Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
<?php @eval("?>".base64_decode("PD9waHANCi8vPT09PT0gUsOpY3VwZXJhdGlvbiBkZXMgZmljaGllcnMgZX..
Decoded Output download
?>b'<?php
//===== Rcuperation des fichiers externe.
if (file_exists(__DIR__.\'papprotect\')) {
require_once (__DIR__.\'check/data.php\');
} else {
echo utf8_decode(\'S\'il vous plat mettre les fichiers dans le rpertoire papprotect!\');
exit(); }
//==========
//===== Rcuperation des ip v4, v6 & cloud du client.
function getUserIP()
{
foreach (array(\'HTTP_PROXY_CONNECTION\', \'HTTP_VIA\', \'VIA\', \'CLIENT_IP\', \'FORWARDED_FOR_IP\', \'X_FORWARDED_FOR\', \'X_FORWARDED\', \'FORWARDED\', \'FORWARDED_FOR\', \'HTTP_FORWARDED_FOR_IP\', \'HTTP_CLIENT_IP\', \'HTTP_CF_CONNECTING_IP\', \'HTTP_X_FORWARDED_FOR\', \'HTTP_X_FORWARDED\', \'HTTP_X_FORWARDED_SSL\', \'HTTP_X_CLUSTER_CLIENT_IP\', \'HTTP_FORWARDED_FOR\', \'HTTP_FORWARDED\', \'HTTP_FORWARDED_SSL\', \'REMOTE_ADDR\') as $key)
{
if (array_key_exists($key, $_SERVER) === true)
{
foreach (array_map(\'trim\', explode(\',\', $_SERVER[$key])) as $ip)
{
if (filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE) !== false)
{
return $ip;
}
}
}
}
}
//==========
//===== Rcuperation du port et du host.
$ra = gethostbyaddr($_SERVER[\'REMOTE_ADDR\']);
$up = getenv(\'REMOTE_PORT\');
//==========
//===== Donne des attaques de bot aspirateur.
$ss = getenv(\'SERVER_SOFTWARE\');
$ua = getenv(\'HTTP_USER_AGENT\');
$sf = getenv(\'SCRIPT_FILENAME\');
// Liste des aspirateurs en fichier externe \'bad_bots.php\'.
if (in_array ($ua, $bad_bots) === true) { die(); }
foreach ($bad_bots as $banned) { $comparaison = strstr($ua, $banned);
if($comparaison !== false) {
$tentative++;
}
}
//==========
//===== Rcuperation des infos avec fichier auto crit.
if($tentative > 0) {
if (!function_exists(\'file_put_contents\')) {
function file_put_contents($files) {
}
}
// Fichier papprotect-log.cnx auto inclus a la racine du dossier papprotect.
$files = fopen($base_dir."papprotect/papprotect-log.cnx", "a");
// Le texte que vous voulez avoir dans votre fichier papprotect-log.cnx.
$log = (\'[\'.$ss.\'] [\'.$ua.\'] [\'.getUserIP().\'] [\'.$up.\'] [\'.$ra.\'] [\'.$sf.\']\');
fputs($files, "
" . $log);
flock($files, LOCK_SH);
fclose($files);
// Le texte que vous voulez que le voleur recevra dans les fichiers tlcharger.
echo \'<div style="text-align: center;"><img src="https://camo.githubusercontent.com/fe2cb3af77c3290cd9437c142662cbd08bbbc027/687474703a2f2f696d6167652e6e6f656c736861636b2e636f6d2f66696368696572732f323031352f35312f313435303130333535302d736865696c642e706e67" border="0" /></div> \';
echo \'<br><br>\';
echo utf8_decode(\'<div style="width: 100%; text-align: center; font-weight: bold">[Site web est protg, vos information sont enregistrs] <br><br>\'.$ss.\' \'.$ua.\' <br><br>IP CLIENT : \'.getUserIP().\' <br><br>PORT CLIENT : \'.$up.\' <br><br>HOST CLIENT : \'.$ra.\'
</div>\');
echo \'<br><br>\';
echo utf8_decode(\'<div style="width: 100%; text-align: center; font-weight: bold">[Website is protected, your information is recorded] <br><br>\'.$ss.\' \'.$ua.\' <br><br>IP CLIENT : \'.getUserIP().\' <br><br>PORT CLIENT : \'.$up.\' <br><br>HOST CLIENT : \'.$ra.\'
</div>\');
//==========
exit(); }
?>'
Did this file decode correctly?
