [+] 功能: web版php木马扫描工具*/ /* [+] 注意: 扫描出来的文件并不一定就是后门, */ /* 请自行判断、审核、对比原文件。*/ /* 如果你不确定扫出来的文件是否为后门,*/ /* 欢迎你把该文件发给我进行分析。*/ /*******************************************************/ ob_start(); set_time_limit(0); $username = "t00ls"; //设置用户名 $password = "t00ls"; //设置密码 $md5 = md5(md5($username).md5($password)); $version = "PHP Web木马扫描器v1.0";
PHP Web 木马扫描器 $realpath = realpath('./'); $selfpath = $_SERVER['PHP_SELF']; $selfpath = substr($selfpath, 0, strrpos($selfpath,'/')); define('REALPATH', str_replace('//','/',str_replace('\','/',substr($realpath, 0, strlen($realpath) - strlen($selfpath))))); define('MYFILE', basename(__FILE__)); define('MYPATH', str_replace('\', '/', dirname(__FILE__)).'/'); define('MYFULLPATH', str_replace('\', '/', (__FILE__))); define('HOST', "http://".$_SERVER['HTTP_HOST']); ?> <html> <head> <title><?php echo $version?></title> <meta http-equiv="Content-Type" content="text/html; charset=gb2312" /> <style> body{margin:0px;} body,td{font: 12px Arial,Tahoma;line-height: 16px;} a {color: #00f;text-decoration:underline;} a:hover{color: #f00;text-decoration:none;} .alt1 td{border-top:1px solid #fff;border-bottom:1px solid #ddd;background:#f1f1f1;padding:5px 10px 5px 5px;} .alt2 td{border-top:1px solid #fff;border-bottom:1px solid #ddd;background:#f9f9f9;padding:5px 10px 5px 5px;} .focus td{border-top:1px solid #fff;border-bottom:1px solid #ddd;background:#ffffaa;padding:5px 10px 5px 5px;} .head td{border-top:1px solid #fff;border-bottom:1px solid #ddd;background:#e9e9e9;padding:5px 10px 5px 5px;font-weight:bold;} .head td span{font-weight:normal;} </style> </head> <body> <?php if(!(isset($_COOKIE['t00ls']) && $_COOKIE['t00ls'] == $md5) && !(isset($_POST['username']) && isset($_POST['password']) && (md5(md5($_POST['username']).md5($_POST['password']))==$md5))) { echo '<form id="frmlogin" name="frmlogin" method="post" action="">用户名: <input type="text" name="username" id="username" /> 密码: <input type="password" name="password" id="password" /> <input type="submit" name="btnLogin" id="btnLogin" value="登陆" /></form>'; } elseif(isset($_POST['username']) && isset($_POST['password']) && (md5(md5($_POST['username']).md5($_POST['password']))==$md5)) { setcookie("t00ls", $md5, time()+60*60*24*365,"/"); echo "登陆成功!"; header( 'refresh: 1; url='.MYFILE.'?action=scan' ); exit(); } else { setcookie("t00ls", $md5, time()+60*60*24*365,"/"); $setting = getSetting(); $action = isset($_GET['action'])?$_GET['action']:"";
if($action=="logout") { setcookie ("t00ls", "", time() - 3600); Header("Location: ".MYFILE); exit(); } if($action=="download" && isset($_GET['file']) && trim($_GET['file'])!="") { $file = $_GET['file']; ob_clean(); if (@file_exists($file)) { header("Content-type: application/octet-stream"); header("Content-Disposition: filename="".basename($file)."""); echo file_get_contents($file); } exit(); } ?> <table border="0" cellpadding="0" cellspacing="0" width="100%"> <tbody><tr class="head"> <td><?php echo $_SERVER['SERVER_ADDR']?><span style="float: right; font-weight:bold;"><?php echo "<a href='http://www.t00ls.net/'>$version</a>"?></span></td> </tr> <tr class="alt1"> <td><span style="float: right;"><?=date("Y-m-d H:i:s",mktime())?></span> <a href="?action=scan">扫描</a> | <a href="?action=setting">设定</a> | <a href="?action=logout">登出</a> </td> </tr> </tbody></table> <br> <?php if($action=="setting") { if(isset($_POST['btnsetting'])) { $Ssetting = array(); $Ssetting['user']=isset($_POST['checkuser'])?