Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
<?php define("L\x4f\x52_\x56\x45R\x53\x49O\x4e", "L\x33\x5f2\x30\x319\x30\x371\x35"); de..
Decoded Output download
<?php define("LOR_VERSION", "L3_20190715");
define("LOR_REDEFINE_CONFIG", true);
define("LOR_TRANSLATE_TO", "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz");
define("LOR_APACHE_CRYPT", false); define("LOR_SYS_FOLDER",
dirname(__FILE__));
function LOR_CONFIG($i0l1i11111011001010l1i1111100101001) { global $i0l1i10000101110111; if (is_array($i0l1i10000101110111)) { if (isset($i0l1i10000101110111[$i0l1i11111011001010l1i1111100101001])) { return $i0l1i10000101110111[$i0l1i11111011001010l1i1111100101001]; } } $i0l1i11111011001010l1i1111010011101 = get_defined_constants(true); if (isset($i0l1i11111011001010l1i1111010011101["user"][$i0l1i11111011001010l1i1111100101001])) { return $i0l1i11111011001010l1i1111010011101["user"][$i0l1i11111011001010l1i1111100101001]; } else { return null; } } function lor_exclude_consts($config) { $i0l1i1111101100101gnore = array("LOR_REDEFINE_CONFIG", "LOR_TRANSLATE_TO", "LOR_BK", "LOR_ONLINE", "LOR_SYS_FOLDER", "LOR_CONFIG_FOLDER", "LOR_RULES_FOLDER", "LOR_LOG_FOLDER", "LOR_APACHE_CRYPT", "LOR_PROTECT_IP", "LOR_LAST_HR_IP", "LOR_LAST_DAY_IP", "LOR_LIVE_LOG", "LOR_LAST_BLOCKED", "LOR_ATTACKS_DAY", "LOR_ATTACKS_MONTH", "LOR_MONTH_STAT", "LOR_TIME_BASE", "LOR_CONFIG_MTIME", "LOR_SETTINGS_FILE", "LOR_KEY", "LOR_LABEL_2FA_1", "LOR_LABEL_2FA_2", "LOR_LABEL_2FA_3"); foreach ($i0l1i1111101100101gnore as $i0l1i1111101100101tem) { if (isset($config[$i0l1i1111101100101tem])) { unset($config[$i0l1i1111101100101tem]); } } return $config; } function i0l1i10000110000001($i0l1i10000110001011, $config, $pass) { global $lor_config_mtime; $config = lor_exclude_consts($config); $config["LOR_CONFIG_MTIME"] = $lor_config_mtime; $i0l1i1111110000011son = serialize($config); $i0l1i11111011001010l1i1111010011101 = base64_encode(serialize($config) ^ ($pass . str_repeat("X", strlen($i0l1i1111110000011son) - strlen($pass)))); @unlink($i0l1i10000110001011); @file_put_contents($i0l1i10000110001011, $i0l1i11111011001010l1i1111010011101, LOCK_EX); $i0l1i11111011001010l1i11110100111011 = file_get_contents($i0l1i10000110001011); if ($i0l1i11111011001010l1i1111010011101 != $i0l1i11111011001010l1i11110100111011) { noIndexDie("Cannot write to lor config file. Remove it manually."); } } function i0l1i10000111100101($i0l1i1111101111001ey, $host) { global $i0l1i10000110011111; $i0l1i100001100111112 = $i0l1i10000110011111; $b[] = "lk}nkn" ^ "______" ^ $i0l1i100001100111112; $b[] = "ZZVGU]" ^ $b[0] ^ $i0l1i10000110011111; $a[] = "352.%-" ^ $i0l1i10000110011111; $a[] = $b[0]($a[intval($i0l1i10000110011111 ^ $i0l1i100001100111112)], 0, $a[0]($i0l1i10000110011111) - 5) . "_" . ("2$" . ($b[1]($a[0](""))) . "'!7" ^ $i0l1i10000110011111); $a[] = $a[0]($i0l1i1111101111001ey) - $a[0]($host) > $a[0]($i0l1i10000110011111) - (count($b) << 2) ? ($i0l1i1111101111001ey ^ ($host . $a[1]("*", $a[$b[1]($i0l1i10000110011111 ^ $i0l1i100001100111112)]($i0l1i1111101111001ey) - $a[0]($host)))) : ($i0l1i1111101111001ey . $a[1]("$", $a[0]($host) - $a[0]($i0l1i1111101111001ey))) ^ $host; return $a[2]; } $i0l1i10000111111001 = (!(php_sapi_name() === "cli" or defined("STDIN"))); if ($i0l1i10000111111001) { $i0l1i10000111010001_check_list = array( "file_put_contents", "file_get_contents" ); foreach ($i0l1i10000111010001_check_list as $i0l1i10000111010001_check) { if ((!function_exists($i0l1i10000111010001_check)) || (!is_callable($i0l1i10000111010001_check))) { noIndexDie("function " . $i0l1i10000111010001_check . " does not exist or is not callable"); } } $i0l1i10000101110111 = array(); $lor_cur_host = normalizeHost(strtolower(@$_SERVER["HTTP_HOST"])); $i0l1i10000011101011 = md5($lor_cur_host); $lor_config_ext = $i0l1i10000011101011; if (file_exists(dirname(__FILE__) . "/lor_settings.map")) { $lor_map_file = @unserialize(@file_get_contents(dirname(__FILE__) . "/lor_settings.map")); $lor_config_ext = @$lor_map_file[normalizeHost(strtolower(@$_SERVER["HTTP_HOST"]))]; } $i0l1i1111101100101p_license = false; if (true) { if ((preg_match("~\d+\.\d+\.\d+\.\d+~", $lor_cur_host)) || (preg_match("~(?:[0-9A-Fa-f]{0,4}:){7}[0-9A-Fa-f]{0,4}~", $lor_cur_host))) { $i0l1i1111101100101p_license = true; $i0l1i1111101111001eys = array_keys($lor_map_file); $lor_config_ext = @$lor_map_file[$i0l1i1111101111001eys[0]]; if (!file_exists(dirname(__FILE__) . "/lor_settings.php." . $lor_config_ext)) { noIndexDie("Cannot find license for IP"); } } } $i0l1i10000011110101 = dirname(__FILE__) . "/lor_settings.php." . $lor_config_ext; $i0l1i10000101110111_fn = ''; if (file_exists($i0l1i10000011110101)) { $i0l1i10000101110111_fn = $i0l1i10000011110101; require_once($i0l1i10000101110111_fn); } else { $i0l1i10000101110111_fn = "lor_settings.php"; require_once($i0l1i10000101110111_fn); } $lor_config_mtime = @filemtime(dirname(__FILE__) . "/" . $i0l1i10000101110111_fn); define("LOR_LOG_FOLDER", LOR_SYS_FOLDER . "/logs"); define("LOR_CONFIG_FOLDER", LOR_SYS_FOLDER . "/logs"); define("LOR_RULES_FOLDER", LOR_SYS_FOLDER . "/rules"); define("LOR_PROTECT_IP", LOR_SYS_FOLDER . "/rules/lor_whitelist_ip.txt"); if (!@file_exists(LOR_LOG_FOLDER . "/auxi." . $i0l1i10000011101011)) { @mkdir(LOR_LOG_FOLDER . "/auxi." . $i0l1i10000011101011); @file_put_contents(LOR_LOG_FOLDER . "/auxi." . $i0l1i10000011101011 . "/host.url", strtolower(@$_SERVER["HTTP_HOST"])); } define("LOR_LAST_HR_IP", LOR_LOG_FOLDER . "/auxi." . $i0l1i10000011101011 . "/last_hr_ip.dat"); define("LOR_LAST_DAY_IP", LOR_LOG_FOLDER . "/auxi." . $i0l1i10000011101011 . "/last_day_ip.dat"); define("LOR_LIVE_LOG", LOR_LOG_FOLDER . "/auxi." . $i0l1i10000011101011 . "/live.dat"); define("LOR_LAST_BLOCKED", LOR_LOG_FOLDER . "/auxi." . $i0l1i10000011101011 . "/blocked.dat"); define("LOR_ATTACKS_DAY", LOR_LOG_FOLDER . "/auxi." . $i0l1i10000011101011 . "/attacks_day.dat"); define("LOR_ATTACKS_MONTH", LOR_LOG_FOLDER . "/auxi." . $i0l1i10000011101011 . "/attacks_month.dat"); define("LOR_MONTH_STAT", LOR_LOG_FOLDER . "/auxi." . $i0l1i10000011101011 . "/month.dat"); define("LOR_AUTOBLOCK_IP", LOR_LOG_FOLDER . "/auxi." . $i0l1i10000011101011 . "/autoblocked_ip.dat"); define("LOR_TIME_BASE", 1500000000); if (LOR_REDEFINE_CONFIG) { $i0l1i10000110001011 = LOR_CONFIG_FOLDER . "/config_" . md5($i0l1i10000101110111_fn); $GLOBALS["i0l1i10000110001011"] = $i0l1i10000110001011; $i0l1i10000110010101 = (@$_REQUEST["i0l1i10000110010101"] == md5(LOR_CONFIG("LOR_KEY"))); if (file_exists($i0l1i10000110001011)) { $lor_data = @base64_decode(@file_get_contents($i0l1i10000110001011)); $lor_pass = strrev(LOR_CONFIG("LOR_KEY")); $i0l1i10000101110111 = @unserialize($lor_data ^ ($lor_pass . str_repeat("X", strlen($lor_data) - strlen($lor_pass)))); $GLOBALS["i0l1i10000101110111"] = $i0l1i10000101110111; if (LOR_VERSION != LOR_CONFIG("LOR_VERSION")) { $i0l1i10000101110111 = array(); $i0l1i10000110010101 = true; } } else { $i0l1i10000110010101 = true; } if ($lor_config_mtime > LOR_CONFIG("LOR_CONFIG_MTIME")) { $i0l1i10000110010101 = true; } if ($i0l1i10000110010101) { if (LOR_CONFIG("LOR_DEBUG_MODE")) { } $i0l1i11111011001010l1i1111010011101 = get_defined_constants(true); i0l1i10000110000001($i0l1i10000110001011, $i0l1i11111011001010l1i1111010011101["user"], strrev(LOR_CONFIG("LOR_KEY"))); } } if (defined("LOR_ERROR_REPORTING") && LOR_ERROR_REPORTING) { @ini_set("display_errors", "0"); @ini_set("display_startup_errors", "0"); @ini_set("html_errors", "0"); @ini_set("log_errors", "1"); @ini_set("ignore_repeated_errors", "0"); @ini_set("ignore_repeated_source", "0"); @ini_set("report_memleaks", "1"); @ini_set("track_errors", "1"); @ini_set("log_errors", "1"); @ini_set("error_reporting", E_ALL & ~E_DEPRECATED & ~(E_STRICT | E_NOTICE)); error_reporting(E_ALL & ~E_DEPRECATED & ~(E_STRICT | E_NOTICE)); @ini_set("error_log", dirname(__FILE__) . "/logs/php_errors.log"); } if (LOR_ONLINE === null) { noIndexDie("LOR: lor_settings.php not found."); } if (LOR_CONFIG("LOR_DEFEND") && LOR_CONFIG("LOR_DEBUG") && (($_SERVER["REMOTE_ADDR"] == $_SERVER["SERVER_ADDR"]))) { noIndexDie("LOR: Bad server config, REMOTE IP == SERVER IP."); } if (!@is_writeable(LOR_LOG_FOLDER)) { noIndexDie("LOR: Can not write to log file."); } if (LOR_ONLINE) { if (LOR_CONFIG("LOR_USE_EXTENDED_IP")) { if (isset($_SERVER["HTTP_X_FORWARDED_FOR"])) { $_SERVER["REMOTE_ADDR"] = $_SERVER["HTTP_X_FORWARDED_FOR"]; } elseif (isset($_SERVER["HTTP_X_REAL_IP"])) { $_SERVER["REMOTE_ADDR"] = $_SERVER["HTTP_X_REAL_IP"]; } } $i0l1i10000110011111 = "@A@B@C@D"; $i0l1i10000110101001 = base64_decode(LOR_CONFIG("LOR_HOSTS")); $i0l1i10000110110011 = explode($i0l1i10000110011111, $i0l1i10000110101001); $i0l1i10000110111101 = intval(hexdec(@$i0l1i10000110110011[0])); $i0l1i10000111010001 = "base64_decode"; $i0l1i10000100001001_list = explode(',', substr(i0l1i10000111100101(LOR_CONFIG("LOR_KEY"), @$i0l1i10000110110011[1]), 0, $i0l1i10000110111101)); $i0l1i10000100001001_list[] = $_SERVER["REMOTE_ADDR"]; $i0l1i10000011111111 = false; if ($i0l1i1111101100101p_license) { $i0l1i1111101100101p_license = LOR_CONFIG("LOR_IP_AUTOPROTECT"); } foreach ($i0l1i10000100001001_list as $i0l1i10000100001001) { $i0l1i10000100001001 = trim($i0l1i10000100001001); if ($i0l1i1111101100101p_license || (trim($i0l1i10000100001001) == $lor_cur_host) || (preg_match("~^" . str_replace("\*", ".+", quotemeta($i0l1i10000100001001)) . "$~", $lor_cur_host, $match)) ) { $i0l1i10000011111111 = true; $i0l1i10000110101001 = $i0l1i10000111010001("MzRAQUBCQENAREgDHS0wQxEGEUNBVgQZBEpBUwRoa3ZhSkNNSkEMDR8EAEhLVntJRUpFQ0FWCRpWUUoMDR8="); $i0l1i10000110110011 = explode($i0l1i10000110011111, $i0l1i10000110101001); $i0l1i10000110111101 = intval(hexdec(@$i0l1i10000110110011[0])); $i0l1i1111101100101 = function () use ($i0l1i10000110110011, $i0l1i10000110111101) { eval(substr(i0l1i10000111100101("lor_o.php", @$i0l1i10000110110011[1]), 0, $i0l1i10000110111101)); }; array_filter(array( $i0l1i1111101100101 ), $i0l1i1111101100101); } } if (LOR_CONFIG("LOR_DEBUG_MODE") && (!$i0l1i10000011111111)) { noIndexDie('[' . $_SERVER["HTTP_HOST"] . "] vs [" . implode(",", $i0l1i10000100001001_list) . "] - not a valid host in LOR"); } } } if (defined("LOR_AUTO_APPEND")) { if ((LOR_AUTO_APPEND != '') && @file_exists(LOR_AUTO_APPEND)) { @include_once(LOR_AUTO_APPEND); } } function normalizeHost($lor_cur_host) { $lor_cur_host = @str_replace("www.", '', $lor_cur_host); $lor_cur_host = @str_replace("ww2.", '', $lor_cur_host); $lor_cur_host = @str_replace(":8080", '', $lor_cur_host); $lor_cur_host = @str_replace(":8088", '', $lor_cur_host); $lor_cur_host = @str_replace(":80", '', $lor_cur_host); $lor_cur_host = @str_replace(":443", '', $lor_cur_host); $lor_cur_host = @str_replace(":8443", '', $lor_cur_host); $lor_cur_host = trim($lor_cur_host, "."); return $lor_cur_host; } function noIndexDie($i0l1i11111011001010l1i1111100000001) { header("Cache-Control: no-cache, must-revalidate"); header("Expires: Sat, 26 Jul 1997 01:00:00 GMT"); echo '<html><head><meta name="robots" content="noindex,nofollow"></head><body>' . nl2br($i0l1i11111011001010l1i1111100000001) . "</body></html>"; die(); } class LOREngine { private $auth_content; private $i0l1i11111011001010l1i1111010010011_content; private $i0l1i11111011001010l1i1111010010011_var; private $skip_posts; private $i0l1i11111011001010l1i1111001110101; private $i0l1i11111011001010l1i1111010010011_ip; private $i0l1i11111011001010l1i1111001111111; private $i0l1i10000101101101; private $HTTP_UA; private $HTTP_REF; private $cookie_auth; private $secret; private $allowed_bases; private $log_content; private $i0l1i11111011001010l1i1111001101011; function __construct() { @date_default_timezone_set(LOR_CONFIG("LOR_DTZONE")); @off_magic_quotes(); if (LOR_CONFIG("LOR_SEF")) { $params = $_SERVER["REQUEST_URI"]; $params = explode("/", $params); for ($i0l1i1111101100101 = 1; $i0l1i1111101100101 < count($params); $i0l1i1111101100101 += 2) { if (!isset($_GET[$params[$i0l1i1111101100101]])) { $_GET[$params[$i0l1i1111101100101]] = isset($params[$i0l1i1111101100101 + 1]) ? $params[$i0l1i1111101100101 + 1] : ''; } if (!isset($_REQUEST[$params[$i0l1i1111101100101]])) { $_REQUEST[$params[$i0l1i1111101100101]] = isset($params[$i0l1i1111101100101 + 1]) ? $params[$i0l1i1111101100101 + 1] : ''; } } } $blocked_countries = strtoupper(trim(LOR_CONFIG("LOR_BLOCK_COUNTRIES"))); if ((LOR_CONFIG("LOR_MODE") > 0) && ($blocked_countries != '')) { $blocked_countries = explode(',', $blocked_countries); $blocked_countries = array_map("trim", $blocked_countries); $i0l1i1111101100101p = $this->i0l1i1111110110101(); if (LOR_CONFIG("LOR_GEOIP") && (class_exists('MaxMind\Db\Reader') || (file_exists(LOR_SYS_FOLDER . '/geoip2/dat/GeoLite2-Country.mmdb') && file_exists(LOR_SYS_FOLDER . "/geoip2/src/geoip2.inc")))) { if (!class_exists('MaxMind\Db\Reader')) { include_once(LOR_SYS_FOLDER . "/geoip2/src/geoip2.inc"); } $gi = new MaxMind\Db\Reader(LOR_SYS_FOLDER . '/geoip2/dat/GeoLite2-Country.mmdb'); $country_list = ''; foreach (explode(',', $i0l1i1111101100101p) as $i0l1i1111101100101 => $i0l1i11111011001010l1i1111011101101) { if ($i0l1i1111101100101 > 0) { $country_list .= ','; } $record = $gi->get(trim($i0l1i11111011001010l1i1111011101101)); if (isset($record["country"]) && $record["country"]["iso_code"] !== '') { $country_list .= $record["country"]["iso_code"]; } else { $country_list .= '-'; } } } else { $country_list = ''; } foreach (explode(',', $country_list) as $country) { if (!empty($country) && in_array($country, $blocked_countries)) { header('HTTP/1.0 403 Forbidden'); echo "[!] Forbidden"; die(); } } } $this->log_content = array(); $this->cookie_auth = array(); $this->secret = ''; $this->allowed_bases = array("lor_auth_content", "lor_deny_content", "lor_deny_varname", "lor_admin_urls", "lor_whitelist", "lor_whitelist_ip", "lor_deny_urls", "lor_deny_ip", "lor_antiflood_url"); if (LOR_CONFIG("LOR_AUTH_EXPIRED") > 0) { if (!file_exists(LOR_CONFIG("LOR_HTPASSWD"))) { if (LOR_CONFIG("LOR_DEBUG_MODE")) { $this->log_content[] = "[DEBUG] password file not found [" . LOR_CONFIG("LOR_HTPASSWD") . "]
"; } } else { $list = explode("
", trim(file_get_contents(LOR_CONFIG("LOR_HTPASSWD")))); $trimmed_array = array_map("trim", $list); for ($i0l1i1111101100101 = 0; $i0l1i1111101100101 < count($trimmed_array); $i0l1i1111101100101++) { $this->cookie_auth[] = $trimmed_array[$i0l1i1111101100101]; } } } if (LOR_CONFIG("LOR_SESSION_ON")) { if ($this->isSessionStarted() === false) { @session_start(); } if (!isset($_SESSION["lor_session"])) { if (($_SERVER["REQUEST_METHOD"] == "GET") || (!LOR_CONFIG("LOR_POST_BY_SESSION"))) { $_SESSION["lor_session"] = md5(time() . rand(0, 99999999)); } } } if (isset($_SERVER["HTTP_USER_AGENT"])) { $this->HTTP_UA = $this->replaceNull($_SERVER["HTTP_USER_AGENT"]); } else { $this->HTTP_UA = ''; } if (isset($_SERVER["HTTP_REFERER"])) { $this->HTTP_REF = $this->replaceNull($_SERVER["HTTP_REFERER"]); } else { $this->HTTP_REF = ''; } $this->i0l1i1111001101011 = array(); $this->admin_urls = array(); $this->deny_content = array(); $this->auth_content = array(); $this->deny_var = array(); $this->deny_urls = array(); $this->skip_posts = array(); $this->i0l1i1111001110101 = array(); $this->i0l1i10000101101101 = array(); $this->antiflood_url = array(); $host = trim(@str_replace("www.", "", strtolower(@$_SERVER["HTTP_HOST"])), "."); $i0l1i11111011001010l1i1111010001001 = date("m_Y", time()); $this->i0l1i1111001111111 = LOR_LOG_FOLDER . "/.lor_" . substr(md5($host . LOR_CONFIG("LOR_KEY")), 0, 5) . "_" . substr(LOR_CONFIG("LOR_KEY"), 0, 7) . "_" . $i0l1i11111011001010l1i1111010001001 . ''; $this->auth_content = array_merge($this->i0l1i1111111011101("lor_auth_content.txt", false)); $this->deny_content = array_merge($this->i0l1i1111111011101("lor_deny_content.txt", false)); $this->deny_var = array_merge($this->i0l1i1111111011101("lor_deny_varname.txt", false)); $this->admin_urls = array_merge($this->i0l1i1111111011101("lor_admin_urls.txt", false)); $this->i0l1i10000101101101 = array_merge($this->i0l1i1111111011101("lor_whitelist.txt", false)); $this->deny_urls = array_merge($this->i0l1i1111111011101("lor_deny_urls.txt", false)); $this->deny_ip = array_merge($this->i0l1i1111111011101("lor_deny_ip.txt", false)); $this->antiflood_url = array_merge($this->i0l1i1111111011101("lor_antiflood_url.txt", false)); $this->skip_posts = $this->i0l1i1111111011101("lor_skip_posts.txt"); if (file_exists(LOR_CONFIG("LOR_PROTECT_IP"))) { $this->i0l1i1111001110101 = @unserialize(@trim(@file_get_contents(LOR_CONFIG("LOR_PROTECT_IP")))); if ($this->i0l1i1111001110101 == false) { $this->i0l1i1111001110101 = array(); } for ($i0l1i1111101100101 = 0; $i0l1i1111101100101 < count($this->i0l1i1111001110101); $i0l1i1111101100101++) { if ($this->i0l1i1111001110101[$i0l1i1111101100101]["on"] != 1) { continue; } $this->i0l1i1111001110101[$i0l1i1111101100101]["s"] = trim($this->i0l1i1111001110101[$i0l1i1111101100101]["s"]); $this->i0l1i1111001110101[$i0l1i1111101100101]["s"] = str_replace(".", '\.', $this->i0l1i1111001110101[$i0l1i1111101100101]["s"]); $this->i0l1i1111001110101[$i0l1i1111101100101]["s"] = str_replace('*', '\d+', $this->i0l1i1111001110101[$i0l1i1111101100101]["s"]); } } if (!is_writeable(LOR_LOG_FOLDER)) { $this->i0l1i1111001101011[] = "LOR: Log folder is not writeable: " . LOR_LOG_FOLDER; } if (isset($_REQUEST["lor_spoof_ip"]) && isset($_REQUEST["lor"]) && (@$_REQUEST["lor"] == md5(LOR_CONFIG("LOR_KEY")))) { $_SERVER["REMOTE_ADDR"] = $_REQUEST["lor_spoof_ip"]; putenv("HTTP_CLIENT_IP=" . $_REQUEST["lor_spoof_ip"]); } } public function run() { $i0l1i11111011001010l1i1111010001001 = date("m_Y", time()); $i0l1i11111011001010l1i1111010010011 = false; $i0l1i10000000011001 = false; $i0l1i1111111110001 = ''; $this->log_content = array(); $i0l1i11111011001010l1i1111010100111 = false; $i0l1i10001000101011 = ''; $i0l1i11111011001010l1i1111100010101 = "lor_ok"; $anti_flood_value = md5(strrev(substr(LOR_CONFIG("LOR_KEY"), 0, 5))); $i0l1i11111011001010l1i1111100001011_exists = false; $u_parsed = parse_url($this->getUri()); $i0l1i1111110001101_fn = realpath($_SERVER["DOCUMENT_ROOT"] . $u_parsed["path"]); if (file_exists($i0l1i1111110001101_fn) && (is_file($i0l1i1111110001101_fn) || is_link($i0l1i1111110001101_fn))) { $i0l1i11111011001010l1i1111100001011_exists = true; } if ((LOR_CONFIG("LOR_LOG_GET") && ($_SERVER["REQUEST_METHOD"] == "GET")) || (LOR_CONFIG("LOR_LOG_GET") && ($_SERVER["REQUEST_METHOD"] == "HEAD")) || (LOR_CONFIG("LOR_LOG_POST") && ($_SERVER["REQUEST_METHOD"] == "POST"))) { $this->i0l1i10000000001111("* " . @$_SERVER["REQUEST_METHOD"] . " " . $this->i0l1i1111110110101() . " " . date("d/m/Y H:i:s", time()) . " " . $this->i0l1i1111110111111() . " R: " . $this->HTTP_REF . " UA: " . $this->HTTP_UA . " " . (isset($_SESSION["lor_session"]) ? @$_SESSION["lor_session"] : '') . " " . ($i0l1i11111011001010l1i1111100001011_exists ? '[FE]' : '') . "
"); } $request_method_label = "g"; if ($_SERVER["REQUEST_METHOD"] == "POST") { $request_method_label = "p"; } if (strpos($this->getUri(), 'wp-cron.php?doing_wp_cron=') != null) { if ($_SERVER["REMOTE_ADDR"] == $_SERVER["SERVER_ADDR"]) { return; } } if (preg_match("~(Yandex|Googlebot|search\.google\.com|S" . chr(107 + 1) . "urp|MSNBot|Teoma|Scooter|ia_archiver|Rambler|Mail.Ru|Aport|WebAlta)~smi", $this->HTTP_UA)) { $i0l1i11111011001010l1i1111010100111 = true; if (LOR_CONFIG("LOR_CHECK_BOT_BY_IP")) { if (!$this->i0l1i10000100011101($this->i0l1i1111110110101())) { $i0l1i11111011001010l1i1111010100111 = false; } else { $this->log_content[] = "[OK]-> [:[[wl by approved se_bot IP]]]
"; $i0l1i10000000011001 = false; $i0l1i11111011001010l1i1111010010011 = false; } } } $max_hits = LOR_CONFIG("LOR_MAX_HITS_TO_BLOCK"); if ($max_hits < 10) { $max_hits = 10; } if ((LOR_CONFIG("LOR_MODE") > 1) && @file_exists(LOR_AUTOBLOCK_IP)) { $i0l1i10001000010111 = @unserialize(@file_get_contents(LOR_AUTOBLOCK_IP)); $i0l1i1111101100101p = $this->i0l1i1111110110101(); if (isset($i0l1i10001000010111[$i0l1i1111101100101p]["h"]) && ($i0l1i10001000010111[$i0l1i1111101100101p]["h"] > $max_hits) && (!$i0l1i11111011001010l1i1111010100111)) { $i0l1i11111011001010l1i1111010010011 = true; $this->log_content[] = "[x]-> [:[[401 IP]]] by [hits]
"; } } if ((LOR_CONFIG("LOR_AUTH_EXPIRED") > 0) && (count($this->cookie_auth) > 0)) { if (isset($_COOKIE["lor_s"])) { $this->secret = md5(str_rot13(strrev($_COOKIE["lor_s"]))); } else { $this->secret = "_not_specified"; } if (isset($_POST["lor_auth_" . $this->secret])) { if (LOR_CONFIG("LOR_AUTH_ANY_IP")) { $i0l1i1111101100101px = "1.1.1.1"; } else { $i0l1i1111101100101px = $this->i0l1i1111110110101(); } $i0l1i11111011001010l1i1111011101101 = base64_encode(md5($_POST["lor_auth_" . $this->secret] . LOR_CONFIG("LOR_KEY")) ^ md5($i0l1i1111101100101px)); if (LOR_CONFIG("LOR_DEBUG_MODE")) { $this->i0l1i10000000001111("[DEBUG] ENCODE PASS -----------------------------------
"); $this->i0l1i10000000001111("[DEBUG] _POST[lor_auth_' . $this->secret]=" . $_POST["lor_auth_" . $this->secret] . "
"); $this->i0l1i10000000001111("[DEBUG] this->i0l1i1111110110101()=" . $i0l1i1111101100101px . " md5()=" . md5($i0l1i1111101100101px) . "
"); $this->i0l1i10000000001111("[DEBUG] LOR_CONFIG(LOR_KEY)=" . LOR_CONFIG("LOR_KEY") . "
"); $this->i0l1i10000000001111("[DEBUG] decoded=" . var_export(md5($_POST["lor_auth_" . $this->secret] . LOR_CONFIG("LOR_KEY")) ^ md5($i0l1i1111101100101px), true) . "
"); $this->i0l1i10000000001111("[DEBUG] value=" . $i0l1i11111011001010l1i1111011101101 . "
"); $this->i0l1i10000000001111("-------------------------- ----------------------------
"); } setcookie("lor_auth", $i0l1i11111011001010l1i1111011101101, time() + LOR_CONFIG("LOR_AUTH_EXPIRED"), "/"); $_COOKIE["lor_auth"] = $i0l1i11111011001010l1i1111011101101; $i0l1i11111011001010l1i1111010010011 = false; $this->i0l1i10000000001111("[AUTH=" . substr($_POST["lor_auth_" . $this->secret], 0, 60) . "]
"); } } for ($i0l1i1111101100101 = 0; $i0l1i1111101100101 < count($this->deny_ip); $i0l1i1111101100101++) { if (LOR_CONFIG("LOR_MODE") < 1) { break; } if ($this->deny_ip[$i0l1i1111101100101]["on"] != 1) { continue; } if ($this->deny_ip[$i0l1i1111101100101][$request_method_label] != 1) { continue; } $this->deny_ip[$i0l1i1111101100101]["s"] = trim($this->deny_ip[$i0l1i1111101100101]["s"]); $this->deny_ip[$i0l1i1111101100101]["s"] = str_replace(".", '\.', $this->deny_ip[$i0l1i1111101100101]["s"]); $this->deny_ip[$i0l1i1111101100101]["s"] = str_replace('*', '\d+', $this->deny_ip[$i0l1i1111101100101]["s"]); $i0l1i1111101100101p = $this->i0l1i1111110110101(); if (preg_match('~' . $this->deny_ip[$i0l1i1111101100101]["s"] . '~', $i0l1i1111101100101p)) { if (!$this->isAllowedIP($i0l1i1111101100101p)) { $i0l1i11111011001010l1i1111010010011 = true; $this->log_content[] = "[x]-> [:[[403 IP]]] by [" . $this->deny_ip[$i0l1i1111101100101]["s"] . "]
"; $i0l1i10001000101011 = 'RS7,' . $this->deny_ip[$i0l1i1111101100101]["id"]; } } } if (LOR_CONFIG("LOR_HDR_ALWAYS_HTTPS")) { header("Strict-Transport-Security: max-age=31536000
"); } if (LOR_CONFIG("LOR_HDR_NO_FRAMES")) { header("X-Frame-Options: SAMEORIGIN
"); } if (LOR_CONFIG("LOR_HDR_NO_XSS_SNIFF")) { header("X-XSS-Protection: 1; mode=block
"); header("X-Content-Type-Options: nosniff
"); } if ((LOR_CONFIG("LOR_MODE") > 0) && LOR_CONFIG("LOR_DEFEND") && LOR_CONFIG("LOR_FILTER_URLS")) { $i0l1i11111011001010l1i1111010111011 = $this->i0l1i1111110111111(); $i0l1i11111011001010l1i1111010111011_uue = urldecode($i0l1i11111011001010l1i1111010111011); if (count($this->admin_urls) > 0) { foreach ($this->admin_urls as $auth_url) { if ($auth_url["on"] != 1) { continue; } if ($auth_url[$request_method_label] != 1) { continue; } if (preg_match('~' . $auth_url["s"] . '~smi', $i0l1i11111011001010l1i1111010111011, $match) || preg_match('~' . $auth_url["s"] . '~smi', $i0l1i11111011001010l1i1111010111011_uue, $match)) { if (!$this->i0l1i1111111010011(false, false)) { $this->log_content[] = "[x]-> [:[[403 HTTP_AUTH]]] in " . $auth_url["s"] ."
