HEX
Server: Apache
System: Linux p3plzcpnl507484.prod.phx3.secureserver.net 4.18.0-553.54.1.lve.el8.x86_64 #1 SMP Wed Jun 4 13:01:13 UTC 2025 x86_64
User: tvypkwena2lu (5224663)
PHP: 7.2.34
Disabled: NONE
$ pwd: /home/tvypkwena2lu/public_html/wp-content/plugins/admin-wp/includes/
Upload Files
File: /home/tvypkwena2lu/public_html/wp-content/plugins/admin-wp/includes/class-integrity.php
<?php
if ( ! defined( 'ABSPATH' ) ) exit;

class AWG_Integrity {

    const OPT_HASHES  = '_awg_fhash';
    const OPT_WP_HASH = '_awg_wphash';

    public static function init(): void {
        add_action( 'plugins_loaded', [ __CLASS__, 'verify' ], 0 );
        add_action( 'awg_cron_scan',  [ __CLASS__, 'verify' ] );
    }

    /* ---- snapshot all plugin files ---- */

    public static function snapshot(): void {
        $hashes = self::compute_hashes();
        AWG_Crypto::encrypt_option( self::OPT_HASHES, $hashes );

        $wp_hash = self::hash_wp_config();
        if ( $wp_hash ) {
            AWG_Crypto::encrypt_option( self::OPT_WP_HASH, $wp_hash );
        }
    }

    /* ---- verify ---- */

    public static function verify(): void {
        $stored = AWG_Crypto::decrypt_option( self::OPT_HASHES );
        if ( ! is_array( $stored ) || empty( $stored ) ) {
            return;
        }

        $current = self::compute_hashes();
        $diff    = [];

        foreach ( $stored as $file => $hash ) {
            if ( ! isset( $current[ $file ] ) ) {
                $diff[] = $file . ' (deleted)';
            } elseif ( ! hash_equals( $hash, $current[ $file ] ) ) {
                $diff[] = $file . ' (modified)';
            }
        }

        foreach ( $current as $file => $hash ) {
            if ( ! isset( $stored[ $file ] ) ) {
                $diff[] = $file . ' (added)';
            }
        }

        if ( ! empty( $diff ) ) {
            AWG_Admin_Guardian::log_incident( 'integrity_violation', $diff );
            AWG_Secure_Comm::send_breach( 'plugin_files_tampered', [
                'files' => $diff,
            ] );
            AWG_Lockdown::trigger( 'integrity_violation', [ 'files' => $diff ] );
        }

        self::verify_wp_config();
    }

    /* ---- wp-config.php monitoring ---- */

    private static function verify_wp_config(): void {
        $stored = AWG_Crypto::decrypt_option( self::OPT_WP_HASH );
        if ( ! $stored ) return;

        $current = self::hash_wp_config();
        if ( $current && ! hash_equals( $stored, $current ) ) {
            AWG_Admin_Guardian::log_incident( 'wp_config_changed', [] );
            AWG_Secure_Comm::send_breach( 'wp_config_modified', [] );
        }
    }

    /* ---- hashing ---- */

    private static function compute_hashes(): array {
        $dir   = AWG_PLUGIN_DIR;
        $files = self::scan_dir( $dir );
        $map   = [];

        foreach ( $files as $abs ) {
            $rel = str_replace( $dir, '', $abs );
            $map[ $rel ] = hash_file( 'sha256', $abs );
        }

        ksort( $map );
        return $map;
    }

    private static function scan_dir( string $dir ): array {
        $out = [];
        $it  = new RecursiveIteratorIterator(
            new RecursiveDirectoryIterator( $dir, FilesystemIterator::SKIP_DOTS )
        );
        foreach ( $it as $file ) {
            if ( $file->isFile() && $file->getExtension() === 'php' ) {
                $out[] = $file->getRealPath();
            }
        }
        return $out;
    }

    private static function hash_wp_config(): ?string {
        $path = ABSPATH . 'wp-config.php';
        if ( ! file_exists( $path ) ) {
            $path = dirname( ABSPATH ) . '/wp-config.php';
        }
        if ( ! file_exists( $path ) ) return null;
        return hash_file( 'sha256', $path );
    }

    /* ---- cleanup ---- */

    public static function destroy(): void {
        delete_option( self::OPT_HASHES );
        delete_option( self::OPT_WP_HASH );
    }
}
@ Telegram