$_POST['checkuser']:"php | php? | phtml"; $Ssetting['all']=isset($_POST['checkall'])&&$_POST['checkall']=="on"?1:0; $Ssetting['hta']=isset($_POST['checkhta'])&&$_POST['checkhta']=="on"?1:0; setcookie("t00ls_s", base64_encode(serialize($Ssetting)), time()+60*60*24*365,"/"); echo "设置完成!"; header( 'refresh: 1; url='.MYFILE.'?action=setting' ); exit(); } ?> <form name="frmSetting" method="post" action="?action=setting"> <FIELDSET style="width:400px"> <LEGEND>扫描设定</LEGEND> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td width="60">文件后缀:</td> <td width="300"><input type="text" name="checkuser" id="checkuser" style="width:300px;" value="<?php echo $setting['user']?>"></td> </tr> <tr> <td><label for="checkall">所有文件</label></td> <td><input type="checkbox" name="checkall" id="checkall" <?php if($setting['all']==1) echo "checked"?>></td> </tr> <tr> <td><label for="checkhta">设置文件</label></td> <td><input type="checkbox" name="checkhta" id="checkhta" <?php if($setting['hta']==1) echo "checked"?>></td> </tr> <tr> <td> </td> <td> <input type="submit" name="btnsetting" id="btnsetting" value="提交"> </td> </tr> </table> </fieldset> </form> <?php } else { $dir = isset($_POST['path'])?$_POST['path']:MYPATH; $dir = substr($dir,-1)!="/"?$dir."/":$dir; ?> <form name="frmScan" method="post" action=""> <table width="100%%" border="0" cellspacing="0" cellpadding="0"> <tr> <td width="35" style="vertical-align:middle; padding-left:5px;">扫描路径:</td> <td width="690"> <input type="text" name="path" id="path" style="width:600px" value="<?php echo $dir?>"> <input type="submit" name="btnScan" id="btnScan" value="开始扫描"></td> </tr> </table> </form> <?php if(isset($_POST['btnScan'])) { $start=mktime(); $is_user = array(); $is_ext = ""; $list = "";
if(trim($setting['user'])!="") { $is_user = explode("|",$setting['user']); if(count($is_user)>0) { foreach($is_user as $key=>$value) $is_user[$key]=trim(str_replace("?","(.)",$value)); $is_ext = "(.".implode("($|.))|(.",$is_user)."($|.))"; } } if($setting['hta']==1) { $is_hta=1; $is_ext = strlen($is_ext)>0?$is_ext."|":$is_ext; $is_ext.="(^.htaccess$)"; } if($setting['all']==1 || (strlen($is_ext)==0 && $setting['hta']==0)) { $is_ext="(.+)"; }
$php_code = getCode(); if(!is_readable($dir)) $dir = MYPATH; $count=$scanned=0; scan($dir,$is_ext); $end=mktime(); $spent = ($end - $start); ?> <div style="padding:10px; background-color:#ccc">扫描: <?php echo $scanned?> 文件| 发现: <?php echo $count?> 可疑文件| 耗时: <?php echo $spent?> 秒</div> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr class="head"> <td width="15" align="center">No.</td> <td width="48%">文件</td> <td width="12%">更新时间</td> <td width="10%">原因</td> <td width="20%">特征</td> <td>动作</td> </tr> <?php echo $list?> </table> <?php } } } ob_flush(); ?> </body> </html> <?php function scan($path = '.',$is_ext){ global $php_code,$count,$scanned,$list; $ignore = array('.', '..' ); $replace=array(" ","n","r","t"); $dh = @opendir( $path );
while(false!==($file=readdir($dh))){ if( !in_array( $file, $ignore ) ){ if( is_dir( "$path$file" ) ){ scan("$path$file/",$is_ext); } else { $current = $path.$file; if(MYFULLPATH==$current) continue; if(!preg_match("/$is_ext/i",$file)) continue; if(is_readable($current)) { $scanned++; $content=file_get_contents($current); $content= str_replace($replace,"",$content); foreach($php_code as $key => $value) { if(preg_match("/$value/i",$content)) { $count++; $j = $count % 2 + 1; $filetime = date('Y-m-d H:i:s',filemtime($current)); $reason = explode("->",$key); $url = str_replace(REALPATH,HOST,$current); preg_match("/$value/i",$content,$arr); $list.