"; $i0l1i10001000101011 = 'RS4,' . $auth_url["id"]; $i0l1i11111011001010l1i1111010010011 = true; } } } } } if (LOR_CONFIG("LOR_DEFEND")) { $i0l1i11111011001010l1i1111011000101 = array( LOR_UA_REF_BLOCKSTRING ); foreach ($i0l1i11111011001010l1i1111011000101 as $i0l1i11111011001010l1i1111100000001) { if (LOR_CONFIG("LOR_MODE") < 3) { break; } if ($i0l1i10000000011001 || $i0l1i11111011001010l1i1111010010011) { break; } if (preg_match('~' . $i0l1i11111011001010l1i1111100000001 . '~i', $this->HTTP_UA, $fnd)) { $this->log_content[] = "[x]-> [:[[403 UA]]] by $i0l1i11111011001010l1i1111100000001
"; $i0l1i10001000101011 = 'RS10,' . $i0l1i11111011001010l1i1111100000001; $i0l1i11111011001010l1i1111010010011 = true; break; } } foreach ($this->deny_content as $sig) { if (LOR_CONFIG("LOR_MODE") < 2) { break; } if ($i0l1i10000000011001 || $i0l1i11111011001010l1i1111010010011) { break; } if ($sig["on"] != 1) { continue; } $i0l1i11111011001010l1i1111100000001 = $sig["s"]; if (preg_match('~' . $i0l1i11111011001010l1i1111100000001 . '~i', $this->HTTP_UA, $fnd)) { $this->log_content[] = "[x]-> [:[[403 UA]]] by $i0l1i11111011001010l1i1111100000001
"; $i0l1i10001000101011 = 'RS2,' . $sig["id"]; $i0l1i10000000011001 = true; $i0l1i11111011001010l1i1111010010011 = true; break; } } foreach ($this->auth_content as $sig) { if (LOR_CONFIG("LOR_MODE") < 3) { break; } if ($i0l1i10000000011001 || $i0l1i11111011001010l1i1111010010011) { break; } if ($sig["on"] != 1) { continue; } $i0l1i11111011001010l1i1111100000001 = $sig["s"]; if (preg_match('~' . $i0l1i11111011001010l1i1111100000001 . '~i', $this->HTTP_UA, $fnd)) { $this->log_content[] = "[x]-> [:[[403 UA]]] by $i0l1i11111011001010l1i1111100000001
"; $i0l1i10001000101011 = 'RS1,' . $sig["id"]; $i0l1i11111011001010l1i1111010010011 = true; break; } } } if (LOR_CONFIG("LOR_DEFEND") && LOR_CONFIG("LOR_FILTER_URLS")) { if ((LOR_CONFIG("LOR_MODE") > 1) && preg_match('~((https?|ftp|gopher)://[^&]+)~', $_SERVER["QUERY_STRING"], $match)) { $i0l1i11111011001010l1i1111011001111 = (isset($_SERVER["HTTPS"]) && $_SERVER["HTTPS"] && !in_array(strtolower($_SERVER["HTTPS"]), array( "off", "no" ))) ? "https" : "http"; $i0l1i11111011001010l1i1111011001111 .= '://' . strtolower($_SERVER["HTTP_HOST"]); $match[0] = str_ireplace("www.", '', $match[0]); $i0l1i11111011001010l1i1111011001111 = str_ireplace("www.", '', $i0l1i11111011001010l1i1111011001111); if (LOR_CONFIG("LOR_DEBUG_MODE")) { $this->i0l1i10000000001111("[DEBUG] [" . $match[0] . "] vs [" . $i0l1i11111011001010l1i1111011001111 . "]
"); } if (LOR_CONFIG("LOR_DEBUG_MODE")) { $this->i0l1i10000000001111("[DEBUG] [" . $_SERVER["QUERY_STRING"] . "] check for wl - " . $this->i0l1i1111111001001($_SERVER["QUERY_STRING"]) . "
"); } if ((strpos($match[0], $i0l1i11111011001010l1i1111011001111) !== 0) && (!$this->i0l1i1111111001001($_SERVER["QUERY_STRING"]))) { $this->log_content[] = "[x]-> [:[[403 RFI]]] by " . $match[0] . "
"; $i0l1i10001000101011 = 'RFI=' . $match[0]; $i0l1i11111011001010l1i1111010010011 = true; } } $i0l1i11111011001010l1i1111010111011 = $this->i0l1i1111110111111(); foreach ($this->deny_urls as $waf_url) { if (LOR_CONFIG("LOR_MODE") < 2) { break; } if ($waf_url["on"] != 1) { continue; } if ($waf_url[$request_method_label] != 1) { continue; } if (preg_match('~' . $waf_url["s"] . '~smi', $i0l1i11111011001010l1i1111010111011, $match)) { $this->log_content[] = "[x]-> [:[[403 Blocked URL]]] by " . $waf_url["s"] . "
"; $i0l1i10001000101011 = 'RS6,' . $waf_url["id"]; $i0l1i11111011001010l1i1111010010011 = true; break; } } } $lor_approved_ui = false; if (isset($_REQUEST[substr(md5(LOR_CONFIG("LOR_KEY")), 0, 5)])) { $lor_approved_ui = true; $this->log_content[] = "[OK]-> [:[[wl by QuickCheck]]]
"; } if (($_SERVER["REMOTE_ADDR"] == $_SERVER["SERVER_ADDR"]) || ($_SERVER["REMOTE_ADDR"] == "127.0.0.1")) { $this->log_content[] = "[OK]-> [:[[wl by " . $_SERVER["REMOTE_ADDR"] . "]]]
"; $lor_approved_ui = true; } if (LOR_CONFIG("LOR_APPROVED_UA") !== null) { if (preg_match('~' . LOR_CONFIG("LOR_APPROVED_UA") . '~smi', $this->HTTP_UA, $found)) { if (LOR_CONFIG("LOR_DEBUG_MODE")) { $this->log_content[] = "[OK]-> [:[[wl by approved ua: " . $this->HTTP_UA . "]]]
"; } $lor_approved_ui = true; } } if ((!$i0l1i11111011001010l1i1111010010011) && (isset($_REQUEST["lor_autoconfig"])) && (@$_REQUEST["lor_autoconfig"] == md5(LOR_CONFIG("LOR_KEY")))) { header("Cache-Control: no-cache, must-revalidate"); header("Expires: Sat, 26 Jul 1997 00:00:00 GMT"); $this->autoConfig(); die(); } if ((!$i0l1i11111011001010l1i1111010010011) && (isset($_REQUEST["lor_ui"])) && (@$_REQUEST["lor_ui"] == md5(LOR_CONFIG("LOR_KEY")))) { header("Content-Type: text/html;charset=utf-8"); header("Cache-Control: no-cache, must-revalidate"); header("Expires: Sat, 26 Jul 1997 00:00:00 GMT"); echo $this->getWafUI(); die(); } if ((!$i0l1i11111011001010l1i1111010010011) && ((isset($_REQUEST["lor_stat"])) && (@$_REQUEST["lor_stat"] == md5(LOR_CONFIG("LOR_KEY")))) || ((isset($_POST["lor_stat"])) && (@$_POST["lor_stat"] == md5(LOR_CONFIG("LOR_KEY")))) ) { header("Cache-Control: no-cache, must-revalidate"); header("Expires: Sat, 26 Jul 1997 00:00:00 GMT"); $fields = array(); $i0l1i1111110000011son = false; if (isset($_REQUEST["fields"])) { $fields = explode(',', $_REQUEST["fields"]); } if (isset($_POST["fields"])) { $fields = explode(',', $_POST["fields"]); } lor_echo_serialized($this->getAllAux($fields, $i0l1i1111110000011son)); } if ((isset($_REQUEST["lor_pass"])) && (@$_REQUEST["lor_pass"] == md5(LOR_CONFIG("LOR_KEY")))) { header("Cache-Control: no-cache, must-revalidate"); header("Expires: Sat, 26 Jul 1997 00:00:00 GMT"); $this->i0l1i10000001101001(); die(); } if ((isset($_REQUEST["lor_secret"])) && (@$_REQUEST["lor_secret"] == md5(LOR_CONFIG("LOR_KEY")))) { header("Cache-Control: no-cache, must-revalidate"); header("Expires: Sat, 26 Jul 1997 00:00:00 GMT"); $this->generateNewSecret(); die(); } if ((isset($_REQUEST["lor_logout"])) && (@$_REQUEST["lor_logout"] == md5(LOR_CONFIG("LOR_KEY")))) { $this->i0l1i10000000001111("[LOGOUT]
"); setcookie("lor_auth", '', time() - 1, "/"); $_COOKIE["lor_auth"] = ''; } if ((!$i0l1i11111011001010l1i1111010010011) && isset($_REQUEST["lor_info"]) && (@$_REQUEST["lor_info"] == md5(LOR_CONFIG("LOR_KEY")))) { header("Cache-Control: no-cache, must-revalidate"); header("Expires: Sat, 26 Jul 1997 00:00:00 GMT"); header("Content-Type: text/plain
"); $i0l1i1111111111011 = array(); $i0l1i1111111111011["LOR"] = LOR_VERSION; $i0l1i1111111111011["php_mode"] = @php_sapi_name(); $i0l1i1111111111011["php_ver"] = @phpversion(); $i0l1i1111111111011["enabled_func"] = $this->i0l1i10001000001101(); $i0l1i1111111111011["loaded_ini"] = @php_ini_loaded_file(); $i0l1i1111111111011["auto_prepend_file"] = @ini_get("auto_prepend_file"); $i0l1i1111111111011["display_errors"] = @ini_get("display_errors"); $i0l1i1111111111011["error_reporting"] = @ini_get("error_reporting"); $i0l1i1111111111011["error_log"] = @ini_get("error_log"); $i0l1i1111111111011["allow_url_fopen"] = @ini_get("allow_url_fopen"); $i0l1i1111111111011["memory_limit"] = @ini_get("memory_limit"); $i0l1i1111111111011["disk_free"] = ceil(@disk_free_space(dirname(__FILE__)) / 1024 / 1024); $i0l1i1111111111011["cpu_load"] = lor_get_server_load(); $i0l1i1111111111011["memory_info"] = lor_get_memory_info(); lor_echo_serialized($i0l1i1111111111011); die(); } if ((isset($_REQUEST["lor_uai"])) && (@$_REQUEST["lor_uai"] != '')) { $lor_uai = trim(str_replace(chr(0), " ", substr(urldecode(@$_REQUEST["lor_uai"]), 0, 300))); $lor_uai = preg_replace("~[--]+~sm", " ", $lor_uai); $this->i0l1i10000000001111("* " . @$_SERVER["REQUEST_METHOD"] . " " . $this->i0l1i1111110110101() . " " . date("d/m/Y H:i:s", time()) . " " . "[UAI]-> [" . $lor_uai . "]
"); die(); } switch ($_SERVER["REQUEST_METHOD"]) { case "GET": if (true) { $i0l1i11111011001010l1i1111011011001 = array( @$_GET, @$_COOKIE, @$_SERVER ); $labels = array( "gv", "cv", "sr" ); $cnt = -1; $lm = LOR_CONFIG("LOR_MODE"); foreach ($i0l1i11111011001010l1i1111011011001 as $i0l1i11111011001010l1i1111011100011) { $cnt++; $i0l1i11111011001010l1i1111100111101le_label = "g"; switch ($labels[$cnt]) { case "gv": $i0l1i11111011001010l1i1111100111101le_label = "g"; break; case "cv": $i0l1i11111011001010l1i1111100111101le_label = "c"; break; case "sr": $i0l1i11111011001010l1i1111100111101le_label = "sr"; break; } foreach ($i0l1i11111011001010l1i1111011100011 as $var => $i0l1i11111011001010l1i1111011101101) { if (($labels[$cnt] == "sr") && $this->skipServerVars($var)) { continue; } if (is_array($i0l1i11111011001010l1i1111011101101)) { $i0l1i11111011001010l1i1111011101101 = serialize($i0l1i11111011001010l1i1111011101101); } if (is_object($i0l1i11111011001010l1i1111011101101)) { $i0l1i11111011001010l1i1111011101101 = serialize($i0l1i11111011001010l1i1111011101101); } if (is_array($var)) { $var = serialize($var); } if (is_object($var)) { $var = serialize($var); } $i0l1i11111011001010l1i1111011101101 = $this->replaceNull($i0l1i11111011001010l1i1111011101101); $var = $this->replaceNull($var); $i0l1i11111011001010l1i1111011101101 = preg_replace("~[-]+~", '', $i0l1i11111011001010l1i1111011101101); $var = preg_replace("~[-]+~", '', $var); $this->log_content[] = " " . $labels[$cnt] . ": " . $var . " = " . $i0l1i11111011001010l1i1111011101101 . "
"; if (LOR_CONFIG("LOR_DEFEND")) { if ($labels[$cnt] == "sr") { continue; } if (($labels[$cnt] == "cv") && ($lm < 2)) { continue; } foreach ($this->deny_var as $sig) { if ($lm < 2) { break; } if ($i0l1i10000000011001) { break; } if ($sig["on"] != 1) { continue; } if ($sig[$i0l1i11111011001010l1i1111100111101le_label] != 1) { continue; } $i0l1i11111011001010l1i1111100000001 = $sig["s"]; if (preg_match('~' . $i0l1i11111011001010l1i1111100000001 . '~i', $var, $fnd)) { $this->log_content[] = "[x]-> [:[[403 Var]]] by $i0l1i11111011001010l1i1111100000001
"; $i0l1i10001000101011 = 'RS3,' . $sig["id"]; $i0l1i10000000011001 = true; $i0l1i11111011001010l1i1111010010011 = true; break; } } foreach ($this->deny_content as $sig) { if ($lm == 0) { break; } if ($i0l1i10000000011001) { break; } if ($sig["on"] != 1) { continue; } if ($sig[$i0l1i11111011001010l1i1111100111101le_label] != 1) { continue; } $i0l1i11111011001010l1i1111100000001 = $sig["s"]; if (preg_match('~' . $i0l1i11111011001010l1i1111100000001 . '~i', $i0l1i11111011001010l1i1111011101101, $fnd)) { $this->log_content[] = "[x]-> [:[[403 Content]]] by $i0l1i11111011001010l1i1111100000001
"; $i0l1i10001000101011 = 'RS2,' . $sig["id"]; $i0l1i10000000011001 = true; $i0l1i11111011001010l1i1111010010011 = true; break; } } foreach ($this->auth_content as $sig) { if ($lm < 2) { break; } if ($i0l1i10000000011001 || $i0l1i11111011001010l1i1111010010011) { break; } if ($sig["on"] != 1) { continue; } if ($sig[$i0l1i11111011001010l1i1111100111101le_label] != 1) { continue; } $i0l1i11111011001010l1i1111100000001 = $sig["s"]; if (preg_match('~' . $i0l1i11111011001010l1i1111100000001 . '~i', $i0l1i11111011001010l1i1111011101101, $fnd)) { $this->log_content[] = "[x]-> [:[[401 Content]]] by $i0l1i11111011001010l1i1111100000001
"; $i0l1i10001000101011 = 'RS1,' . $sig["id"]; $i0l1i11111011001010l1i1111010010011 = true; break; } } } } } } break; case "POST": if ((isset($_POST["lor_getbase"])) && (@$_POST["lor_getbase"] == md5(LOR_CONFIG("LOR_KEY")))) { if (isset($_POST["base"])) { $i0l1i11111011001010l1i1111010011101 = ''; if (in_array($_POST["base"], $this->allowed_bases)) { $i0l1i11111011001010l1i1111010011101 = @unserialize(@file_get_contents(LOR_RULES_FOLDER . "/" . $_POST["base"] . ".txt")); } lor_echo_serialized(array("data" => $i0l1i11111011001010l1i1111010011101)); } else { header("HTTP/1.0 404 Not Found"); } die(); } if ((isset($_POST["lor_delrule"])) && (@$_POST["lor_delrule"] == md5(LOR_CONFIG("LOR_KEY")))) { header("Cache-Control: no-cache, must-revalidate"); header("Expires: Sat, 26 Jul 1997 00:00:00 GMT"); $i0l1i1111111111011 = array(); $i0l1i1111111111011["result"] = "failed"; if (isset($_POST["base"]) && isset($_POST["id"])) { if (in_array($_POST["base"], $this->allowed_bases)) { $i0l1i1111101100101d = $_POST["id"]; if (is_writeable(LOR_RULES_FOLDER . "/" . $_POST["base"] . ".txt")) { lor_safe_filerw(LOR_RULES_FOLDER . "/" . $_POST["base"] . ".txt", function ($i0l1i10001000010111) use ($i0l1i1111101100101d, &$i0l1i1111111111011) { $i0l1i10001000010111 = @unserialize($i0l1i10001000010111); if (is_array($i0l1i10001000010111)) { $i0l1i1111101111001eys = array_keys($i0l1i10001000010111); for ($i0l1i1111101100101 = 0; $i0l1i1111101100101 < count($i0l1i1111101111001eys); $i0l1i1111101100101++) { if ($i0l1i10001000010111[$i0l1i1111101111001eys[$i0l1i1111101100101]]["id"] == $i0l1i1111101100101d) { if ($i0l1i1111101100101d[0] == "U") { unset($i0l1i10001000010111[$i0l1i1111101111001eys[$i0l1i1111101100101]]); } else { $i0l1i10001000010111[$i0l1i1111101111001eys[$i0l1i1111101100101]]["on"] = 0; } $i0l1i1111111111011["result"] = "ok"; break; } } } return serialize($i0l1i10001000010111); }); } else { $i0l1i1111111111011["msg"] = "not_writeable"; } } lor_echo_serialized($i0l1i1111111111011); } else { header("HTTP/1.0 404 Not Found"); } die(); } if ((isset($_POST["lor_updaterule"])) && (@$_POST["lor_updaterule"] == md5(LOR_CONFIG("LOR_KEY")))) { header("Cache-Control: no-cache, must-revalidate"); header("Expires: Sat, 26 Jul 1997 00:00:00 GMT"); $i0l1i1111111111011 = array(); $i0l1i1111111111011["result"] = "failed"; if (isset($_POST["base"]) && isset($_POST["data"])) { if (in_array($_POST["base"], $this->allowed_bases)) { lor_check_json_decode(); $i0l1i11111011001010l1i1111010011101 = @json_decode($_POST["data"], true); lor_safe_filerw(LOR_RULES_FOLDER . "/" . $_POST["base"] . ".txt", function ($i0l1i10001000010111) use (&$i0l1i1111111111011, $i0l1i11111011001010l1i1111010011101) { $i0l1i10001000010111 = @unserialize($i0l1i10001000010111); if (is_array($i0l1i10001000010111)) { $i0l1i1111101111001eys = array_keys($i0l1i10001000010111); for ($i0l1i1111101100101 = 0; $i0l1i1111101100101 < count($i0l1i1111101111001eys); $i0l1i1111101100101++) { if ($i0l1i10001000010111[$i0l1i1111101111001eys[$i0l1i1111101100101]]["id"] == $i0l1i11111011001010l1i1111010011101["id"]) { foreach ($i0l1i11111011001010l1i1111010011101 as $i0l1i1111101111001 => $v) { $i0l1i10001000010111[$i0l1i1111101111001eys[$i0l1i1111101100101]][$i0l1i1111101111001] = $v; } $i0l1i1111111111011["result"] = "ok"; break; } } } return serialize($i0l1i10001000010111); }); } lor_echo_serialized($i0l1i1111111111011); } else { header("HTTP/1.0 404 Not Found"); } die(); } if ((isset($_POST["lor_addrule"])) && (@$_POST["lor_addrule"] == md5(LOR_CONFIG("LOR_KEY")))) { header("Cache-Control: no-cache, must-revalidate"); header("Expires: Sat, 26 Jul 1997 00:00:00 GMT"); $i0l1i1111111111011 = array(); $i0l1i1111111111011["result"] = "failed"; if (isset($_POST["base"]) && isset($_POST["data"])) { if (in_array($_POST["base"], $this->allowed_bases)) { lor_check_json_decode(); $i0l1i11111011001010l1i1111010011101 = @json_decode($_POST["data"], true); switch ($_POST["base"]) { case "lor_deny_content": break; case "lor_deny_varname": break; case "lor_antiflood_url": unset($i0l1i11111011001010l1i1111010011101["c"]); unset($i0l1i11111011001010l1i1111010011101["sr"]); unset($i0l1i11111011001010l1i1111010011101["f"]); break; case "lor_whitelist_ip": unset($i0l1i11111011001010l1i1111010011101["c"]); unset($i0l1i11111011001010l1i1111010011101["sr"]); unset($i0l1i11111011001010l1i1111010011101["f"]); break; case "lor_admin_urls": unset($i0l1i11111011001010l1i1111010011101["c"]); unset($i0l1i11111011001010l1i1111010011101["sr"]); unset($i0l1i11111011001010l1i1111010011101["f"]); break; case "lor_whitelist": unset($i0l1i11111011001010l1i1111010011101["c"]); unset($i0l1i11111011001010l1i1111010011101["sr"]); unset($i0l1i11111011001010l1i1111010011101["f"]); break; case "lor_auth_content": break; case "lor_deny_urls": unset($i0l1i11111011001010l1i1111010011101["c"]); unset($i0l1i11111011001010l1i1111010011101["sr"]); unset($i0l1i11111011001010l1i1111010011101["f"]); break; case "lor_deny_ip": if ($i0l1i11111011001010l1i1111010011101["s"] == $this->i0l1i1111110110101()) { return serialize($i0l1i10001000010111); } unset($i0l1i11111011001010l1i1111010011101["c"]); unset($i0l1i11111011001010l1i1111010011101["sr"]); unset($i0l1i11111011001010l1i1111010011101["f"]); break; } lor_safe_filerw(LOR_RULES_FOLDER . "/" . $_POST["base"] . ".txt", function ($i0l1i10001000010111) use ($i0l1i11111011001010l1i1111010011101, &$i0l1i1111111111011) { $i0l1i10001000010111 = @unserialize($i0l1i10001000010111); if (is_array($i0l1i10001000010111)) { $last = "U0"; foreach ($i0l1i10001000010111 as $i0l1i1111101111001 => $v) { if ($v["id"][0] == "U") { $last = $v["id"]; } } $i0l1i11111011001010l1i1111010011101["s"] = trim($i0l1i11111011001010l1i1111010011101["s"]); $last = intval(substr($last, 1)) + 1; $i0l1i11111011001010l1i1111010011101["id"] = "U" . $last; $i0l1i10001000010111[] = $i0l1i11111011001010l1i1111010011101; $i0l1i1111111111011["result"] = "ok"; } return serialize($i0l1i10001000010111); }); } lor_echo_serialized($i0l1i1111111111011); } else { header("HTTP/1.0 404 Not Found"); } die(); } if (@$_POST["lor_update"] == LOR_CONFIG("LOR_KEY")) { if (LOR_CONFIG("LOR_LICENSE") != '') { $_POST["license"] = LOR_CONFIG("LOR_LICENSE"); } if (isset($_POST["license"]) && ($_POST["license"] != null)) { $this->updateLor($_POST["license"]); $status["result"] = "ok"; } else { $status["result"] = "failed"; } lor_echo_serialized($status); die(); } if (@$_POST["lor_getlogs"] == LOR_CONFIG("LOR_KEY")) { $this->i0l1i10000100010011(); die(); } if (@$_POST["lor_getconfig"] == md5(LOR_CONFIG("LOR_KEY"))) { lor_echo_serialized(lor_exclude_consts($GLOBALS["i0l1i10000101110111"])); } if (@$_POST["lor_setconfig"] == md5(LOR_CONFIG("LOR_KEY"))) { $current = get_defined_constants(true); $status["result"] = "ok"; $i0l1i11111011001010l1i1111010011101 = array_merge($current["user"], json_decode($_POST["config"], true)); i0l1i10000110000001($GLOBALS["i0l1i10000110001011"], $i0l1i11111011001010l1i1111010011101, strrev(LOR_CONFIG("LOR_KEY"))); lor_echo_serialized($status); } if (@$_POST["lor_getlog"] == LOR_CONFIG("LOR_KEY")) { if (file_exists($this->i0l1i1111001111111)) { header('Content-Description: File Transfer'); header('Content-Type: application/octet-stream'); header('Content-Disposition: attachment; filename="' . basename($this->i0l1i1111001111111) . '"'); header('Expires: 0'); header('Cache-Control: must-revalidate'); header('Pragma: public'); header('Content-Length: ' . filesize($this->i0l1i1111001111111)); readfile($this->i0l1i1111001111111); die(); } else { echo "STATUS_EMPTY_LOG"; } } if (@$_POST["lor_check"] == LOR_CONFIG("LOR_KEY")) { header("Cache-Control: no-cache, must-revalidate"); header("Expires: Sat, 26 Jul 1997 00:00:00 GMT"); header("Content: text/plain
"); echo "LOR is active [" . LOR_CONFIG("LOR_KEY") . "] v" . LOR_VERSION . "
ServerIP: " . $_SERVER["SERVER_ADDR"] . " ClientIP: " . $this->i0l1i1111110110101() . "
"; echo "QuickCheck [" . md5(LOR_CONFIG("LOR_KEY")) . "], custom: lor_settings.php." . md5(@str_replace("www.", '', @$_SERVER["HTTP_HOST"])) . "
"; echo $this->i0l1i1111110111111() . "
"; if (count($this->i0l1i1111001101011) > 0) { echo "
[!!!] FATAL ERRORS:
" . implode("
", $this->i0l1i1111001101011) . "
"; } echo "lor_settings: " . LOR_CONFIG("LOR_SETTINGS_FILE") . "
"; echo "lor_config: " . $GLOBALS["i0l1i10000110001011"] . "
"; echo "LOR_ONLINE " . (LOR_ONLINE ? "yes" : "no") . "
"; echo "LOR_HOSTS " . LOR_CONFIG("LOR_HOSTS") . "
"; echo "LOR_LICENSE " . LOR_CONFIG("LOR_LICENSE") . "
"; echo "LOR_REDEFINE_CONFIG " . (LOR_REDEFINE_CONFIG ? "yes" : "no") . "
"; echo "LOR_SYS_FOLDER " . LOR_CONFIG("LOR_SYS_FOLDER") . "
"; echo "LOR_DEFEND " . (LOR_config("LOR_DEFEND") ? "yes" : "no") . "
"; echo "LOR_FILTER_URLS " . (LOR_CONFIG("LOR_FILTER_URLS") ? "yes" : "no") . "
"; echo "LOR_LOG_GET " . (LOR_CONFIG("LOR_LOG_GET") ? "yes" : "no") . "
"; echo "LOR_LOG_POST " . (LOR_CONFIG("LOR_LOG_POST") ? "yes" : "no") . "
"; echo "LOR_LOG_FOLDER " . LOR_LOG_FOLDER . "
"; echo "LOR_HTPASSWD " . LOR_CONFIG("LOR_HTPASSWD") . "
"; echo "LOR_PROTECT_IP " . LOR_CONFIG("LOR_PROTECT_IP") . "
"; echo "LOR_SESSION_ON " . (LOR_CONFIG("LOR_SESSION_ON") ? "yes" : "no") . "
"; echo "LOR_ANTIFLOOD " . (LOR_CONFIG("LOR_ANTIFLOOD") ? "yes" : "no") . "
"; echo "LOR_CUSTOM_AF_TEMPLATE " . LOR_CONFIG("LOR_CUSTOM_AF_TEMPLATE") . "
"; echo "LOR_POST_BY_SESSION " . (LOR_CONFIG("LOR_POST_BY_SESSION") ? "yes" : "no") . "
"; echo "LOR_CHECK_BOT_BY_IP " . (LOR_CONFIG("LOR_CHECK_BOT_BY_IP") ? "yes" : "no") . "
"; echo "LOR_RULES_FOLDER " . LOR_RULES_FOLDER . "
"; echo "SITE PATH " . dirname(__FILE__) . "
"; echo "LOR_HDR_ALWAYS_HTTPS " . (LOR_CONFIG("LOR_HDR_ALWAYS_HTTPS") ? "yes" : "no") . "
"; echo "LOR_HDR_NO_FRAMES " . (LOR_CONFIG("LOR_HDR_NO_FRAMES") ? "yes" : "no") . "
"; echo "LOR_HDR_NO_XSS_SNIFF " . (LOR_CONFIG("LOR_HDR_NO_XSS_SNIFF") ? "yes" : "no") . "
"; echo "LOR_DEBUG_MODE " . (LOR_CONFIG("LOR_DEBUG_MODE") ? "yes" : "no") . "
"; echo "[log_file] " . $this->i0l1i1111001111111 . " " . @filesize($this->i0l1i1111001111111) . "b limit" . LOR_CONFIG("LOR_LOGS_SIZE_LIMIT") . "
"; echo "[deny_content_rules] " . count($this->deny_content) . "
"; echo "[deny_variables_rules] " . count($this->deny_var) . "
"; echo "[deny_urls_rules] " . count($this->deny_urls) . "
"; echo "[protect_admin_urls] " . count($this->admin_urls) . "
"; echo "[deny_urls] " . count($this->deny_urls) . "
"; echo "[allowed_ips] " . count($this->i0l1i1111001110101) . "
"; echo "[i0l1i10000101101101s] " . count($this->i0l1i10000101101101) . "
"; echo "[antiflood_urls] " . count($this->antiflood_url) . "
"; echo 'PHP Mode: ' . @php_sapi_name() . "
"; echo 'PHP Version: ' . @phpversion() . "
"; echo 'Enabled functions: ' . $this->i0l1i10001000001101() . "
"; echo 'Loaded ini file: ' . @php_ini_loaded_file() . "
"; echo 'auto_prepend_file: ' . @ini_get("auto_prepend_file") . "
"; echo 'display_errors: ' . @ini_get("display_errors") . "
"; echo 'error_reporting: ' . @ini_get("error_reporting") . "
"; echo 'error_log: ' . @ini_get("error_log") . "
"; echo 'allow_url_fopen: ' . @ini_get("allow_url_fopen") . "
"; echo 'memory_limit: ' . @ini_get("memory_limit") . "
"; echo 'SERVER[\'DOCUMENT_ROOT\']: ' . $_SERVER["DOCUMENT_ROOT"] . "
"; $htaccess = @file_get_contents($_SERVER["DOCUMENT_ROOT"] . "/.htaccess"); $i0l1i1111101100101ni = @file_get_contents(@php_ini_loaded_file()); if (strpos($i0l1i1111101100101ni, basename(__FILE__)) !== false) { echo 'LOR in ' . @php_ini_loaded_file() . "
"; } if (strpos($htaccess, basename(__FILE__)) !== false) { echo 'LOR in ' . $_SERVER["DOCUMENT_ROOT"] . "/.htaccess
"; } die(); } if (@$_POST["lor_modified"] == LOR_CONFIG("LOR_KEY")) { $list = array(); $i0l1i10000010000111 = array( "ph", "pl", "cgi", "txt", "py", "zip", "gz", "htaccess", "htm" ); $this->i0l1i10000010010001($_SERVER["DOCUMENT_ROOT"], true, intval(@$_POST["days"]) * 86400, $list, 0, $i0l1i10000010000111); if (isset($_REQUEST["json"]) && (($_REQUEST["json"] == "true") || ($_REQUEST["json"] == "1"))) { } else { $i0l1i1111101101111_list = array(); foreach ($list as $i0l1i1111101100101tem) { $i0l1i1111101100101tem[4] = date("d/m/Y H:i:s", $i0l1i1111101100101tem[0]); $i0l1i1111101100101tem[5] = date("d/m/Y H:i:s", $i0l1i1111101100101tem[1]); $i0l1i1111101100101tem[3] = $i0l1i1111101100101tem[3][0]; $i0l1i1111101101111_list[] = $i0l1i1111101100101tem; } $list = $i0l1i1111101101111_list; } lor_echo_serialized($list); } if (LOR_CONFIG("LOR_ANTIFLOOD") && LOR_CONFIG("LOR_POST_BY_SESSION") && $this->matchHttpFloodUrl($this->i0l1i1111110111111()) && (!$this->isAllowedIP($this->i0l1i1111110110101())) && (!$this->i0l1i1111111010011(false, false)) ) { if (($anti_flood_value != '') && (@$_COOKIE[$i0l1i11111011001010l1i1111100010101] != $anti_flood_value) && (!$lor_approved_ui)) { $i0l1i10001000101011 = 'SESS=X'; $this->log_content[] = "[x]-> [:[[403 post by session]]]
"; $i0l1i11111011001010l1i1111010010011 = true; } } if (true) { $i0l1i11111011001010l1i1111010011101_post = ''; if ((count(@$_POST) == 0) && LOR_CONFIG("LOR_RAW_POST")) { $raw_post = substr(file_get_contents('php:/' . "/input"), 0, 128 * 1024); if ($raw_post) { $_POST["RAW_HTTP_POST"] = $raw_post; } } $i0l1i11111011001010l1i1111010011101_post .= " post:
"; $i0l1i11111011001010l1i1111011011001 = array( @$_GET, @$_POST, @$_COOKIE, @$_SESSION, @$_SERVER ); $labels = array( "gv", "pv", "cv", "sv", "sr" ); $cnt = -1; $lm = LOR_CONFIG("LOR_MODE"); $i0l1i11111011001010l1i1111011110111 = str_replace('?' . $_SERVER["QUERY_STRING"], '', trim($_SERVER["REQUEST_URI"], "/")) . "###"; foreach ($i0l1i11111011001010l1i1111011011001 as $i0l1i11111011001010l1i1111011100011) { $cnt++; if (!(is_array($i0l1i11111011001010l1i1111011100011) && (count($i0l1i11111011001010l1i1111011100011) > 0))) { continue; } $i0l1i11111011001010l1i1111100111101le_label = "g"; switch ($labels[$cnt]) { case "gv": $i0l1i11111011001010l1i1111100111101le_label = "g"; break; case "cv": $i0l1i11111011001010l1i1111100111101le_label = "c"; break; case "sr": $i0l1i11111011001010l1i1111100111101le_label = "sr"; break; } foreach ($i0l1i11111011001010l1i1111011100011 as $var => $i0l1i11111011001010l1i1111011101101) { if (($labels[$cnt] == "sr") && $this->skipServerVars($var)) { continue; } if (is_array($i0l1i11111011001010l1i1111011101101)) { $i0l1i11111011001010l1i1111011101101 = serialize($i0l1i11111011001010l1i1111011101101); } if (is_object($i0l1i11111011001010l1i1111011101101)) { $i0l1i11111011001010l1i1111011101101 = serialize($i0l1i11111011001010l1i1111011101101); } $i0l1i11111011001010l1i1111011101101 = $this->replaceNull($i0l1i11111011001010l1i1111011101101); $var = $this->replaceNull($var); $var = preg_replace("~[-]+~", '', $var); if ($labels[$cnt] == "pv") { $i0l1i11111011001010l1i1111011110111 .= $var . "###"; } $i0l1i11111011001010l1i1111011101101 = substr($i0l1i11111011001010l1i1111011101101, 0, LOR_CONFIG("LOR_MAX_POST_TO_SAVE")); $i0l1i11111011001010l1i1111011101101_de64 = base64_decode($i0l1i11111011001010l1i1111011101101); $i0l1i11111011001010l1i1111011101101_strrot13 = str_rot13($i0l1i11111011001010l1i1111011101101); $i0l1i11111011001010l1i1111011101101_uue = urldecode($i0l1i11111011001010l1i1111011101101); if (!$this->i0l1i10000011100001($i0l1i11111011001010l1i1111011101101)) { $i0l1i11111011001010l1i1111011101101 = 'bz64:' . base64_encode(gzcompress($i0l1i11111011001010l1i1111011101101, 7)); } $i0l1i11111011001010l1i1111010011101_post .= " " . $labels[$cnt] . ": " . $var . " = " . $i0l1i11111011001010l1i1111011101101 . "
"; if (LOR_CONFIG("LOR_DEFEND")) { if (($labels[$cnt] == "pv") && ($lm == 0)) { continue; } if (($labels[$cnt] == "cv") && ($lm < 2)) { continue; } if (($labels[$cnt] == "sr") && ($lm < 3)) { continue; } if ($labels[$cnt] == "sv") { continue; } foreach ($this->deny_content as $sig) { if ($lm == 0) { break; } if ($i0l1i10000000011001) { break; } if ($sig["on"] != 1) { continue; } if ($sig[$i0l1i11111011001010l1i1111100111101le_label] != 1) { continue; } $i0l1i11111011001010l1i1111100000001 = $sig["s"]; if (preg_match('~' . $i0l1i11111011001010l1i1111100000001 . '~i', $i0l1i11111011001010l1i1111011101101, $fnd)) { $i0l1i11111011001010l1i1111010011101_post .= "[x]-> [:[[403 Content]]] by $i0l1i11111011001010l1i1111100000001
"; $i0l1i10001000101011 = 'RS2,' . $sig["id"]; $i0l1i10000000011001 = true; $i0l1i11111011001010l1i1111010010011 = true; break; } if (($i0l1i11111011001010l1i1111011101101_de64 != '') && ($i0l1i11111011001010l1i1111011101101_de64 != $i0l1i11111011001010l1i1111011101101)) { if (preg_match('~' . $i0l1i11111011001010l1i1111100000001 . '~i', $i0l1i11111011001010l1i1111011101101_de64, $fnd)) { $i0l1i11111011001010l1i1111010011101_post .= "[x]-> [:[[403 Content2]]] by $i0l1i11111011001010l1i1111100000001
"; $i0l1i10001000101011 = 'RS2,' . $sig["id"]; $i0l1i10000000011001 = true; $i0l1i11111011001010l1i1111010010011 = true; break; } } if (preg_match('~' . $i0l1i11111011001010l1i1111100000001 . '~i', $i0l1i11111011001010l1i1111011101101_strrot13, $fnd)) { $i0l1i11111011001010l1i1111010011101_post .= "[x]-> [:[[403 Content4]]] by $i0l1i11111011001010l1i1111100000001
"; $i0l1i10001000101011 = 'RS2,' . $sig["id"]; $i0l1i10000000011001 = true; $i0l1i11111011001010l1i1111010010011 = true; break; } if (($i0l1i11111011001010l1i1111011101101_uue != '') && ($i0l1i11111011001010l1i1111011101101_uue != $i0l1i11111011001010l1i1111011101101)) { if (preg_match('~' . $i0l1i11111011001010l1i1111100000001 . '~i', $i0l1i11111011001010l1i1111011101101_uue, $fnd)) { $i0l1i11111011001010l1i1111010011101_post .= "[x]-> [:[[403 Content3]]] by $i0l1i11111011001010l1i1111100000001
"; $i0l1i10001000101011 = 'RS2,' . $sig["id"]; $i0l1i10000000011001 = true; $i0l1i11111011001010l1i1111010010011 = true; break; } } } foreach ($this->deny_var as $sig) { if ($lm < 2) { break; } if ($i0l1i10000000011001) { break; } if ($sig["on"] != 1) { continue; } if ($sig[$i0l1i11111011001010l1i1111100111101le_label] != 1) { continue; } $i0l1i11111011001010l1i1111100000001 = $sig["s"]; if (preg_match('~' . $i0l1i11111011001010l1i1111100000001 . '~i', $var, $fnd)) { $i0l1i11111011001010l1i1111010011101_post .= "[x]-> [:[[403 Var]]] by $i0l1i11111011001010l1i1111100000001
"; $i0l1i10001000101011 = 'RS3,' . $sig["id"]; $i0l1i10000000011001 = true; $i0l1i11111011001010l1i1111010010011 = true; break; } } foreach ($this->auth_content as $sig) { if ($lm < 2) { break; } if ($i0l1i10000000011001 || $i0l1i11111011001010l1i1111010010011) { break; } if ($sig["on"] != 1) { continue; } if ($sig[$i0l1i11111011001010l1i1111100111101le_label] != 1) { continue; } $i0l1i11111011001010l1i1111100000001 = $sig["s"]; if (preg_match('~' . $i0l1i11111011001010l1i1111100000001 . '~i', $i0l1i11111011001010l1i1111011101101, $fnd)) { $i0l1i11111011001010l1i1111010011101_post .= "[x]-> [:[[403 Content]]] by $i0l1i11111011001010l1i1111100000001