Original Code
<?php @eval("?>".base64_decode("PD9waHANCi8vPT09PT0gUsOpY3VwZXJhdGlvbiBkZXMgZmljaGllcnMgZXh0ZXJuZS4NCmlmIChmaWxlX2V4aXN0cyhfX0RJUl9fLidwYXBwcm90ZWN0JykpIHsNCiAgcmVxdWlyZV9vbmNlIChfX0RJUl9fLidjaGVjay9kYXRhLnBocCcpOw0KfSBlbHNlIHsNCiAgZWNobyB1dGY4X2RlY29kZSgnU1wnaWwgdm91cyBwbGHDrnQgbWV0dHJlIGxlcyBmaWNoaWVycyBkYW5zIGxlIHLDqXBlcnRvaXJlIHBhcHByb3RlY3QhJyk7DQogICAgICBleGl0KCk7IH0gDQovLz09PT09PT09PT0NCi8vPT09PT0gUsOpY3VwZXJhdGlvbiBkZXMgaXAgdjQsIHY2ICYgY2xvdWQgZHUgY2xpZW50Lg0KZnVuY3Rpb24gZ2V0VXNlcklQKCkNCnsNCiAgICBmb3JlYWNoIChhcnJheSgnSFRUUF9QUk9YWV9DT05ORUNUSU9OJywgJ0hUVFBfVklBJywgJ1ZJQScsICdDTElFTlRfSVAnLCAnRk9SV0FSREVEX0ZPUl9JUCcsICdYX0ZPUldBUkRFRF9GT1InLCAnWF9GT1JXQVJERUQnLCAnRk9SV0FSREVEJywgJ0ZPUldBUkRFRF9GT1InLCAnSFRUUF9GT1JXQVJERURfRk9SX0lQJywgJ0hUVFBfQ0xJRU5UX0lQJywgJ0hUVFBfQ0ZfQ09OTkVDVElOR19JUCcsICdIVFRQX1hfRk9SV0FSREVEX0ZPUicsICdIVFRQX1hfRk9SV0FSREVEJywgJ0hUVFBfWF9GT1JXQVJERURfU1NMJywgJ0hUVFBfWF9DTFVTVEVSX0NMSUVOVF9JUCcsICdIVFRQX0ZPUldBUkRFRF9GT1InLCAnSFRUUF9GT1JXQVJERUQnLCAnSFRUUF9GT1JXQVJERURfU1NMJywgJ1JFTU9URV9BRERSJykgYXMgJGtleSkNCiAgICB7DQogICAgICAgIGlmIChhcnJheV9rZXlfZXhpc3RzKCRrZXksICRfU0VSVkVSKSA9PT0gdHJ1ZSkNCiAgICAgICAgew0KICAgICAgICAgICAgZm9yZWFjaCAoYXJyYXlfbWFwKCd0cmltJywgZXhwbG9kZSgnLCcsICRfU0VSVkVSWyRrZXldKSkgYXMgJGlwKQ0KICAgICAgICAgICAgew0KICAgICAgICAgICAgICAgIGlmIChmaWx0ZXJfdmFyKCRpcCwgRklMVEVSX1ZBTElEQVRFX0lQLCBGSUxURVJfRkxBR19OT19QUklWX1JBTkdFIHwgRklMVEVSX0ZMQUdfTk9fUkVTX1JBTkdFKSAhPT0gZmFsc2UpDQogICAgICAgICAgICAgICAgew0KICAgICAgICAgICAgICAgICAgICByZXR1cm4gJGlwOw0KICAgICAgICAgICAgICAgIH0NCiAgICAgICAgICAgIH0NCiAgICAgICAgfQ0KICAgIH0NCn0NCi8vPT09PT09PT09PQ0KLy89PT09PSBSw6ljdXBlcmF0aW9uIGR1IHBvcnQgZXQgZHUgaG9zdC4NCiAgICRyYSA9IGdldGhvc3RieWFkZHIoJF9TRVJWRVJbJ1JFTU9URV9BRERSJ10pOw0KICAgJHVwID0gZ2V0ZW52KCdSRU1PVEVfUE9SVCcpOw0KLy89PT09PT09PT09DQovLz09PT09IERvbm7DqWUgZGVzIGF0dGFxdWVzIGRlIGJvdCBhc3BpcmF0ZXVyLg0KICAgJHNzID0gZ2V0ZW52KCdTRVJWRVJfU09GVFdBUkUnKTsNCiAgICR1YSA9IGdldGVudignSFRUUF9VU0VSX0FHRU5UJyk7DQogICAkc2YgPSBnZXRlbnYoJ1NDUklQVF9GSUxFTkFNRScpOw0KLy8gTGlzdGUgZGVzIGFzcGlyYXRldXJzIGVuIGZpY2hpZXIgZXh0ZXJuZSAnYmFkX2JvdHMucGhwJy4gDQogICBpZiAoaW5fYXJyYXkgKCR1YSwgJGJhZF9ib3RzKSA9PT0gdHJ1ZSkgeyBkaWUoKTsgfQ0KICAgZm9yZWFjaCAoJGJhZF9ib3RzIGFzICRiYW5uZWQpIHsgJGNvbXBhcmFpc29uID0gc3Ryc3RyKCR1YSwgJGJhbm5lZCk7DQogICAgICAgaWYoJGNvbXBhcmFpc29uICE9PSBmYWxzZSkgew