Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

<?php //NinjaNetwork Firewall - V4R1ABLE - T13R $verininja = "=o7pDh4Dzvrcz7K9zJI..

Decoded Output download

?>b'<?php
//NinjaNetwork Firewall - V4R1ABLE - T13R
include("nnfconfig.php");
function sifrele($sifre){
$sifrele = md5($sifre);
$degis = str_replace("1", "z", $sifrele);
$degis2 = str_replace("2", "a", $degis);
$degis3 = str_replace("3", "o", $degis2);
$degis4 = str_replace("4", "m", $degis3);
$degis5 = str_replace("5", "f", $degis4);
$degis6 = str_replace("6", "n", $degis5);
$degis7 = str_replace("7", "z", $degis6);
$degis8 = str_replace("8", "q", $degis7);
$degis9 = str_replace("9", "l", $degis8);
$degis0 = str_replace("0", "e", $degis9);
return $degis0;
}

function cfban($ipaddr){
    $cfheaders = array(
        \'Content-Type: application/json\',
        \'X-Auth-Email: \'.$mailcf.\'\',
        \'X-Auth-Key: \'.$keycf.\'\'
    );
	$data = array(
		\'mode\' => \'block\',
		\'configuration\' => array(\'target\' => \'ip\', \'value\' => $ipaddr),
		\'notes\' => \'Banned on \'.date(\'Y-m-d H:i:s\').\' by NinjaNetwork\'
	);
	$json = json_encode($data);
	$ch = curl_init();
	curl_setopt($ch, CURLOPT_POSTFIELDS, $json);
	curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
	curl_setopt($ch, CURLOPT_HTTPHEADER, $cfheaders);
	curl_setopt($ch, CURLOPT_URL, \'https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules\');
	$return = curl_exec($ch);
	curl_close($ch);
	if ($return === false){
		return false;
	}else{
		$return = json_decode($return,true);
		if(isset($return[\'success\']) && $return[\'success\'] == true){
			return $return[\'result\'][\'id\'];
		}else{
			return false;
		}
	}
}

//UserAgent Kontrol
$useragent = $_SERVER["HTTP_USER_AGENT"];
if(empty($useragent)) {
exit;
}
$md5_useragent = sifrele($useragent);

//Ip
function GetIP(){
 if(getenv("HTTP_CLIENT_IP")) {
 $ip = getenv("HTTP_CLIENT_IP");
 } elseif(getenv("HTTP_X_FORWARDED_FOR")) {
 $ip = getenv("HTTP_X_FORWARDED_FOR");
 if (strstr($ip, \',\')) {
 $tmp = explode (\',\', $ip);
 $ip = trim($tmp[0]);
 }
 } else {
 $ip = getenv("REMOTE_ADDR");
 }
 return $ip;
}
$ip_adresi = GetIP();
$md5_ip = sifrele($ip_adresi);

//Tarih
date_default_timezone_set(\'Europe/Istanbul\');
$tarih = date(\'d.m.Y\');
$md5_tarih = sifrele($tarih);
$tarih_saat = date(\'d.m.Y H\');
$md5_tarih_saat = sifrele($tarih_saat);

//XML Kontrol
$getir = file_get_contents("nnfirewall/".$md5_tarih.".txt");
if(empty($getir)) {
$dosya = fopen(\'nnfirewall/\'.$md5_tarih.\'.txt\', \'w+\');
fwrite($dosya, \'\');
fclose($dosya);
}

//Arama Verileri
$tamveri = ("<".$md5_ip."_$md5_tarih_saat>");
$hamveri = ("</".$md5_ip."_$md5_tarih_saat>");


//Kii Kontrol
$getir_xml = file_get_contents("nnfirewall/".$md5_tarih.".txt");
preg_match_all("@".$tamveri."(.*?)".$hamveri."@si",$getir_xml,$veri);
$verisi = $veri[1][0];
if($verisi>29) {
echo \'<meta http-equiv="refresh" content="0;URL=\'.$mywebsiteurlx.\'/limit.php">\';
$getir_xml_f = file_get_contents("nnfirewall/".$md5_tarih."_f.txt");
preg_match_all("@".$tamveri."(.*?)".$hamveri."@si",$getir_xml_f,$veri_f);
$verisi_f = $veri_f[1][0];
if(empty($verisi_f)) {
$payl_f = $tamveri."1".$hamveri;
$dosyaf_f = fopen(\'nnfirewall/\'.$md5_tarih.\'_f.txt\', \'a+\');
fwrite($dosyaf_f, $payl_f);
fclose($dosyaf_f);
} else {
if($verisi_f>19) {
echo \'blocked\';
cfban($ip_adresi);
exit;
} else {
$sil_f = $tamveri.$verisi_f.$hamveri;
$str_f = str_replace($sil_f, "", $getir_xml_f);
$ekle_f = $verisi_f+1;
$b1_f = $str_f.$tamveri.$ekle_f.$hamveri;
$dosya_gc_f = fopen(\'nnfirewall/\'.$md5_tarih.\'_f.txt\', \'w+\');
fwrite($dosya_gc_f, $b1_f);
fclose($dosya_gc_f);
}
exit;
}
}


if(empty($verisi)) {
$payl = $tamveri."1".$hamveri;
$dosyaf = fopen(\'nnfirewall/\'.$md5_tarih.\'.txt\', \'a+\');
fwrite($dosyaf, $payl);
fclose($dosyaf);
} else {

$sil = $tamveri.$verisi.$hamveri;
$str = str_replace($sil, "", $getir_xml);
$ekle = $verisi+1;
$b1 = $str.$tamveri.$ekle.$hamveri;
$dosya_gc = fopen(\'nnfirewall/\'.$md5_tarih.\'.txt\', \'w+\');
fwrite($dosya_gc, $b1);
fclose($dosya_gc);

}
?>
'

Did this file decode correctly?