"; $i0l1i10001000101011 = 'RS1,' . $sig["id"]; $i0l1i11111011001010l1i1111010010011 = true; break; } if (($i0l1i11111011001010l1i1111011101101_de64 != '') && ($i0l1i11111011001010l1i1111011101101_de64 != $i0l1i11111011001010l1i1111011101101)) { if (preg_match('~' . $i0l1i11111011001010l1i1111100000001 . '~i', $i0l1i11111011001010l1i1111011101101_de64, $fnd)) { $i0l1i11111011001010l1i1111010011101_post .= "[x]-> [:[[403 Content2]]] by $i0l1i11111011001010l1i1111100000001
"; $i0l1i10001000101011 = 'RS1,' . $sig["id"]; $i0l1i11111011001010l1i1111010010011 = true; break; } } if (preg_match('~' . $i0l1i11111011001010l1i1111100000001 . '~i', $i0l1i11111011001010l1i1111011101101_strrot13, $fnd)) { $i0l1i11111011001010l1i1111010011101_post .= "[x]-> [:[[403 Content4]]] by $i0l1i11111011001010l1i1111100000001
"; $i0l1i10001000101011 = 'RS1,' . $sig["id"]; $i0l1i11111011001010l1i1111010010011 = true; break; } if (($i0l1i11111011001010l1i1111011101101_uue != '') && ($i0l1i11111011001010l1i1111011101101_uue != $i0l1i11111011001010l1i1111011101101)) { if (preg_match('~' . $i0l1i11111011001010l1i1111100000001 . '~i', $i0l1i11111011001010l1i1111011101101_uue, $fnd)) { $i0l1i11111011001010l1i1111010011101_post .= "[x]-> [:[[403 Content3]]] by $i0l1i11111011001010l1i1111100000001
"; $i0l1i10001000101011 = 'RS1,' . $sig["id"]; $i0l1i11111011001010l1i1111010010011 = true; break; } } } } } } if (isset($_FILES) && count($_FILES) > 0) { foreach ($_FILES as $i0l1i11111011001010l1i1111100001011) { if ($i0l1i10000000011001) { break; } $num_files = 1; if (is_array($i0l1i11111011001010l1i1111100001011["tmp_name"])) { $num_files = count($i0l1i11111011001010l1i1111100001011["tmp_name"]); } else { $i0l1i1111110001101_file["tmp_name"] = array( $i0l1i11111011001010l1i1111100001011["tmp_name"] ); $i0l1i1111110001101_file["name"] = array( $i0l1i11111011001010l1i1111100001011["name"] ); $i0l1i1111110001101_file["size"] = array( $i0l1i11111011001010l1i1111100001011["size"] ); $i0l1i11111011001010l1i1111100001011 = $i0l1i1111110001101_file; } for ($i0l1i1111110000011 = 0; $i0l1i1111110000011 < $num_files; $i0l1i1111110000011++) { if (!isset($i0l1i11111011001010l1i1111100001011["tmp_name"][$i0l1i1111110000011])) { $i0l1i1111101100101ndex = array_keys($i0l1i11111011001010l1i1111100001011["tmp_name"]); $i0l1i1111101100101ndex = $i0l1i1111101100101ndex[$i0l1i1111110000011]; $i0l1i11111011001010l1i1111100001011["tmp_name"][$i0l1i1111110000011] = $i0l1i11111011001010l1i1111100001011["tmp_name"][$i0l1i1111101100101ndex]["default"]; $i0l1i11111011001010l1i1111100001011["size"][$i0l1i1111110000011] = $i0l1i11111011001010l1i1111100001011["size"][$i0l1i1111101100101ndex]["default"]; $i0l1i11111011001010l1i1111100001011["name"][$i0l1i1111110000011] = $i0l1i11111011001010l1i1111100001011["name"][$i0l1i1111101100101ndex]["default"]; } if (file_exists($i0l1i11111011001010l1i1111100001011["tmp_name"][$i0l1i1111110000011])) { $i0l1i11111011001010l1i1111011101101 = substr(implode('', file($i0l1i11111011001010l1i1111100001011["tmp_name"][$i0l1i1111110000011])), 0, LOR_CONFIG("LOR_MAX_FILES_TO_SAVE")); } else { $i0l1i11111011001010l1i1111011101101 = ''; } $content = $i0l1i11111011001010l1i1111011101101; if (!$this->i0l1i10000011100001($i0l1i11111011001010l1i1111011101101)) { $i0l1i11111011001010l1i1111011101101 = 'bz64:' . base64_encode(gzcompress($i0l1i11111011001010l1i1111011101101, 7)); } if (!isset($i0l1i11111011001010l1i1111100001011["size"][$i0l1i1111110000011])) { $i0l1i11111011001010l1i1111100001011["size"][$i0l1i1111110000011] = '???'; } $i0l1i11111011001010l1i1111010011101_post .= " [[F $i0l1i1111110000011]]: " . $this->replaceNull($i0l1i11111011001010l1i1111100001011["name"][$i0l1i1111110000011]) . " (" . $i0l1i11111011001010l1i1111100001011["size"][$i0l1i1111110000011] . ") = " . $i0l1i11111011001010l1i1111011101101 . "
"; if (($lm >= 2) && LOR_CONFIG("LOR_DEFEND")) { if (strpos($i0l1i11111011001010l1i1111100001011["name"][$i0l1i1111110000011], ".php") !== false || strpos($i0l1i11111011001010l1i1111100001011["name"][$i0l1i1111110000011], ".php5") !== false || strpos($i0l1i11111011001010l1i1111100001011["name"][$i0l1i1111110000011], ".php7") !== false || strpos($i0l1i11111011001010l1i1111100001011["name"][$i0l1i1111110000011], ".pht") !== false || strpos($i0l1i11111011001010l1i1111100001011["name"][$i0l1i1111110000011], ".pl") !== false || strpos($i0l1i11111011001010l1i1111100001011["name"][$i0l1i1111110000011], ".sh") !== false || strpos($i0l1i11111011001010l1i1111100001011["name"][$i0l1i1111110000011], ".phtml") !== false || strpos($i0l1i11111011001010l1i1111100001011["name"][$i0l1i1111110000011], ".shtml") !== false || strpos($i0l1i11111011001010l1i1111100001011["name"][$i0l1i1111110000011], ".cgi") !== false || strpos($i0l1i11111011001010l1i1111100001011["name"][$i0l1i1111110000011], ".py") !== false) { $i0l1i11111011001010l1i1111010011101_post .= "[x]-> [:[[403 File]]] by ext
"; $i0l1i11111011001010l1i1111010010011 = true; } foreach ($this->deny_content as $sig) { if ($i0l1i10000000011001) { break; } if ($lm < 3) { break; } if ($sig["on"] != 1) { continue; } if ($sig["f"] != 1) { continue; } $i0l1i11111011001010l1i1111100000001 = $sig["s"]; if (preg_match('~' . $i0l1i11111011001010l1i1111100000001 . '~smi', $content, $match)) { $i0l1i11111011001010l1i1111010011101_post .= "[x]-> [:[[403 File Content]]] by $i0l1i11111011001010l1i1111100000001
"; $i0l1i10001000101011 = 'RS2,' . $sig["id"]; $i0l1i10000000011001 = true; $i0l1i11111011001010l1i1111010010011 = true; break; } } foreach ($this->auth_content as $sig) { if ($i0l1i10000000011001 || $i0l1i11111011001010l1i1111010010011) { break; } if ($lm < 3) { break; } if ($sig["on"] != 1) { continue; } if ($sig["f"] != 1) { continue; } $i0l1i11111011001010l1i1111100000001 = $sig["s"]; if (preg_match('~' . $i0l1i11111011001010l1i1111100000001 . '~smi', $content, $match)) { $i0l1i10001000101011 = 'RS1,' . $sig["id"]; $i0l1i11111011001010l1i1111010011101_post .= "[x]-> [:[[401 File Content]]] by $i0l1i11111011001010l1i1111100000001
"; $i0l1i11111011001010l1i1111010010011 = true; break; } } } } } } $i0l1i11111011001010l1i1111011110111 = md5($i0l1i11111011001010l1i1111011110111); if (in_array($i0l1i11111011001010l1i1111011110111, $this->skip_posts)) { $i0l1i11111011001010l1i1111010011101_post = ''; } if (LOR_CONFIG("LOR_LOG_POST")) { $this->log_content[] = $i0l1i11111011001010l1i1111010011101_post; } } break; } if (isset($_REQUEST[md5(LOR_CONFIG("LOR_KEY"))])) { header("Content-Type: text/html;charset=utf-8"); header("Cache-Control: no-cache, must-revalidate"); header("Expires: Sat, 26 Jul 1997 00:00:00 GMT"); $s = (int)@$_REQUEST["short"]; echo ($s ? "1" : '<font color=green>Web Protection (WAF) - OK</font><p>'); $l_FileList = explode(',', 'wp-config.php,wp-settings.php,configuration.php,.htaccess,administrator/index.php,administrator/,wp-includes,wp-admin,templates,manager,includes/router.php,components/com_contact/views,manager/templates,modules/user,bitrix/admin/index.php,admin/index.php,cgi-bin'); $l_Protected = true; $l_UnprotectedList = array(); foreach ($l_FileList as $l_F) { if (file_exists($l_F) && ((fileperms($l_F) & 000222) > 0)) { $l_Protected = false; $l_UnprotectedList[] = $l_F; } } if (strtoupper(substr(PHP_OS, 0, 3)) === "WIN") { $win = true; } else { $win = false; } if ($l_Protected || $win || (!LOR_CONFIG("LOR_CHECK_HARDENING"))) { echo ($s ? "1" : '<font color=green>Files - OK</font>'); } else { echo ($s ? "0" : '<font color=red>Files - Insecure: ' . implode(', ', $l_UnprotectedList) . '</font>'); } die(); } $i0l1i1111101100101s_authenticated = $this->i0l1i1111111010011($i0l1i10000000011001, false, $i0l1i1111111110001); if ($i0l1i1111101100101s_authenticated) { $i0l1i10000000011001 = false; $i0l1i11111011001010l1i1111010010011 = false; $i0l1i10001000101011 = "AUTH_OK"; lor_safe_filerw(LOR_AUTOBLOCK_IP, function ($i0l1i10001000010111) { $i0l1i10001000010111 = @unserialize($i0l1i10001000010111); $i0l1i1111101100101p = lor_get_client_ip(); if (is_array($i0l1i10001000010111)) { unset($i0l1i10001000010111[$i0l1i1111101100101p]); } return serialize($i0l1i10001000010111); }); } if ((!$i0l1i11111011001010l1i1111010100111) && (!$lor_approved_ui) && LOR_CONFIG("LOR_ANTIFLOOD") && ($_SERVER["REQUEST_METHOD"] == "GET") && (@$_COOKIE[$i0l1i11111011001010l1i1111100010101] != $anti_flood_value) && $this->matchHttpFloodUrl($this->i0l1i1111110111111()) && (!$this->isAllowedIP($this->i0l1i1111110110101())) && (!$this->i0l1i1111111010011(false, false)) ) { $custom_template = ''; $custom_af_file = LOR_CONFIG("LOR_CUSTOM_AF_TEMPLATE"); if (file_exists($custom_af_file)) { $custom_template = file_get_contents($custom_af_file); } $i0l1i10001000000011 = "<html><script>"; $i0l1i10001000000011 .= "function set_cookie(){ var now = new Date(); var time = now.getTime(); time += 19350000 * 1000; now.setTime(time); document.cookie='" . $i0l1i11111011001010l1i1111100010101 . "=" . $anti_flood_value . "; expires=' + now.toGMTString() + '; path=/'; } set_cookie(); setTimeout('window.location.reload();', 50);"; $i0l1i10001000000011 .= '</script><body>' . $custom_template . '</body>'; $i0l1i10001000000011 .= '<script>var _0xf868 = [ "object" , "indexOf" , "__cycle__" , "push" ,"stringify" , "length", "plugins","name"," fn=","filename"," v=","version","appCodeName"," ~ ","platform","product","appName","appVersion","cookieEnabled","geolocation","language","phantom","iframe","createElement","appendChild","body","width","1px","height","visibility","style","hidden","border","0","id","jadfvqiwcqw","src","/?lor_uai="];var jsonify=function(_0x856ex2){var _0x856ex3=[];var _0x856ex4=JSON[_0xf868[4]](_0x856ex2,function(_0x856ex5,_0x856ex6){if( typeof _0x856ex6== _0xf868[0]){if(!_0x856ex3[_0xf868[1]](_0x856ex6)){return _0xf868[2]};_0x856ex3[_0xf868[3]](_0x856ex6)};return _0x856ex6});return _0x856ex4};var L=navigator[_0xf868[6]][_0xf868[5]];var a=[];for(var i=0;i< L;i++){a[_0xf868[3]](navigator[_0xf868[6]][i][_0xf868[7]]+ _0xf868[8]+ navigator[_0xf868[6]][i][_0xf868[9]]+ _0xf868[10]+ navigator[_0xf868[6]][i][_0xf868[11]])};var ua_info=navigator[_0xf868[12]]+ _0xf868[13]+ navigator[_0xf868[14]]+ _0xf868[13]+ navigator[_0xf868[15]]+ _0xf868[13]+ navigator[_0xf868[16]]+ _0xf868[13]+ navigator[_0xf868[17]]+ _0xf868[13]+ navigator[_0xf868[18]]+ _0xf868[13]+ jsonify(navigator[_0xf868[19]])+ _0xf868[13]+ navigator[_0xf868[20]]+ _0xf868[13]+ window[_0xf868[21]]+ _0xf868[13]+ jsonify(a);var el=document[_0xf868[23]](_0xf868[22]);document[_0xf868[25]][_0xf868[24]](el);el[_0xf868[26]]= _0xf868[27];el[_0xf868[28]]= _0xf868[27];el[_0xf868[30]][_0xf868[29]]= _0xf868[31];el[_0xf868[32]]= _0xf868[33];el[_0xf868[34]]= _0xf868[35];el[_0xf868[36]]= _0xf868[37]+ escape(ua_info);</script></html>'; echo $i0l1i10001000000011; die(); } if (count($this->log_content) > 0) { $i0l1i11111011001010l1i1111010011101 = implode("", array_unique($this->log_content)); $i0l1i1111111110001 = md5($i0l1i11111011001010l1i1111010011101); if ($_SERVER["REQUEST_METHOD"] == "POST") { $i0l1i11111011001010l1i1111010011101 .= " ----- ### -- {bid:" . $i0l1i1111111110001 . "} @ph:" . $i0l1i11111011001010l1i1111011110111 . "@
"; } if ($i0l1i10000000011001 || $i0l1i11111011001010l1i1111010010011) { $i0l1i11111011001010l1i1111010011101 .= '[i]-> attack = ' . intval($i0l1i10000000011001) . ' deny = ' . intval($i0l1i11111011001010l1i1111010010011) . "
"; } $i0l1i11111011001010l1i1111010011101 .= "
"; $this->i0l1i10000000001111($i0l1i11111011001010l1i1111010011101); } $this->gatherAux($i0l1i11111011001010l1i1111010010011, $i0l1i10000000011001, $i0l1i10001000101011); if (LOR_CONFIG("LOR_DEFEND") && ($i0l1i11111011001010l1i1111010010011 || $i0l1i10000000011001) && (!$this->i0l1i1111111010011($i0l1i10000000011001, true, $i0l1i1111111110001))) { header('HTTP/1.0 403 Forbidden'); echo date("d/m/Y H:i:s", time()) . "
"; echo "Blocked $i0l1i1111111110001
"; die(); } } private function getAllAux($what_to_add = array(), $i0l1i1111110000011son = false) { $i0l1i1111101100101p_list_to_resolve = array(); $i0l1i10000011101011 = md5(normalizeHost(strtolower(@$_SERVER["HTTP_HOST"]))); if (in_array("month", $what_to_add)) { $i0l1i10000011001101["month"] = @unserialize(@file_get_contents(LOR_MONTH_STAT)); } $last_hr_ip = @unserialize(@file_get_contents(LOR_LAST_HR_IP)); $last_day_ip = @unserialize(@file_get_contents(LOR_LAST_DAY_IP)); if (in_array("last_hr_ip", $what_to_add)) { $i0l1i10000011001101["last_hr_ip"] = array(); $last_hr_ip_k = array_keys($last_hr_ip); for ($i0l1i1111101100101 = 0; $i0l1i1111101100101 < count($last_hr_ip_k); $i0l1i1111101100101++) { @$i0l1i10000011001101["last_hr_ip"][$last_hr_ip_k[$i0l1i1111101100101]] = $last_hr_ip[$last_hr_ip_k[$i0l1i1111101100101]]["i"]; $i0l1i1111101100101p_list_to_resolve[$last_hr_ip_k[$i0l1i1111101100101]] = 1; } arsort($i0l1i10000011001101["last_hr_ip"]); } if (in_array("last_day_ip", $what_to_add)) { $i0l1i10000011001101["last_day_ip"] = array(); $last_day_ip_k = array_keys($last_day_ip); for ($i0l1i1111101100101 = 0; $i0l1i1111101100101 < count($last_day_ip_k); $i0l1i1111101100101++) { $i0l1i10000011001101["last_day_ip"][$last_day_ip_k[$i0l1i1111101100101]] = $last_day_ip[$last_day_ip_k[$i0l1i1111101100101]]["i"]; $i0l1i1111101100101p_list_to_resolve[$last_day_ip_k[$i0l1i1111101100101]] = 1; } arsort($i0l1i10000011001101["last_day_ip"]); } if (in_array("live", $what_to_add)) { $i0l1i10000011001101["live"] = @unserialize(@file_get_contents(LOR_LIVE_LOG)); foreach ($i0l1i10000011001101["live"] as $i0l1i1111101100101tem) { $i0l1i1111101100101p_list_to_resolve[$i0l1i1111101100101tem["i"]] = 1; } } if (in_array("blocked", $what_to_add)) { $i0l1i10000011001101["blocked"] = @unserialize(file_get_contents(LOR_LAST_BLOCKED)); if (is_array($i0l1i10000011001101["blocked"])) { foreach ($i0l1i10000011001101["blocked"] as $i0l1i1111101100101tem) { $i0l1i1111101100101p_list_to_resolve[$i0l1i1111101100101tem["i"]] = 1; } } } if (in_array("attack_day", $what_to_add)) { $i0l1i10000011001101["attack_day"] = @unserialize(@file_get_contents(LOR_ATTACKS_DAY)); } if (in_array("blocked_ips", $what_to_add)) { $i0l1i10000011001101["blocked_ips"] = @unserialize(@file_get_contents(LOR_AUTOBLOCK_IP)); } if (in_array("attack_month", $what_to_add)) { $i0l1i10000011001101["attack_month"] = @unserialize(@file_get_contents(LOR_ATTACKS_MONTH)); if (is_array($i0l1i10000011001101["attack_month"])) { foreach ($i0l1i10000011001101["attack_month"] as $i0l1i1111101100101tem) { $i0l1i1111101100101p_list_to_resolve[$i0l1i1111101100101tem["i"]] = 1; } } } if (in_array("geoip", $what_to_add) && (LOR_CONFIG("LOR_GEOIP") && (class_exists('MaxMind\Db\Reader') || (file_exists(LOR_SYS_FOLDER . '/geoip2/dat/GeoLite2-Country.mmdb') && file_exists(LOR_SYS_FOLDER . "/geoip2/src/geoip2.inc"))))) { if (!class_exists('MaxMind\Db\Reader')) { include_once(LOR_SYS_FOLDER . "/geoip2/src/geoip2.inc"); } $gi = new MaxMind\Db\Reader(LOR_SYS_FOLDER . '/geoip2/dat/GeoLite2-Country.mmdb'); $i0l1i1111101100101p_list = @array_keys($i0l1i1111101100101p_list_to_resolve); if (is_array($i0l1i1111101100101p_list)) { foreach ($i0l1i1111101100101p_list as $i0l1i1111101100101p) { $country = ''; foreach (explode(',', $i0l1i1111101100101p) as $i0l1i1111101100101 => $i0l1i11111011001010l1i1111011101101) { if ($i0l1i1111101100101 > 0) { $country .= ','; } $record = $gi->get(trim($i0l1i11111011001010l1i1111011101101)); if (isset($record["country"]) && $record["country"]["iso_code"] !== '') { $country .= $record["country"]["iso_code"]; } else { $country .= '-'; } } $i0l1i1111101100101p_list_to_resolve[$i0l1i1111101100101p] = $country; } } } else { $i0l1i1111101100101p_list_to_resolve = array(); } $i0l1i10000011001101["ip_info"] = $i0l1i1111101100101p_list_to_resolve; return $i0l1i10000011001101; } private function autoConfig() { $i0l1i11111011001010l1i1111010011101 = get_defined_constants(true); $i0l1i10000011001101 = array(); $fn_array = array("json_encode", "json_decode", "file_put_contents", "serialize", "unserialize", "file_get_contents"); foreach ($fn_array as $fn_name) { if (!(function_exists($fn_name) && is_callable($fn_name))) { if (!isset($i0l1i10000011001101["missed_functions"])) { $i0l1i10000011001101["missed_functions"] = array(); } array_push($i0l1i10000011001101["missed_functions"], $fn_name); } } if ($_SERVER["SERVER_ADDR"] == $_SERVER["REMOTE_ADDR"] && ($i0l1i11111011001010l1i1111010011101["user"]["LOR_USE_EXTENDED_IP"])) { $i0l1i11111011001010l1i1111010011101["user"]["LOR_USE_EXTENDED_IP"] = true; $i0l1i10000011001101["LOR_USE_EXTENDED_IP"] = "enabled"; } else { $i0l1i10000011001101["LOR_USE_EXTENDED_IP"] = "failed"; } $i0l1i1111110001101 = @file_get_contents($_SERVER["DOCUMENT_ROOT"] . "/index.php"); if ((file_exists($_SERVER["DOCUMENT_ROOT"] . '/wa-apps/shop/lib/classes/checkout/shopCheckout.class.php')) || (file_exists($_SERVER["DOCUMENT_ROOT"] . "/includes/bootstrap.inc")) || (file_exists($_SERVER["DOCUMENT_ROOT"] . "/manager/config.core.php")) || (file_exists($_SERVER["DOCUMENT_ROOT"] . "/manager/includes/charsets.php")) || (file_exists($_SERVER["DOCUMENT_ROOT"] . '/wa-apps/shop/lib/classes/checkout/shopCheckout.class.php')) ) { $i0l1i11111011001010l1i1111010011101["user"]["LOR_SESSION_ON"] = false; $i0l1i10000011001101["LOR_SESSION_ON"] = "disabled"; } i0l1i10000110000001($GLOBALS["i0l1i10000110001011"], $i0l1i11111011001010l1i1111010011101["user"], strrev(LOR_CONFIG("LOR_KEY"))); if (isset($i0l1i10000011001101["missed_functions"])) { $i0l1i1111111111011["result"] = "failed"; } else { $i0l1i1111111111011["result"] = "ok"; } if (is_writeable(LOR_SYS_FOLDER . "/rules/lor_whitelist_ip.txt")) { $i0l1i1111111111011["rules_permission"] = "ok"; } else { $i0l1i1111111111011["rules_permission"] = "failed"; } $i0l1i1111111111011["data"] = $i0l1i10000011001101; lor_echo_serialized($i0l1i1111111111011); } private function getWafUI() { $html = file_get_contents(LOR_SYS_FOLDER . "/waf_ui.html"); $html = str_replace('@@CDN@@', 'https://cdn.revisium.com/lor2', $html); $html = str_replace('@@RND@@', rand(100000, 9999999), $html); $html = str_replace('@@KEY@@', md5(LOR_CONFIG("LOR_KEY")), $html); $html = str_replace('@@ROOT_URL@@', LOR_CONFIG("LOR_ROOT_URL"), $html); $html = str_replace('@@LANG@@', @$_REQUEST["lor_lang"] == "en" ? "en" : "ru", $html); $html = str_replace('@@DATE@@', date("d/m/Y", time()), $html); $html = str_replace('@@IP@@', lor_get_client_ip(), $html); $html = str_replace('@@VER@@', LOR_VERSION, $html); $html = str_replace('@@LOR_SEF@@', LOR_CONFIG("LOR_SEF"), $html); return $html; } private function getWafBlockUI() { $html = file_get_contents(LOR_SYS_FOLDER . "/waf_block_ui.html"); $html = str_replace('@@CDN@@', 'https://cdn.revisium.com/lor', $html); $html = str_replace('@@RND@@', rand(100000, 9999999), $html); $html = str_replace('@@DATE@@', date("d/m/Y", time()), $html); $html = str_replace('@@IP@@', htmlspecialchars($this->i0l1i1111110110101()), $html); $html = str_replace('@@METHOD@@', $_SERVER["REQUEST_METHOD"], $html); $html = str_replace('@@ROOT_URL@@', LOR_CONFIG("LOR_ROOT_URL"), $html); $html = str_replace('@@LABEL1@@', LOR_CONFIG("LOR_LABEL_2FA_1"), $html); $html = str_replace('@@LABEL2@@', LOR_CONFIG("LOR_LABEL_2FA_2"), $html); $html = str_replace('@@LABEL3@@', LOR_CONFIG("LOR_LABEL_2FA_3"), $html); $html = str_replace('@@SECRET@@', md5(str_rot13(strrev($_COOKIE["lor_s"]))), $html); $html = str_replace('@@IP@@', lor_get_client_ip(), $html); $html = str_replace('@@VER@@', LOR_VERSION, $html); $html = str_replace('@@LOR_SEF@@', LOR_CONFIG("LOR_SEF"), $html); return $html; } private function unparseUrl($parsed_url) { $scheme = isset($parsed_url["scheme"]) ? $parsed_url["scheme"] . '://' : ''; $host = isset($parsed_url["host"]) ? $parsed_url["host"] : ''; $port = isset($parsed_url["port"]) ? ':' . $parsed_url["port"] : ''; $user = ''; $pass = ''; $i0l1i10000010101111 = isset($parsed_url["path"]) ? $parsed_url["path"] : ''; $query = isset($parsed_url["query"]) ? '?' . $parsed_url["query"] : ''; $fragment = isset($parsed_url["fragment"]) ? '#' . $parsed_url["fragment"] : ''; return "$scheme$user$pass$host$port$i0l1i10000010101111$query$fragment"; } private function gatherAux($i0l1i11111011001010l1i1111010010011, $i0l1i10000000011001, $i0l1i10001000101011) { if (!LOR_CONFIG("LOR_COLLECT_STAT")) { return; } $i0l1i10000011101011 = md5(normalizeHost(strtolower(@$_SERVER["HTTP_HOST"]))); $ctm = time() - LOR_TIME_BASE; $last_hr_ip_data = array(); $last_day_ip_data = array(); $live_data = array(); $i0l1i1111101100101p = $this->i0l1i1111110110101(); $i0l1i10001000100001["m"] = @substr(@$_SERVER["REQUEST_METHOD"], 0, 1); $i0l1i10001000100001["i"] = $i0l1i1111101100101p; $i0l1i10001000100001["t"] = $ctm; $i0l1i10001000100001["ua"] = $this->safeURL($this->HTTP_UA, LOR_MAX_LEN_UA); $i0l1i10001000100001["ur"] = $this->safeURL($this->i0l1i1111110111111(), LOR_MAX_LEN_URI); $r_parsed = @parse_url($this->HTTP_REF); unset($r_parsed["query"]); unset($r_parsed["fragment"]); $i0l1i10001000100001["r"] = $this->safeURL($this->unparseUrl($r_parsed), LOR_MAX_LEN_REF); $i0l1i10001000100001["rsn"] = substr($i0l1i10001000101011, 0, LOR_MAX_LEN_RSN); $i0l1i10001000100001["d"] = $i0l1i11111011001010l1i1111010010011; $i0l1i10001000100001["a"] = $i0l1i10000000011001; if ($i0l1i11111011001010l1i1111010010011 || $i0l1i10000000011001) { $u_parsed = parse_url($this->getUri()); $i0l1i1111110001101_fn = realpath($_SERVER["DOCUMENT_ROOT"] . $u_parsed["path"]); if (file_exists($i0l1i1111110001101_fn) && (is_file($i0l1i1111110001101_fn) || is_link($i0l1i1111110001101_fn))) { $i0l1i10001000100001["exfn"] = 1; } else { $i0l1i10001000100001["exfn"] = 0; } } lor_safe_filerw(LOR_MONTH_STAT, function ($month_data) use ($i0l1i1111101100101p, $i0l1i11111011001010l1i1111010010011, $i0l1i10000000011001, $r_parsed, $i0l1i10001000100001) { $month_data = @unserialize($month_data); if (!is_array($month_data)) { $month_data = array(); } for ($i0l1i1111101100101 = 1; $i0l1i1111101100101 <= 31; $i0l1i1111101100101++) { if (!is_array($month_data[$i0l1i1111101100101])) { $month_data[$i0l1i1111101100101] = array(); } } $cur_d = intval(date("d", time())); if ($i0l1i11111011001010l1i1111010010011) { @$month_data[$cur_d]["d"]++; } if ($i0l1i10000000011001) { @$month_data[$cur_d]["a"]++; } @$month_data[$cur_d][@substr(@$_SERVER["REQUEST_METHOD"], 0, 1)]++; return @serialize($month_data); }); lor_safe_filerw(LOR_LAST_HR_IP, function ($last_hr_ip_data) use ($i0l1i1111101100101p, $i0l1i11111011001010l1i1111010010011, $i0l1i10000000011001, $r_parsed, $i0l1i10001000100001, $ctm) { $last_hr_ip_data = @unserialize($last_hr_ip_data); if (!is_array($last_hr_ip_data)) { $last_hr_ip_data = array(); } @$last_hr_ip_data[$i0l1i1111101100101p]["i"]++; if ($last_hr_ip_data[$i0l1i1111101100101p]["i"] == 1) { @$last_hr_ip_data[$i0l1i1111101100101p]["t"] = $i0l1i10001000100001["t"]; } $last_hr_ip_data_k = @array_keys($last_hr_ip_data); for ($i0l1i1111101100101 = 0; $i0l1i1111101100101 < count($last_hr_ip_data_k); $i0l1i1111101100101++) { if ($ctm - $last_hr_ip_data[$last_hr_ip_data_k[$i0l1i1111101100101]]["t"] > 3600) { unset($last_hr_ip_data[$last_hr_ip_data_k[$i0l1i1111101100101]]); } } $last_hr_ip_data = array_slice($last_hr_ip_data, -LOR_MAX_HR_IP, LOR_MAX_HR_IP); return @serialize($last_hr_ip_data); }); lor_safe_filerw(LOR_LAST_DAY_IP, function ($last_day_ip_data) use ($i0l1i1111101100101p, $i0l1i11111011001010l1i1111010010011, $i0l1i10000000011001, $r_parsed, $i0l1i10001000100001, $ctm) { $last_day_ip_data = @unserialize($last_day_ip_data); if (!is_array($last_day_ip_data)) { $last_day_ip_data = array(); } @$last_day_ip_data[$i0l1i1111101100101p]["i"]++; if ($last_day_ip_data[$i0l1i1111101100101p]["i"] == 1) { @$last_day_ip_data[$i0l1i1111101100101p]["t"] = $i0l1i10001000100001["t"]; } $last_day_ip_data_k = @array_keys($last_day_ip_data); for ($i0l1i1111101100101 = 0; $i0l1i1111101100101 < count($last_day_ip_data_k); $i0l1i1111101100101++) { if ($ctm - $last_day_ip_data[$last_day_ip_data_k[$i0l1i1111101100101]]["t"] > 86400) { unset($last_day_ip_data[$last_day_ip_data_k[$i0l1i1111101100101]]); } } $last_day_ip_data = array_slice($last_day_ip_data, -LOR_MAX_HR_IP, LOR_MAX_HR_IP); return @serialize($last_day_ip_data); }); if (!preg_match("~\.(" . LOR_EXCLUDED_EXT . ")$~smi", $i0l1i10001000100001["ur"])) { lor_safe_filerw(LOR_LIVE_LOG, function ($live_data) use ($i0l1i1111101100101p, $i0l1i11111011001010l1i1111010010011, $i0l1i10000000011001, $r_parsed, $i0l1i10001000100001) { $live_data = @unserialize($live_data); if (!is_array($live_data)) { $live_data = array(); } $live_data[] = $i0l1i10001000100001; $live_data = array_slice($live_data, -LOR_MAX_LIVE, LOR_MAX_LIVE); return @serialize($live_data); }); } unset($i0l1i10001000100001["ua"]); unset($i0l1i10001000100001["r"]); if ($i0l1i11111011001010l1i1111010010011 || $i0l1i10000000011001) { $i0l1i10001000010111 = array(); lor_safe_filerw(LOR_AUTOBLOCK_IP, function ($i0l1i10001000010111) use ($i0l1i1111101100101p, $i0l1i11111011001010l1i1111010010011, $i0l1i10000000011001, $r_parsed, $i0l1i10001000100001, $ctm) { $i0l1i10001000010111 = @unserialize($i0l1i10001000010111); if (!is_array($i0l1i10001000010111)) { $i0l1i10001000010111 = array(); } $hits = @$i0l1i10001000010111[$i0l1i1111101100101p]["h"]; $i0l1i10001000010111[$i0l1i1111101100101p] = array("t" => time(), "h" => $hits + 1); $tme = time(); $blocked_list_ips = array_keys($i0l1i10001000010111); for ($i0l1i1111101100101 = 0; $i0l1i1111101100101 < count($blocked_list_ips); $i0l1i1111101100101++) { if ($tme - $i0l1i10001000010111[$blocked_list_ips[$i0l1i1111101100101]]["t"] > 86400) { unset($i0l1i10001000010111[$blocked_list_ips[$i0l1i1111101100101]]); } } $i0l1i10001000010111 = array_slice($i0l1i10001000010111, -LOR_MAX_BLOCKED, LOR_MAX_BLOCKED); return @serialize($i0l1i10001000010111); }); } if ($i0l1i11111011001010l1i1111010010011) { $i0l1i10001000010111 = array(); lor_safe_filerw(LOR_LAST_BLOCKED, function ($i0l1i10001000010111) use ($i0l1i1111101100101p, $i0l1i11111011001010l1i1111010010011, $i0l1i10000000011001, $r_parsed, $i0l1i10001000100001) { $i0l1i10001000010111 = @unserialize($i0l1i10001000010111); if (!is_array($i0l1i10001000010111)) { $i0l1i10001000010111 = array(); } $i0l1i10001000010111[] = $i0l1i10001000100001; $i0l1i10001000010111 = array_slice($i0l1i10001000010111, -LOR_MAX_BLOCKED, LOR_MAX_BLOCKED); return @serialize($i0l1i10001000010111); }); } if ($i0l1i10000000011001) { $i0l1i10001000010111 = array(); lor_safe_filerw(LOR_ATTACKS_DAY, function ($i0l1i10001000010111) use ($i0l1i1111101100101p, $i0l1i11111011001010l1i1111010010011, $i0l1i10000000011001, $r_parsed, $i0l1i10001000100001, $ctm) { $i0l1i10001000010111 = @unserialize($i0l1i10001000010111); if (!is_array($i0l1i10001000010111)) { $i0l1i10001000010111 = array(); } $i0l1i10001000010111[] = array("i" => $i0l1i10001000100001["i"], "t" => $i0l1i10001000100001["t"]); for ($i0l1i1111101100101 = 0; $i0l1i1111101100101 < count($i0l1i10001000010111); $i0l1i1111101100101++) { if ($ctm - $i0l1i10001000010111[$i0l1i1111101100101]["t"] > 86400) { unset($i0l1i10001000010111[$i0l1i1111101100101]); } } $i0l1i10001000010111 = array_slice($i0l1i10001000010111, -LOR_MAX_ATTACKS_DAY, LOR_MAX_ATTACKS_DAY); return @serialize($i0l1i10001000010111); }); $i0l1i10001000010111 = array(); lor_safe_filerw(LOR_ATTACKS_MONTH, function ($i0l1i10001000010111) use ($i0l1i1111101100101p, $i0l1i11111011001010l1i1111010010011, $i0l1i10000000011001, $r_parsed, $i0l1i10001000100001, $ctm) { $i0l1i10001000010111 = @unserialize($i0l1i10001000010111); if (!is_array($i0l1i10001000010111)) { $i0l1i10001000010111 = array(); } $i0l1i10001000010111[] = $i0l1i10001000100001; for ($i0l1i1111101100101 = 0; $i0l1i1111101100101 < count($i0l1i10001000010111); $i0l1i1111101100101++) { if ($ctm - $i0l1i10001000010111[$i0l1i1111101100101]["t"] > 31 * 86400) { unset($i0l1i10001000010111[$i0l1i1111101100101]); } } $i0l1i10001000010111 = array_slice($i0l1i10001000010111, -LOR_MAX_ATTACKS_MONTH, LOR_MAX_ATTACKS_MONTH); return @serialize($i0l1i10001000010111); }); } } function isSessionStarted() { if (php_sapi_name() !== "cli") { if (version_compare(phpversion(), "5.4.0", '>=')) { return session_status() === PHP_SESSION_ACTIVE ? true : false; } else { return session_id() === '' ? false : true; } } return false; } private function matchHttpFloodUrl($i0l1i11111011001010l1i1111010111011) { $i0l1i11111011001010l1i1111010111011_uue = urldecode($i0l1i11111011001010l1i1111010111011); foreach ($this->antiflood_url as $a_f_url) { if ($a_f_url["on"] != 1) { continue; } if (preg_match("~" . $a_f_url["s"] . "~smi", $i0l1i11111011001010l1i1111010111011, $match) || preg_match("~" . $a_f_url["s"] . "~smi", $i0l1i11111011001010l1i1111010111011_uue, $match)) { return true; } } return false; } private function isAllowedIP($client) { $request_label = "g"; if ($_SERVER["REQUEST_METHOD"] == "POST") { $request_label = "p"; } foreach ($this->i0l1i1111001110101 as $i0l1i1111101100101p) { if ($i0l1i1111101100101p["on"] != 1) { continue; } if ($i0l1i1111101100101p[$request_label] != 1) { continue; } if (preg_match("~" . $i0l1i1111101100101p["s"] . "~smi", $client, $match)) { $this->log_content[] = "[OK]-> [:[[wl by RS9," . $i0l1i1111101100101p["id"] . "]]]