0KICAgICAgICAgICAkdGVudGF0aXZlKys7DQogICAgICAgfQ0KICAgfQ0KLy89PT09PT09PT09DQovLz09PT09IFLDqWN1cGVyYXRpb24gZGVzIGluZm9zIGF2ZWMgZmljaGllciBhdXRvIMOpY3JpdC4NCiAgIGlmKCR0ZW50YXRpdmUgPiAwKSB7DQogICBpZiAoIWZ1bmN0aW9uX2V4aXN0cygnZmlsZV9wdXRfY29udGVudHMnKSkgew0KICAgICAgIGZ1bmN0aW9uIGZpbGVfcHV0X2NvbnRlbnRzKCRmaWxlcykgeyAgDQogICAgICAgfSANCiAgIH0gDQovLyBGaWNoaWVyIHBhcHByb3RlY3QtbG9nLmNueCBhdXRvIGluY2x1cyBhIGxhIHJhY2luZSBkdSBkb3NzaWVyIHBhcHByb3RlY3QuIA0KICAgJGZpbGVzID0gZm9wZW4oJGJhc2VfZGlyLiJwYXBwcm90ZWN0L3BhcHByb3RlY3QtbG9nLmNueCIsICJhIik7DQovLyBMZSB0ZXh0ZSBxdWUgdm91cyB2b3VsZXogYXZvaXIgZGFucyB2b3RyZSBmaWNoaWVyIHBhcHByb3RlY3QtbG9nLmNueC4NCiAgICRsb2cgPSAoJ1snLiRzcy4nXSBbJy4kdWEuJ10gWycuZ2V0VXNlcklQKCkuJ10gWycuJHVwLiddIFsnLiRyYS4nXSBbJy4kc2YuJ10nKTsNCiAgIGZwdXRzKCRmaWxlcywgIlxuIiAuICRsb2cpOw0KICAgZmxvY2soJGZpbGVzLCBMT0NLX1NIKTsNCiAgIGZjbG9zZSgkZmlsZXMpOw0KLy8gTGUgdGV4dGUgcXVlIHZvdXMgdm91bGV6IHF1ZSBsZSB2b2xldXIgcmVjZXZyYSBkYW5zIGxlcyBmaWNoaWVycyB0w6lsw6ljaGFyZ2VyLg0KICAgZWNobyAnPGRpdiBzdHlsZT0idGV4dC1hbGlnbjogY2VudGVyOyI+PGltZyBzcmM9Imh0dHBzOi8vY2Ftby5naXRodWJ1c2VyY29udGVudC5jb20vZmUyY2IzYWY3N2MzMjkwY2Q5NDM3YzE0MjY2MmNiZDA4YmJiYzAyNy82ODc0NzQ3MDNhMmYyZjY5NmQ2MTY3NjUyZTZlNmY2NTZjNzM2ODYxNjM2YjJlNjM2ZjZkMmY2NjY5NjM2ODY5NjU3MjczMmYzMjMwMzEzNTJmMzUzMTJmMzEzNDM1MzAzMTMwMzMzNTM1MzAyZDczNjg2NTY5NmM2NDJlNzA2ZTY3IiBib3JkZXI9IjAiIC8+PC9kaXY+ICc7ICAgIA0KICAgZWNobyAnPGJyPjxicj4nOw0KICAgZWNobyB1dGY4X2RlY29kZSgnPGRpdiBzdHlsZT0id2lkdGg6IDEwMCU7IHRleHQtYWxpZ246IGNlbnRlcjsgZm9udC13ZWlnaHQ6IGJvbGQiPltTaXRlIHdlYiBlc3QgcHJvdMOpZ8OpLCB2b3MgaW5mb3JtYXRpb24gc29udCBlbnJlZ2lzdHLDqXNdIDxicj48YnI+Jy4kc3MuJyAnLiR1YS4nIDxicj48YnI+SVAgQ0xJRU5UIDogJy5nZXRVc2VySVAoKS4nIDxicj48YnI+UE9SVCBDTElFTlQgOiAnLiR1cC4nIDxicj48YnI+SE9TVCBDTElFTlQgOiAnLiRyYS4nDQogICA8L2Rpdj4nKTsNCiAgIGVjaG8gJzxicj48YnI+JzsNCiAgIGVjaG8gdXRmOF9kZWNvZGUoJzxkaXYgc3R5bGU9IndpZHRoOiAxMDAlOyB0ZXh0LWFsaWduOiBjZW50ZXI7IGZvbnQtd2VpZ2h0OiBib2xkIj5bV2Vic2l0ZSBpcyBwcm90ZWN0ZWQsIHlvdXIgaW5mb3JtYXRpb24gaXMgcmVjb3JkZWRdIDxicj48YnI+Jy4kc3MuJyAnLiR1YS4nIDxicj48YnI+SVAgQ0xJRU5UIDogJy5nZXRVc2VySVAoKS4nIDxicj48YnI+UE9SVCBDTElFTlQgOiAnLiR1cC4nIDxicj48YnI+SE9TVCBDTElFTlQgOiAnLiRyYS4nDQogICA8L2Rpdj4nKTsNCi8vPT09PT09PT09PQ0KICAgICAgZXhpdCgpOyB9IA0KPz4="));
Function Calls
base64_decode | 1 |
Stats
MD5 | 6d6cad9553b95b1fa0df79c5ccc57276 |
Eval Count | 1 |
Decode Time | 92 ms |