=" <tr class='alt$j' onmouseover='this.className="focus";' onmouseout='this.className="alt$j";'> <td>$count</td> <td><a href='$url' target='_blank'>$current</a></td> <td>$filetime</td> <td><font color=red>$reason[0]</font></td> <td><font color=#090>$reason[1]</font></td> <td><a href='?action=download&file=$current' target='_blank'>下载</a></td> </tr>"; //echo $key . "-" . $path . $file ."(" . $arr[0] . ")" ."<br />"; //echo $path . $file ."<br />"; break; } } } } } } closedir( $dh ); } function getSetting() { $Ssetting = array(); if(isset($_COOKIE['t00ls_s'])) { $Ssetting = unserialize(base64_decode($_COOKIE['t00ls_s'])); $Ssetting['user']=isset($Ssetting['user'])?$Ssetting['user']:"php | php? | phtml | shtml"; $Ssetting['all']=isset($Ssetting['all'])?intval($Ssetting['all']):0; $Ssetting['hta']=isset($Ssetting['hta'])?intval($Ssetting['hta']):1; } else { $Ssetting['user']="php | php? | phtml | shtml"; $Ssetting['all']=0; $Ssetting['hta']=1; setcookie("t00ls_s", base64_encode(serialize($Ssetting)), time()+60*60*24*365,"/"); } return $Ssetting; } function getCode() { return array( '后门特征->cha88.cn'=>'cha88.cn', '后门特征->c99shell'=>'c99shell', '后门特征->phpspy'=>'phpspy', '后门特征->Scanners'=>'Scanners', '后门特征->cmd.php'=>'cmd.php', '后门特征->str_rot13'=>'str_rot13', '后门特征->webshell'=>'webshell', '后门特征->EgY_SpIdEr'=>'EgY_SpIdEr', '后门特征->tools88.com'=>'tools88.com', '后门特征->SECFORCE'=>'SECFORCE', '后门特征->eval("?>'=>'eval(('|")?>', '可疑代码特征->system('=>'system(', '可疑代码特征->passthru('=>'passthru(', '可疑代码特征->shell_exec('=>'shell_exec(', '可疑代码特征->exec('=>'exec(', '可疑代码特征->popen('=>'popen(', '可疑代码特征->proc_open'=>'proc_open', '可疑代码特征->eval($'=>'eval(('|"|s*)\$', '可疑代码特征->assert($'=>'assert(('|"|s*)\$', '危险MYSQL代码->returns string soname'=>'returnsstringsoname', '危险MYSQL代码->into outfile'=>'intooutfile', '危险MYSQL代码->load_file'=>'select(s+)(.*)load_file', '加密后门特征->eval(gzinflate('=>'eval(gzinflate(', '加密后门特征->eval(base64_decode('=>'eval(base64_decode(', '加密后门特征->eval(gzuncompress('=>'eval(gzuncompress(', '加密后门特征->eval(gzdecode('=>'eval(gzdecode(', '加密后门特征->eval(str_rot13('=>'eval(str_rot13(', '加密后门特征->gzuncompress(base64_decode('=>'gzuncompress(base64_decode(', '加密后门特征->base64_decode(gzuncompress('=>'base64_decode(gzuncompress(', '一句话后门特征->eval($_'=>'eval(('|"|s*)\$_(POST|GET|REQUEST|COOKIE)', '一句话后门特征->assert($_'=>'assert(('|"|s*)\$_(POST|GET|REQUEST|COOKIE)', '一句话后门特征->require($_'=>'require(('|"|s*)\$_(POST|GET|REQUEST|COOKIE)', '一句话后门特征->require_once($_'=>'require_once(('|"|s*)\$_(POST|GET|REQUEST|COOKIE)', '一句话后门特征->include($_'=>'include(('|"|s*)\$_(POST|GET|REQUEST|COOKIE)', '一句话后门特征->include_once($_'=>'include_once(('|"|s*)\$_(POST|GET|REQUEST|COOKIE)', '一句话后门特征->call_user_func("assert"'=>'call_user_func(("|')assert("|')', '一句话后门特征->call_user_func($_'=>'call_user_func(('|"|s*)\$_(POST|GET|REQUEST|COOKIE)', '一句话后门特征->$_POST/GET/REQUEST/COOKIE[?]($_POST/GET/REQUEST/COOKIE[?]'=>'$_(POST|GET|REQUEST|COOKIE)[([^]]+)](('|"|s*)\$_(POST|GET|REQUEST|COOKIE)[', '一句话后门特征->echo(file_get_contents($_POST/GET/REQUEST/COOKIE'=>'echo(file_get_contents(('|"|s*)\$_(POST|GET|REQUEST|COOKIE)', '上传后门特征->file_put_contents($_POST/GET/REQUEST/COOKIE,$_POST/GET/REQUEST/COOKIE'=>'file_put_contents(('|"|s*)\$_(POST|GET|REQUEST|COOKIE)[([^]]+)],('|"|s*)\$_(POST|GET|REQUEST|COOKIE)', '上传后门特征->fputs(fopen("?","w"),$_POST/GET/REQUEST/COOKIE['=>'fputs(fopen((.+),('|")w('|")),('|"|s*)\$_(POST|GET|REQUEST|COOKIE)[', '.htaccess插马特征->SetHandler application/x-httpd-php'=>'SetHandlerapplication/x-httpd-php', '.htaccess插马特征->php_value auto_prepend_file'=>'php_valueauto_prepend_file', '.htaccess插马特征->php_value auto_append_file'=>'php_valueauto_append_file' ); } ?> |