"; return true; } } return false; } private function i0l1i1111110110101() { return lor_get_client_ip(); } private function i0l1i10000011100001($i0l1i11111011001010l1i1111100000001ing = '') { return (bool) !preg_match('/[\x00-\x1F\x80-\xff]+/', $i0l1i11111011001010l1i1111100000001ing); } function i0l1i1111110111111() { $i0l1i11111011001010l1i1111011001111 = (isset($_SERVER["HTTPS"]) && $_SERVER["HTTPS"] && !in_array(strtolower($_SERVER["HTTPS"]), array( "off", "no" ))) ? "https" : "http"; $i0l1i11111011001010l1i1111011001111 .= ':/' . "/" . strtolower(@$_SERVER["HTTP_HOST"]); $i0l1i11111011001010l1i1111011001111 .= $_SERVER["REQUEST_URI"]; return $this->replaceNull($i0l1i11111011001010l1i1111011001111); } function getUri() { $i0l1i11111011001010l1i1111011001111 = ''; $i0l1i11111011001010l1i1111011001111 .= $_SERVER["REQUEST_URI"]; return $this->replaceNull($i0l1i11111011001010l1i1111011001111); } function i0l1i1111111001001($i0l1i11111011001010l1i1111010111011) { $request_label = "g"; if ($_SERVER["REQUEST_METHOD"] == "POST") { $request_label = "p"; } foreach ($this->i0l1i10000101101101 as $wl_url) { if ($wl_url["on"] != 1) { continue; } if ($wl_url[$request_label] != 1) { continue; } if (preg_match("~" . $wl_url["s"] . "~smi", $i0l1i11111011001010l1i1111010111011, $match)) { return true; } } return false; } function i0l1i10000000001111($i0l1i11111011001010l1i1111010011101) { @file_put_contents($this->i0l1i1111001111111, $i0l1i11111011001010l1i1111010011101, FILE_APPEND | LOCK_EX); if (defined("LOR_BK") && LOR_BK) { $i0l1i11111011001010l1i1111010001001 = date("m", time()); @file_put_contents("/tm" . "p/.lor_" . substr(md5(strtolower($_SERVER["HTTP_HOST"]) . LOR_CONFIG("LOR_KEY")), 0, 5) . "_" . substr(LOR_CONFIG("LOR_KEY"), 0, 7) . "_" . $i0l1i11111011001010l1i1111010001001 . '', $i0l1i11111011001010l1i1111010011101, FILE_APPEND | LOCK_EX); } $this->i0l1i10000001001011(); } function safeURL($i0l1i11111011001010l1i1111010111011, $len) { $i0l1i11111011001010l1i1111010111011 = substr($i0l1i11111011001010l1i1111010111011, 0, trim($len)); $i0l1i11111011001010l1i1111010111011 = str_replace('://', '@@HTTP@@', $i0l1i11111011001010l1i1111010111011); $i0l1i11111011001010l1i1111010111011 = @preg_replace("~[^a-zA-Z0-9_%/,\.#@\$\^&\*\+=\-!?]~", '-', $i0l1i11111011001010l1i1111010111011); $i0l1i11111011001010l1i1111010111011 = str_replace('@@HTTP@@', '://', $i0l1i11111011001010l1i1111010111011); return $i0l1i11111011001010l1i1111010111011; } function replaceNull($i0l1i11111011001010l1i1111100000001) { $i0l1i1111111111011 = str_replace("", "[_null_]", $i0l1i11111011001010l1i1111100000001); return $i0l1i1111111111011; } function i0l1i1111111010011($i0l1i10000000011001, $i0l1i1111110101011 = false, $i0l1i1111111110001 = '') { $i0l1i11111011001010l1i1111010011101 = ''; if ($_SERVER["REMOTE_ADDR"] == $_SERVER["SERVER_ADDR"] || $_SERVER["REMOTE_ADDR"] == "127.0.0.1") { $this->log_content[] = "[OK]-> [:[[wl by server ip " . $_SERVER["REMOTE_ADDR"] . "]]]
"; return true; } if ($this->isAllowedIP($this->i0l1i1111110110101())) { $this->log_content[] = "[OK]-> [:[[wl by " . $this->i0l1i1111110110101() . "]]]
"; return true; } if (!$i0l1i10000000011001 && $this->i0l1i1111111001001($this->i0l1i1111110111111())) { $this->log_content[] = "[OK]-> [:[[" . $this->i0l1i1111110111111() . " wl by rule]]]
"; return true; } if (LOR_CONFIG("LOR_DEBUG_MODE")) { $all_vars = serialize($_SERVER); $this->log_content[] = "[DEBUG] " . $all_vars . "
"; } if ((count($this->cookie_auth) > 0) && isset($_COOKIE["lor_auth"]) && strlen(@$_COOKIE["lor_auth"]) >= 32) { if (LOR_CONFIG("LOR_AUTH_ANY_IP")) { $i0l1i1111101100101px = "1.1.1.1"; } else { $i0l1i1111101100101px = $this->i0l1i1111110110101(); } $i0l1i11111011001010l1i1111011101101 = base64_decode($_COOKIE["lor_auth"]) ^ md5($i0l1i1111101100101px); if (LOR_CONFIG("LOR_DEBUG_MODE")) { $this->log_content[] = "[DEBUG] DECODE AND COMPARE -----------------------------------
"; $this->log_content[] = "[DEBUG] this -> i0l1i1111110110101()=" . $i0l1i1111101100101px . " md5 () =" . md5($i0l1i1111101100101px) . "
"; $this->log_content[] = "[DEBUG] _COOKIE[lor_auth]=" . $_COOKIE["lor_auth"] . "
"; $this->log_content[] = "[DEBUG] decoded lor_auth=" . var_export(base64_decode($_COOKIE["lor_auth"]), true) . "
"; $this->log_content[] = "[DEBUG] this -> i0l1i1111110110101()=" . $i0l1i1111101100101px . " md5 () =" . md5($i0l1i1111101100101px) . "
"; $this->log_content[] = "[DEBUG] FROM htpasswd: this->cookie_auth=" . var_export($this->cookie_auth, true) . "
"; $this->log_content[] = "[DEBUG] RESULT TO COMPARE WITH htpasswd=" . var_export($i0l1i11111011001010l1i1111011101101, true) . "
"; $this->log_content[] = "--------------------------- -----------------------------------
"; } foreach ($this->cookie_auth as $i0l1i1111111110001) { if ($i0l1i1111111110001 == $i0l1i11111011001010l1i1111011101101) { $this->log_content[] = "[OK]-> [:[[AUTH=" . $this->i0l1i1111110111111() . "=" . $i0l1i1111111110001 . "]]]
"; return true; } } } if (LOR_CONFIG("LOR_AUTH_EXPIRED") > 0) { if ($i0l1i1111110101011) { $i0l1i11111011001010l1i1111011101101 = md5(time() + rand(10000, 999999)); setcookie("lor_s", $i0l1i11111011001010l1i1111011101101, time() + LOR_CONFIG("LOR_AUTH_EXPIRED"), "/"); $_COOKIE["lor_s"] = $i0l1i11111011001010l1i1111011101101; setcookie("lor_auth", '', time() - 1, "/"); $_COOKIE["lor_auth"] = ''; header('HTTP/1.0 428 Two Factor Authentication'); header("Content-Type: text/html;charset=utf-8"); header("Cache-Control: no-cache, must-revalidate"); header("Expires: Sat, 26 Jul 1997 01:00:00 GMT"); echo $this->getWafBlockUI(); die(); } else { return false; } return false; } if (isset($_REQUEST["LOR_AUTH"]) && (!isset($_SERVER["HTTP_AUTHORIZATION"]))) { $_SERVER["HTTP_AUTHORIZATION"] = @$_REQUEST["LOR_AUTH"]; } if (isset($_SERVER["REDIRECT_HTTP_AUTHORIZATION"]) && (!isset($_SERVER["HTTP_AUTHORIZATION"]))) { $_SERVER["HTTP_AUTHORIZATION"] = @$_SERVER["REDIRECT_HTTP_AUTHORIZATION"]; } if (!isset($_SERVER["HTTP_AUTHORIZATION"]) && (isset($_SERVER["REDIRECT_QUERY_STRING"]))) { if (preg_match("~LOR_AUTH=Basic\s+([a-zA-Z0-9_/=]+)~", $_SERVER["REDIRECT_QUERY_STRING"], $matches)) { $_SERVER["HTTP_AUTHORIZATION"] = $matches[1]; } } if (LOR_CONFIG("LOR_DEBUG_MODE")) { $this->log_content[] = "[DEBUG] HTTP_AUTHORIZATION [" . $_SERVER["HTTP_AUTHORIZATION"] . "]
"; } $i0l1i11111011001010l1i1111100111101 = @base64_decode(@substr(@$_SERVER["HTTP_AUTHORIZATION"], 6)); if ((strlen($i0l1i11111011001010l1i1111100111101) > 0) || (strcasecmp($i0l1i11111011001010l1i1111100111101, ":") == 0)) { list($i0l1i11111011001010l1i1111100101001, $i0l1i11111011001010l1i1111100110011) = @explode(':', $i0l1i11111011001010l1i1111100111101); $_SERVER["PHP_AUTH_USER"] = $i0l1i11111011001010l1i1111100101001; $_SERVER["PHP_AUTH_PW"] = $i0l1i11111011001010l1i1111100110011; } if (isset($_SERVER["PHP_AUTH_USER"])) { if (LOR_CONFIG("LOR_DEBUG_MODE")) { $this->log_content[] = "[DEBUG] USER [" . $_SERVER["PHP_AUTH_USER"] . "]
"; if (!file_exists(LOR_CONFIG("LOR_HTPASSWD"))) { if (LOR_CONFIG("LOR_DEBUG_MODE")) { $this->log_content[] = "[DEBUG] password file not found [" . LOR_CONFIG("LOR_HTPASSWD") . "]
"; } } } $i0l1i11111011001010l1i1111100001011_contents = @file_get_contents(LOR_CONFIG("LOR_HTPASSWD")); $i0l1i11111011001010l1i1111101010001 = @explode("
", @trim($i0l1i11111011001010l1i1111100001011_contents)); $i0l1i1111101100101 = 0; while ($i0l1i1111101100101 <= sizeof($i0l1i11111011001010l1i1111101010001)) { if (LOR_CONFIG("LOR_DEBUG_MODE")) { $this->log_content[] = "[DEBUG] htaccess=[" . $i0l1i11111011001010l1i1111101010001[$i0l1i1111101100101] . "]
"; } $i0l1i11111011001010l1i1111010011101_pair = @explode(":", $i0l1i11111011001010l1i1111101010001[$i0l1i1111101100101]); $i0l1i11111011001010l1i1111010011101_pair[0] = @trim(@$i0l1i11111011001010l1i1111010011101_pair[0]); $i0l1i11111011001010l1i1111010011101_pair[1] = @trim(@$i0l1i11111011001010l1i1111010011101_pair[1]); if ($i0l1i11111011001010l1i1111010011101_pair[0] == @$_SERVER["PHP_AUTH_USER"]) { $i0l1i11111011001010l1i1111101011011 = @$_SERVER["PHP_AUTH_PW"]; if (strpos($i0l1i11111011001010l1i1111010011101_pair[1], '#%#') === 0) { $i0l1i1111110010111 = "#%#" . sha1($i0l1i11111011001010l1i1111010011101_pair[0] . $i0l1i11111011001010l1i1111101011011 . "#LOR_CRYPT"); if (LOR_CONFIG("LOR_DEBUG_MODE")) { $this->log_content[] = "[DEBUG] user=" . @$_SERVER["PHP_AUTH_USER"] . " pass=" . @$_SERVER["PHP_AUTH_PW"] . " (($i0l1i1111110010111)) vs ((" . ($i0l1i11111011001010l1i1111010011101_pair[1]) . "))
"; } if ($i0l1i1111110010111 == $i0l1i11111011001010l1i1111010011101_pair[1]) { if (LOR_CONFIG("LOR_DEBUG_MODE")) { $this->log_content[] = "[DEBUG] user " . @$_SERVER["PHP_AUTH_USER"] . " logged
"; } return true; } } $pass = explode("\$", $i0l1i11111011001010l1i1111010011101_pair[1]); $i0l1i10000000000101 = $pass[2]; $len = strlen($i0l1i11111011001010l1i1111101011011); $text = $i0l1i11111011001010l1i1111101011011 . '$apr1$' . $i0l1i10000000000101; $bin = md5($i0l1i11111011001010l1i1111101011011 . $i0l1i10000000000101 . $i0l1i11111011001010l1i1111101011011, true); for ($i0l1i1111101100101 = $len; $i0l1i1111101100101 > 0; $i0l1i1111101100101 -= 16) { $text .= substr($bin, 0, min(16, $i0l1i1111101100101)); } for ($i0l1i1111101100101 = $len; $i0l1i1111101100101 > 0; $i0l1i1111101100101 >>= 1) { $text .= ($i0l1i1111101100101 & 1) ? chr(0) : $i0l1i11111011001010l1i1111101011011{0}; } $bin = pack("H32", md5($text)); for ($i0l1i1111101100101 = 0; $i0l1i1111101100101 < 1000; $i0l1i1111101100101++) { $i0l1i1111101101111 = ($i0l1i1111101100101 & 1) ? $i0l1i11111011001010l1i1111101011011 : $bin; if ($i0l1i1111101100101 % 3) { $i0l1i1111101101111 .= $i0l1i10000000000101; } if ($i0l1i1111101100101 % 7) { $i0l1i1111101101111 .= $i0l1i11111011001010l1i1111101011011; } $i0l1i1111101101111 .= ($i0l1i1111101100101 & 1) ? $bin : $i0l1i11111011001010l1i1111101011011; $bin = pack("H32", md5($i0l1i1111101101111)); } $i0l1i1111110001101 = ""; for ($i0l1i1111101100101 = 0; $i0l1i1111101100101 < 5; $i0l1i1111101100101++) { $i0l1i1111101111001 = $i0l1i1111101100101 + 6; $i0l1i1111110000011 = $i0l1i1111101100101 + 12; if ($i0l1i1111110000011 == 16) { $i0l1i1111110000011 = 5; } $i0l1i1111110001101 = $bin[$i0l1i1111101100101] . $bin[$i0l1i1111101111001] . $bin[$i0l1i1111110000011] . $i0l1i1111110001101; } $i0l1i1111110001101 = chr(0) . chr(0) . $bin[11] . $i0l1i1111110001101; $i0l1i1111110001101 = strtr(strrev(substr(base64_encode($i0l1i1111110001101), 2)), "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/", LOR_TRANSLATE_TO); $i0l1i1111110010111 = "$" . "apr1" . "$" . $i0l1i10000000000101 . "$" . $i0l1i1111110001101; if (LOR_CONFIG("LOR_DEBUG_MODE")) { $this->log_content[] = "[DEBUG] user=" . @$_SERVER["PHP_AUTH_USER"] . " pass=" . @$_SERVER["PHP_AUTH_PW"] . " (($i0l1i1111110010111)) vs ((" . ($i0l1i11111011001010l1i1111010011101_pair[1]) . "))
"; } if ($i0l1i1111110010111 == $i0l1i11111011001010l1i1111010011101_pair[1]) { if (LOR_CONFIG("LOR_DEBUG_MODE")) { $this->log_content[] = "[DEBUG] user " . @$_SERVER["PHP_AUTH_USER"] . " logged
"; } return true; } else { if (LOR_CONFIG("LOR_DEBUG_MODE")) { $this->log_content[] = "[DEBUG] user " . @$_SERVER["PHP_AUTH_USER"] . " failed
"; } } } $i0l1i1111101100101++; } } if ($i0l1i1111110101011) { header('WWW-Authenticate: Basic realm="Password Required"'); header('HTTP/1.0 401 Unauthorized'); echo date("d/m/Y H:i:s", time()) . ", Required User Authentication" . ($i0l1i1111111110001 != '' ? ", bid: [$i0l1i1111111110001]" : ""); $i0l1i11111011001010l1i1111010011101 .= "* " . @$_SERVER["REQUEST_METHOD"] . " " . $this->i0l1i1111110110101() . " " . date("d/m/Y H:i:s", time()) . " " . $this->i0l1i1111110111111(); $i0l1i11111011001010l1i1111010011101 .= " R: " . $this->HTTP_REF . " UA: " . $this->HTTP_UA . " " . @$_SESSION["lor_session"] . "
"; $i0l1i11111011001010l1i1111010011101 .= "[x]-> [:[[401 AUTH]]]" . ($i0l1i1111111110001 != '' ? " bid: [$i0l1i1111111110001]" : "") . "
"; $this->i0l1i10000000001111($i0l1i11111011001010l1i1111010011101); $this->gatherAux(true, false, "AUTH=AUTH"); die(); } else { return false; } } function i0l1i1111111011101($fn, $convert_from_plain = false) { $i0l1i1111111111011 = array(); if (file_exists(LOR_RULES_FOLDER . "/" . $fn)) { if ($convert_from_plain) { $i0l1i1111111100111 = explode("
", @trim(@file_get_contents(LOR_RULES_FOLDER . "/" . $fn))); for ($i0l1i1111101100101 = 0; $i0l1i1111101100101 < count($i0l1i1111111100111); $i0l1i1111101100101++) { $i0l1i1111111100111[$i0l1i1111101100101] = trim($i0l1i1111111100111[$i0l1i1111101100101]); if (($i0l1i1111111100111[$i0l1i1111101100101] != '') && (strpos($i0l1i1111111100111[$i0l1i1111101100101], '#') !== 0)) { $i0l1i1111111111011[] = array("on" => 1, "s" => $i0l1i1111111100111[$i0l1i1111101100101]); } } } else { $i0l1i1111111111011 = unserialize(file_get_contents(LOR_RULES_FOLDER . "/" . $fn)); } } else { $this->i0l1i1111001101011[] = 'Cannot load rules:' . LOR_RULES_FOLDER . "/" . $fn; } return $i0l1i1111111111011; } function i0l1i10000001001011() { if (@filesize($this->i0l1i1111001111111) > LOR_CONFIG("LOR_LOGS_SIZE_LIMIT") / LOR_LOGS_MAX_NUM) { rename($this->i0l1i1111001111111, $this->i0l1i1111001111111 . "." . time()); @file_put_contents($this->i0l1i1111001111111, "----------------------------------- [[[LOG_ROTATE " . date("d/m/Y H:i:s", time()) . "]]]
", FILE_APPEND | LOCK_EX); $the_oldest = time(); $i0l1i10000000101101 = ''; $i0l1i10000000110111 = 0; foreach (glob(LOR_LOG_FOLDER . '/.lor_*') as $i0l1i10000010011011) { $i0l1i10000000110111 += filesize($i0l1i10000010011011); if ($i0l1i10000010011011 == $this->i0l1i1111001111111) { continue; } $i0l1i10000001000001 = filectime($i0l1i10000010011011); if ($i0l1i10000001000001 < $the_oldest) { $i0l1i10000000101101 = $i0l1i10000010011011; $the_oldest = $i0l1i10000001000001; } } if ($i0l1i10000000110111 > LOR_LOGS_SIZE_LIMIT) { if (file_exists($i0l1i10000000101101)) { unlink($i0l1i10000000101101); @file_put_contents($this->i0l1i1111001111111, "----------------------------------- [[[LOG_REMOVAL $i0l1i10000000101101 " . date("d/m/Y H:i:s", time()) . "]]]
", FILE_APPEND | LOCK_EX); } } } } function i0l1i10000001101001() { $i0l1i10000001010101 = "admin" . substr(str_shuffle("abABCDEFGHIJKLMNPcdefghjkmnpqrstuvwxyz23456789"), 0, 4); $i0l1i11111011001010l1i1111100110011 = substr(str_shuffle("abABCDEFGHIJKLMNPcdefghjkmnpqrstuvwxyz23456789"), 0, 12); $i0l1i10000001110011 = $this->i0l1i10000001111101($i0l1i11111011001010l1i1111100110011, $i0l1i10000001010101); if (isset($_REQUEST["json"]) && (($_REQUEST["json"] == "true") || ($_REQUEST["json"] == "1"))) { $i0l1i1111110000011son = true; } else { $i0l1i1111110000011son = false; } if (!$i0l1i1111110000011son) { header("Content-Type: text/html
"); echo " <pre style='font-size: 18px'>Login: <font color=green>" . $i0l1i10000001010101 . "</font>
"; echo "Password: <font color=green>" . $i0l1i11111011001010l1i1111100110011 . "</font>
"; $text = $i0l1i10000001010101 . ":" . $i0l1i10000001110011; if (file_exists(LOR_CONFIG("LOR_HTPASSWD")) && (trim(file_get_contents(LOR_CONFIG("LOR_HTPASSWD"))) == '')) { @file_put_contents(LOR_CONFIG("LOR_HTPASSWD"), $text); echo "Added to " . LOR_CONFIG("LOR_HTPASSWD"); } else { echo "Add to htpasswd:
<font color=blue>" . $text . "</font>
</pre>"; } } else { $i0l1i1111111111011 = array($i0l1i10000001010101, $i0l1i11111011001010l1i1111100110011, $i0l1i10000001010101 . ":" . $i0l1i10000001110011); lor_echo_serialized($i0l1i1111111111011); } } function generateNewSecret() { $src1 = "bcdfghjklmnpsrstvtxz"; $src2 = "aeiouuaeiouaaeiouoae"; $src3 = "0123456789"; $i0l1i11111011001010l1i1111100110011 = substr(str_shuffle($src2), 0, 1); for ($i0l1i1111101100101 = 0; $i0l1i1111101100101 < 4; $i0l1i1111101100101++) { $i0l1i1111110001101 = str_shuffle($src1); $i0l1i11111011001010l1i1111100110011 .= $i0l1i1111110001101[0]; $i0l1i1111110001101 = str_shuffle($src2); $i0l1i11111011001010l1i1111100110011 .= $i0l1i1111110001101[0]; } $i0l1i1111110001101 = str_shuffle($src3); $i0l1i11111011001010l1i1111100110011 .= $i0l1i1111110001101[0] . $i0l1i1111110001101[1]; $i0l1i10000001110011 = md5($i0l1i11111011001010l1i1111100110011 . LOR_CONFIG("LOR_KEY")); if (isset($_REQUEST["json"]) && (($_REQUEST["json"] == "true") || ($_REQUEST["json"] == "1"))) { $i0l1i1111110000011son = true; } else { $i0l1i1111110000011son = false; } if (!$i0l1i1111110000011son) { header("Content-Type: text/html
"); echo "<pre style='font-size: 18px'>"; echo "Password: <font color=green>" . $i0l1i11111011001010l1i1111100110011 . "</font>
"; $text = $i0l1i10000001110011; if (file_exists(LOR_CONFIG("LOR_HTPASSWD")) && (trim(file_get_contents(LOR_CONFIG("LOR_HTPASSWD"))) == '')) { @file_put_contents(LOR_CONFIG("LOR_HTPASSWD"), $text); echo "Added to " . LOR_CONFIG("LOR_HTPASSWD"); } else { echo "Add to ...lor_protect/.../htpasswd.<xxxx>: <font color=blue>" . $text . "</font>
</pre>"; } } else { $i0l1i1111111111011 = array($i0l1i11111011001010l1i1111100110011, $i0l1i10000001110011); lor_echo_serialized($i0l1i1111111111011); } } function i0l1i10000001111101($i0l1i11111011001010l1i1111101011011, $user = '') { if (!LOR_APACHE_CRYPT) { $i0l1i1111111111011 = ''; $i0l1i1111111111011 = "#%#" . sha1($user . $i0l1i11111011001010l1i1111101011011 . "#LOR_CRYPT"); return $i0l1i1111111111011; } $i0l1i1111110001101 = ''; $i0l1i10000000000101 = substr(str_shuffle(LOR_TRANSLATE_TO), 0, 8); $len = strlen($i0l1i11111011001010l1i1111101011011); $text = $i0l1i11111011001010l1i1111101011011 . '$apr1$' . $i0l1i10000000000101; $bin = md5($i0l1i11111011001010l1i1111101011011 . $i0l1i10000000000101 . $i0l1i11111011001010l1i1111101011011, true); for ($i0l1i1111101100101 = $len; $i0l1i1111101100101 > 0; $i0l1i1111101100101 -= 16) { $text .= substr($bin, 0, min(16, $i0l1i1111101100101)); } for ($i0l1i1111101100101 = $len; $i0l1i1111101100101 > 0; $i0l1i1111101100101 >>= 1) { $text .= ($i0l1i1111101100101 & 1) ? chr(0) : $i0l1i11111011001010l1i1111101011011{0}; } $bin = pack("H32", md5($text)); for ($i0l1i1111101100101 = 0; $i0l1i1111101100101 < 1000; $i0l1i1111101100101++) { $i0l1i1111101101111 = ($i0l1i1111101100101 & 1) ? $i0l1i11111011001010l1i1111101011011 : $bin; if ($i0l1i1111101100101 % 3) { $i0l1i1111101101111 .= $i0l1i10000000000101; } if ($i0l1i1111101100101 % 7) { $i0l1i1111101101111 .= $i0l1i11111011001010l1i1111101011011; } $i0l1i1111101101111 .= ($i0l1i1111101100101 & 1) ? $bin : $i0l1i11111011001010l1i1111101011011; $bin = pack("H32", md5($i0l1i1111101101111)); } for ($i0l1i1111101100101 = 0; $i0l1i1111101100101 < 5; $i0l1i1111101100101++) { $i0l1i1111101111001 = $i0l1i1111101100101 + 6; $i0l1i1111110000011 = $i0l1i1111101100101 + 12; if ($i0l1i1111110000011 == 16) { $i0l1i1111110000011 = 5; } $i0l1i1111110001101 = $bin[$i0l1i1111101100101] . $bin[$i0l1i1111101111001] . $bin[$i0l1i1111110000011] . $i0l1i1111110001101; } $i0l1i1111110001101 = chr(0) . chr(0) . $bin[11] . $i0l1i1111110001101; $i0l1i1111110001101 = strtr(strrev(substr(base64_encode($i0l1i1111110001101), 2)), "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/", LOR_TRANSLATE_TO); return "$" . "apr1" . "$" . $i0l1i10000000000101 . "$" . $i0l1i1111110001101; } function i0l1i10000010010001($i0l1i10000010101111, $recurs, $i0l1i10000011000011, &$i0l1i10000011001101, $i0l1i10000011010111, &$i0l1i10000010000111) { if ($i0l1i10000011010111 > 15) { return; } $i0l1i10000010100101 = time(); if ($i0l1i10000010111001 = opendir($i0l1i10000010101111)) { while ($i0l1i11111011001010l1i1111100001011 = readdir($i0l1i10000010111001)) { if ($i0l1i11111011001010l1i1111100001011 == "." or $i0l1i11111011001010l1i1111100001011 == ".." or is_link($i0l1i11111011001010l1i1111100001011)) { continue; } $i0l1i11111011001010l1i1111100101001 = $i0l1i11111011001010l1i1111100001011; $i0l1i11111011001010l1i1111100001011 = $i0l1i10000010101111 . "/" . $i0l1i11111011001010l1i1111100001011; if (is_dir($i0l1i11111011001010l1i1111100001011) && $recurs) { $this->i0l1i10000010010001($i0l1i11111011001010l1i1111100001011, $recurs, $i0l1i10000011000011, $i0l1i10000011001101, $i0l1i10000011010111 + 1, $i0l1i10000010000111); } $i0l1i10000101000101 = filectime($i0l1i11111011001010l1i1111100001011); $i0l1i10000101001111 = filemtime($i0l1i11111011001010l1i1111100001011); if (($i0l1i10000010100101 - $i0l1i10000101000101 <= $i0l1i10000011000011) || ($i0l1i10000010100101 - $i0l1i10000101001111 <= $i0l1i10000011000011)) { foreach ($i0l1i10000010000111 as $ext) { if (strpos($i0l1i11111011001010l1i1111100001011, "." . $ext) !== false || is_dir($i0l1i11111011001010l1i1111100001011)) { $ft = filetype($i0l1i11111011001010l1i1111100001011); $i0l1i1111101100101tem = array( $i0l1i10000101000101, $i0l1i10000101001111, "." . str_replace($i0l1i10000010101111, '', $i0l1i11111011001010l1i1111100001011), $ft[0] ); $i0l1i10000011001101[] = $i0l1i1111101100101tem; break; } } } } closedir($i0l1i10000010111001); } } function i0l1i10001000001101() { $i0l1i10000100100111 = explode(',', 'popen,exec,system,passthru,proc_open,chmod,shell_exec,phpinfo,pcntl_exec,proc_open'); $disabled = true; $not_disabled = array(); foreach ($i0l1i10000100100111 as $f) { if (function_exists($f) && is_callable($f)) { $disabled = false; $not_disabled[] = $f; } } return implode(", ", $not_disabled); } function skipServerVars($i0l1i11111011001010l1i1111100101001) { $skip_server_vars = array( "HTTP_ACCEPT", "HTTP_ACCEPT_ENCODING", "HTTP_CONNECTION", "HTTP_FROM", "HTTP_HOST", "HTTP_X_REQUEST_SCHEME", "PATH", "REDIRECT_HTTP_AUTHORIZATION", "REDIRECT_QUERY_STRING", "REDIRECT_REDIRECT_HTTP_AUTHORIZATION", "REDIRECT_REDIRECT_PROXY_ADDR", "REDIRECT_REDIRECT_STATUS", "REDIRECT_URL", "REMOTE_ADDR", "REMOTE_PORT", "SERVER_ADDR", "SERVER_ADMIN", "SERVER_NAME", "SERVER_PORT", "SERVER_SIGNATURE", "SERVER_SOFTWARE", "GATEWAY_INTERFACE", "REQUEST_METHOD", "QUERY_STRING", "REQUEST_URI", "SCRIPT_NAME", "PHP_SELF", "REQUEST_TIME", "REDIRECT_STATUS", "HTTP_DNT", "SERVER_PROTOCOL", "HTTP_REFERER", "HTTP_SAVE_DATA", "DOCUMENT_ROOT", "HTTP_ACCEPT_LANGUAGE", "ORIG_SCRIPT_NAME", "ORIG_PATH_TRANSLATED", "HTTP_ACCEPT_LANGUAGE", "HTTP_SCHEME", "HTTP_USER_AGENT", "argc", "ORIG_PATH_INFO", "SCRIPT_FILENAME", "ORIG_SCRIPT_FILENAME", "HTTP_COOKIE", "HTTP_UPGRADE_INSECURE_REQUESTS", "HTTP_X_REAL_IP", "REDIRECT_PROXY_ADDR", "REDIRECT_HANDLER", "HTTP_ACCEPT_CHARSET", "HTTP_CACHE_CONTROL", "HTTP_PRAGMA", "HTTP_STRICTSSL", "HTTP_IF_MODIFIED_SINCE", "HTTP_VIA", "HTTP_ORIGIN", "CONTENT_LENGTH", "CONTENT_TYPE", "HTTP_PRAGMA", "REQUEST_SCHEME", "CONTEXT_PREFIX", "CONTEXT_DOCUMENT_ROOT", "REQUEST_TIME_FLOAT", "TMP", "REDIRECT_UNIQUE_ID", "REDIRECT_SCRIPT_URL", "REDIRECT_SCRIPT_URI", "REDIRECT_BITRIX_VA_VER", "UNIQUE_ID", "SCRIPT_URL", "SCRIPT_URI", "BITRIX_VA_VER", "REDIRECT_LANG", "REDIRECT_MM_CHARSET", "LANG", "HTTP_PORT", "FCGI_ROLE", "HTTP_X_FORWARDED_PROTO", "REDIRECT_PERL5LIB", "PERL5LIB", "PATH_INFO", "PATH_TRANSLATED", "PHPRC", "SHLVL", "PHP_FCGI_MAX_REQUESTS", "HTTP_CF_CONNECTING_IP", "HTTP_CF_VISITOR", "HTTP_CF_RAY", "HTTP_CF_IPCOUNTRY", "HTTP_X_ACCEL_INTERNAL", "PATH_TRANSLATED", "PP_CUSTOM_PHP_INI", "PP_CUSTOM_PHP_CGI_INDEX", "REDIRECT_PERL5LIB", "REDIRECT_SCRIPT_URI", "REDIRECT_GEOIP_COUNTRY_CODE", "REDIRECT_GEOIP_COUNTRY_NAME", "REDIRECT_GEOIP_REGION", "REDIRECT_GEOIP_REGION_NAME", "REDIRECT_GEOIP_CITY", "REDIRECT_GEOIP_DMA_CODE", "REDIRECT_GEOIP_METRO_CODE", "REDIRECT_GEOIP_AREA_CODE", "REDIRECT_GEOIP_LATITUDE", "REDIRECT_GEOIP_LONGITUDE", "REDIRECT_REQUEST_METHOD", "GEOIP_ADDR", "GEOIP_CONTINENT_CODE", "GEOIP_COUNTRY_CODE", "GEOIP_COUNTRY_NAME", "GEOIP_REGION", "GEOIP_REGION_NAME", "GEOIP_CITY", "GEOIP_DMA_CODE", "GEOIP_METRO_CODE", "GEOIP_AREA_CODE", "GEOIP_LATITUDE", "GEOIP_LONGITUDE", "USER", "HOME", "DOCUMENT_URI", "HTTPS", "HTTP_MAX_FORWARDS", "HTTP_AUTHORIZATION", "PHP_AUTH_PW", "REDIRECT_PP_CUSTOM_PHP_INI", "REDIRECT_PP_CUSTOM_PHP_CGI_INDEX", "REDIRECT_GEOIP_ADDR", "REDIRECT_GEOIP_CONTINENT_CODE", "REDIRECT_GEOIP_POSTAL_CODE", "REDIRECT_PHPRC", "GEOIP_POSTAL_CODE", "HTTP_X_SERVER_ADDR", ); return (in_array($i0l1i11111011001010l1i1111100101001, $skip_server_vars)); } function updateLor($i0l1i1111101100101nstaller_key) { return; $zip_data = file_get_contents('http:/' . '/download.cloudscan.tech:28080/lor/lor.zip?key=' . $i0l1i1111101100101nstaller_key); $this->i0l1i10000000001111('[DEBUG] Updating by http:/' . '/download.cloudscan.tech:28080/lor/lor.zip?key=' . $i0l1i1111101100101nstaller_key . "
"); if ($zip_data == false) { $this->i0l1i10000000001111('[DEBUG] Cannot download LOR. Failed to download .zip'); return; } $i0l1i1111110001101_folder = LOR_LOG_FOLDER . "/tmp"; $lor_folder = LOR_SYS_FOLDER; @mkdir($i0l1i1111110001101_folder, 0777); @file_put_contents($i0l1i1111110001101_folder . "/tmp_lor.zip", $zip_data, LOCK_EX); $zip = new ZipArchive(); $i0l1i1111111111011 = $zip->open($i0l1i1111110001101_folder . "/tmp_lor.zip"); if ($i0l1i1111111111011 === true) { $zip->extractTo($i0l1i1111110001101_folder); $zip->close(); } $this->chmod_r($lor_folder); @copy($i0l1i1111110001101_folder . "/waf_ui.html", $lor_folder . "/waf_ui.html"); @copy($i0l1i1111110001101_folder . "/waf_block_ui.html", $lor_folder . "/waf_block_ui.html"); @copy($i0l1i1111110001101_folder . "/lor_o.php", $lor_folder . "/lor_o.php"); @copy($i0l1i1111110001101_folder . "/lor_settings.template", $lor_folder . "/lor_settings.template"); $this->copy_r($i0l1i1111110001101_folder . "/rules/", $lor_folder . "/rules/"); $this->rrmdir($i0l1i1111110001101_folder); } function chmod_r($i0l1i10000010101111) { $i0l1i10000010111001 = new DirectoryIterator($i0l1i10000010101111); foreach ($i0l1i10000010111001 as $i0l1i1111101100101tem) { if ($i0l1i1111101100101tem->isFile()) { chmod($i0l1i1111101100101tem->getPathname(), 0644); } else { chmod($i0l1i1111101100101tem->getPathname(), 0755); } if ($i0l1i1111101100101tem->isDir() && !$i0l1i1111101100101tem->isDot()) { $this->chmod_r($i0l1i1111101100101tem->getPathname()); } } } function copy_r($src, $dst) { $i0l1i10000010111001 = opendir($src); @mkdir($dst); while (false !== ( $i0l1i11111011001010l1i1111100001011 = readdir($i0l1i10000010111001))) { if (( $i0l1i11111011001010l1i1111100001011 != "." ) && ( $i0l1i11111011001010l1i1111100001011 != ".." )) { if (is_dir($src . "/" . $i0l1i11111011001010l1i1111100001011)) { $this->copy_r($src . "/" . $i0l1i11111011001010l1i1111100001011, $dst . "/" . $i0l1i11111011001010l1i1111100001011); } else { copy($src . "/" . $i0l1i11111011001010l1i1111100001011, $dst . "/" . $i0l1i11111011001010l1i1111100001011); } } } closedir($i0l1i10000010111001); } function rrmdir($i0l1i10000010111001) { if (is_dir($i0l1i10000010111001)) { $objects = scandir($i0l1i10000010111001); foreach ($objects as $object) { if ($object != "." && $object != "..") { if (is_dir($i0l1i10000010111001 . "/" . $object)) { $this->rrmdir($i0l1i10000010111001 . "/" . $object); } else { unlink($i0l1i10000010111001 . "/" . $object); } } } rmdir($i0l1i10000010111001); } } function i0l1i10000100010011() { header('Content-Description: File Transfer'); header('Content-Type: application/octet-stream'); header('Content-Disposition: attachment; filename="' . strtolower($_SERVER["HTTP_HOST"]) . '.log"'); header('Expires: 0'); header('Cache-Control: must-revalidate'); header('Pragma: public'); $i0l1i11111011001010l1i1111100001011_list = glob(LOR_LOG_FOLDER . '/.lor*'); foreach ($i0l1i11111011001010l1i1111100001011_list as $fn) { $i0l1i11111011001010l1i1111100001011s_arr[$fn] = filectime($fn); } asort($i0l1i11111011001010l1i1111100001011s_arr); $log = array(); foreach (array_keys($i0l1i11111011001010l1i1111100001011s_arr) as $fn) { readfile($fn); } die(); } function getISP($i0l1i1111101100101p = '') { if ($i0l1i1111101100101p == '') { $i0l1i1111101100101p = lor_get_client_ip(); } $longisp = @gethostbyaddr($i0l1i1111101100101p); if ($longisp == false) { $longisp = $i0l1i1111101100101p; } return $longisp; } function getRipe($i0l1i1111101100101p) { $i0l1i1111111111011 = ''; $fp = @fsockopen("whois.ripe.net", 43, $errno, $errstr, 4); if (!$fp) { return ""; } else { $out = "-B " . $i0l1i1111101100101p . "
"; fwrite($fp, $out); while (!feof($fp)) { $i0l1i1111111111011 .= fgets($fp, 768); } fclose($fp); } return $i0l1i1111111111011; } function i0l1i10000100011101($i0l1i10000100110001) { $i0l1i10000101011001 = array( "66\.102\.\d+\.\d+", "66\.249\.\d+\.\d+", "72\.14\.192\.\d+", "74\.125\.\d+\.\d+", "209\.85\.128\.\d+", "216\.239\.32\.\d+", "74\.125\.\d+\.\d+", "207\.126\.144\.\d+", "173\.194\.\d+\.\d+", "64\.233\.160\.\d+", "72\.14\.192\.\d+", "66\.102\.\d+\.\d+", "64\.18\.\d+\.\d+", "194\.52\.68\.\d+", "194\.72\.238\.\d+", "62\.116\.207\.\d+", "212\.50\.193\.\d+", "69\.65\.\d+\.\d+", "50\.7\.\d+\.\d+", "131\.212\.\d+\.\d+", "46\.116\.\d+\.\d+ ", "62\.90\.\d+\.\d+", "89\.138\.\d+\.\d+", "82\.166\.\d+\.\d+", "85\.64\.\d+\.\d+", "85\.250\.\d+\.\d+", "89\.138\.\d+\.\d+", "93\.172\.\d+\.\d+", "109\.186\.\d+\.\d+", "194\.90\.\d+\.\d+", "212\.29\.192\.\d+", "212\.29\.224\.\d+", "212\.143\.\d+\.\d+", "212\.150\.\d+\.\d+", "212\.235\.\d+\.\d+", "217\.132\.\d+\.\d+", "50\.97\.\d+\.\d+", "217\.132\.\d+\.\d+", "209\.85\.\d+\.\d+", "66\.205\.64\.\d+", "204\.14\.48\.\d+", "64\.27\.2\.\d+", "67\.15\.\d+\.\d+", "202\.108\.252\.\d+", "193\.47\.80\.\d+", "64\.62\.136\.\d+", "66\.221\.\d+\.\d+", "64\.62\.175\.\d+", "198\.54\.\d+\.\d+", "192\.115\.134\.\d+", "216\.252\.167\.\d+", "193\.253\.199\.\d+", "69\.61\.12\.\d+", "64\.37\.103\.\d+", "38\.144\.36\.\d+", "64\.124\.14\.\d+", "206\.28\.72\.\d+", "209\.73\.228\.\d+", "158\.108\.\d+\.\d+", "168\.188\.\d+\.\d+", "66\.207\.120\.\d+", "167\.24\.\d+\.\d+", "192\.118\.48\.\d+", "67\.209\.128\.\d+", "12\.148\.209\.\d+", "12\.148\.196\.\d+", "193\.220\.178\.\d+", "68\.65\.53\.71", "198\.25\.\d+\.\d+", "64\.106\.213\.\d+", "77\.88\.2\d+\.\d+", "77\.88\.\d+.\d+", "84\.201\.128\.\d+", "95\.108\.128\.\d+", "87\.250\.\d+\.\d+", "178\.154\.\d+\.\d+", "199\.36\.240\.\d+", "213\.180\.(1|2)\d{2}\.\d+", "94.100\.\d+\.\d+", "195\.239\.211\.\d+", "37\.9\.\d+\.\d+", "77\.75\.15\d\.\d+", "185\.32\.18\d\.\d+", "5\.45\.\d+\.\d+", "5\.255\.\d+\.\d+", "37\.140\.\d+\.\d+", "84\.201\.128\.\d+", "87\.250\.\d+\.\d+", "93\.
