将可疑文件上传服务器,c# 服务器上传木马监控代码(包含可疑文件)

using system;

using system.io;

using system.threading;

using system.windows.forms;

using system.net;

namespace trojanmonitor

{

public partial class form1 : form

{

public form1()

{

initializecomponent();

}

delegate void settextcallback(string text);

private string fname,code,emailkey,ip;

private thread thr;

private void fsw_changed(object sender, filesystemeventargs e)

{//文件改动监控(包含了新增)

fname = e.name;

thr = new thread(new threadstart(chkfile));

thr.isbackground = true;

thr.start();

}

private void fsw_renamed(object sender, renamedeventargs e)

{//重命名监控

fname = e.name;

thr = new thread(new threadstart(chkfile));

thr.isbackground = true;

thr.start();

}

private void chkfile(){

string filename = fname;

string content="",filepath=fsw.path+@"\"+filename,filename="",hzhui="";

filename = path.getfilename(filename);

hzhui = path.getextension(filename).tolower();

if (hzhui == ".asp" || hzhui == ".aspx" || hzhui == ".php" || hzhui == ".jpg" || hzhui == ".gif")

{

try{

if (isfileinuse(filename)) { system.threading.thread.sleep(2000); chkfile(); }

streamreader sr = new streamreader(filepath);

content = sr.readtoend();

sr.close();

if (chkcontent(content)){

try{

string bakpath = application.startuppath + @"\trojanmonitorbak",

logfile = bakpath + @"\log" + datetime.today.toshortdatestring() + ".dat",

newfile = bakpath + @"\" + datetime.today.toshortdatestring() + @"\",

newfilepath = newfile + datetime.now.hour.tostring() + "点" + datetime.now.minute.tostring() + "分" + datetime.now.second.tostring() + "秒" + datetime.now.millisecond.tostring() + "毫秒-" + filename;

if (!directory.exists(bakpath)) { directory.createdirectory(bakpath); }

if (!directory.exists(newfile)) { directory.createdirectory(newfile);}

if (file.exists(newfilepath)){file.delete(newfilepath);}

file.move(filepath,newfilepath);

string str = "[" + datetime.now + "] 发现可疑文件: [" + filepath + "] to [" + newfilepath + "]";

addtiem(str);

streamwriter sw = file.appendtext(logfile);

sw.writeline(str + " \r\n");//写入日志

sw.flush();

sw.close();

sw.dispose();

downurl("http://www.cqeh.com/mail/?emailsubject=发现可疑文件(" + ip + ")&emailkey=" + emailkey + "&sendhtml=[" + ip + "][" + datetime.now + "] 发现可疑文件: [" + filepath + "]");//发送email

sw = file.appendtext(filepath);

sw.writeline("此文件检测到有可疑问题！请联系管理员！");

sw.flush();

sw.close();

sw.dispose();

}

catch (exception ex) { addtiem(ex.tostring()); }

}

}

catch (exception ex) { addtiem(ex.tostring()); }

}

}

private string downurl(string url){

webclient client = new webclient();

string result=client.downloadstring(url);

return result;

}

private void addtiem(string text){

if (this.lb.invokerequired){

settextcallback d = new settextcallback(addtiem);

this.invoke(d, new object[] { text });

} else {

this.lb.items.add(text);

}

}

private bool chkcontent(string content)

{

bool returnval = false;

string[] sarray = code.tolower().split('|');

content = content.tolower();

foreach (string i in sarray)

{

if (content.indexof(i)>-1){returnval=true;break;}

}

return returnval;

}

private void form1_load(object sender, eventargs e){

ip = dns.gethostentry(environment.machinename).addresslist[0].tostring();

string config = file.readalltext(application.startuppath + "//monitorpath.ini");//获取监控路径 d:\wwwroot

try{

code = downurl("http://www.cqeh.com/txt/trojan.txt");

//获取木马特征库

filepath.text = config;

fsw.path = config;

emailkey = downurl("http://www.cqeh.com/txt/trojanemailkey.txt");

//获取发送email许可key;

this.showintaskbar=false;

this.visible = false;

}

catch (exception ex){

messagebox.show("错误：" + ex.message, "无法启动程序!", messageboxbuttons.ok); application.exit();

}

finally { }

}

bool isfileinuse(string filename){//判断文件是否使用中

bool inuse = true;

if (file.exists(filename)){

filestream fs = null;

try{fs = new filestream(filename, filemode.open, fileaccess.read,fileshare.none);inuse = false;}

catch{}finally{if (fs != null)fs.close();}

return inuse;

}else{return false;}

}

private void notifyicon1_mousedoubleclick(object sender, mouseeventargs e)

{

this.visible = true;

this.windowstate = formwindowstate.normal;

this.showintaskbar = true;

}

private void form1_resize(object sender, eventargs e)

{

if (this.windowstate == formwindowstate.minimized){

this.showintaskbar = false;

this.visible = false;

}

}

private void 退出系统toolstripmenuitem_click_1(object sender, eventargs e){

application.exit();

}

private void 显示窗口toolstripmenuitem_click(object sender, eventargs e){

this.visible = true;

this.windowstate = formwindowstate.normal;

this.showintaskbar = true;

}

private void form1_formclosing(object sender, formclosingeventargs e){

this.showintaskbar = false;

this.visible = false;

e.cancel = true;

}

}

}

源码包下载