Original Code


 

<?php
//NinjaNetwork Firewall - V4R1ABLE - T13R
$verininja = "=o7pDh4Dzvrcz7K9zJIyPADtB0Qi3yv8DBdJoKZqSkakqahqWWNiPwllwC0el4qyvI8e6rE/ItHBGz/AlhvFamwrxlGhu2PRnZavRt5dxoQgHE0YDgey/qfXpH/7BfFyX7woKxwXwMwx0KG/2QiC8P";
$verikininja = "8IMtgmvMRTCrbWaueYX+6Du5iYmZztbiLE1pgXpSfz252bQEg4n0XOBBm9hnnu1glZNh6c3smpVlHgEGzNuzcTEerLWs493yyN6z6NJBa5mYvszP2MbnSjmVfUw5isl66gDHGesY5FBK8/hjHDbivX/HGcpfLKfpkFiYk6d82twYxgR63GzLUosdCeDtSWvVJVLOD5rNkkZ9GXCdZ+X2OO66NHE/lQS9c45u+nXZrVoWPojcIO2QX/V52tg3nxotr9y9W1FqMv2w6wDkNe+b3ycYR1gpQ92C0DzkPTFnufJZpUfh+4uJP60uk/+fyemjzK7TbRzurgGnNC1WujkNlKiWvtECIerJuVAVqeEi7HjEDZR+qHY92Woxma2WNYevYACX4I45HWHvJ8OhQMCxQXIECdY3ptQgvz5MPS3sVrUUXXmaMkrWHHx+9EOtF36n49XHyKlnf443DxF5AgQCJwbOdQ9HP/Wrl2IsP51489encXvnKjlX+4GQNJNrnt1JKfs7UBcIH0BpTF0hL8IKK5xyV/dbcaQib6zm84EO9XmLyUFrPDGuFQuCXdYSqy6RirNIaGD0q8YxmYrCsLoEwYMrIzTLi21CaFZ6kzR3rja+zvZ8zTeXQ1VfdObtDCbHRSblxUiO4HCNsYtB0i2wPAGri/W9ZZ0Zx5PAu8wgdisOEg3D240j/OGbXTc4fTe0O65fIaJQwdhgNZRwPxQ8YBd2yj2bPJ+Ecz8npdXfyhH/ACD4kNHv/VtE+Q18ZsWEC+3ArZoVcvsCzuSjHUtifd+e0rL142am5xAy+AgULO8ZH9v9iwdau6Wc2JM6zTZsz1IZ7mMdoIpTdaSGewefEslENsB+UdRf0iU2h0q3FqpOYMPDURG5nepERekj5GTnqZvk8fhsp7EpHPPmX66huXo58VtutDFZLBQ0kfWTpYXCIjaB/mafzwOCPA2MqKWa5k4UuFCVUtwOObIR0WeNX0AQN0Yuvl8XSFUW9RNN1/rmr4iks75d+3yMe6r2g0nLS3X/Kc2CYk6zea47eSIKMC0Oa8CX2lddzyqM1NwdBw6+J7GB+g0in3xn+075wp8bhSnINeunc4RP5pO4kneKjepsvhjA6J7cwx3fHTd+RHqjH6gTe6NT++WvRKaWlzXpfbbgCRJSOZvkMYPjev+pr2F+Qijvc8aBYGV4qkOHNrxTm5uoEH2zZzK2G7AW+4W+ppcTfgUvDAACvkZ9acvwTVkQYduWPAKrCLXHqPRHJeVy1lTWBQprG9KpuQizesBKoC/LFi9mgt2qEcaEnoahlyrRBwuVK9gOgQ18sikXzzOSPA95whgjvu1lgNImpj8YraV4BX+F0vo1EPn7OUD7jEsIrwNFvn0JP1PRRTmo/HOq92bWiJWFlLC48MHu+pAnJkIBBWI7K7LVQ47rDNrnL2lFWlmI0qSCJH5bA5IuSk06aQZKPDMi45Iv9zQqGfDeB5D5jRWz3gkU27mdKyb/EkhlrBmQ0Ek32JIfDXDOkIGQebbApZ5agxEVHybfNIVDXDMhwaBWrrBob9ClhQqgebrCpZt/V4fh1nWdQgPg5i8Mp0XVzgRuE8bcaY2TNbcgktCpc368tefs6ux5hSRInQpJhvkglTDrHsE4wlUQy00Tik2yNBU5HJHlUtDeqHYEc9oH8kr/wksgooD7HSXR2VVai6kvzMkroHr7osNnJe9O2o+qvL3FtzhYobu3Jt1kTbR+8afb2nl5ZHkygstGfUyg9RMCT76CBmUYKFlYK0k+ySEitNOTVyjLknN5PF4stUrbVrcin+JVgtBoPRFsbA";
eval(base64_decode("ZXZhbCgnPz4nLmd6dW5jb21wcmVzcyhnemluZmxhdGUoZ3ppbmZsYXRlKGJhc2U2NF9kZWNvZGUoc3RycmV2KCR2ZXJpbmluamEuJHZlcmlraW5pbmphKSkpKSkpOw=="));
?>

Function Calls

strrev 1
gzinflate 2
gzuncompress 1
base64_decode 2

Variables

$verininja =o7pDh4Dzvrcz7K9zJIyPADtB0Qi3yv8DBdJoKZqSkakqahqWWNiPwllwC0e..
$verikininja 8IMtgmvMRTCrbWaueYX+6Du5iYmZztbiLE1pgXpSfz252bQEg4n0XOBBm9hn..

Stats

MD5 5691685b2f384128cc3038d0cf13367e
Eval Count 2
Decode Time 45 ms