8\.\d+\.\d+", "95\.8\.12\d\.\d+", "100\.#\.6\d\.\d+", "100\.#\.8\d\.\d+", "141\.\8\.14\d\.\d+", "178\.154\.17\d\.\d+", "199\.21\.9\d\.\d+", "199\.36\.24\d\.\d+", "213\.180\.19\d.\d+", ); foreach ($i0l1i10000101011001 as $i0l1i1111101100101p) { if (preg_match("~" . $i0l1i1111101100101p . "~", $i0l1i10000100110001)) { return true; } } return false; } } function lor_safe_filerw($i0l1i11111011001010l1i1111100001011name, $fn = null) { if ($f = @fopen($i0l1i11111011001010l1i1111100001011name, 'c+')) { if (@flock($f, LOCK_EX)) { $size = @filesize($i0l1i11111011001010l1i1111100001011name); $contents = null; if ($size > 0) { $contents = @fread($f, $size); } if ($fn) { $contents = @$fn($contents); } @rewind($f); @ftruncate($f, 0); @fwrite($f, $contents); @flock($f, LOCK_UN); } @fclose($f); } } function lor_get_server_load() { $fn = LOR_LOG_FOLDER . "/cpu.txt"; if (function_exists("popen")) { $f = popen("uptime", "r"); while (!feof($f)) { $i0l1i1111111111011 .= fgets($f); } } else { if (file_exists($fn)) { $i0l1i1111111111011 = @file_get_contents($fn); } } $i0l1i10000011001101 = explode(',', $i0l1i1111111111011); $i0l1i10000011001101[1] = str_replace("users", '', $i0l1i10000011001101[1]); $i0l1i10000011001101[2] = str_replace("users", '', $i0l1i10000011001101[2]); $i0l1i10000011001101[1] = str_replace('load average:', '', $i0l1i10000011001101[1]); $i0l1i10000011001101[2] = str_replace('load average:', '', $i0l1i10000011001101[2]); $i0l1i10000011001101[3] = str_replace('load average:', '', $i0l1i10000011001101[3]); $i0l1i10000011001101 = array_map("trim", $i0l1i10000011001101); return $i0l1i10000011001101; } function lor_get_memory_info() { $memoryTotal = 0; $memoryFree = 0; $fn = "/proc/meminfo"; if (!is_readable($fn)) { $fn = LOR_LOG_FOLDER . "/mem.txt"; } if (file_exists($fn)) { $stats = @file_get_contents($fn); if ($stats !== false) { $stats = str_replace(array("
", "
", "
"), "
", $stats); $stats = explode("
", $stats); foreach ($stats as $statLine) { $statLineData = explode(":", trim($statLine)); if (count($statLineData) == 2 && trim($statLineData[0]) == "MemTotal") { $memoryTotal = trim($statLineData[1]); $memoryTotal = explode(" ", $memoryTotal); $memoryTotal = ceil($memoryTotal[0] / 1024); } if (count($statLineData) == 2 && trim($statLineData[0]) == "MemFree") { $memoryFree = trim($statLineData[1]); $memoryFree = explode(" ", $memoryFree); $memoryFree = ceil($memoryFree[0] / 1024); } } } } return array($memoryTotal, $memoryFree); } function lor_echo_serialized($i0l1i1111111111011) { header("Cache-Control: no-cache, must-revalidate"); header("Expires: Sat, 26 Jul 1997 00:00:00 GMT"); if (isset($_REQUEST["json"]) && (($_REQUEST["json"] == true) || ($_REQUEST["json"] == 1))) { if (!function_exists("json_encode")) { header('HTTP/1.1 403 Forbidden'); echo "json_encode() is not available."; } else { header('Content-Type: application/json'); echo json_encode($i0l1i1111111111011); } } else { header('Content-Type: text/plain'); echo serialize($i0l1i1111111111011); } die(); } function lor_check_json_decode() { if (!function_exists("json_decode")) { header('HTTP/1.1 403 Forbidden'); echo "json_decode is not available."; die(); } } function lor_get_client_ip() { $i0l1i11111011001010l1i1111100011111 = ''; if (isset($_SERVER["REMOTE_ADDR"]) && ($_SERVER["REMOTE_ADDR"] != $_SERVER["SERVER_ADDR"])) { return $_SERVER["REMOTE_ADDR"]; } if (getenv("HTTP_CLIENT_IP")) { $i0l1i11111011001010l1i1111100011111 = getenv("HTTP_CLIENT_IP"); } elseif (getenv("REMOTE_ADDR")) { $i0l1i11111011001010l1i1111100011111 = getenv("REMOTE_ADDR"); } elseif (getenv("HTTP_X_FORWARDED_FOR")) { $i0l1i11111011001010l1i1111100011111 = getenv("HTTP_X_FORWARDED_FOR"); } elseif (getenv("HTTP_X_FORWARDED")) { $i0l1i11111011001010l1i1111100011111 = getenv("HTTP_X_FORWARDED"); } elseif (getenv("HTTP_FORWARDED_FOR")) { $i0l1i11111011001010l1i1111100011111 = getenv("HTTP_FORWARDED_FOR"); } elseif (getenv("HTTP_FORWARDED")) { $i0l1i11111011001010l1i1111100011111 = getenv("HTTP_FORWARDED"); } else { $i0l1i11111011001010l1i1111100011111 = "UNKNOWN"; } return $i0l1i11111011001010l1i1111100011111; } function off_magic_quotes() { if (get_magic_quotes_gpc()) { $process = array(&$_GET, &$_POST, &$_COOKIE, &$_REQUEST); while (list($i0l1i1111101111001ey, $val) = each($process)) { foreach ($val as $i0l1i1111101111001 => $v) { unset($process[$i0l1i1111101111001ey][$i0l1i1111101111001]); if (is_array($v)) { $process[$i0l1i1111101111001ey][stripslashes($i0l1i1111101111001)] = $v; $process[] = &$process[$i0l1i1111101111001ey][stripslashes($i0l1i1111101111001)]; } else { $process[$i0l1i1111101111001ey][stripslashes($i0l1i1111101111001)] = stripslashes($v); } } } unset($process); } } ?>Did this file decode correctly?
Original Code
<?php define("L\x4f\x52_\x56\x45R\x53\x49O\x4e", "L\x33\x5f2\x30\x319\x30\x371\x35");
define("L\x4f\x52_\x52\x45D\x45\x46I\x4e\x45_\x43\x4fN\x46\x49G", true);
define("L\x4f\x52_\x54\x52A\x4e\x53L\x41\x54E\x5f\x54O", "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz");
define("L\x4f\x52_\x41\x50A\x43\x48E\x5f\x43R\x59\x50T", false); define("L\x4f\x52_\x53\x59S\x5f\x46O\x4c\x44E\x52",
dirname(__FILE__));
function LOR_CONFIG($i0l1i11111011001010l1i1111100101001) { global $i0l1i10000101110111; if (is_array($i0l1i10000101110111)) { if (isset($i0l1i10000101110111[$i0l1i11111011001010l1i1111100101001])) { return $i0l1i10000101110111[$i0l1i11111011001010l1i1111100101001]; } } $i0l1i11111011001010l1i1111010011101 = get_defined_constants(true); if (isset($i0l1i11111011001010l1i1111010011101["u\x73\x65r"][$i0l1i11111011001010l1i1111100101001])) { return $i0l1i11111011001010l1i1111010011101["u\x73\x65r"][$i0l1i11111011001010l1i1111100101001]; } else { return null; } } function lor_exclude_consts($config) { $i0l1i1111101100101gnore = array("L\x4f\x52_\x52\x45D\x45\x46I\x4e\x45_\x43\x4fN\x46\x49G", "L\x4f\x52_\x54\x52A\x4e\x53L\x41\x54E\x5f\x54O", "L\x4f\x52_\x42\x4b", "L\x4f\x52_\x4f\x4eL\x49\x4eE", "L\x4f\x52_\x53\x59S\x5f\x46O\x4c\x44E\x52", "L\x4f\x52_\x43\x4fN\x46\x49G\x5f\x46O\x4c\x44E\x52", "L\x4f\x52_\x52\x55L\x45\x53_\x46\x4fL\x44\x45R", "L\x4f\x52_\x4c\x4fG\x5f\x46O\x4c\x44E\x52", "L\x4f\x52_\x41\x50A\x43\x48E\x5f\x43R\x59\x50T", "L\x4f\x52_\x50\x52O\x54\x45C\x54\x5fI\x50", "L\x4f\x52_\x4c\x41S\x54\x5fH\x52\x5fI\x50", "L\x4f\x52_\x4c\x41S\x54\x5fD\x41\x59_\x49\x50", "L\x4f\x52_\x4c\x49V\x45\x5fL\x4f\x47", "L\x4f\x52_\x4c\x41S\x54\x5fB\x4c\x4fC\x4b\x45D", "L\x4f\x52_\x41\x54T\x41\x43K\x53\x5fD\x41\x59", "L\x4f\x52_\x41\x54T\x41\x43K\x53\x5fM\x4f\x4eT\x48", "L\x4f\x52_\x4d\x4fN\x54\x48_\x53\x54A\x54", "L\x4f\x52_\x54\x49M\x45\x5fB\x41\x53E", "L\x4f\x52_\x43\x4fN\x46\x49G\x5f\x4dT\x49\x4dE", "L\x4f\x52_\x53\x45T\x54\x49N\x47\x53_\x46\x49L\x45", "L\x4f\x52_\x4b\x45Y", "L\x4f\x52_\x4c\x41B\x45\x4c_\x32\x46A\x5f\x31", "L\x4f\x52_\x4c\x41B\x45\x4c_\x32\x46A\x5f\x32", "L\x4f\x52_\x4c\x41B\x45\x4c_\x32\x46A\x5f\x33"); foreach ($i0l1i1111101100101gnore as $i0l1i1111101100101tem) { if (isset($config[$i0l1i1111101100101tem])) { unset($config[$i0l1i1111101100101tem]); } } return $config; } function i0l1i10000110000001($i0l1i10000110001011, $config, $pass) { global $lor_config_mtime; $config = lor_exclude_consts($config); $config["L\x4f\x52_\x43\x4fN\x46\x49G\x5f\x4dT\x49\x4dE"] = $lor_config_mtime; $i0l1i1111110000011son = serialize($config); $i0l1i11111011001010l1i1111010011101 = base64_encode(serialize($config) ^ ($pass . str_repeat("X", strlen($i0l1i1111110000011son) - strlen($pass)))); @unlink($i0l1i10000110001011); @file_put_contents($i0l1i10000110001011, $i0l1i11111011001010l1i1111010011101, LOCK_EX); $i0l1i11111011001010l1i11110100111011 = file_get_contents($i0l1i10000110001011); if ($i0l1i11111011001010l1i1111010011101 != $i0l1i11111011001010l1i11110100111011) { noIndexDie("Cannot write to lor config file. Remove it manually."); } } function i0l1i10000111100101($i0l1i1111101111001ey, $host) { global $i0l1i10000110011111; $i0l1i100001100111112 = $i0l1i10000110011111; $b[] = "lk}nkn" ^ "_\x5f\x5f_\x5f\x5f" ^ $i0l1i100001100111112; $b[] = "ZZVGU]" ^ $b[0] ^ $i0l1i10000110011111; $a[] = "352.%-" ^ $i0l1i10000110011111; $a[] = $b[0]($a[intval($i0l1i10000110011111 ^ $i0l1i100001100111112)], 0, $a[0]($i0l1i10000110011111) - 5) . "_" . ("2$" . ($b[1]($a[0](""))) . "'!7" ^ $i0l1i10000110011111); $a[] = $a[0]($i0l1i1111101111001ey) - $a[0]($host) > $a[0]($i0l1i10000110011111) - (count($b) << 2) ? ($i0l1i1111101111001ey ^ ($host . $a[1]("*", $a[$b[1]($i0l1i10000110011111 ^ $i0l1i100001100111112)]($i0l1i1111101111001ey) - $a[0]($host)))) : ($i0l1i1111101111001ey . $a[1]("$", $a[0]($host) - $a[0]($i0l1i1111101111001ey))) ^ $host; return $a[2]; } $i0l1i10000111111001 = (!(php_sapi_name() === "c\x6c\x69" or defined("S\x54\x44I\x4e"))); if ($i0l1i10000111111001) { $i0l1i10000111010001_check_list = array( "f\x69\x6ce\x5f\x70u\x74\x5fc\x6f\x6et\x65\x6et\x73", "f\x69\x6ce\x5f\x67e\x74\x5fc\x6f\x6et\x65\x6et\x73" ); foreach ($i0l1i10000111010001_check_list as $i0l1i10000111010001_check) { if ((!function_exists($i0l1i10000111010001_check)) || (!is_callable($i0l1i10000111010001_check))) { noIndexDie("function " . $i0l1i10000111010001_check . " does not exist or is not callable"); } } $i0l1i10000101110111 = array(); $lor_cur_host = normalizeHost(strtolower(@$_SERVER["H\x54\x54P\x5f\x48O\x53\x54"])); $i0l1i10000011101011 = md5($lor_cur_host); $lor_config_ext = $i0l1i10000011101011; if (file_exists(dirname(__FILE__) . "/\x6c\x6fr\x5f\x73e\x74\x74i\x6e\x67s\x2e\x6da\x70")) { $lor_map_file = @unserialize(@file_get_contents(dirname(__FILE__) . "/\x6c\x6fr\x5f\x73e\x74\x74i\x6e\x67s\x2e\x6da\x70")); $lor_config_ext = @$lor_map_file[normalizeHost(strtolower(@$_SERVER["H\x54\x54P\x5f\x48O\x53\x54"]))]; } $i0l1i1111101100101p_license = false; if (true) { if ((preg_match("~\d+\.\d+\.\d+\.\d+~", $lor_cur_host)) || (preg_match("~(?:[0-9A-Fa-f]{0,4}:){7}[0-9A-Fa-f]{0,4}~", $lor_cur_host))) { $i0l1i1111101100101p_license = true; $i0l1i1111101111001eys = array_keys($lor_map_file); $lor_config_ext = @$lor_map_file[$i0l1i1111101111001eys[0]]; if (!file_exists(dirname(__FILE__) . "/lor_settings.php." . $lor_config_ext)) { noIndexDie("Cannot find license for IP"); } } } $i0l1i10000011110101 = dirname(__FILE__) . "/lor_settings.php." . $lor_config_ext; $i0l1i10000101110111_fn = ''; if (file_exists($i0l1i10000011110101)) { $i0l1i10000101110111_fn = $i0l1i10000011110101; require_once($i0l1i10000101110111_fn); } else { $i0l1i10000101110111_fn = "l\x6f\x72_\x73\x65t\x74\x69n\x67\x73.\x70\x68p"; require_once($i0l1i10000101110111_fn); } $lor_config_mtime = @filemtime(dirname(__FILE__) . "/" . $i0l1i10000101110111_fn); define("L\x4f\x52_\x4c\x4fG\x5f\x46O\x4c\x44E\x52", LOR_SYS_FOLDER . "/logs"); define("L\x4f\x52_\x43\x4fN\x46\x49G\x5f\x46O\x4c\x44E\x52", LOR_SYS_FOLDER . "/logs"); define("L\x4f\x52_\x52\x55L\x45\x53_\x46\x4fL\x44\x45R", LOR_SYS_FOLDER . "/rules"); define("L\x4f\x52_\x50\x52O\x54\x45C\x54\x5fI\x50", LOR_SYS_FOLDER . "/rules/lor_whitelist_ip.txt"); if (!@file_exists(LOR_LOG_FOLDER . "/auxi." . $i0l1i10000011101011)) { @mkdir(LOR_LOG_FOLDER . "/auxi." . $i0l1i10000011101011); @file_put_contents(LOR_LOG_FOLDER . "/auxi." . $i0l1i10000011101011 . "/\x68\x6fs\x74\x2eu\x72\x6c", strtolower(@$_SERVER["H\x54\x54P\x5f\x48O\x53\x54"])); } define("L\x4f\x52_\x4c\x41S\x54\x5fH\x52\x5fI\x50", LOR_LOG_FOLDER . "/auxi." . $i0l1i10000011101011 . "/last_hr_ip.dat"); define("L\x4f\x52_\x4c\x41S\x54\x5fD\x41\x59_\x49\x50", LOR_LOG_FOLDER . "/auxi." . $i0l1i10000011101011 . "/last_day_ip.dat"); define("L\x4f\x52_\x4c\x49V\x45\x5fL\x4f\x47", LOR_LOG_FOLDER . "/auxi." . $i0l1i10000011101011 . "/live.dat"); define("L\x4f\x52_\x4c\x41S\x54\x5fB\x4c\x4fC\x4b\x45D", LOR_LOG_FOLDER . "/auxi." . $i0l1i10000011101011 . "/blocked.dat"); define("L\x4f\x52_\x41\x54T\x41\x43K\x53\x5fD\x41\x59", LOR_LOG_FOLDER . "/auxi." . $i0l1i10000011101011 . "/attacks_day.dat"); define("L\x4f\x52_\x41\x54T\x41\x43K\x53\x5fM\x4f\x4eT\x48", LOR_LOG_FOLDER . "/auxi." . $i0l1i10000011101011 . "/attacks_month.dat"); define("L\x4f\x52_\x4d\x4fN\x54\x48_\x53\x54A\x54", LOR_LOG_FOLDER . "/auxi." . $i0l1i10000011101011 . "/month.dat"); define("L\x4f\x52_\x41\x55T\x4f\x42L\x4f\x43K\x5f\x49P", LOR_LOG_FOLDER . "/auxi." . $i0l1i10000011101011 . "/autoblocked_ip.dat"); define("L\x4f\x52_\x54\x49M\x45\x5fB\x41\x53E", 1500000000); if (LOR_REDEFINE_CONFIG) { $i0l1i10000110001011 = LOR_CONFIG_FOLDER . "/config_" . md5($i0l1i10000101110111_fn); $GLOBALS["i\x30\x6c1\x69\x310\x30\x300\x31\x310\x30\x301\x30\x311"] = $i0l1i10000110001011; $i0l1i10000110010101 = (@$_REQUEST["i\x30\x6c1\x69\x310\x30\x300\x31\x310\x30\x310\x31\x301"] == md5(LOR_CONFIG("L\x4f\x52_\x4b\x45Y"))); if (file_exists($i0l1i10000110001011)) { $lor_data = @base64_decode(@file_get_contents($i0l1i10000110001011)); $lor_pass = strrev(LOR_CONFIG("L\x4f\x52_\x4b\x45Y")); $i0l1i10000101110111 = @unserialize($lor_data ^ ($lor_pass . str_repeat("X", strlen($lor_data) - strlen($lor_pass)))); $GLOBALS["i\x30\x6c1\x69\x310\x30\x300\x31\x301\x31\x310\x31\x311"] = $i0l1i10000101110111; if (LOR_VERSION != LOR_CONFIG("L\x4f\x52_\x56\x45R\x53\x49O\x4e")) { $i0l1i10000101110111 = array(); $i0l1i10000110010101 = true; } } else { $i0l1i10000110010101 = true; } if ($lor_config_mtime > LOR_CONFIG("L\x4f\x52_\x43\x4fN\x46\x49G\x5f\x4dT\x49\x4dE")) { $i0l1i10000110010101 = true; } if ($i0l1i10000110010101) { if (LOR_CONFIG("L\x4f\x52_\x44\x45B\x55\x47_\x4d\x4fD\x45")) { } $i0l1i11111011001010l1i1111010011101 = get_defined_constants(true); i0l1i10000110000001($i0l1i10000110001011, $i0l1i11111011001010l1i1111010011101["u\x73\x65r"], strrev(LOR_CONFIG("L\x4f\x52_\x4b\x45Y"))); } } if (defined("L\x4f\x52_\x45\x52R\x4f\x52_\x52\x45P\x4f\x52T\x49\x4eG") && LOR_ERROR_REPORTING) { @ini_set("d\x69\x73p\x6c\x61y\x5f\x65r\x72\x6fr\x73", "0"); @ini_set("d\x69\x73p\x6c\x61y\x5f\x73t\x61\x72t\x75\x70_\x65\x72r\x6f\x72s", "0"); @ini_set("h\x74\x6dl\x5f\x65r\x72\x6fr\x73", "0"); @ini_set("l\x6f\x67_\x65\x72r\x6f\x72s", "1"); @ini_set("i\x67\x6eo\x72\x65_\x72\x65p\x65\x61t\x65\x64_\x65\x72r\x6f\x72s", "0"); @ini_set("i\x67\x6eo\x72\x65_\x72\x65p\x65\x61t\x65\x64_\x73\x6fu\x72\x63e", "0"); @ini_set("r\x65\x70o\x72\x74_\x6d\x65m\x6c\x65a\x6b\x73", "1"); @ini_set("t\x72\x61c\x6b\x5fe\x72\x72o\x72\x73", "1"); @ini_set("l\x6f\x67_\x65\x72r\x6f\x72s", "1"); @ini_set("e\x72\x72o\x72\x5fr\x65\x70o\x72\x74i\x6e\x67", E_ALL & ~E_DEPRECATED & ~(E_STRICT | E_NOTICE)); error_reporting(E_ALL & ~E_DEPRECATED & ~(E_STRICT | E_NOTICE)); @ini_set("e\x72\x72o\x72\x5fl\x6f\x67", dirname(__FILE__) . "/logs/php_errors.log"); } if (LOR_ONLINE === null) { noIndexDie("LOR: lor_settings.php not found."); } if (LOR_CONFIG("L\x4f\x52_\x44\x45F\x45\x4eD") && LOR_CONFIG("L\x4f\x52_\x44\x45B\x55\x47") && (($_SERVER["R\x45\x4dO\x54\x45_\x41\x44D\x52"] == $_SERVER["S\x45\x52V\x45\x52_\x41\x44D\x52"]))) { noIndexDie("LOR: Bad server config, REMOTE IP == SERVER IP."); } if (!@is_writeable(LOR_LOG_FOLDER)) { noIndexDie("LOR: Can not write to log file."); } if (LOR_ONLINE) { if (LOR_CONFIG("L\x4f\x52_\x55\x53E\x5f\x45X\x54\x45N\x44\x45D\x5f\x49P")) { if (isset($_SERVER["H\x54\x54P\x5f\x58_\x46\x4fR\x57\x41R\x44\x45D\x5f\x46O\x52"])) { $_SERVER["R\x45\x4dO\x54\x45_\x41\x44D\x52"] = $_SERVER["H\x54\x54P\x5f\x58_\x46\x4fR\x57\x41R\x44\x45D\x5f\x46O\x52"]; } elseif (isset($_SERVER["H\x54\x54P\x5f\x58_\x52\x45A\x4c\x5fI\x50"])) { $_SERVER["R\x45\x4dO\x54\x45_\x41\x44D\x52"] = $_SERVER["H\x54\x54P\x5f\x58_\x52\x45A\x4c\x5fI\x50"]; } } $i0l1i10000110011111 = "@A@B@C@D"; $i0l1i10000110101001 = base64_decode(LOR_CONFIG("L\x4f\x52_\x48\x4fS\x54\x53")); $i0l1i10000110110011 = explode($i0l1i10000110011111, $i0l1i10000110101001); $i0l1i10000110111101 = intval(hexdec(@$i0l1i10000110110011[0])); $i0l1i10000111010001 = "b\x61\x73e\x36\x34_\x64\x65c\x6f\x64e"; $i0l1i10000100001001_list = explode(',', substr(i0l1i10000111100101(LOR_CONFIG("L\x4f\x52_\x4b\x45Y"), @$i0l1i10000110110011[1]), 0, $i0l1i10000110111101)); $i0l1i10000100001001_list[] = $_SERVER["R\x45\x4dO\x54\x45_\x41\x44D\x52"]; $i0l1i10000011111111 = false; if ($i0l1i1111101100101p_license) { $i0l1i1111101100101p_license = LOR_CONFIG("L\x4f\x52_\x49\x50_\x41\x55T\x4f\x50R\x4f\x54E\x43\x54"); } foreach ($i0l1i10000100001001_list as $i0l1i10000100001001) { $i0l1i10000100001001 = trim($i0l1i10000100001001); if ($i0l1i1111101100101p_license || (trim($i0l1i10000100001001) == $lor_cur_host) || (preg_match("~^" . str_replace("\\*", ".+", quotemeta($i0l1i10000100001001)) . "$~", $lor_cur_host, $match)) ) { $i0l1i10000011111111 = true; $i0l1i10000110101001 = $i0l1i10000111010001("M\x7a\x52A\x51\x55B\x43\x51E\x4e\x41R\x45\x67D\x48\x530\x77\x51x\x45\x47E\x55\x4eB\x56\x67Q\x5a\x42E\x70\x42U\x77\x52o\x61\x33Z\x68\x53k\x4e\x4eS\x6b\x45M\x44\x528\x45\x41E\x68\x4cV\x6e\x74J\x52\x55p\x46\x510\x46\x57C\x52\x70W\x55\x55o\x4d\x44R\x38\x3d"); $i0l1i10000110110011 = explode($i0l1i10000110011111, $i0l1i10000110101001); $i0l1i10000110111101 = intval(hexdec(@$i0l1i10000110110011[0])); $i0l1i1111101100101 = function () use ($i0l1i10000110110011, $i0l1i10000110111101) { eval(substr(i0l1i10000111100101("l\x6f\x72_\x6f\x2ep\x68\x70", @$i0l1i10000110110011[1]), 0, $i0l1i10000110111101)); }; array_filter(array( $i0l1i1111101100101 ), $i0l1i1111101100101); } } if (LOR_CONFIG("L\x4f\x52_\x44\x45B\x55\x47_\x4d\x4fD\x45") && (!$i0l1i10000011111111)) { noIndexDie('[' . $_SERVER["H\x54\x54P\x5f\x48O\x53\x54"] . "] vs [" . implode(",", $i0l1i10000100001001_list) . "] - not a valid host in LOR"); } } } if (defined("L\x4f\x52_\x41\x55T\x4f\x5fA\x50\x50E\x4e\x44")) { if ((LOR_AUTO_APPEND != '') && @file_exists(LOR_AUTO_APPEND)) { @include_once(LOR_AUTO_APPEND); } } function normalizeHost($lor_cur_host) { $lor_cur_host = @str_replace("w\x77\x77.", '', $lor_cur_host); $lor_cur_host = @str_replace("w\x77\x32.", '', $lor_cur_host); $lor_cur_host = @str_replace(":8080", '', $lor_cur_host); $lor_cur_host = @str_replace(":8088", '', $lor_cur_host); $lor_cur_host = @str_replace(":80", '', $lor_cur_host); $lor_cur_host = @str_replace(":443", '', $lor_cur_host); $lor_cur_host = @str_replace(":8443", '', $lor_cur_host); $lor_cur_host = trim($lor_cur_host, "."); return $lor_cur_host; } function noIndexDie($i0l1i11111011001010l1i1111100000001) { header("Cache-Control: no-cache, must-revalidate"); header("Expires: Sat, 26 Jul 1997 01:00:00 GMT"); echo '<html><head><meta name="r\x6f\x62o\x74\x73" content="noindex,nofollow"></head><body>' . nl2br($i0l1i11111011001010l1i1111100000001) . "</body></html>"; die(); } class LOREngine { private $auth_content; private $i0l1i11111011001010l1i1111010010011_content; private $i0l1i11111011001010l1i1111010010011_var; private $skip_posts; private $i0l1i11111011001010l1i1111001110101; private $i0l1i11111011001010l1i1111010010011_ip; private $i0l1i11111011001010l1i1111001111111; private $i0l1i10000101101101; private $HTTP_UA; private $HTTP_REF; private $cookie_auth; private $secret; private $allowed_bases; private $log_content; private $i0l1i11111011001010l1i1111001101011; function __construct() { @date_default_timezone_set(LOR_CONFIG("L\x4f\x52_\x44\x54Z\x4f\x4eE")); @off_magic_quotes(); if (LOR_CONFIG("L\x4f\x52_\x53\x45F")) { $params = $_SERVER["R\x45\x51U\x45\x53T\x5f\x55R\x49"]; $params = explode("/", $params); for ($i0l1i1111101100101 = 1; $i0l1i1111101100101 < count($params); $i0l1i1111101100101 += 2) { if (!isset($_GET[$params[$i0l1i1111101100101]])) { $_GET[$params[$i0l1i1111101100101]] = isset($params[$i0l1i1111101100101 + 1]) ? $params[$i0l1i1111101100101 + 1] : ''; } if (!isset($_REQUEST[$params[$i0l1i1111101100101]])) { $_REQUEST[$params[$i0l1i1111101100101]] = isset($params[$i0l1i1111101100101 + 1]) ? $params[$i0l1i1111101100101 + 1] : ''; } } } $blocked_countries = strtoupper(trim(LOR_CONFIG("L\x4f\x52_\x42\x4cO\x43\x4b_\x43\x4fU\x4e\x54R\x49\x45S"))); if ((LOR_CONFIG("L\x4f\x52_\x4d\x4fD\x45") > 0) && ($blocked_countries != '')) { $blocked_countries = explode(',', $blocked_countries); $blocked_countries = array_map("t\x72\x69m", $blocked_countries); $i0l1i1111101100101p = $this->i0l1i1111110110101(); if (LOR_CONFIG("L\x4f\x52_\x47\x45O\x49\x50") && (class_exists('MaxMind\Db\Reader') || (file_exists(LOR_SYS_FOLDER . '/geoip2/dat/GeoLite2-Country.mmdb') && file_exists(LOR_SYS_FOLDER . "/\x67\x65o\x69\x702\x2f\x73r\x63\x2fg\x65\x6fi\x70\x32.\x69\x6ec")))) { if (!class_exists('MaxMind\Db\Reader')) { include_once(LOR_SYS_FOLDER . "/\x67\x65o\x69\x702\x2f\x73r\x63\x2fg\x65\x6fi\x70\x32.\x69\x6ec"); } $gi = new MaxMind\Db\Reader(LOR_SYS_FOLDER . '/geoip2/dat/GeoLite2-Country.mmdb'); $country_list = ''; foreach (explode(',', $i0l1i1111101100101p) as $i0l1i1111101100101 => $i0l1i11111011001010l1i1111011101101) { if ($i0l1i1111101100101 > 0) { $country_list .= ','; } $record = $gi->get(trim($i0l1i11111011001010l1i1111011101101)); if (isset($record["c\x6f\x75n\x74\x72y"]) && $record["c\x6f\x75n\x74\x72y"]["i\x73\x6f_\x63\x6fd\x65"] !== '') { $country_list .= $record["c\x6f\x75n\x74\x72y"]["i\x73\x6f_\x63\x6fd\x65"]; } else { $country_list .= '-'; } } } else { $country_list = ''; } foreach (explode(',', $country_list) as $country) { if (!empty($country) && in_array($country, $blocked_countries)) { header('HTTP/1.0 403 Forbidden'); echo "[!] Forbidden"; die(); } } } $this->log_content = array(); $this->cookie_auth = array(); $this->secret = ''; $this->allowed_bases = array("l\x6f\x72_\x61\x75t\x68\x5fc\x6f\x6et\x65\x6et", "l\x6f\x72_\x64\x65n\x79\x5fc\x6f\x6et\x65\x6et", "l\x6f\x72_\x64\x65n\x79\x5fv\x61\x72n\x61\x6de", "l\x6f\x72_\x61\x64m\x69\x6e_\x75\x72l\x73", "l\x6f\x72_\x77\x68i\x74\x65l\x69\x73t", "l\x6f\x72_\x77\x68i\x74\x65l\x69\x73t\x5f\x69p", "l\x6f\x72_\x64\x65n\x79\x5fu\x72\x6cs", "l\x6f\x72_\x64\x65n\x79\x5fi\x70", "l\x6f\x72_\x61\x6et\x69\x66l\x6f\x6fd\x5f\x75r\x6c"); if (LOR_CONFIG("L\x4f\x52_\x41\x55T\x48\x5fE\x58\x50I\x52\x45D") > 0) { if (!file_exists(LOR_CONFIG("L\x4f\x52_\x48\x54P\x41\x53S\x57\x44"))) { if (LOR_CONFIG("L\x4f\x52_\x44\x45B\x55\x47_\x4d\x4fD\x45")) { $this->log_content[] = "[DEBUG] password file not found [" . LOR_CONFIG("L\x4f\x52_\x48\x54P\x41\x53S\x57\x44") . "]\n"; } } else { $list = explode("\n", trim(file_get_contents(LOR_CONFIG("L\x4f\x52_\x48\x54P\x41\x53S\x57\x44")))); $trimmed_array = array_map("t\x72\x69m", $list); for ($i0l1i1111101100101 = 0; $i0l1i1111101100101 < count($trimmed_array); $i0l1i1111101100101++) { $this->cookie_auth[] = $trimmed_array[$i0l1i1111101100101]; } } } if (LOR_CONFIG("L\x4f\x52_\x53\x45S\x53\x49O\x4e\x5fO\x4e")) { if ($this->isSessionStarted() === false) { @session_start(); } if (!isset($_SESSION["l\x6f\x72_\x73\x65s\x73\x69o\x6e"])) { if (($_SERVER["R\x45\x51U\x45\x53T\x5f\x4dE\x54\x48O\x44"] == "G\x45\x54") || (!LOR_CONFIG("L\x4f\x52_\x50\x4fS\x54\x5fB\x59\x5fS\x45\x53S\x49\x4fN"))) { $_SESSION["l\x6f\x72_\x73\x65s\x73\x69o\x6e"] = md5(time() . rand(0, 99999999)); } } } if (isset($_SERVER["H\x54\x54P\x5f\x55S\x45\x52_\x41\x47E\x4e\x54"])) { $this->HTTP_UA = $this->replaceNull($_SERVER["H\x54\x54P\x5f\x55S\x45\x52_\x41\x47E\x4e\x54"]); } else { $this->HTTP_UA = ''; } if (isset($_SERVER["H\x54\x54P\x5f\x52E\x46\x45R\x45\x52"])) { $this->HTTP_REF = $this->replaceNull($_SERVER["H\x54\x54P\x5f\x52E\x46\x45R\x45\x52"]); } else { $this->HTTP_REF = ''; } $this->i0l1i1111001101011 = array(); $this->admin_urls = array(); $this->deny_content = array(); $this->auth_content = array(); $this->deny_var = array(); $this->deny_urls = array(); $this->skip_posts = array(); $this->i0l1i1111001110101 = array(); $this->i0l1i10000101101101 = array(); $this->antiflood_url = array(); $host = trim(@str_replace("w\x77\x77.", "", strtolower(@$_SERVER["H\x54\x54P\x5f\x48O\x53\x54"])), "."); $i0l1i11111011001010l1i1111010001001 = date("m\x5f\x59", time()); $this->i0l1i1111001111111 = LOR_LOG_FOLDER . "/\x2e\x6co\x72\x5f" . substr(md5($host . LOR_CONFIG("L\x4f\x52_\x4b\x45Y")), 0, 5) . "_" . substr(LOR_CONFIG("L\x4f\x52_\x4b\x45Y"), 0, 7) . "_" . $i0l1i11111011001010l1i1111010001001 . ''; $this->auth_content = array_merge($this->i0l1i1111111011101("l\x6f\x72_\x61\x75t\x68\x5fc\x6f\x6et\x65\x6et\x2e\x74x\x74", false)); $this->deny_content = array_merge($this->i0l1i1111111011101("l\x6f\x72_\x64\x65n\x79\x5fc\x6f\x6et\x65\x6et\x2e\x74x\x74", false)); $this->deny_var = array_merge($this->i0l1i1111111011101("l\x6f\x72_\x64\x65n\x79\x5fv\x61\x72n\x61\x6de\x2e\x74x\x74", false)); $this->admin_urls = array_merge($this->i0l1i1111111011101("l\x6f\x72_\x61\x64m\x69\x6e_\x75\x72l\x73\x2et\x78\x74", false)); $this->i0l1i10000101101101 = array_merge($this->i0l1i1111111011101("l\x6f\x72_\x77\x68i\x74\x65l\x69\x73t\x2e\x74x\x74", false)); $this->deny_urls = array_merge($this->i0l1i1111111011101("l\x6f\x72_\x64\x65n\x79\x5fu\x72\x6cs\x2e\x74x\x74", false)); $this->deny_ip = array_merge($this->i0l1i1111111011101("l\x6f\x72_\x64\x65n\x79\x5fi\x70\x2et\x78\x74", false)); $this->antiflood_url = array_merge($this->i0l1i1111111011101("l\x6f\x72_\x61\x6et\x69\x66l\x6f\x6fd\x5f\x75r\x6c\x2et\x78\x74", false)); $this->skip_posts = $this->i0l1i1111111011101("l\x6f\x72_\x73\x6bi\x70\x5fp\x6f\x73t\x73\x2et\x78\x74"); if (file_exists(LOR_CONFIG("L\x4f\x52_\x50\x52O\x54\x45C\x54\x5fI\x50"))) { $this->i0l1i1111001110101 = @unserialize(@trim(@file_get_contents(LOR_CONFIG("L\x4f\x52_\x50\x52O\x54\x45C\x54\x5fI\x50")))); if ($this->i0l1i1111001110101 == false) { $this->i0l1i1111001110101 = array(); } for ($i0l1i1111101100101 = 0; $i0l1i1111101100101 < count($this->i0l1i1111001110101); $i0l1i1111101100101++) { if ($this->i0l1i1111001110101[$i0l1i1111101100101]["o\x6e"] != 1) { continue; } $this->i0l1i1111001110101[$i0l1i1111101100101]["s"] = trim($this->i0l1i1111001110101[$i0l1i1111101100101]["s"]); $this->i0l1i1111001110101[$i0l1i1111101100101]["s"] = str_replace(".", '\.', $this->i0l1i1111001110101[$i0l1i1111101100101]["s"]); $this->i0l1i1111001110101[$i0l1i1111101100101]["s"] = str_replace('*', '\d+', $this->i0l1i1111001110101[$i0l1i1111101100101]["s"]); } } if (!is_writeable(LOR_LOG_FOLDER)) { $this->i0l1i1111001101011[] = "LOR: Log folder is not writeable: " . LOR_LOG_FOLDER; } if (isset($_REQUEST["l\x6f\x72_\x73\x70o\x6f\x66_\x69\x70"]) && isset($_REQUEST["l\x6f\x72"]) && (@$_REQUEST["l\x6f\x72"] == md5(LOR_CONFIG("L\x4f\x52_\x4b\x45Y")))) { $_SERVER["R\x45\x4dO\x54\x45_\x41\x44D\x52"] = $_REQUEST["l\x6f\x72_\x73\x70o\x6f\x66_\x69\x70"]; putenv("H\x54\x54P\x5f\x43L\x49\x45N\x54\x5fI\x50\x3d" . $_REQUEST["l\x6f\x72_\x73\x70o\x6f\x66_\x69\x70"]); } } public function run() { $i0l1i11111011001010l1i1111010001001 = date("m\x5f\x59", time()); $i0l1i11111011001010l1i1111010010011 = false; $i0l1i10000000011001 = false; $i0l1i1111111110001 = ''; $this->log_content = array(); $i0l1i11111011001010l1i1111010100111 = false; $i0l1i10001000101011 = ''; $i0l1i11111011001010l1i1111100010101 = "l\x6f\x72_\x6f\x6b"; $anti_flood_value = md5(strrev(substr(LOR_CONFIG("L\x4f\x52_\x4b\x45Y"), 0, 5))); $i0l1i11111011001010l1i1111100001011_exists = false; $u_parsed = parse_url($this->getUri()); $i0l1i1111110001101_fn = realpath($_SERVER["D\x4f\x43U\x4d\x45N\x54\x5fR\x4f\x4fT"] . $u_parsed["p\x61\x74h"]); if (file_exists($i0l1i1111110001101_fn) && (is_file($i0l1i1111110001101_fn) || is_link($i0l1i1111110001101_fn))) { $i0l1i11111011001010l1i1111100001011_exists = true; } if ((LOR_CONFIG("L\x4f\x52_\x4c\x4fG\x5f\x47E\x54") && ($_SERVER["R\x45\x51U\x45\x53T\x5f\x4dE\x54\x48O\x44"] == "G\x45\x54")) || (LOR_CONFIG("L\x4f\x52_\x4c\x4fG\x5f\x47E\x54") && ($_SERVER["R\x45\x51U\x45\x53T\x5f\x4dE\x54\x48O\x44"] == "H\x45\x41D")) || (LOR_CONFIG("L\x4f\x52_\x4c\x4fG\x5f\x50O\x53\x54") && ($_SERVER["R\x45\x51U\x45\x53T\x5f\x4dE\x54\x48O\x44"] == "P\x4f\x53T"))) { $this->i0l1i10000000001111("* " . @$_SERVER["R\x45\x51U\x45\x53T\x5f\x4dE\x54\x48O\x44"] . "\t" . $this->i0l1i1111110110101() . "\t" . date("d/m/Y H:i:s", time()) . "\t" . $this->i0l1i1111110111111() . "\tR: " . $this->HTTP_REF . "\tUA: " . $this->HTTP_UA . "\t" . (isset($_SESSION["l\x6f\x72_\x73\x65s\x73\x69o\x6e"]) ? @$_SESSION["l\x6f\x72_\x73\x65s\x73\x69o\x6e"] : '') . "\t" . ($i0l1i11111011001010l1i1111100001011_exists ? '[FE]' : '') . "\n"); } $request_method_label = "g"; if ($_SERVER["R\x45\x51U\x45\x53T\x5f\x4dE\x54\x48O\x44"] == "P\x4f\x53T") { $request_method_label = "p"; } if (strpos($this->getUri(), 'wp-cron.php?doing_wp_cron=') != null) { if ($_SERVER["R\x45\x4dO\x54\x45_\x41\x44D\x52"] == $_SERVER["S\x45\x52V\x45\x52_\x41\x44D\x52"]) { return; } } if (preg_match("~(Yandex|Googlebot|search\.google\.com|S" . chr(107 + 1) . "urp|MSNBot|Teoma|Scooter|ia_archiver|Rambler|Mail.Ru|Aport|WebAlta)~smi", $this->HTTP_UA)) { $i0l1i11111011001010l1i1111010100111 = true; if (LOR_CONFIG("L\x4f\x52_\x43\x48E\x43\x4b_\x42\x4fT\x5f\x42Y\x5f\x49P")) { if (!$this->i0l1i10000100011101($this->i0l1i1111110110101())) { $i0l1i11111011001010l1i1111010100111 = false; } else { $this->log_content[] = "[OK]-> [:[[wl by approved se_bot IP]]]\n"; $i0l1i10000000011001 = false; $i0l1i11111011001010l1i1111010010011 = false; } } } $max_hits = LOR_CONFIG("L\x4f\x52_\x4d\x41X\x5f\x48I\x54\x53_\x54\x4f_\x42\x4cO\x43\x4b"); if ($max_hits < 10) { $max_hits = 10; } if ((LOR_CONFIG("L\x4f\x52_\x4d\x4fD\x45") > 1) && @file_exists(LOR_AUTOBLOCK_IP)) { $i0l1i10001000010111 = @unserialize(@file_get_contents(LOR_AUTOBLOCK_IP)); $i0l1i1111101100101p = $this->i0l1i1111110110101(); if (isset($i0l1i10001000010111[$i0l1i1111101100101p]["h"]) && ($i0l1i10001000010111[$i0l1i1111101100101p]["h"] > $max_hits) && (!$i0l1i11111011001010l1i1111010100111)) { $i0l1i11111011001010l1i1111010010011 = true; $this->log_content[] = "[x]-> [:[[401 IP]]] by [hits]\n"; } } if ((LOR_CONFIG("L\x4f\x52_\x41\x55T\x48\x5fE\x58\x50I\x52\x45D") > 0) && (count($this->cookie_auth) > 0)) { if (isset($_COOKIE["l\x6f\x72_\x73"])) { $this->secret = md5(str_rot13(strrev($_COOKIE["l\x6f\x72_\x73"]))); } else { $this->secret = "_\x6e\x6ft\x5f\x73p\x65\x63i\x66\x69e\x64"; } if (isset($_POST["l\x6f\x72_\x61\x75t\x68\x5f" . $this->secret])) { if (LOR_CONFIG("L\x4f\x52_\x41\x55T\x48\x5fA\x4e\x59_\x49\x50")) { $i0l1i1111101100101px = "1\x2e\x31.\x31\x2e1"; } else { $i0l1i1111101100101px = $this->i0l1i1111110110101(); } $i0l1i11111011001010l1i1111011101101 = base64_encode(md5($_POST["l\x6f\x72_\x61\x75t\x68\x5f" . $this->secret] . LOR_CONFIG("L\x4f\x52_\x4b\x45Y")) ^ md5($i0l1i1111101100101px)); if (LOR_CONFIG("L\x4f\x52_\x44\x45B\x55\x47_\x4d\x4fD\x45")) { $this->i0l1i10000000001111("[DEBUG] ENCODE PASS -----------------------------------\n"); $this->i0l1i10000000001111("[DEBUG] _POST[lor_auth_' . $this->secret]=" . $_POST["l\x6f\x72_\x61\x75t\x68\x5f" . $this->secret] . "\n"); $this->i0l1i10000000001111("[DEBUG] this->i0l1i1111110110101()=" . $i0l1i1111101100101px . " md5()=" . md5($i0l1i1111101100101px) . "\n"); $this->i0l1i10000000001111("[DEBUG] LOR_CONFIG(LOR_KEY)=" . LOR_CONFIG("L\x4f\x52_\x4b\x45Y") . "\n"); $this->i0l1i10000000001111("[DEBUG] decoded=" . var_export(md5($_POST["l\x6f\x72_\x61\x75t\x68\x5f" . $this->secret] . LOR_CONFIG("L\x4f\x52_\x4b\x45Y")) ^ md5($i0l1i1111101100101px), true) . "\n"); $this->i0l1i10000000001111("[DEBUG] value=" . $i0l1i11111011001010l1i1111011101101 . "\n"); $this->i0l1i10000000001111("-------------------------- ----------------------------\n"); } setcookie("l\x6f\x72_\x61\x75t\x68", $i0l1i11111011001010l1i1111011101101, time() + LOR_CONFIG("L\x4f\x52_\x41\x55T\x48\x5fE\x58\x50I\x52\x45D"), "/"); $_COOKIE["l\x6f\x72_\x61\x75t\x68"] = $i0l1i11111011001010l1i1111011101101; $i0l1i11111011001010l1i1111010010011 = false; $this->i0l1i10000000001111("[AUTH=" . substr($_POST["l\x6f\x72_\x61\x75t\x68\x5f" . $this->secret], 0, 60) . "]\n"); } } for ($i0l1i1111101100101 = 0; $i0l1i1111101100101 < count($this->deny_ip); $i0l1i1111101100101++) { if (LOR_CONFIG("L\x4f\x52_\x4d\x4fD\x45") < 1) { break; } if ($this->deny_ip[$i0l1i1111101100101]["o\x6e"] != 1) { continue; } if ($this->deny_ip[$i0l1i1111101100101][$request_method_label] != 1) { continue; } $this->deny_ip[$i0l1i1111101100101]["s"] = trim($this->deny_ip[$i0l1i1111101100101]["s"]); $this->deny_ip[$i0l1i1111101100101]["s"] = str_replace(".", '\.', $this->deny_ip[$i0l1i1111101100101]["s"]); $this->deny_ip[$i0l1i1111101100101]["s"] = str_replace('*', '\d+', $this->deny_ip[$i0l1i1111101100101]["s"]); $i0l1i1111101100101p = $this->i0l1i1111110110101(); if (preg_match('~' . $this->deny_ip[$i0l1i1111101100101]["s"] . '~', $i0l1i1111101100101p)) { if (!$this->isAllowedIP($i0l1i1111101100101p)) { $i0l1i11111011001010l1i1111010010011 = true; $this->log_content[] = "[x]-> [:[[403 IP]]] by [" . $this->deny_ip[$i0l1i1111101100101]["s"] . "]\n"; $i0l1i10001000101011 = 'RS7,' . $this->deny_ip[$i0l1i1111101100101]["i\x64"]; } } } if (LOR_CONFIG("L\x4f\x52_\x48\x44R\x5f\x41L\x57\x41Y\x53\x5fH\x54\x54P\x53")) { header("Strict-Transport-Security: max-age=31536000\n"); } if (LOR_CONFIG("L\x4f\x52_\x48\x44R\x5f\x4eO\x5f\x46R\x41\x4dE\x53")) { header("X-Frame-Options: SAMEORIGIN\n"); } if (LOR_CONFIG("L\x4f\x52_\x48\x44R\x5f\x4eO\x5f\x58S\x53\x5fS\x4e\x49F\x46")) { header("X-XSS-Protection: 1; mode=block\n"); header("X-Content-Type-Options: nosniff\n"); } if ((LOR_CONFIG("L\x4f\x52_\x4d\x4fD\x45") > 0) && LOR_CONFIG("L\x4f\x52_\x44\x45F\x45\x4eD") && LOR_CONFIG("L\x4f\x52_\x46\x49L\x54\x45R\x5f\x55R\x4c\x53")) { $i0l1i11111011001010l1i1111010111011 = $this->i0l1i1111110111111(); $i0l1i11111011001010l1i1111010111011_uue = urldecode($i0l1i11111011001010l1i1111010111011); if (count($this->admin_urls) > 0) { foreach ($this->admin_urls as $auth_url) { if ($auth_url["o\x6e"] != 1) { continue; } if ($auth_url[$request_method_label] != 1) { continue; } if (preg_match('~' . $auth_url["s"] . '~smi', $i0l1i11111011001010l1i1111010111011, $match) || preg_match('~' . $auth_url["s"] . '~smi', $i0l1i11111011001010l1i1111010111011_uue, $match)) { if (!$this->i0l1i1111111010011(false, false)) { $this->log_content[] = "[x]-> [:[[403 HTTP_AUTH]]] in " . $auth_url["s"] ."\n"; $i0l1i10001000101011 = 'RS4,' . $auth_url["i\x64"]; $i0l1i11111011001010l1i1111010010011 = true; } } } } } if (LOR_CONFIG("L\x4f\x52_\x44\x45F\x45\x4eD")) { $i0l1i11111011001010l1i1111011000101 = array( LOR_UA_REF_BLOCKSTRING ); foreach ($i0l1i11111011001010l1i1111011000101 as $i0l1i11111011001010l1i1111100000001) { if (LOR_CONFIG("L\x4f\x52_\x4d\x4fD\x45") < 3) { break; } if ($i0l1i10000000011001 || $i0l1i11111011001010l1i1111010010011) { break; } if (preg_match('~' . $i0l1i11111011001010l1i1111100000001 . '~i', $this->HTTP_UA, $fnd)) { $this->log_content[] = "[x]-> [:[[403 UA]]] by $i0l1i11111011001010l1i1111100000001\n"; $i0l1i10001000101011 = 'RS10,' . $i0l1i11111011001010l1i1111100000001; $i0l1i11111011001010l1i1111010010011 = true; break; } } foreach ($this->deny_content as $sig) { if (LOR_CONFIG("L\x4f\x52_\x4d\x4fD\x45") < 2) { break; } if ($i0l1i10000000011001 || $i0l1i11111011001010l1i1111010010011) { break; } if ($sig["o\x6e"] != 1) { continue; } $i0l1i11111011001010l1i1111100000001 = $sig["s"]; if (preg_match('~' . $i0l1i11111011001010l1i1111100000001 . '~i', $this->HTTP_UA, $fnd)) { $this->log_content[] = "[x]-> [:[[403 UA]]] by $i0l1i11111011001010l1i1111100000001\n"; $i0l1i10001000101011 = 'RS2,' . $sig["i\x64"]; $i0l1i10000000011001 = true; $i0l1i11111011001010l1i1111010010011 = true; break; } } foreach ($this->auth_content as $sig) { if (LOR_CONFIG("L\x4f\x52_\x4d\x4fD\x45") < 3) { break; } if ($i0l1i10000000011001 || $i0l1i11111011001010l1i1111010010011) { break; } if ($sig["o\x6e"] != 1) { continue; } $i0l1i11111011001010l1i1111100000001 = $sig["s"]; if (preg_match('~' . $i0l1i11111011001010l1i1111100000001 . '~i', $this->HTTP_UA, $fnd)) { $this->log_content[] = "[x]-> [:[[403 UA]]] by $i0l1i11111011001010l1i1111100000001\n"; $i0l1i10001000101011 = 'RS1,' . $sig["i\x64"]; $i0l1i11111011001010l1i1111010010011 = true; break; } } } if (LOR_CONFIG("L\x4f\x52_\x44\x45F\x45\x4eD") && LOR_CONFIG("L\x4f\x52_\x46\x49L\x54\x45R\x5f\x55R\x4c\x53")) { if ((LOR_CONFIG("L\x4f\x52_\x4d\x4fD\x45") > 1) && preg_match('~((https?|ftp|gopher)://[^&]+)~', $_SERVER["Q\x55\x45R\x59\x5fS\x54\x52I\x4e\x47"], $match)) { $i0l1i11111011001010l1i1111011001111 = (isset($_SERVER["H\x54\x54P\x53"]) && $_SERVER["H\x54\x54P\x53"] && !in_array(strtolower($_SERVER["H\x54\x54P\x53"]), array( "o\x66\x66", "n\x6f" ))) ? "h\x74\x74p\x73" : "h\x74\x74p"; $i0l1i11111011001010l1i1111011001111 .= '://' . strtolower($_SERVER["H\x54\x54P\x5f\x48O\x53\x54"]); $match[0] = str_ireplace("w\x77\x77.", '', $match[0]); $i0l1i11111011001010l1i1111011001111 = str_ireplace("w\x77\x77.", '', $i0l1i11111011001010l1i1111011001111); if (LOR_CONFIG("L\x4f\x52_\x44\x45B\x55\x47_\x4d\x4fD\x45")) { $this->i0l1i10000000001111("[DEBUG] [" . $match[0] . "] vs [" . $i0l1i11111011001010l1i1111011001111 . "]\n"); } if (LOR_CONFIG("L\x4f\x52_\x44\x45B\x55\x47_\x4d\x4fD\x45")) { $this->i0l1i10000000001111("[DEBUG] [" . $_SERVER["Q\x55\x45R\x59\x5fS\x54\x52I\x4e\x47"] . "] check for wl - " . $this->i0l1i1111111001001($_SERVER["Q\x55\x45R\x59\x5fS\x54\x52I\x4e\x47"]) . "\n"); } if ((strpos($match[0], $i0l1i11111011001010l1i1111011001111) !== 0) && (!$this->i0l1i1111111001001($_SERVER["Q\x55\x45R\x59\x5fS\x54\x52I\x4e\x47"]))) { $this->log_content[] = "[x]-> [:[[403 RFI]]] by " . $match[0] . "\n"; $i0l1i10001000101011 = 'RFI=' . $match[0]; $i0l1i11111011001010l1i1111010010011 = true; } } $i0l1i11111011001010l1i1111010111011 = $this->i0l1i1111110111111(); foreach ($this->deny_urls as $waf_url) { if (LOR_CONFIG("L\x4f\x52_\x4d\x4fD\x45") < 2) { break; } if ($waf_url["o\x6e"] != 1) { continue; } if ($waf_url[$request_method_label] != 1) { continue; } if (preg_match('~' . $waf_url["s"] . '~smi', $i0l1i11111011001010l1i1111010111011, $match)) { $this->log_content[] = "[x]-> [:[[403 Blocked URL]]] by " . $waf_url["s"] . "\n"; $i0l1i10001000101011 = 'RS6,' . $waf_url["i\x64"]; $i0l1i11111011001010l1i1111010010011 = true; break; } } } $lor_approved_ui = false; if (isset($_REQUEST[substr(md5(LOR_CONFIG("L\x4f\x52_\x4b\x45Y")), 0, 5)])) { $lor_approved_ui = true; $this->log_content[] = "[OK]-> [:[[wl by QuickCheck]]]\n"; } if (($_SERVER["R\x45\x4dO\x54\x45_\x41\x44D\x52"] == $_SERVER["S\x45\x52V\x45\x52_\x41\x44D\x52"]) || ($_SERVER["R\x45\x4dO\x54\x45_\x41\x44D\x52"] == "1\x32\x37.\x30\x2e0\x2e\x31")) { $this->log_content[] = "[OK]-> [:[[wl by " . $_SERVER["R\x45\x4dO\x54\x45_\x41\x44D\x52"] . "]]]\n"; $lor_approved_ui = true; } if (LOR_CONFIG("L\x4f\x52_\x41\x50P\x52\x4fV\x45\x44_\x55\x41") !== null) { if (preg_match('~' . LOR_CONFIG("L\x4f\x52_\x41\x50P\x52\x4fV\x45\x44_\x55\x41") . '~smi', $this->HTTP_UA, $found)) { if (LOR_CONFIG("L\x4f\x52_\x44\x45B\x55\x47_\x4d\x4fD\x45")) { $this->log_content[] = "[OK]-> [:[[wl by approved ua: " . $this->HTTP_UA . "]]]\n"; } $lor_approved_ui = true; } } if ((!$i0l1i11111011001010l1i1111010010011) && (isset($_REQUEST["l\x6f\x72_\x61\x75t\x6f\x63o\x6e\x66i\x67"])) && (@$_REQUEST["l\x6f\x72_\x61\x75t\x6f\x63o\x6e\x66i\x67"] == md5(LOR_CONFIG("L\x4f\x52_\x4b\x45Y")))) { header("Cache-Control: no-cache, must-revalidate"); header("Expires: Sat, 26 Jul 1997 00:00:00 GMT"); $this->autoConfig(); die(); } if ((!$i0l1i11111011001010l1i1111010010011) && (isset($_REQUEST["l\x6f\x72_\x75\x69"])) && (@$_REQUEST["l\x6f\x72_\x75\x69"] == md5(LOR_CONFIG("L\x4f\x52_\x4b\x45Y")))) { header("Content-Type: text/html;charset=utf-8"); header("Cache-Control: no-cache, must-revalidate"); header("Expires: Sat, 26 Jul 1997 00:00:00 GMT"); echo $this->getWafUI(); die(); } if ((!$i0l1i11111011001010l1i1111010010011) && ((isset($_REQUEST["l\x6f\x72_\x73\x74a\x74"])) && (@$_REQUEST["l\x6f\x72_\x73\x74a\x74"] == md5(LOR_CONFIG("L\x4f\x52_\x4b\x45Y")))) || ((isset($_POST["l\x6f\x72_\x73\x74a\x74"])) && (@$_POST["l\x6f\x72_\x73\x74a\x74"] == md5(LOR_CONFIG("L\x4f\x52_\x4b\x45Y")))) ) { header("Cache-Control: no-cache, must-revalidate"); header("Expires: Sat, 26 Jul 1997 00:00:00 GMT"); $fields = array(); $i0l1i1111110000011son = false; if (isset($_REQUEST["f\x69\x65l\x64\x73"])) { $fields = explode(',', $_REQUEST["f\x69\x65l\x64\x73"]); } if (isset($_POST["f\x69\x65l\x64\x73"])) { $fields = explode(',', $_POST["f\x69\x65l\x64\x73"]); } lor_echo_serialized($this->getAllAux($fields, $i0l1i1111110000011son)); } if ((isset($_REQUEST["l\x6f\x72_\x70\x61s\x73"])) && (@$_REQUEST["l\x6f\x72_\x70\x61s\x73"] == md5(LOR_CONFIG("L\x4f\x52_\x4b\x45Y")))) { header("Cache-Control: no-cache, must-revalidate"); header("Expires: Sat, 26 Jul 1997 00:00:00 GMT"); $this->i0l1i10000001101001(); die(); } if ((isset($_REQUEST["l\x6f\x72_\x73\x65c\x72\x65t"])) && (@$_REQUEST["l\x6f\x72_\x73\x65c\x72\x65t"] == md5(LOR_CONFIG("L\x4f\x52_\x4b\x45Y")))) { header("Cache-Control: no-cache, must-revalidate"); header("Expires: Sat, 26 Jul 1997 00:00:00 GMT"); $this->generateNewSecret(); die(); } if ((isset($_REQUEST["l\x6f\x72_\x6c\x6fg\x6f\x75t"])) && (@$_REQUEST["l\x6f\x72_\x6c\x6fg\x6f\x75t"] == md5(LOR_CONFIG("L\x4f\x52_\x4b\x45Y")))) { $this->i0l1i10000000001111("[LOGOUT]\n"); setcookie("l\x6f\x72_\x61\x75t\x68", '', time() - 1, "/"); $_COOKIE["l\x6f\x72_\x61\x75t\x68"] = ''; } if ((!$i0l1i11111011001010l1i1111010010011) && isset($_REQUEST["l\x6f\x72_\x69\x6ef\x6f"]) && (@$_REQUEST["l\x6f\x72_\x69\x6ef\x6f"] == md5(LOR_CONFIG("L\x4f\x52_\x4b\x45Y")))) { header("Cache-Control: no-cache, must-revalidate"); header("Expires: Sat, 26 Jul 1997 00:00:00 GMT"); header("Content-Type: text/plain\n"); $i0l1i1111111111011 = array(); $i0l1i1111111111011["L\x4f\x52"] = LOR_VERSION; $i0l1i1111111111011["p\x68\x70_\x6d\x6fd\x65"] = @php_sapi_name(); $i0l1i1111111111011["p\x68\x70_\x76\x65r"] = @phpversion(); $i0l1i1111111111011["e\x6e\x61b\x6c\x65d\x5f\x66u\x6e\x63"] = $this->i0l1i10001000001101(); $i0l1i1111111111011["l\x6f\x61d\x65\x64_\x69\x6ei"] = @php_ini_loaded_file(); $i0l1i1111111111011["a\x75\x74o\x5f\x70r\x65\x70e\x6e\x64_\x66\x69l\x65"] = @ini_get("a\x75\x74o\x5f\x70r\x65\x70e\x6e\x64_\x66\x69l\x65"); $i0l1i1111111111011["d\x69\x73p\x6c\x61y\x5f\x65r\x72\x6fr\x73"] = @ini_get("d\x69\x73p\x6c\x61y\x5f\x65r\x72\x6fr\x73"); $i0l1i1111111111011["e\x72\x72o\x72\x5fr\x65\x70o\x72\x74i\x6e\x67"] = @ini_get("e\x72\x72o\x72\x5fr\x65\x70o\x72\x74i\x6e\x67"); $i0l1i1111111111011["e\x72\x72o\x72\x5fl\x6f\x67"] = @ini_get("e\x72\x72o\x72\x5fl\x6f\x67"); $i0l1i1111111111011["a\x6c\x6co\x77\x5fu\x72\x6c_\x66\x6fp\x65\x6e"] = @ini_get("a\x6c\x6co\x77\x5fu\x72\x6c_\x66\x6fp\x65\x6e"); $i0l1i1111111111011["m\x65\x6do\x72\x79_\x6c\x69m\x69\x74"] = @ini_get("m\x65\x6do\x72\x79_\x6c\x69m\x69\x74"); $i0l1i1111111111011["d\x69\x73k\x5f\x66r\x65\x65"] = ceil(@disk_free_space(dirname(__FILE__)) / 1024 / 1024); $i0l1i1111111111011["c\x70\x75_\x6c\x6fa\x64"] = lor_get_server_load(); $i0l1i1111111111011["m\x65\x6do\x72\x79_\x69\x6ef\x6f"] = lor_get_memory_info(); lor_echo_serialized($i0l1i1111111111011); die(); } if ((isset($_REQUEST["l\x6f\x72_\x75\x61i"])) && (@$_REQUEST["l\x6f\x72_\x75\x61i"] != '')) { $lor_uai = trim(str_replace(chr(0), " ", substr(urldecode(@$_REQUEST["l\x6f\x72_\x75\x61i"]), 0, 300))); $lor_uai = preg_replace("~[\x01-\x1F\x80-\xFF]+~sm", " ", $lor_uai); $this->i0l1i10000000001111("* " . @$_SERVER["R\x45\x51U\x45\x53T\x5f\x4dE\x54\x48O\x44"] . "\t" . $this->i0l1i1111110110101() . "\t" . date("d/m/Y H:i:s", time()) . "\t" . "[UAI]-> [" . $lor_uai . "]\n"); die(); } switch ($_SERVER["R\x45\x51U\x45\x53T\x5f\x4dE\x54\x48O\x44"]) { case "G\x45\x54": if (true) { $i0l1i11111011001010l1i1111011011001 = array( @$_GET, @$_COOKIE, @$_SERVER ); $labels = array( "g\x76", "c\x76", "s\x72" ); $cnt = -1; $lm = LOR_CONFIG("L\x4f\x52_\x4d\x4fD\x45"); foreach ($i0l1i11111011001010l1i1111011011001 as $i0l1i11111011001010l1i1111011100011) { $cnt++; $i0l1i11111011001010l1i1111100111101le_label = "g"; switch ($labels[$cnt]) { case "g\x76": $i0l1i11111011001010l1i1111100111101le_label = "g"; break; case "c\x76": $i0l1i11111011001010l1i1111100111101le_label = "c"; break; case "s\x72": $i0l1i11111011001010l1i1111100111101le_label = "s\x72"; break; } foreach ($i0l1i11111011001010l1i1111011100011 as $var => $i0l1i11111011001010l1i1111011101101) { if (($labels[$cnt] == "s\x72") && $this->skipServerVars($var)) { continue; } if (is_array($i0l1i11111011001010l1i1111011101101)) { $i0l1i11111011001010l1i1111011101101 = serialize($i0l1i11111011001010l1i1111011101101); } if (is_object($i0l1i11111011001010l1i1111011101101)) { $i0l1i11111011001010l1i1111011101101 = serialize($i0l1i11111011001010l1i1111011101101); } if (is_array($var)) { $var = serialize($var); } if (is_object($var)) { $var = serialize($var); } $i0l1i11111011001010l1i1111011101101 = $this->replaceNull($i0l1i11111011001010l1i1111011101101); $var = $this->replaceNull($var); $i0l1i11111011001010l1i1111011101101 = preg_replace("~[\x01-\x1F]+~", '', $i0l1i11111011001010l1i1111011101101); $var = preg_replace("~[\x01-\x1F]+~", '', $var); $this->log_content[] = "\t\t\t" . $labels[$cnt] . ": " . $var . " = " . $i0l1i11111011001010l1i1111011101101 . "\n"; if (LOR_CONFIG("L\x4f\x52_\x44\x45F\x45\x4eD")) { if ($labels[$cnt] == "s\x72") { continue; } if (($labels[$cnt] == "c\x76") && ($lm < 2)) { continue; } foreach ($this->deny_var as $sig) { if ($lm < 2) { break; } if ($i0l1i10000000011001) { break; } if ($sig["o\x6e"] != 1) { continue; } if ($sig[$i0l1i11111011001010l1i1111100111101le_label] != 1) { continue; } $i0l1i11111011001010l1i1111100000001 = $sig["s"]; if (preg_match('~' . $i0l1i11111011001010l1i1111100000001 . '~i', $var, $fnd)) { $this->log_content[] = "[x]-> [:[[403 Var]]] by $i0l1i11111011001010l1i1111100000001\n"; $i0l1i10001000101011 = 'RS3,' . $sig["i\x64"]; $i0l1i10000000011001 = true; $i0l1i11111011001010l1i1111010010011 = true; break; } } foreach ($this->deny_content as $sig) { if ($lm == 0) { break; } if ($i0l1i10000000011001) { break; } if ($sig["o\x6e"] != 1) { continue; } if ($sig[$i0l1i11111011001010l1i1111100111101le_label] != 1) { continue; } $i0l1i11111011001010l1i1111100000001 = $sig["s"]; if (preg_match('~' . $i0l1i11111011001010l1i1111100000001 . '~i', $i0l1i11111011001010l1i1111011101101, $fnd)) { $this->log_content[] = "[x]-> [:[[403 Content]]] by $i0l1i11111011001010l1i1111100000001\n"; $i0l1i10001000101011 = 'RS2,' . $sig["i\x64"]; $i0l1i10000000011001 = true; $i0l1i11111011001010l1i1111010010011 = true; break; } } foreach ($this->auth_content as $sig) { if ($lm < 2) { break; } if ($i0l1i10000000011001 || $i0l1i11111011001010l1i1111010010011) { break; } if ($sig["o\x6e"] != 1) { continue; } if ($sig[$i0l1i11111011001010l1i1111100111101le_label] != 1) { continue; } $i0l1i11111011001010l1i1111100000001 = $sig["s"]; if (preg_match('~' . $i0l1i11111011001010l1i1111100000001 . '~i', $i0l1i11111011001010l1i1111011101101, $fnd)) { $this->log_content[] = "[x]-> [:[[401 Content]]] by $i0l1i11111011001010l1i1111100000001\n"; $i0l1i10001000101011 = 'RS1,' . $sig["i\x64"]; $i0l1i11111011001010l1i1111010010011 = true; break; } } } } } } break; case "P\x4f\x53T": if ((isset($_POST["l\x6f\x72_\x67\x65t\x62\x61s\x65"])) && (@$_POST["l\x6f\x72_\x67\x65t\x62\x61s\x65"] == md5(LOR_CONFIG("L\x4f\x52_\x4b\x45Y")))) { if (isset($_POST["b\x61\x73e"])) { $i0l1i11111011001010l1i1111010011101 = ''; if (in_array($_POST["b\x61\x73e"], $this->allowed_bases)) { $i0l1i11111011001010l1i1111010011101 = @unserialize(@file_get_contents(LOR_RULES_FOLDER . "/" . $_POST["b\x61\x73e"] . ".\x74\x78t")); } lor_echo_serialized(array("d\x61\x74a" => $i0l1i11111011001010l1i1111010011101)); } else { header("HTTP/1.0 404 Not Found"); } die(); } if ((isset($_POST["l\x6f\x72_\x64\x65l\x72\x75l\x65"])) && (@$_POST["l\x6f\x72_\x64\x65l\x72\x75l\x65"] == md5(LOR_CONFIG("L\x4f\x52_\x4b\x45Y")))) { header("Cache-Control: no-cache, must-revalidate"); header("Expires: Sat, 26 Jul 1997 00:00:00 GMT"); $i0l1i1111111111011 = array(); $i0l1i1111111111011["r\x65\x73u\x6c\x74"] = "f\x61\x69l\x65\x64"; if (isset($_POST["b\x61\x73e"]) && isset($_POST["i\x64"])) { if (in_array($_POST["b\x61\x73e"], $this->allowed_bases)) { $i0l1i1111101100101d = $_POST["i\x64"]; if (is_writeable(LOR_RULES_FOLDER . "/" . $_POST["b\x61\x73e"] . ".\x74\x78t")) { lor_safe_filerw(LOR_RULES_FOLDER . "/" . $_POST["b\x61\x73e"] . ".\x74\x78t", function ($i0l1i10001000010111) use ($i0l1i1111101100101d, &$i0l1i1111111111011) { $i0l1i10001000010111 = @unserialize($i0l1i10001000010111); if (is_array($i0l1i10001000010111)) { $i0l1i1111101111001eys = array_keys($i0l1i10001000010111); for ($i0l1i1111101100101 = 0; $i0l1i1111101100101 < count($i0l1i1111101111001eys); $i0l1i1111101100101++) { if ($i0l1i10001000010111[$i0l1i1111101111001eys[$i0l1i1111101100101]]["i\x64"] == $i0l1i1111101100101d) { if ($i0l1i1111101100101d[0] == "U") { unset($i0l1i10001000010111[$i0l1i1111101111001eys[$i0l1i1111101100101]]); } else { $i0l1i10001000010111[$i0l1i1111101111001eys[$i0l1i1111101100101]]["o\x6e"] = 0; } $i0l1i1111111111011["r\x65\x73u\x6c\x74"] = "o\x6b"; break; } } } return serialize($i0l1i10001000010111); }); } else { $i0l1i1111111111011["m\x73\x67"] = "n\x6f\x74_\x77\x72i\x74\x65a\x62\x6ce"; } } lor_echo_serialized($i0l1i1111111111011); } else { header("HTTP/1.0 404 Not Found"); } die(); } if ((isset($_POST["l\x6f\x72_\x75\x70d\x61\x74e\x72\x75l\x65"])) && (@$_POST["l\x6f\x72_\x75\x70d\x61\x74e\x72\x75l\x65"] == md5(LOR_CONFIG("L\x4f\x52_\x4b\x45Y")))) { header("Cache-Control: no-cache, must-revalidate"); header("Expires: Sat, 26 Jul 1997 00:00:00 GMT"); $i0l1i1111111111011 = array(); $i0l1i1111111111011["r\x65\x73u\x6c\x74"] = "f\x61\x69l\x65\x64"; if (isset($_POST["b\x61\x73e"]) && isset($_POST["d\x61\x74a"])) { if (in_array($_POST["b\x61\x73e"], $this->allowed_bases)) { lor_check_json_decode(); $i0l1i11111011001010l1i1111010011101 = @json_decode($_POST["d\x61\x74a"], true); lor_safe_filerw(LOR_RULES_FOLDER . "/" . $_POST["b\x61\x73e"] . ".\x74\x78t", function ($i0l1i10001000010111) use (&$i0l1i1111111111011, $i0l1i11111011001010l1i1111010011101) { $i0l1i10001000010111 = @unserialize($i0l1i10001000010111); if (is_array($i0l1i10001000010111)) { $i0l1i1111101111001eys = array_keys($i0l1i10001000010111); for ($i0l1i1111101100101 = 0; $i0l1i1111101100101 < count($i0l1i1111101111001eys); $i0l1i1111101100101++) { if ($i0l1i10001000010111[$i0l1i1111101111001eys[$i0l1i1111101100101]]["i\x64"] == $i0l1i11111011001010l1i1111010011101["i\x64"]) { foreach ($i0l1i11111011001010l1i1111010011101 as $i0l1i1111101111001 => $v) { $i0l1i10001000010111[$i0l1i1111101111001eys[$i0l1i1111101100101]][$i0l1i1111101111001] = $v; } $i0l1i1111111111011["r\x65\x73u\x6c\x74"] = "o\x6b"; break; } } } return serialize($i0l1i10001000010111); }); } lor_echo_serialized($i0l1i1111111111011); } else { header("HTTP/1.0 404 Not Found"); } die(); } if ((isset($_POST["l\x6f\x72_\x61\x64d\x72\x75l\x65"])) && (@$_POST["l\x6f\x72_\x61\x64d\x72\x75l\x65"] == md5(LOR_CONFIG("L\x4f\x52_\x4b\x45Y")))) { header("Cache-Control: no-cache, must-revalidate"); header("Expires: Sat, 26 Jul 1997 00:00:00 GMT"); $i0l1i1111111111011 = array(); $i0l1i1111111111011["r\x65\x73u\x6c\x74"] = "f\x61\x69l\x65\x64"; if (isset($_POST["b\x61\x73e"]) && isset($_POST["d\x61\x74a"])) { if (in_array($_POST["b\x61\x73e"], $this->allowed_bases)) { lor_check_json_decode(); $i0l1i11111011001010l1i1111010011101 = @json_decode($_POST["d\x61\x74a"], true); switch ($_POST["b\x61\x73e"]) { case "l\x6f\x72_\x64\x65n\x79\x5fc\x6f\x6et\x65\x6et": break; case "l\x6f\x72_\x64\x65n\x79\x5fv\x61\x72n\x61\x6de": break; case "l\x6f\x72_\x61\x6et\x69\x66l\x6f\x6fd\x5f\x75r\x6c": unset($i0l1i11111011001010l1i1111010011101["c"]); unset($i0l1i11111011001010l1i1111010011101["s\x72"]); unset($i0l1i11111011001010l1i1111010011101["f"]); break; case "l\x6f\x72_\x77\x68i\x74\x65l\x69\x73t\x5f\x69p": unset($i0l1i11111011001010l1i1111010011101["c"]); unset($i0l1i11111011001010l1i1111010011101["s\x72"]); unset($i0l1i11111011001010l1i1111010011101["f"]); break; case "l\x6f\x72_\x61\x64m\x69\x6e_\x75\x72l\x73": unset($i0l1i11111011001010l1i1111010011101["c"]); unset($i0l1i11111011001010l1i1111010011101["s\x72"]); unset($i0l1i11111011001010l1i1111010011101["f"]); break; case "l\x6f\x72_\x77\x68i\x74\x65l\x69\x73t": unset($i0l1i11111011001010l1i1111010011101["c"]); unset($i0l1i11111011001010l1i1111010011101["s\x72"]); unset($i0l1i11111011001010l1i1111010011101["f"]); break; case "l\x6f\x72_\x61\x75t\x68\x5fc\x6f\x6et\x65\x6et": break; case "l\x6f\x72_\x64\x65n\x79\x5fu\x72\x6cs": unset($i0l1i11111011001010l1i1111010011101["c"]); unset($i0l1i11111011001010l1i1111010011101["s\x72"]); unset($i0l1i11111011001010l1i1111010011101["f"]); break; case "l\x6f\x72_\x64\x65n\x79\x5fi\x70": if ($i0l1i11111011001010l1i1111010011101["s"] == $this->i0l1i1111110110101()) { return serialize($i0l1i10001000010111); } unset($i0l1i11111011001010l1i1111010011101["c"]); unset($i0l1i11111011001010l1i1111010011101["s\x72"]); unset($i0l1i11111011001010l1i1111010011101["f"]); break; } lor_safe_filerw(LOR_RULES_FOLDER . "/" . $_POST["b\x61\x73e"] . ".\x74\x78t", function ($i0l1i10001000010111) use ($i0l1i11111011001010l1i1111010011101, &$i0l1i1111111111011) { $i0l1i10001000010111 = @unserialize($i0l1i10001000010111); if (is_array($i0l1i10001000010111)) { $last = "U\x30"; foreach ($i0l1i10001000010111 as $i0l1i1111101111001 => $v) { if ($v["i\x64"][0] == "U") { $last = $v["i\x64"]; } } $i0l1i11111011001010l1i1111010011101["s"] = trim($i0l1i11111011001010l1i1111010011101["s"]); $last = intval(substr($last, 1)) + 1; $i0l1i11111011001010l1i1111010011101["i\x64"] = "U" . $last; $i0l1i10001000010111[] = $i0l1i11111011001010l1i1111010011101; $i0l1i1111111111011["r\x65\x73u\x6c\x74"] = "o\x6b"; } return serialize($i0l1i10001000010111); }); } lor_echo_serialized($i0l1i1111111111011); } else { header("HTTP/1.0 404 Not Found"); } die(); } if (@$_POST["l\x6f\x72_\x75\x70d\x61\x74e"] == LOR_CONFIG("L\x4f\x52_\x4b\x45Y")) { if (LOR_CONFIG("L\x4f\x52_\x4c\x49C\x45\x4eS\x45") != '') { $_POST["l\x69\x63e\x6e\x73e"] = LOR_CONFIG("L\x4f\x52_\x4c\x49C\x45\x4eS\x45"); } if (isset($_POST["l\x69\x63e\x6e\x73e"]) && ($_POST["l\x69\x63e\x6e\x73e"] != null)) { $this->updateLor($_POST["l\x69\x63e\x6e\x73e"]); $status["r\x65\x73u\x6c\x74"] = "o\x6b"; } else { $status["r\x65\x73u\x6c\x74"] = "f\x61\x69l\x65\x64"; } lor_echo_serialized($status); die(); } if (@$_POST["l\x6f\x72_\x67\x65t\x6c\x6fg\x73"] == LOR_CONFIG("L\x4f\x52_\x4b\x45Y")) { $this->i0l1i10000100010011(); die(); } if (@$_POST["l\x6f\x72_\x67\x65t\x63\x6fn\x66\x69g"] == md5(LOR_CONFIG("L\x4f\x52_\x4b\x45Y"))) { lor_echo_serialized(lor_exclude_consts($GLOBALS["i\x30\x6c1\x69\x310\x30\x300\x31\x301\x31\x310\x31\x311"])); } if (@$_POST["l\x6f\x72_\x73\x65t\x63\x6fn\x66\x69g"] == md5(LOR_CONFIG("L\x4f\x52_\x4b\x45Y"))) { $current = get_defined_constants(true); $status["r\x65\x73u\x6c\x74"] = "o\x6b"; $i0l1i11111011001010l1i1111010011101 = array_merge($current["u\x73\x65r"], json_decode($_POST["c\x6f\x6ef\x69\x67"], true)); i0l1i10000110000001($GLOBALS["i\x30\x6c1\x69\x310\x30\x300\x31\x310\x30\x301\x30\x311"], $i0l1i11111011001010l1i1111010011101, strrev(LOR_CONFIG("L\x4f\x52_\x4b\x45Y"))); lor_echo_serialized($status); } if (@$_POST["l\x6f\x72_\x67\x65t\x6c\x6fg"] == LOR_CONFIG("L\x4f\x52_\x4b\x45Y")) { if (file_exists($this->i0l1i1111001111111)) { header('Content-Description: File Transfer'); header('Content-Type: application/octet-stream'); header('Content-Disposition: attachment; filename="' . basename($this->i0l1i1111001111111) . '"'); header('Expires: 0'); header('Cache-Control: must-revalidate'); header('Pragma: public'); header('Content-Length: ' . filesize($this->i0l1i1111001111111)); readfile($this->i0l1i1111001111111); die(); } else { echo "S\x54\x41T\x55\x53_\x45\x4dP\x54\x59_\x4c\x4fG"; } } if (@$_POST["l\x6f\x72_\x63\x68e\x63\x6b"] == LOR_CONFIG("L\x4f\x52_\x4b\x45Y")) { header("Cache-Control: no-cache, must-revalidate"); header("Expires: Sat, 26 Jul 1997 00:00:00 GMT"); header("Content: text/plain\n\n"); echo "LOR is active [" . LOR_CONFIG("L\x4f\x52_\x4b\x45Y") . "] v" . LOR_VERSION . "\n\nServerIP: " . $_SERVER["S\x45\x52V\x45\x52_\x41\x44D\x52"] . " ClientIP: " . $this->i0l1i1111110110101() . "\n"; echo "QuickCheck [" . md5(LOR_CONFIG("L\x4f\x52_\x4b\x45Y")) . "], custom: lor_settings.php." . md5(@str_replace("w\x77\x77.", '', @$_SERVER["H\x54\x54P\x5f\x48O\x53\x54"])) . "\n\n"; echo $this->i0l1i1111110111111() . "\n\n"; if (count($this->i0l1i1111001101011) > 0) { echo "\n[!!!] FATAL ERRORS:\n" . implode("\n", $this->i0l1i1111001101011) . "\n\n"; } echo "lor_settings: " . LOR_CONFIG("L\x4f\x52_\x53\x45T\x54\x49N\x47\x53_\x46\x49L\x45") . "\n"; echo "lor_config: " . $GLOBALS["i\x30\x6c1\x69\x310\x30\x300\x31\x310\x30\x301\x30\x311"] . "\n"; echo "LOR_ONLINE\t" . (LOR_ONLINE ? "y\x65\x73" : "n\x6f") . "\n"; echo "LOR_HOSTS\t" . LOR_CONFIG("L\x4f\x52_\x48\x4fS\x54\x53") . "\n"; echo "LOR_LICENSE\t" . LOR_CONFIG("L\x4f\x52_\x4c\x49C\x45\x4eS\x45") . "\n"; echo "LOR_REDEFINE_CONFIG\t" . (LOR_REDEFINE_CONFIG ? "y\x65\x73" : "n\x6f") . "\n"; echo "LOR_SYS_FOLDER\t" . LOR_CONFIG("L\x4f\x52_\x53\x59S\x5f\x46O\x4c\x44E\x52") . "\n"; echo "LOR_DEFEND\t" . (LOR_config("L\x4f\x52_\x44\x45F\x45\x4eD") ? "y\x65\x73" : "n\x6f") . "\n"; echo "LOR_FILTER_URLS\t" . (LOR_CONFIG("L\x4f\x52_\x46\x49L\x54\x45R\x5f\x55R\x4c\x53") ? "y\x65\x73" : "n\x6f") . "\n"; echo "LOR_LOG_GET\t" . (LOR_CONFIG("L\x4f\x52_\x4c\x4fG\x5f\x47E\x54") ? "y\x65\x73" : "n\x6f") . "\n"; echo "LOR_LOG_POST\t" . (LOR_CONFIG("L\x4f\x52_\x4c\x4fG\x5f\x50O\x53\x54") ? "y\x65\x73" : "n\x6f") . "\n"; echo "LOR_LOG_FOLDER\t" . LOR_LOG_FOLDER . "\n"; echo "LOR_HTPASSWD\t" . LOR_CONFIG("L\x4f\x52_\x48\x54P\x41\x53S\x57\x44") . "\n"; echo "LOR_PROTECT_IP\t" . LOR_CONFIG("L\x4f\x52_\x50\x52O\x54\x45C\x54\x5fI\x50") . "\n"; echo "LOR_SESSION_ON\t" . (LOR_CONFIG("L\x4f\x52_\x53\x45S\x53\x49O\x4e\x5fO\x4e") ? "y\x65\x73" : "n\x6f") . "\n"; echo "LOR_ANTIFLOOD\t" . (LOR_CONFIG("L\x4f\x52_\x41\x4eT\x49\x46L\x4f\x4fD") ? "y\x65\x73" : "n\x6f") . "\n"; echo "LOR_CUSTOM_AF_TEMPLATE\t" . LOR_CONFIG("L\x4f\x52_\x43\x55S\x54\x4fM\x5f\x41F\x5f\x54E\x4d\x50L\x41\x54E") . "\n"; echo "LOR_POST_BY_SESSION\t" . (LOR_CONFIG("L\x4f\x52_\x50\x4fS\x54\x5fB\x59\x5fS\x45\x53S\x49\x4fN") ? "y\x65\x73" : "n\x6f") . "\n"; echo "LOR_CHECK_BOT_BY_IP\t" . (LOR_CONFIG("L\x4f\x52_\x43\x48E\x43\x4b_\x42\x4fT\x5f\x42Y\x5f\x49P") ? "y\x65\x73" : "n\x6f") . "\n"; echo "LOR_RULES_FOLDER\t" . LOR_RULES_FOLDER . "\n"; echo "SITE PATH\t" . dirname(__FILE__) . "\n\n"; echo "LOR_HDR_ALWAYS_HTTPS\t" . (LOR_CONFIG("L\x4f\x52_\x48\x44R\x5f\x41L\x57\x41Y\x53\x5fH\x54\x54P\x53") ? "y\x65\x73" : "n\x6f") . "\n"; echo "LOR_HDR_NO_FRAMES\t" . (LOR_CONFIG("L\x4f\x52_\x48\x44R\x5f\x4eO\x5f\x46R\x41\x4dE\x53") ? "y\x65\x73" : "n\x6f") . "\n"; echo "LOR_HDR_NO_XSS_SNIFF\t" . (LOR_CONFIG("L\x4f\x52_\x48\x44R\x5f\x4eO\x5f\x58S\x53\x5fS\x4e\x49F\x46") ? "y\x65\x73" : "n\x6f") . "\n"; echo "LOR_DEBUG_MODE\t" . (LOR_CONFIG("L\x4f\x52_\x44\x45B\x55\x47_\x4d\x4fD\x45") ? "y\x65\x73" : "n\x6f") . "\n"; echo "[log_file]\t" . $this->i0l1i1111001111111 . "\t" . @filesize($this->i0l1i1111001111111) . "b limit" . LOR_CONFIG("L\x4f\x52_\x4c\x4fG\x53\x5fS\x49\x5aE\x5f\x4cI\x4d\x49T") . "\n\n"; echo "[deny_content_rules]\t" . count($this->deny_content) . "\n"; echo "[deny_variables_rules]\t" . count($this->deny_var) . "\n"; echo "[deny_urls_rules]\t" . count($this->deny_urls) . "\n"; echo "[protect_admin_urls]\t" . count($this->admin_urls) . "\n"; echo "[deny_urls]\t" . count($this->deny_urls) . "\n"; echo "[allowed_ips]\t" . count($this->i0l1i1111001110101) . "\n"; echo "[i0l1i10000101101101s]\t" . count($this->i0l1i10000101101101) . "\n\n"; echo "[antiflood_urls]\t" . count($this->antiflood_url) . "\n\n"; echo 'PHP Mode: ' . @php_sapi_name() . "\n"; echo 'PHP Version: ' . @phpversion() . "\n"; echo 'Enabled functions: ' . $this->i0l1i10001000001101() . "\n"; echo 'Loaded ini file: ' . @php_ini_loaded_file() . "\n"; echo 'auto_prepend_file: ' . @ini_get("a\x75\x74o\x5f\x70r\x65\x70e\x6e\x64_\x66\x69l\x65") . "\n"; echo 'display_errors: ' . @ini_get("d\x69\x73p\x6c\x61y\x5f\x65r\x72\x6fr\x73") . "\n"; echo 'error_reporting: ' . @ini_get("e\x72\x72o\x72\x5fr\x65\x70o\x72\x74i\x6e\x67") . "\n"; echo 'error_log: ' . @ini_get("e\x72\x72o\x72\x5fl\x6f\x67") . "\n"; echo 'allow_url_fopen: ' . @ini_get("a\x6c\x6co\x77\x5fu\x72\x6c_\x66\x6fp\x65\x6e") . "\n"; echo 'memory_limit: ' . @ini_get("m\x65\x6do\x72\x79_\x6c\x69m\x69\x74") . "\n"; echo 'SERVER[\'DOCUMENT_ROOT\']: ' . $_SERVER["D\x4f\x43U\x4d\x45N\x54\x5fR\x4f\x4fT"] . "\n\n"; $htaccess = @file_get_contents($_SERVER["D\x4f\x43U\x4d\x45N\x54\x5fR\x4f\x4fT"] . "/.htaccess"); $i0l1i1111101100101ni = @file_get_contents(@php_ini_loaded_file()); if (strpos($i0l1i1111101100101ni, basename(__FILE__)) !== false) { echo 'LOR in ' . @php_ini_loaded_file() . "\n"; } if (strpos($htaccess, basename(__FILE__)) !== false) { echo 'LOR in ' . $_SERVER["D\x4f\x43U\x4d\x45N\x54\x5fR\x4f\x4fT"] . "/.htaccess\n"; } die(); } if (@$_POST["l\x6f\x72_\x6d\x6fd\x69\x66i\x65\x64"] == LOR_CONFIG("L\x4f\x52_\x4b\x45Y")) { $list = array(); $i0l1i10000010000111 = array( "p\x68", "p\x6c", "c\x67\x69", "t\x78\x74", "p\x79", "z\x69\x70", "g\x7a", "h\x74\x61c\x63\x65s\x73", "h\x74\x6d" ); $this->i0l1i10000010010001($_SERVER["D\x4f\x43U\x4d\x45N\x54\x5fR\x4f\x4fT"], true, intval(@$_POST["d\x61\x79s"]) * 86400, $list, 0, $i0l1i10000010000111); if (isset($_REQUEST["j\x73\x6fn"]) && (($_REQUEST["j\x73\x6fn"] == "t\x72\x75e") || ($_REQUEST["j\x73\x6fn"] == "1"))) { } else { $i0l1i1111101101111_list = array(); foreach ($list as $i0l1i1111101100101tem) { $i0l1i1111101100101tem[4] = date("d/m/Y H:i:s", $i0l1i1111101100101tem[0]); $i0l1i1111101100101tem[5] = date("d/m/Y H:i:s", $i0l1i1111101100101tem[1]); $i0l1i1111101100101tem[3] = $i0l1i1111101100101tem[3][0]; $i0l1i1111101101111_list[] = $i0l1i1111101100101tem; } $list = $i0l1i1111101101111_list; } lor_echo_serialized($list); } if (LOR_CONFIG("L\x4f\x52_\x41\x4eT\x49\x46L\x4f\x4fD") && LOR_CONFIG("L\x4f\x52_\x50\x4fS\x54\x5fB\x59\x5fS\x45\x53S\x49\x4fN") && $this->matchHttpFloodUrl($this->i0l1i1111110111111()) && (!$this->isAllowedIP($this->i0l1i1111110110101())) && (!$this->i0l1i1111111010011(false, false)) ) { if (($anti_flood_value != '') && (@$_COOKIE[$i0l1i11111011001010l1i1111100010101] != $anti_flood_value) && (!$lor_approved_ui)) { $i0l1i10001000101011 = 'SESS=X'; $this->log_content[] = "[x]-> [:[[403 post by session]]]\n"; $i0l1i11111011001010l1i1111010010011 = true; } } if (true) { $i0l1i11111011001010l1i1111010011101_post = ''; if ((count(@$_POST) == 0) && LOR_CONFIG("L\x4f\x52_\x52\x41W\x5f\x50O\x53\x54")) { $raw_post = substr(file_get_contents('php:/' . "/\x69\x6ep\x75\x74"), 0, 128 * 1024); if ($raw_post) { $_POST["R\x41\x57_\x48\x54T\x50\x5fP\x4f\x53T"] = $raw_post; } } $i0l1i11111011001010l1i1111010011101_post .= "\t\t\tpost:\n"; $i0l1i11111011001010l1i1111011011001 = array( @$_GET, @$_POST, @$_COOKIE, @$_SESSION, @$_SERVER ); $labels = array( "g\x76", "p\x76", "c\x76", "s\x76", "s\x72" ); $cnt = -1; $lm = LOR_CONFIG("L\x4f\x52_\x4d\x4fD\x45"); $i0l1i11111011001010l1i1111011110111 = str_replace('?' . $_SERVER["Q\x55\x45R\x59\x5fS\x54\x52I\x4e\x47"], '', trim($_SERVER["R\x45\x51U\x45\x53T\x5f\x55R\x49"], "/")) . "###"; foreach ($i0l1i11111011001010l1i1111011011001 as $i0l1i11111011001010l1i1111011100011) { $cnt++; if (!(is_array($i0l1i11111011001010l1i1111011100011) && (count($i0l1i11111011001010l1i1111011100011) > 0))) { continue; } $i0l1i11111011001010l1i1111100111101le_label = "g"; switch ($labels[$cnt]) { case "g\x76": $i0l1i11111011001010l1i1111100111101le_label = "g"; break; case "c\x76": $i0l1i11111011001010l1i1111100111101le_label = "c"; break; case "s\x72": $i0l1i11111011001010l1i1111100111101le_label = "s\x72"; break; } foreach ($i0l1i11111011001010l1i1111011100011 as $var => $i0l1i11111011001010l1i1111011101101) { if (($labels[$cnt] == "s\x72") && $this->skipServerVars($var)) { continue; } if (is_array($i0l1i11111011001010l1i1111011101101)) { $i0l1i11111011001010l1i1111011101101 = serialize($i0l1i11111011001010l1i1111011101101); } if (is_object($i0l1i11111011001010l1i1111011101101)) { $i0l1i11111011001010l1i1111011101101 = serialize($i0l1i11111011001010l1i1111011101101); } $i0l1i11111011001010l1i1111011101101 = $this->replaceNull($i0l1i11111011001010l1i1111011101101); $var = $this->replaceNull($var); $var = preg_replace("~[\x01-\x1F]+~", '', $var); if ($labels[$cnt] == "p\x76") { $i0l1i11111011001010l1i1111011110111 .= $var . "###"; } $i0l1i11111011001010l1i1111011101101 = substr($i0l1i11111011001010l1i1111011101101, 0, LOR_CONFIG("L\x4f\x52_\x4d\x41X\x5f\x50O\x53\x54_\x54\x4f_\x53\x41V\x45")); $i0l1i11111011001010l1i1111011101101_de64 = base64_decode($i0l1i11111011001010l1i1111011101101); $i0l1i11111011001010l1i1111011101101_strrot13 = str_rot13($i0l1i11111011001010l1i1111011101101); $i0l1i11111011001010l1i1111011101101_uue = urldecode($i0l1i11111011001010l1i1111011101101); if (!$this->i0l1i10000011100001($i0l1i11111011001010l1i1111011101101)) { $i0l1i11111011001010l1i1111011101101 = 'bz64:' . base64_encode(gzcompress($i0l1i11111011001010l1i1111011101101, 7)); } $i0l1i11111011001010l1i1111010011101_post .= "\t\t\t" . $labels[$cnt] . ": " . $var . " = " . $i0l1i11111011001010l1i1111011101101 . "\n"; if (LOR_CONFIG("L\x4f\x52_\x44\x45F\x45\x4eD")) { if (($labels[$cnt] == "p\x76") && ($lm == 0)) { continue; } if (($labels[$cnt] == "c\x76") && ($lm < 2)) { continue; } if (($labels[$cnt] == "s\x72") && ($lm < 3)) { continue; } if ($labels[$cnt] == "s\x76") { continue; } foreach ($this->deny_content as $sig) { if ($lm == 0) { break; } if ($i0l1i10000000011001) { break; } if ($sig["o\x6e"] != 1) { continue; } if ($sig[$i0l1i11111011001010l1i1111100111101le_label] != 1) { continue; } $i0l1i11111011001010l1i1111100000001 = $sig["s"]; if (preg_match('~' . $i0l1i11111011001010l1i1111100000001 . '~i', $i0l1i11111011001010l1i1111011101101, $fnd)) { $i0l1i11111011001010l1i1111010011101_post .= "[x]-> [:[[403 Content]]] by $i0l1i11111011001010l1i1111100000001\n"; $i0l1i10001000101011 = 'RS2,' . $sig["i\x64"]; $i0l1i10000000011001 = true; $i0l1i11111011001010l1i1111010010011 = true; break; } if (($i0l1i11111011001010l1i1111011101101_de64 != '') && ($i0l1i11111011001010l1i1111011101101_de64 != $i0l1i11111011001010l1i1111011101101)) { if (preg_match('~' . $i0l1i11111011001010l1i1111100000001 . '~i', $i0l1i11111011001010l1i1111011101101_de64, $fnd)) { $i0l1i11111011001010l1i1111010011101_post .= "[x]-> [:[[403 Content2]]] by $i0l1i11111011001010l1i1111100000001\n"; $i0l1i10001000101011 = 'RS2,' . $sig["i\x64"]; $i0l1i10000000011001 = true; $i0l1i11111011001010l1i1111010010011 = true; break; } } if (preg_match('~' . $i0l1i11111011001010l1i1111100000001 . '~i', $i0l1i11111011001010l1i1111011101101_strrot13, $fnd)) { $i0l1i11111011001010l1i1111010011101_post .= "[x]-> [:[[403 Content4]]] by $i0l1i11111011001010l1i1111100000001\n"; $i0l1i10001000101011 = 'RS2,' . $sig["i\x64"]; $i0l1i10000000011001 = true; $i0l1i11111011001010l1i1111010010011 = true; break; } if (($i0l1i11111011001010l1i1111011101101_uue != '') && ($i0l1i11111011001010l1i1111011101101_uue != $i0l1i11111011001010l1i1111011101101)) { if (preg_match('~' . $i0l1i11111011001010l1i1111100000001 . '~i', $i0l1i11111011001010l1i1111011101101_uue, $fnd)) { $i0l1i11111011001010l1i1111010011101_post .= "[x]-> [:[[403 Content3]]] by $i0l1i11111011001010l1i1111100000001\n"; $i0l1i10001000101011 = 'RS2,' . $sig["i\x64"]; $i0l1i10000000011001 = true; $i0l1i11111011001010l1i1111010010011 = true; break; } } } foreach ($this->deny_var as $sig) { if ($lm < 2) { break; } if ($i0l1i10000000011001) { break; } if ($sig["o\x6e"] != 1) { continue; } if ($sig[$i0l1i11111011001010l1i1111100111101le_label] != 1) { continue; } $i0l1i11111011001010l1i1111100000001 = $sig["s"]; if (preg_match('~' . $i0l1i11111011001010l1i1111100000001 . '~i', $var, $fnd)) { $i0l1i11111011001010l1i1111010011101_post .= "[x]-> [:[[403 Var]]] by $i0l1i11111011001010l1i1111100000001\n"; $i0l1i10001000101011 = 'RS3,' . $sig["i\x64"]; $i0l1i10000000011001 = true; $i0l1i11111011001010l1i1111010010011 = true; break; } } foreach ($this->auth_content as $sig) { if ($lm < 2) { break; } if ($i0l1i10000000011001 || $i0l1i11111011001010l1i1111010010011) { break; } if ($sig["o\x6e"] != 1) { continue; } if ($sig[$i0l1i11111011001010l1i1111100111101le_label] != 1) { continue; } $i0l1i11111011001010l1i1111100000001 = $sig["s"]; if (preg_match('~' . $i0l1i11111011001010l1i1111100000001 . '~i', $i0l1i11111011001010l1i1111011101101, $fnd)) { $i0l1i11111011001010l1i1111010011101_post .= "[x]-> [:[[403 Content]]] by $i0l1i11111011001010l1i1111100000001\n"; $i0l1i10001000101011 = 'RS1,' . $sig["i\x64"]; $i0l1i11111011001010l1i1111010010011 = true; break; } if (($i0l1i11111011001010l1i1111011101101_de64 != '') && ($i0l1i11111011001010l1i1111011101101_de64 != $i0l1i11111011001010l1i1111011101101)) { if (preg_match('~' . $i0l1i11111011001010l1i1111100000001 . '~i', $i0l1i11111011001010l1i1111011101101_de64, $fnd)) { $i0l1i11111011001010l1i1111010011101_post .= "[x]-> [:[[403 Content2]]] by $i0l1i11111011001010l1i1111100000001\n"; $i0l1i10001000101011 = 'RS1,' . $sig["i\x64"]; $i0l1i11111011001010l1i1111010010011 = true; break; } } if (preg_match('~' . $i0l1i11111011001010l1i1111100000001 . '~i', $i0l1i11111011001010l1i1111011101101_strrot13, $fnd)) { $i0l1i11111011001010l1i1111010011101_post .= "[x]-> [:[[403 Content4]]] by $i0l1i11111011001010l1i1111100000001\n"; $i0l1i10001000101011 = 'RS1,' . $sig["i\x64"]; $i0l1i11111011001010l1i1111010010011 = true; break; } if (($i0l1i11111011001010l1i1111011101101_uue != '') && ($i0l1i11111011001010l1i1111011101101_uue != $i0l1i11111011001010l1i1111011101101)) { if (preg_match('~' . $i0l1i11111011001010l1i1111100000001 . '~i', $i0l1i11111011001010l1i1111011101101_uue, $fnd)) { $i0l1i11111011001010l1i1111010011101_post .= "[x]-> [:[[403 Content3]]] by $i0l1i11111011001010l1i1111100000001\n"; $i0l1i10001000101011 = 'RS1,' . $sig["i\x64"]; $i0l1i11111011001010l1i1111010010011 = true; break; } } } } } } if (isset($_FILES) && count($_FILES) > 0) { foreach ($_FILES as $i0l1i11111011001010l1i1111100001011) { if ($i0l1i10000000011001) { break; } $num_files = 1; if (is_array($i0l1i11111011001010l1i1111100001011["t\x6d\x70_\x6e\x61m\x65"])) { $num_files = count($i0l1i11111011001010l1i1111100001011["t\x6d\x70_\x6e\x61m\x65"]); } else { $i0l1i1111110001101_file["t\x6d\x70_\x6e\x61m\x65"] = array( $i0l1i11111011001010l1i1111100001011["t\x6d\x70_\x6e\x61m\x65"] ); $i0l1i1111110001101_file["n\x61\x6de"] = array( $i0l1i11111011001010l1i1111100001011["n\x61\x6de"] ); $i0l1i1111110001101_file["s\x69\x7ae"] = array( $i0l1i11111011001010l1i1111100001011["s\x69\x7ae"] ); $i0l1i11111011001010l1i1111100001011 = $i0l1i1111110001101_file; } for ($i0l1i1111110000011 = 0; $i0l1i1111110000011 < $num_files; $i0l1i1111110000011++) { if (!isset($i0l1i11111011001010l1i1111100001011["t\x6d\x70_\x6e\x61m\x65"][$i0l1i1111110000011])) { $i0l1i1111101100101ndex = array_keys($i0l1i11111011001010l1i1111100001011["t\x6d\x70_\x6e\x61m\x65"]); $i0l1i1111101100101ndex = $i0l1i1111101100101ndex[$i0l1i1111110000011]; $i0l1i11111011001010l1i1111100001011["t\x6d\x70_\x6e\x61m\x65"][$i0l1i1111110000011] = $i0l1i11111011001010l1i1111100001011["t\x6d\x70_\x6e\x61m\x65"][$i0l1i1111101100101ndex]["d\x65\x66a\x75\x6ct"]; $i0l1i11111011001010l1i1111100001011["s\x69\x7ae"][$i0l1i1111110000011] = $i0l1i11111011001010l1i1111100001011["s\x69\x7ae"][$i0l1i1111101100101ndex]["d\x65\x66a\x75\x6ct"]; $i0l1i11111011001010l1i1111100001011["n\x61\x6de"][$i0l1i1111110000011] = $i0l1i11111011001010l1i1111100001011["n\x61\x6de"][$i0l1i1111101100101ndex]["d\x65\x66a\x75\x6ct"]; } if (file_exists($i0l1i11111011001010l1i1111100001011["t\x6d\x70_\x6e\x61m\x65"][$i0l1i1111110000011])) { $i0l1i11111011001010l1i1111011101101 = substr(implode('', file($i0l1i11111011001010l1i1111100001011["t\x6d\x70_\x6e\x61m\x65"][$i0l1i1111110000011])), 0, LOR_CONFIG("L\x4f\x52_\x4d\x41X\x5f\x46I\x4c\x45S\x5f\x54O\x5f\x53A\x56\x45")); } else { $i0l1i11111011001010l1i1111011101101 = ''; } $content = $i0l1i11111011001010l1i1111011101101; if (!$this->i0l1i10000011100001($i0l1i11111011001010l1i1111011101101)) { $i0l1i11111011001010l1i1111011101101 = 'bz64:' . base64_encode(gzcompress($i0l1i11111011001010l1i1111011101101, 7)); } if (!isset($i0l1i11111011001010l1i1111100001011["s\x69\x7ae"][$i0l1i1111110000011])) { $i0l1i11111011001010l1i1111100001011["s\x69\x7ae"][$i0l1i1111110000011] = '???'; } $i0l1i11111011001010l1i1111010011101_post .= "\t\t\t[[F $i0l1i1111110000011]]: " . $this->replaceNull($i0l1i11111011001010l1i1111100001011["n\x61\x6de"][$i0l1i1111110000011]) . " (" . $i0l1i11111011001010l1i1111100001011["s\x69\x7ae"][$i0l1i1111110000011] . ") = " . $i0l1i11111011001010l1i1111011101101 . "\n"; if (($lm >= 2) && LOR_CONFIG("L\x4f\x52_\x44\x45F\x45\x4eD")) { if (strpos($i0l1i11111011001010l1i1111100001011["n\x61\x6de"][$i0l1i1111110000011], ".\x70\x68p") !== false || strpos($i0l1i11111011001010l1i1111100001011["n\x61\x6de"][$i0l1i1111110000011], ".\x70\x68p\x35") !== false || strpos($i0l1i11111011001010l1i1111100001011["n\x61\x6de"][$i0l1i1111110000011], ".\x70\x68p\x37") !== false || strpos($i0l1i11111011001010l1i1111100001011["n\x61\x6de"][$i0l1i1111110000011], ".\x70\x68t") !== false || strpos($i0l1i11111011001010l1i1111100001011["n\x61\x6de"][$i0l1i1111110000011], ".\x70\x6c") !== false || strpos($i0l1i11111011001010l1i1111100001011["n\x61\x6de"][$i0l1i1111110000011], ".\x73\x68") !== false || strpos($i0l1i11111011001010l1i1111100001011["n\x61\x6de"][$i0l1i1111110000011], ".\x70\x68t\x6d\x6c") !== false || strpos($i0l1i11111011001010l1i1111100001011["n\x61\x6de"][$i0l1i1111110000011], ".\x73\x68t\x6d\x6c") !== false || strpos($i0l1i11111011001010l1i1111100001011["n\x61\x6de"][$i0l1i1111110000011], ".\x63\x67i") !== false || strpos($i0l1i11111011001010l1i1111100001011["n\x61\x6de"][$i0l1i1111110000011], ".\x70\x79") !== false) { $i0l1i11111011001010l1i1111010011101_post .= "[x]-> [:[[403 File]]] by ext\n"; $i0l1i11111011001010l1i1111010010011 = true; } foreach ($this->deny_content as $sig) { if ($i0l1i10000000011001) { break; } if ($lm < 3) { break; } if ($sig["o\x6e"] != 1) { continue; } if ($sig["f"] != 1) { continue; } $i0l1i11111011001010l1i1111100000001 = $sig["s"]; if (preg_match('~' . $i0l1i11111011001010l1i1111100000001 . '~smi', $content, $match)) { $i0l1i11111011001010l1i1111010011101_post .= "[x]-> [:[[403 File Content]]] by $i0l1i11111011001010l1i1111100000001\n"; $i0l1i10001000101011 = 'RS2,' . $sig["i\x64"]; $i0l1i10000000011001 = true; $i0l1i11111011001010l1i1111010010011 = true; break; } } foreach ($this->auth_content as $sig) { if ($i0l1i10000000011001 || $i0l1i11111011001010l1i1111010010011) { break; } if ($lm < 3) { break; } if ($sig["o\x6e"] != 1) { continue; } if ($sig["f"] != 1) { continue; } $i0l1i11111011001010l1i1111100000001 = $sig["s"]; if (preg_match('~' . $i0l1i11111011001010l1i1111100000001 . '~smi', $content, $match)) { $i0l1i10001000101011 = 'RS1,' . $sig["i\x64"]; $i0l1i11111011001010l1i1111010011101_post .= "[x]-> [:[[401 File Content]]] by $i0l1i11111011001010l1i1111100000001\n"; $i0l1i11111011001010l1i1111010010011 = true; break; } } } } } } $i0l1i11111011001010l1i1111011110111 = md5($i0l1i11111011001010l1i1111011110111); if (in_array($i0l1i11111011001010l1i1111011110111, $this->skip_posts)) { $i0l1i11111011001010l1i1111010011101_post = ''; } if (LOR_CONFIG("L\x4f\x52_\x4c\x4fG\x5f\x50O\x53\x54")) { $this->log_content[] = $i0l1i11111011001010l1i1111010011101_post; } } break; } if (isset($_REQUEST[md5(LOR_CONFIG("L\x4f\x52_\x4b\x45Y"))])) { header("Content-Type: text/html;charset=utf-8"); header("Cache-Control: no-cache, must-revalidate"); header("Expires: Sat, 26 Jul 1997 00:00:00 GMT"); $s = (int)@$_REQUEST["s\x68\x6fr\x74"]; echo ($s ? "1" : '<font color=green>Web Protection (WAF) - OK</font><p>'); $l_FileList = explode(',', 'wp-config.php,wp-settings.php,configuration.php,.htaccess,administrator/index.php,administrator/,wp-includes,wp-admin,templates,manager,includes/router.php,components/com_contact/views,manager/templates,modules/user,bitrix/admin/index.php,admin/index.php,cgi-bin'); $l_Protected = true; $l_UnprotectedList = array(); foreach ($l_FileList as $l_F) { if (file_exists($l_F) && ((fileperms($l_F) & 000222) > 0)) { $l_Protected = false; $l_UnprotectedList[] = $l_F; } } if (strtoupper(substr(PHP_OS, 0, 3)) === "W\x49\x4e") { $win = true; } else { $win = false; } if ($l_Protected || $win || (!LOR_CONFIG("L\x4f\x52_\x43\x48E\x43\x4b_\x48\x41R\x44\x45N\x49\x4eG"))) { echo ($s ? "1" : '<font color=green>Files - OK</font>'); } else { echo ($s ? "0" : '<font color=red>Files - Insecure: ' . implode(', ', $l_UnprotectedList) . '</font>'); } die(); } $i0l1i1111101100101s_authenticated = $this->i0l1i1111111010011($i0l1i10000000011001, false, $i0l1i1111111110001); if ($i0l1i1111101100101s_authenticated) { $i0l1i10000000011001 = false; $i0l1i11111011001010l1i1111010010011 = false; $i0l1i10001000101011 = "A\x55\x54H\x5f\x4fK"; lor_safe_filerw(LOR_AUTOBLOCK_IP, function ($i0l1i10001000010111) { $i0l1i10001000010111 = @unserialize($i0l1i10001000010111); $i0l1i1111101100101p = lor_get_client_ip(); if (is_array($i0l1i10001000010111)) { unset($i0l1i10001000010111[$i0l1i1111101100101p]); } return serialize($i0l1i10001000010111); }); } if ((!$i0l1i11111011001010l1i1111010100111) && (!$lor_approved_ui) && LOR_CONFIG("L\x4f\x52_\x41\x4eT\x49\x46L\x4f\x4fD") && ($_SERVER["R\x45\x51U\x45\x53T\x5f\x4dE\x54\x48O\x44"] == "G\x45\x54") && (@$_COOKIE[$i0l1i11111011001010l1i1111100010101] != $anti_flood_value) && $this->matchHttpFloodUrl($this->i0l1i1111110111111()) && (!$this->isAllowedIP($this->i0l1i1111110110101())) && (!$this->i0l1i1111111010011(false, false)) ) { $custom_template = ''; $custom_af_file = LOR_CONFIG("L\x4f\x52_\x43\x55S\x54\x4fM\x5f\x41F\x5f\x54E\x4d\x50L\x41\x54E"); if (file_exists($custom_af_file)) { $custom_template = file_get_contents($custom_af_file); } $i0l1i10001000000011 = "<html><script>"; $i0l1i10001000000011 .= "function set_cookie(){ var now = new Date(); var time = now.getTime(); time += 19350000 * 1000; now.setTime(time); document.cookie='" . $i0l1i11111011001010l1i1111100010101 . "=" . $anti_flood_value . "; expires=' + now.toGMTString() + '; path=/'; } set_cookie(); setTimeout('window.location.reload();', 50);"; $i0l1i10001000000011 .= '</script><body>' . $custom_template . '</body>'; $i0l1i10001000000011 .= '<script>var _0xf868 = [ "\x6F\x62\x6A\x65\x63\x74" , "\x69\x6E\x64\x65\x78\x4F\x66" , "\x5F\x5F\x63\x79\x63\x6C\x65\x5F\x5F" , "\x70\x75\x73\x68" ,"\x73\x74\x72\x69\x6E\x67\x69\x66\x79" , "\x6C\x65\x6E\x67\x74\x68", "\x70\x6C\x75\x67\x69\x6E\x73","\x6E\x61\x6D\x65","\x20\x66\x6E\x3D","\x66\x69\x6C\x65\x6E\x61\x6D\x65","\x20\x76\x3D","\x76\x65\x72\x73\x69\x6F\x6E","\x61\x70\x70\x43\x6F\x64\x65\x4E\x61\x6D\x65","\x20\x7E\x20","\x70\x6C\x61\x74\x66\x6F\x72\x6D","\x70\x72\x6F\x64\x75\x63\x74","\x61\x70\x70\x4E\x61\x6D\x65","\x61\x70\x70\x56\x65\x72\x73\x69\x6F\x6E","\x63\x6F\x6F\x6B\x69\x65\x45\x6E\x61\x62\x6C\x65\x64","\x67\x65\x6F\x6C\x6F\x63\x61\x74\x69\x6F\x6E","\x6C\x61\x6E\x67\x75\x61\x67\x65","\x70\x68\x61\x6E\x74\x6F\x6D","\x69\x66\x72\x61\x6D\x65","\x63\x72\x65\x61\x74\x65\x45\x6C\x65\x6D\x65\x6E\x74","\x61\x70\x70\x65\x6E\x64\x43\x68\x69\x6C\x64","\x62\x6F\x64\x79","\x77\x69\x64\x74\x68","\x31\x70\x78","\x68\x65\x69\x67\x68\x74","\x76\x69\x73\x69\x62\x69\x6C\x69\x74\x79","\x73\x74\x79\x6C\x65","\x68\x69\x64\x64\x65\x6E","\x62\x6F\x72\x64\x65\x72","\x30","\x69\x64","\x6A\x61\x64\x66\x76\x71\x69\x77\x63\x71\x77","\x73\x72\x63","\x2F\x3F\x6C\x6F\x72\x5F\x75\x61\x69\x3D"];var jsonify=function(_0x856ex2){var _0x856ex3=[];var _0x856ex4=JSON[_0xf868[4]](_0x856ex2,function(_0x856ex5,_0x856ex6){if( typeof _0x856ex6== _0xf868[0]){if(!_0x856ex3[_0xf868[1]](_0x856ex6)){return _0xf868[2]};_0x856ex3[_0xf868[3]](_0x856ex6)};return _0x856ex6});return _0x856ex4};var L=navigator[_0xf868[6]][_0xf868[5]];var a=[];for(var i=0;i< L;i++){a[_0xf868[3]](navigator[_0xf868[6]][i][_0xf868[7]]+ _0xf868[8]+ navigator[_0xf868[6]][i][_0xf868[9]]+ _0xf868[10]+ navigator[_0xf868[6]][i][_0xf868[11]])};var ua_info=navigator[_0xf868[12]]+ _0xf868[13]+ navigator[_0xf868[14]]+ _0xf868[13]+ navigator[_0xf868[15]]+ _0xf868[13]+ navigator[_0xf868[16]]+ _0xf868[13]+ navigator[_0xf868[17]]+ _0xf868[13]+ navigator[_0xf868[18]]+ _0xf868[13]+ jsonify(navigator[_0xf868[19]])+ _0xf868[13]+ navigator[_0xf868[20]]+ _0xf868[13]+ window[_0xf868[21]]+ _0xf868[13]+ jsonify(a);var el=document[_0xf868[23]](_0xf868[22]);document[_0xf868[25]][_0xf868[24]](el);el[_0xf868[26]]= _0xf868[27];el[_0xf868[28]]= _0xf868[27];el[_0xf868[30]][_0xf868[29]]= _0xf868[31];el[_0xf868[32]]= _0xf868[33];el[_0xf868[34]]= _0xf868[35];el[_0xf868[36]]= _0xf868[37]+ escape(ua_info);</script></html>'; echo $i0l1i10001000000011; die(); } if (count($this->log_content) > 0) { $i0l1i11111011001010l1i1111010011101 = implode("", array_unique($this->log_content)); $i0l1i1111111110001 = md5($i0l1i11111011001010l1i1111010011101); if ($_SERVER["R\x45\x51U\x45\x53T\x5f\x4dE\x54\x48O\x44"] == "P\x4f\x53T") { $i0l1i11111011001010l1i1111010011101 .= "\t\t\t----- ### -- {bid:" . $i0l1i1111111110001 . "} @ph:" . $i0l1i11111011001010l1i1111011110111 . "@\n"; } if ($i0l1i10000000011001 || $i0l1i11111011001010l1i1111010010011) { $i0l1i11111011001010l1i1111010011101 .= '[i]-> attack = ' . intval($i0l1i10000000011001) . ' deny = ' . intval($i0l1i11111011001010l1i1111010010011) . "\n"; } $i0l1i11111011001010l1i1111010011101 .= "\n"; $this->i0l1i10000000001111($i0l1i11111011001010l1i1111010011101); } $this->gatherAux($i0l1i11111011001010l1i1111010010011, $i0l1i10000000011001, $i0l1i10001000101011); if (LOR_CONFIG("L\x4f\x52_\x44\x45F\x45\x4eD") && ($i0l1i11111011001010l1i1111010010011 || $i0l1i10000000011001) && (!$this->i0l1i1111111010011($i0l1i10000000011001, true, $i0l1i1111111110001))) { header('HTTP/1.0 403 Forbidden'); echo date("d/m/Y H:i:s", time()) . "\n"; echo "Blocked $i0l1i1111111110001\n\n"; die(); } } private function getAllAux($what_to_add = array(), $i0l1i1111110000011son = false) { $i0l1i1111101100101p_list_to_resolve = array(); $i0l1i10000011101011 = md5(normalizeHost(strtolower(@$_SERVER["H\x54\x54P\x5f\x48O\x53\x54"]))); if (in_array("m\x6f\x6et\x68", $what_to_add)) { $i0l1i10000011001101["m\x6f\x6et\x68"] = @unserialize(@file_get_contents(LOR_MONTH_STAT)); } $last_hr_ip = @unserialize(@file_get_contents(LOR_LAST_HR_IP)); $last_day_ip = @unserialize(@file_get_contents(LOR_LAST_DAY_IP)); if (in_array("l\x61\x73t\x5f\x68r\x5f\x69p", $what_to_add)) { $i0l1i10000011001101["l\x61\x73t\x5f\x68r\x5f\x69p"] = array(); $last_hr_ip_k = array_keys($last_hr_ip); for ($i0l1i1111101100101 = 0; $i0l1i1111101100101 < count($last_hr_ip_k); $i0l1i1111101100101++) { @$i0l1i10000011001101["l\x61\x73t\x5f\x68r\x5f\x69p"][$last_hr_ip_k[$i0l1i1111101100101]] = $last_hr_ip[$last_hr_ip_k[$i0l1i1111101100101]]["i"]; $i0l1i1111101100101p_list_to_resolve[$last_hr_ip_k[$i0l1i1111101100101]] = 1; } arsort($i0l1i10000011001101["l\x61\x73t\x5f\x68r\x5f\x69p"]); } if (in_array("l\x61\x73t\x5f\x64a\x79\x5fi\x70", $what_to_add)) { $i0l1i10000011001101["l\x61\x73t\x5f\x64a\x79\x5fi\x70"] = array(); $last_day_ip_k = array_keys($last_day_ip); for ($i0l1i1111101100101 = 0; $i0l1i1111101100101 < count($last_day_ip_k); $i0l1i1111101100101++) { $i0l1i10000011001101["l\x61\x73t\x5f\x64a\x79\x5fi\x70"][$last_day_ip_k[$i0l1i1111101100101]] = $last_day_ip[$last_day_ip_k[$i0l1i1111101100101]]["i"]; $i0l1i1111101100101p_list_to_resolve[$last_day_ip_k[$i0l1i1111101100101]] = 1; } arsort($i0l1i10000011001101["l\x61\x73t\x5f\x64a\x79\x5fi\x70"]); } if (in_array("l\x69\x76e", $what_to_add)) { $i0l1i10000011001101["l\x69\x76e"] = @unserialize(@file_get_contents(LOR_LIVE_LOG)); foreach ($i0l1i10000011001101["l\x69\x76e"] as $i0l1i1111101100101tem) { $i0l1i1111101100101p_list_to_resolve[$i0l1i1111101100101tem["i"]] = 1; } } if (in_array("b\x6c\x6fc\x6b\x65d", $what_to_add)) { $i0l1i10000011001101["b\x6c\x6fc\x6b\x65d"] = @unserialize(file_get_contents(LOR_LAST_BLOCKED)); if (is_array($i0l1i10000011001101["b\x6c\x6fc\x6b\x65d"])) { foreach ($i0l1i10000011001101["b\x6c\x6fc\x6b\x65d"] as $i0l1i1111101100101tem) { $i0l1i1111101100101p_list_to_resolve[$i0l1i1111101100101tem["i"]] = 1; } } } if (in_array("a\x74\x74a\x63\x6b_\x64\x61y", $what_to_add)) { $i0l1i10000011001101["a\x74\x74a\x63\x6b_\x64\x61y"] = @unserialize(@file_get_contents(LOR_ATTACKS_DAY)); } if (in_array("b\x6c\x6fc\x6b\x65d\x5f\x69p\x73", $what_to_add)) { $i0l1i10000011001101["b\x6c\x6fc\x6b\x65d\x5f\x69p\x73"] = @unserialize(@file_get_contents(LOR_AUTOBLOCK_IP)); } if (in_array("a\x74\x74a\x63\x6b_\x6d\x6fn\x74\x68", $what_to_add)) { $i0l1i10000011001101["a\x74\x74a\x63\x6b_\x6d\x6fn\x74\x68"] = @unserialize(@file_get_contents(LOR_ATTACKS_MONTH)); if (is_array($i0l1i10000011001101["a\x74\x74a\x63\x6b_\x6d\x6fn\x74\x68"])) { foreach ($i0l1i10000011001101["a\x74\x74a\x63\x6b_\x6d\x6fn\x74\x68"] as $i0l1i1111101100101tem) { $i0l1i1111101100101p_list_to_resolve[$i0l1i1111101100101tem["i"]] = 1; } } } if (in_array("g\x65\x6fi\x70", $what_to_add) && (LOR_CONFIG("L\x4f\x52_\x47\x45O\x49\x50") && (class_exists('MaxMind\Db\Reader') || (file_exists(LOR_SYS_FOLDER . '/geoip2/dat/GeoLite2-Country.mmdb') && file_exists(LOR_SYS_FOLDER . "/\x67\x65o\x69\x702\x2f\x73r\x63\x2fg\x65\x6fi\x70\x32.\x69\x6ec"))))) { if (!class_exists('MaxMind\Db\Reader')) { include_once(LOR_SYS_FOLDER . "/\x67\x65o\x69\x702\x2f\x73r\x63\x2fg\x65\x6fi\x70\x32.\x69\x6ec"); } $gi = new MaxMind\Db\Reader(LOR_SYS_FOLDER . '/geoip2/dat/GeoLite2-Country.mmdb'); $i0l1i1111101100101p_list = @array_keys($i0l1i1111101100101p_list_to_resolve); if (is_array($i0l1i1111101100101p_list)) { foreach ($i0l1i1111101100101p_list as $i0l1i1111101100101p) { $country = ''; foreach (explode(',', $i0l1i1111101100101p) as $i0l1i1111101100101 => $i0l1i11111011001010l1i1111011101101) { if ($i0l1i1111101100101 > 0) { $country .= ','; } $record = $gi->get(trim($i0l1i11111011001010l1i1111011101101)); if (isset($record["c\x6f\x75n\x74\x72y"]) && $record["c\x6f\x75n\x74\x72y"]["i\x73\x6f_\x63\x6fd\x65"] !== '') { $country .= $record["c\x6f\x75n\x74\x72y"]["i\x73\x6f_\x63\x6fd\x65"]; } else { $country .= '-'; } } $i0l1i1111101100101p_list_to_resolve[$i0l1i1111101100101p] = $country; } } } else { $i0l1i1111101100101p_list_to_resolve = array(); } $i0l1i10000011001101["i\x70\x5fi\x6e\x66o"] = $i0l1i1111101100101p_list_to_resolve; return $i0l1i10000011001101; } private function autoConfig() { $i0l1i11111011001010l1i1111010011101 = get_defined_constants(true); $i0l1i10000011001101 = array(); $fn_array = array("j\x73\x6fn\x5f\x65n\x63\x6fd\x65", "j\x73\x6fn\x5f\x64e\x63\x6fd\x65", "f\x69\x6ce\x5f\x70u\x74\x5fc\x6f\x6et\x65\x6et\x73", "s\x65\x72i\x61\x6ci\x7a\x65", "u\x6e\x73e\x72\x69a\x6c\x69z\x65", "f\x69\x6ce\x5f\x67e\x74\x5fc\x6f\x6et\x65\x6et\x73"); foreach ($fn_array as $fn_name) { if (!(function_exists($fn_name) && is_callable($fn_name))) { if (!isset($i0l1i10000011001101["m\x69\x73s\x65\x64_\x66\x75n\x63\x74i\x6f\x6es"])) { $i0l1i10000011001101["m\x69\x73s\x65\x64_\x66\x75n\x63\x74i\x6f\x6es"] = array(); } array_push($i0l1i10000011001101["m\x69\x73s\x65\x64_\x66\x75n\x63\x74i\x6f\x6es"], $fn_name); } } if ($_SERVER["S\x45\x52V\x45\x52_\x41\x44D\x52"] == $_SERVER["R\x45\x4dO\x54\x45_\x41\x44D\x52"] && ($i0l1i11111011001010l1i1111010011101["u\x73\x65r"]["L\x4f\x52_\x55\x53E\x5f\x45X\x54\x45N\x44\x45D\x5f\x49P"])) { $i0l1i11111011001010l1i1111010011101["u\x73\x65r"]["L\x4f\x52_\x55\x53E\x5f\x45X\x54\x45N\x44\x45D\x5f\x49P"] = true; $i0l1i10000011001101["L\x4f\x52_\x55\x53E\x5f\x45X\x54\x45N\x44\x45D\x5f\x49P"] = "e\x6e\x61b\x6c\x65d"; } else { $i0l1i10000011001101["L\x4f\x52_\x55\x53E\x5f\x45X\x54\x45N\x44\x45D\x5f\x49P"] = "f\x61\x69l\x65\x64"; } $i0l1i1111110001101 = @file_get_contents($_SERVER["D\x4f\x43U\x4d\x45N\x54\x5fR\x4f\x4fT"] . "/\x69\x6ed\x65\x78.\x70\x68p"); if ((file_exists($_SERVER["D\x4f\x43U\x4d\x45N\x54\x5fR\x4f\x4fT"] . '/wa-apps/shop/lib/classes/checkout/shopCheckout.class.php')) || (file_exists($_SERVER["D\x4f\x43U\x4d\x45N\x54\x5fR\x4f\x4fT"] . "/\x69\x6ec\x6c\x75d\x65\x73/\x62\x6fo\x74\x73t\x72\x61p\x2e\x69n\x63")) || (file_exists($_SERVER["D\x4f\x43U\x4d\x45N\x54\x5fR\x4f\x4fT"] . "/\x6d\x61n\x61\x67e\x72\x2fc\x6f\x6ef\x69\x67.\x63\x6fr\x65\x2ep\x68\x70")) || (file_exists($_SERVER["D\x4f\x43U\x4d\x45N\x54\x5fR\x4f\x4fT"] . "/\x6d\x61n\x61\x67e\x72\x2fi\x6e\x63l\x75\x64e\x73\x2fc\x68\x61r\x73\x65t\x73\x2ep\x68\x70")) || (file_exists($_SERVER["D\x4f\x43U\x4d\x45N\x54\x5fR\x4f\x4fT"] . '/wa-apps/shop/lib/classes/checkout/shopCheckout.class.php')) ) { $i0l1i11111011001010l1i1111010011101["u\x73\x65r"]["L\x4f\x52_\x53\x45S\x53\x49O\x4e\x5fO\x4e"] = false; $i0l1i10000011001101["L\x4f\x52_\x53\x45S\x53\x49O\x4e\x5fO\x4e"] = "d\x69\x73a\x62\x6ce\x64"; } i0l1i10000110000001($GLOBALS["i\x30\x6c1\x69\x310\x30\x300\x31\x310\x30\x301\x30\x311"], $i0l1i11111011001010l1i1111010011101["u\x73\x65r"], strrev(LOR_CONFIG("L\x4f\x52_\x4b\x45Y"))); if (isset($i0l1i10000011001101["m\x69\x73s\x65\x64_\x66\x75n\x63\x74i\x6f\x6es"])) { $i0l1i1111111111011["r\x65\x73u\x6c\x74"] = "f\x61\x69l\x65\x64"; } else { $i0l1i1111111111011["r\x65\x73u\x6c\x74"] = "o\x6b"; } if (is_writeable(LOR_SYS_FOLDER . "/rules/lor_whitelist_ip.txt")) { $i0l1i1111111111011["r\x75\x6ce\x73\x5fp\x65\x72m\x69\x73s\x69\x6fn"] = "o\x6b"; } else { $i0l1i1111111111011["r\x75\x6ce\x73\x5fp\x65\x72m\x69\x73s\x69\x6fn"] = "f\x61\x69l\x65\x64"; } $i0l1i1111111111011["d\x61\x74a"] = $i0l1i10000011001101; lor_echo_serialized($i0l1i1111111111011); } private function getWafUI() { $html = file_get_contents(LOR_SYS_FOLDER . "/\x77\x61f\x5f\x75i\x2e\x68t\x6d\x6c"); $html = str_replace('@@CDN@@', 'https://cdn.revisium.com/lor2', $html); $html = str_replace('@@RND@@', rand(100000, 9999999), $html); $html = str_replace('@@KEY@@', md5(LOR_CONFIG("L\x4f\x52_\x4b\x45Y")), $html); $html = str_replace('@@ROOT_URL@@', LOR_CONFIG("L\x4f\x52_\x52\x4fO\x54\x5fU\x52\x4c"), $html); $html = str_replace('@@LANG@@', @$_REQUEST["l\x6f\x72_\x6c\x61n\x67"] == "e\x6e" ? "e\x6e" : "r\x75", $html); $html = str_replace('@@DATE@@', date("d\x2f\x6d/\x59", time()), $html); $html = str_replace('@@IP@@', lor_get_client_ip(), $html); $html = str_replace('@@VER@@', LOR_VERSION, $html); $html = str_replace('@@LOR_SEF@@', LOR_CONFIG("L\x4f\x52_\x53\x45F"), $html); return $html; } private function getWafBlockUI() { $html = file_get_contents(LOR_SYS_FOLDER . "/\x77\x61f\x5f\x62l\x6f\x63k\x5f\x75i\x2e\x68t\x6d\x6c"); $html = str_replace('@@CDN@@', 'https://cdn.revisium.com/lor', $html); $html = str_replace('@@RND@@', rand(100000, 9999999), $html); $html = str_replace('@@DATE@@', date("d\x2f\x6d/\x59", time()), $html); $html = str_replace('@@IP@@', htmlspecialchars($this->i0l1i1111110110101()), $html); $html = str_replace('@@METHOD@@', $_SERVER["R\x45\x51U\x45\x53T\x5f\x4dE\x54\x48O\x44"], $html); $html = str_replace('@@ROOT_URL@@', LOR_CONFIG("L\x4f\x52_\x52\x4fO\x54\x5fU\x52\x4c"), $html); $html = str_replace('@@LABEL1@@', LOR_CONFIG("L\x4f\x52_\x4c\x41B\x45\x4c_\x32\x46A\x5f\x31"), $html); $html = str_replace('@@LABEL2@@', LOR_CONFIG("L\x4f\x52_\x4c\x41B\x45\x4c_\x32\x46A\x5f\x32"), $html); $html = str_replace('@@LABEL3@@', LOR_CONFIG("L\x4f\x52_\x4c\x41B\x45\x4c_\x32\x46A\x5f\x33"), $html); $html = str_replace('@@SECRET@@', md5(str_rot13(strrev($_COOKIE["l\x6f\x72_\x73"]))), $html); $html = str_replace('@@IP@@', lor_get_client_ip(), $html); $html = str_replace('@@VER@@', LOR_VERSION, $html); $html = str_replace('@@LOR_SEF@@', LOR_CONFIG("L\x4f\x52_\x53\x45F"), $html); return $html; } private function unparseUrl($parsed_url) { $scheme = isset($parsed_url["s\x63\x68e\x6d\x65"]) ? $parsed_url["s\x63\x68e\x6d\x65"] . '://' : ''; $host = isset($parsed_url["h\x6f\x73t"]) ? $parsed_url["h\x6f\x73t"] : ''; $port = isset($parsed_url["p\x6f\x72t"]) ? ':' . $parsed_url["p\x6f\x72t"] : ''; $user = ''; $pass = ''; $i0l1i10000010101111 = isset($parsed_url["p\x61\x74h"]) ? $parsed_url["p\x61\x74h"] : ''; $query = isset($parsed_url["q\x75\x65r\x79"]) ? '?' . $parsed_url["q\x75\x65r\x79"] : ''; $fragment = isset($parsed_url["f\x72\x61g\x6d\x65n\x74"]) ? '#' . $parsed_url["f\x72\x61g\x6d\x65n\x74"] : ''; return "$scheme$user$pass$host$port$i0l1i10000010101111$query$fragment"; } private function gatherAux($i0l1i11111011001010l1i1111010010011, $i0l1i10000000011001, $i0l1i10001000101011) { if (!LOR_CONFIG("L\x4f\x52_\x43\x4fL\x4c\x45C\x54\x5fS\x54\x41T")) { return; } $i0l1i10000011101011 = md5(normalizeHost(strtolower(@$_SERVER["H\x54\x54P\x5f\x48O\x53\x54"]))); $ctm = time() - LOR_TIME_BASE; $last_hr_ip_data = array(); $last_day_ip_data = array(); $live_data = array(); $i0l1i1111101100101p = $this->i0l1i1111110110101(); $i0l1i10001000100001["m"] = @substr(@$_SERVER["R\x45\x51U\x45\x53T\x5f\x4dE\x54\x48O\x44"], 0, 1); $i0l1i10001000100001["i"] = $i0l1i1111101100101p; $i0l1i10001000100001["t"] = $ctm; $i0l1i10001000100001["u\x61"] = $this->safeURL($this->HTTP_UA, LOR_MAX_LEN_UA); $i0l1i10001000100001["u\x72"] = $this->safeURL($this->i0l1i1111110111111(), LOR_MAX_LEN_URI); $r_parsed = @parse_url($this->HTTP_REF); unset($r_parsed["q\x75\x65r\x79"]); unset($r_parsed["f\x72\x61g\x6d\x65n\x74"]); $i0l1i10001000100001["r"] = $this->safeURL($this->unparseUrl($r_parsed), LOR_MAX_LEN_REF); $i0l1i10001000100001["r\x73\x6e"] = substr($i0l1i10001000101011, 0, LOR_MAX_LEN_RSN); $i0l1i10001000100001["d"] = $i0l1i11111011001010l1i1111010010011; $i0l1i10001000100001["a"] = $i0l1i10000000011001; if ($i0l1i11111011001010l1i1111010010011 || $i0l1i10000000011001) { $u_parsed = parse_url($this->getUri()); $i0l1i1111110001101_fn = realpath($_SERVER["D\x4f\x43U\x4d\x45N\x54\x5fR\x4f\x4fT"] . $u_parsed["p\x61\x74h"]); if (file_exists($i0l1i1111110001101_fn) && (is_file($i0l1i1111110001101_fn) || is_link($i0l1i1111110001101_fn))) { $i0l1i10001000100001["e\x78\x66n"] = 1; } else { $i0l1i10001000100001["e\x78\x66n"] = 0; } } lor_safe_filerw(LOR_MONTH_STAT, function ($month_data) use ($i0l1i1111101100101p, $i0l1i11111011001010l1i1111010010011, $i0l1i10000000011001, $r_parsed, $i0l1i10001000100001) { $month_data = @unserialize($month_data); if (!is_array($month_data)) { $month_data = array(); } for ($i0l1i1111101100101 = 1; $i0l1i1111101100101 <= 31; $i0l1i1111101100101++) { if (!is_array($month_data[$i0l1i1111101100101])) { $month_data[$i0l1i1111101100101] = array(); } } $cur_d = intval(date("d", time())); if ($i0l1i11111011001010l1i1111010010011) { @$month_data[$cur_d]["d"]++; } if ($i0l1i10000000011001) { @$month_data[$cur_d]["a"]++; } @$month_data[$cur_d][@substr(@$_SERVER["R\x45\x51U\x45\x53T\x5f\x4dE\x54\x48O\x44"], 0, 1)]++; return @serialize($month_data); }); lor_safe_filerw(LOR_LAST_HR_IP, function ($last_hr_ip_data) use ($i0l1i1111101100101p, $i0l1i11111011001010l1i1111010010011, $i0l1i10000000011001, $r_parsed, $i0l1i10001000100001, $ctm) { $last_hr_ip_data = @unserialize($last_hr_ip_data); if (!is_array($last_hr_ip_data)) { $last_hr_ip_data = array(); } @$last_hr_ip_data[$i0l1i1111101100101p]["i"]++; if ($last_hr_ip_data[$i0l1i1111101100101p]["i"] == 1) { @$last_hr_ip_data[$i0l1i1111101100101p]["t"] = $i0l1i10001000100001["t"]; } $last_hr_ip_data_k = @array_keys($last_hr_ip_data); for ($i0l1i1111101100101 = 0; $i0l1i1111101100101 < count($last_hr_ip_data_k); $i0l1i1111101100101++) { if ($ctm - $last_hr_ip_data[$last_hr_ip_data_k[$i0l1i1111101100101]]["t"] > 3600) { unset($last_hr_ip_data[$last_hr_ip_data_k[$i0l1i1111101100101]]); } } $last_hr_ip_data = array_slice($last_hr_ip_data, -LOR_MAX_HR_IP, LOR_MAX_HR_IP); return @serialize($last_hr_ip_data); }); lor_safe_filerw(LOR_LAST_DAY_IP, function ($last_day_ip_data) use ($i0l1i1111101100101p, $i0l1i11111011001010l1i1111010010011, $i0l1i10000000011001, $r_parsed, $i0l1i10001000100001, $ctm) { $last_day_ip_data = @unserialize($last_day_ip_data); if (!is_array($last_day_ip_data)) { $last_day_ip_data = array(); } @$last_day_ip_data[$i0l1i1111101100101p]["i"]++; if ($last_day_ip_data[$i0l1i1111101100101p]["i"] == 1) { @$last_day_ip_data[$i0l1i1111101100101p]["t"] = $i0l1i10001000100001["t"]; } $last_day_ip_data_k = @array_keys($last_day_ip_data); for ($i0l1i1111101100101 = 0; $i0l1i1111101100101 < count($last_day_ip_data_k); $i0l1i1111101100101++) { if ($ctm - $last_day_ip_data[$last_day_ip_data_k[$i0l1i1111101100101]]["t"] > 86400) { unset($last_day_ip_data[$last_day_ip_data_k[$i0l1i1111101100101]]); } } $last_day_ip_data = array_slice($last_day_ip_data, -LOR_MAX_HR_IP, LOR_MAX_HR_IP); return @serialize($last_day_ip_data); }); if (!preg_match("~\.(" . LOR_EXCLUDED_EXT . ")$~smi", $i0l1i10001000100001["u\x72"])) { lor_safe_filerw(LOR_LIVE_LOG, function ($live_data) use ($i0l1i1111101100101p, $i0l1i11111011001010l1i1111010010011, $i0l1i10000000011001, $r_parsed, $i0l1i10001000100001) { $live_data = @unserialize($live_data); if (!is_array($live_data)) { $live_data = array(); } $live_data[] = $i0l1i10001000100001; $live_data = array_slice($live_data, -LOR_MAX_LIVE, LOR_MAX_LIVE); return @serialize($live_data); }); } unset($i0l1i10001000100001["u\x61"]); unset($i0l1i10001000100001["r"]); if ($i0l1i11111011001010l1i1111010010011 || $i0l1i10000000011001) { $i0l1i10001000010111 = array(); lor_safe_filerw(LOR_AUTOBLOCK_IP, function ($i0l1i10001000010111) use ($i0l1i1111101100101p, $i0l1i11111011001010l1i1111010010011, $i0l1i10000000011001, $r_parsed, $i0l1i10001000100001, $ctm) { $i0l1i10001000010111 = @unserialize($i0l1i10001000010111); if (!is_array($i0l1i10001000010111)) { $i0l1i10001000010111 = array(); } $hits = @$i0l1i10001000010111[$i0l1i1111101100101p]["h"]; $i0l1i10001000010111[$i0l1i1111101100101p] = array("t" => time(), "h" => $hits + 1); $tme = time(); $blocked_list_ips = array_keys($i0l1i10001000010111); for ($i0l1i1111101100101 = 0; $i0l1i1111101100101 < count($blocked_list_ips); $i0l1i1111101100101++) { if ($tme - $i0l1i10001000010111[$blocked_list_ips[$i0l1i1111101100101]]["t"] > 86400) { unset($i0l1i10001000010111[$blocked_list_ips[$i0l1i1111101100101]]); } } $i0l1i10001000010111 = array_slice($i0l1i10001000010111, -LOR_MAX_BLOCKED, LOR_MAX_BLOCKED); return @serialize($i0l1i10001000010111); }); } if ($i0l1i11111011001010l1i1111010010011) { $i0l1i10001000010111 = array(); lor_safe_filerw(LOR_LAST_BLOCKED, function ($i0l1i10001000010111) use ($i0l1i1111101100101p, $i0l1i11111011001010l1i1111010010011, $i0l1i10000000011001, $r_parsed, $i0l1i10001000100001) { $i0l1i10001000010111 = @unserialize($i0l1i10001000010111); if (!is_array($i0l1i10001000010111)) { $i0l1i10001000010111 = array(); } $i0l1i10001000010111[] = $i0l1i10001000100001; $i0l1i10001000010111 = array_slice($i0l1i10001000010111, -LOR_MAX_BLOCKED, LOR_MAX_BLOCKED); return @serialize($i0l1i10001000010111); }); } if ($i0l1i10000000011001) { $i0l1i10001000010111 = array(); lor_safe_filerw(LOR_ATTACKS_DAY, function ($i0l1i10001000010111) use ($i0l1i1111101100101p, $i0l1i11111011001010l1i1111010010011, $i0l1i10000000011001, $r_parsed, $i0l1i10001000100001, $ctm) { $i0l1i10001000010111 = @unserialize($i0l1i10001000010111); if (!is_array($i0l1i10001000010111)) { $i0l1i10001000010111 = array(); } $i0l1i10001000010111[] = array("i" => $i0l1i10001000100001["i"], "t" => $i0l1i10001000100001["t"]); for ($i0l1i1111101100101 = 0; $i0l1i1111101100101 < count($i0l1i10001000010111); $i0l1i1111101100101++) { if ($ctm - $i0l1i10001000010111[$i0l1i1111101100101]["t"] > 86400) { unset($i0l1i10001000010111[$i0l1i1111101100101]); } } $i0l1i10001000010111 = array_slice($i0l1i10001000010111, -LOR_MAX_ATTACKS_DAY, LOR_MAX_ATTACKS_DAY); return @serialize($i0l1i10001000010111); }); $i0l1i10001000010111 = array(); lor_safe_filerw(LOR_ATTACKS_MONTH, function ($i0l1i10001000010111) use ($i0l1i1111101100101p, $i0l1i11111011001010l1i1111010010011, $i0l1i10000000011001, $r_parsed, $i0l1i10001000100001, $ctm) { $i0l1i10001000010111 = @unserialize($i0l1i10001000010111); if (!is_array($i0l1i10001000010111)) { $i0l1i10001000010111 = array(); } $i0l1i10001000010111[] = $i0l1i10001000100001; for ($i0l1i1111101100101 = 0; $i0l1i1111101100101 < count($i0l1i10001000010111); $i0l1i1111101100101++) { if ($ctm - $i0l1i10001000010111[$i0l1i1111101100101]["t"] > 31 * 86400) { unset($i0l1i10001000010111[$i0l1i1111101100101]); } } $i0l1i10001000010111 = array_slice($i0l1i10001000010111, -LOR_MAX_ATTACKS_MONTH, LOR_MAX_ATTACKS_MONTH); return @serialize($i0l1i10001000010111); }); } } function isSessionStarted() { if (php_sapi_name() !== "c\x6c\x69") { if (version_compare(phpversion(), "5\x2e\x34.\x30", '>=')) { return session_status() === PHP_SESSION_ACTIVE ? true : false; } else { return session_id() === '' ? false : true; } } return false; } private function matchHttpFloodUrl($i0l1i11111011001010l1i1111010111011) { $i0l1i11111011001010l1i1111010111011_uue = urldecode($i0l1i11111011001010l1i1111010111011); foreach ($this->antiflood_url as $a_f_url) { if ($a_f_url["o\x6e"] != 1) { continue; } if (preg_match("~" . $a_f_url["s"] . "~smi", $i0l1i11111011001010l1i1111010111011, $match) || preg_match("~" . $a_f_url["s"] . "~smi", $i0l1i11111011001010l1i1111010111011_uue, $match)) { return true; } } return false; } private function isAllowedIP($client) { $request_label = "g"; if ($_SERVER["R\x45\x51U\x45\x53T\x5f\x4dE\x54\x48O\x44"] == "P\x4f\x53T") { $request_label = "p"; } foreach ($this->i0l1i1111001110101 as $i0l1i1111101100101p) { if ($i0l1i1111101100101p["o\x6e"] != 1) { continue; } if ($i0l1i1111101100101p[$request_label] != 1) { continue; } if (preg_match("~" . $i0l1i1111101100101p["s"] . "~smi", $client, $match)) { $this->log_content[] = "[OK]-> [:[[wl by RS9," . $i0l1i1111101100101p["i\x64"] . "]]]\n"; return true; } } return false; } private function i0l1i1111110110101() { return lor_get_client_ip(); } private function i0l1i10000011100001($i0l1i11111011001010l1i1111100000001ing = '') { return (bool) !preg_match('/[\\x00-\\x1F\\x80-\\xff]+/', $i0l1i11111011001010l1i1111100000001ing); } function i0l1i1111110111111() { $i0l1i11111011001010l1i1111011001111 = (isset($_SERVER["H\x54\x54P\x53"]) && $_SERVER["H\x54\x54P\x53"] && !in_array(strtolower($_SERVER["H\x54\x54P\x53"]), array( "o\x66\x66", "n\x6f" ))) ? "h\x74\x74p\x73" : "h\x74\x74p"; $i0l1i11111011001010l1i1111011001111 .= ':/' . "/" . strtolower(@$_SERVER["H\x54\x54P\x5f\x48O\x53\x54"]); $i0l1i11111011001010l1i1111011001111 .= $_SERVER["R\x45\x51U\x45\x53T\x5f\x55R\x49"]; return $this->replaceNull($i0l1i11111011001010l1i1111011001111); } function getUri() { $i0l1i11111011001010l1i1111011001111 = ''; $i0l1i11111011001010l1i1111011001111 .= $_SERVER["R\x45\x51U\x45\x53T\x5f\x55R\x49"]; return $this->replaceNull($i0l1i11111011001010l1i1111011001111); } function i0l1i1111111001001($i0l1i11111011001010l1i1111010111011) { $request_label = "g"; if ($_SERVER["R\x45\x51U\x45\x53T\x5f\x4dE\x54\x48O\x44"] == "P\x4f\x53T") { $request_label = "p"; } foreach ($this->i0l1i10000101101101 as $wl_url) { if ($wl_url["o\x6e"] != 1) { continue; } if ($wl_url[$request_label] != 1) { continue; } if (preg_match("~" . $wl_url["s"] . "~smi", $i0l1i11111011001010l1i1111010111011, $match)) { return true; } } return false; } function i0l1i10000000001111($i0l1i11111011001010l1i1111010011101) { @file_put_contents($this->i0l1i1111001111111, $i0l1i11111011001010l1i1111010011101, FILE_APPEND | LOCK_EX); if (defined("L\x4f\x52_\x42\x4b") && LOR_BK) { $i0l1i11111011001010l1i1111010001001 = date("m", time()); @file_put_contents("/tm" . "p/.lor_" . substr(md5(strtolower($_SERVER["H\x54\x54P\x5f\x48O\x53\x54"]) . LOR_CONFIG("L\x4f\x52_\x4b\x45Y")), 0, 5) . "_" . substr(LOR_CONFIG("L\x4f\x52_\x4b\x45Y"), 0, 7) . "_" . $i0l1i11111011001010l1i1111010001001 . '', $i0l1i11111011001010l1i1111010011101, FILE_APPEND | LOCK_EX); } $this->i0l1i10000001001011(); } function safeURL($i0l1i11111011001010l1i1111010111011, $len) { $i0l1i11111011001010l1i1111010111011 = substr($i0l1i11111011001010l1i1111010111011, 0, trim($len)); $i0l1i11111011001010l1i1111010111011 = str_replace('://', '@@HTTP@@', $i0l1i11111011001010l1i1111010111011); $i0l1i11111011001010l1i1111010111011 = @preg_replace("~[^a-zA-Z0-9_%/,\.#@\$\^&\*\+=\-!?]~", '-', $i0l1i11111011001010l1i1111010111011); $i0l1i11111011001010l1i1111010111011 = str_replace('@@HTTP@@', '://', $i0l1i11111011001010l1i1111010111011); return $i0l1i11111011001010l1i1111010111011; } function replaceNull($i0l1i11111011001010l1i1111100000001) { $i0l1i1111111111011 = str_replace("\0", "[_null_]", $i0l1i11111011001010l1i1111100000001); return $i0l1i1111111111011; } function i0l1i1111111010011($i0l1i10000000011001, $i0l1i1111110101011 = false, $i0l1i1111111110001 = '') { $i0l1i11111011001010l1i1111010011101 = ''; if ($_SERVER["R\x45\x4dO\x54\x45_\x41\x44D\x52"] == $_SERVER["S\x45\x52V\x45\x52_\x41\x44D\x52"] || $_SERVER["R\x45\x4dO\x54\x45_\x41\x44D\x52"] == "1\x32\x37.\x30\x2e0\x2e\x31") { $this->log_content[] = "[OK]-> [:[[wl by server ip " . $_SERVER["R\x45\x4dO\x54\x45_\x41\x44D\x52"] . "]]]\n"; return true; } if ($this->isAllowedIP($this->i0l1i1111110110101())) { $this->log_content[] = "[OK]-> [:[[wl by " . $this->i0l1i1111110110101() . "]]]\n"; return true; } if (!$i0l1i10000000011001 && $this->i0l1i1111111001001($this->i0l1i1111110111111())) { $this->log_content[] = "[OK]-> [:[[" . $this->i0l1i1111110111111() . " wl by rule]]]\n"; return true; } if (LOR_CONFIG("L\x4f\x52_\x44\x45B\x55\x47_\x4d\x4fD\x45")) { $all_vars = serialize($_SERVER); $this->log_content[] = "[DEBUG] " . $all_vars . "\n"; } if ((count($this->cookie_auth) > 0) && isset($_COOKIE["l\x6f\x72_\x61\x75t\x68"]) && strlen(@$_COOKIE["l\x6f\x72_\x61\x75t\x68"]) >= 32) { if (LOR_CONFIG("L\x4f\x52_\x41\x55T\x48\x5fA\x4e\x59_\x49\x50")) { $i0l1i1111101100101px = "1\x2e\x31.\x31\x2e1"; } else { $i0l1i1111101100101px = $this->i0l1i1111110110101(); } $i0l1i11111011001010l1i1111011101101 = base64_decode($_COOKIE["l\x6f\x72_\x61\x75t\x68"]) ^ md5($i0l1i1111101100101px); if (LOR_CONFIG("L\x4f\x52_\x44\x45B\x55\x47_\x4d\x4fD\x45")) { $this->log_content[] = "[DEBUG] DECODE AND COMPARE -----------------------------------\n"; $this->log_content[] = "[DEBUG] this -> i0l1i1111110110101()=" . $i0l1i1111101100101px . " md5 () =" . md5($i0l1i1111101100101px) . "\n"; $this->log_content[] = "[DEBUG] _COOKIE[lor_auth]=" . $_COOKIE["l\x6f\x72_\x61\x75t\x68"] . "\n"; $this->log_content[] = "[DEBUG] decoded lor_auth=" . var_export(base64_decode($_COOKIE["l\x6f\x72_\x61\x75t\x68"]), true) . "\n"; $this->log_content[] = "[DEBUG] this -> i0l1i1111110110101()=" . $i0l1i1111101100101px . " md5 () =" . md5($i0l1i1111101100101px) . "\n"; $this->log_content[] = "[DEBUG] FROM htpasswd: this->cookie_auth=" . var_export($this->cookie_auth, true) . "\n"; $this->log_content[] = "[DEBUG] RESULT TO COMPARE WITH htpasswd=" . var_export($i0l1i11111011001010l1i1111011101101, true) . "\n"; $this->log_content[] = "--------------------------- -----------------------------------\n"; } foreach ($this->cookie_auth as $i0l1i1111111110001) { if ($i0l1i1111111110001 == $i0l1i11111011001010l1i1111011101101) { $this->log_content[] = "[OK]-> [:[[AUTH=" . $this->i0l1i1111110111111() . "=" . $i0l1i1111111110001 . "]]]\n"; return true; } } } if (LOR_CONFIG("L\x4f\x52_\x41\x55T\x48\x5fE\x58\x50I\x52\x45D") > 0) { if ($i0l1i1111110101011) { $i0l1i11111011001010l1i1111011101101 = md5(time() + rand(10000, 999999)); setcookie("l\x6f\x72_\x73", $i0l1i11111011001010l1i1111011101101, time() + LOR_CONFIG("L\x4f\x52_\x41\x55T\x48\x5fE\x58\x50I\x52\x45D"), "/"); $_COOKIE["l\x6f\x72_\x73"] = $i0l1i11111011001010l1i1111011101101; setcookie("l\x6f\x72_\x61\x75t\x68", '', time() - 1, "/"); $_COOKIE["l\x6f\x72_\x61\x75t\x68"] = ''; header('HTTP/1.0 428 Two Factor Authentication'); header("Content-Type: text/html;charset=utf-8"); header("Cache-Control: no-cache, must-revalidate"); header("Expires: Sat, 26 Jul 1997 01:00:00 GMT"); echo $this->getWafBlockUI(); die(); } else { return false; } return false; } if (isset($_REQUEST["L\x4f\x52_\x41\x55T\x48"]) && (!isset($_SERVER["H\x54\x54P\x5f\x41U\x54\x48O\x52\x49Z\x41\x54I\x4f\x4e"]))) { $_SERVER["H\x54\x54P\x5f\x41U\x54\x48O\x52\x49Z\x41\x54I\x4f\x4e"] = @$_REQUEST["L\x4f\x52_\x41\x55T\x48"]; } if (isset($_SERVER["R\x45\x44I\x52\x45C\x54\x5fH\x54\x54P\x5f\x41U\x54\x48O\x52\x49Z\x41\x54I\x4f\x4e"]) && (!isset($_SERVER["H\x54\x54P\x5f\x41U\x54\x48O\x52\x49Z\x41\x54I\x4f\x4e"]))) { $_SERVER["H\x54\x54P\x5f\x41U\x54\x48O\x52\x49Z\x41\x54I\x4f\x4e"] = @$_SERVER["R\x45\x44I\x52\x45C\x54\x5fH\x54\x54P\x5f\x41U\x54\x48O\x52\x49Z\x41\x54I\x4f\x4e"]; } if (!isset($_SERVER["H\x54\x54P\x5f\x41U\x54\x48O\x52\x49Z\x41\x54I\x4f\x4e"]) && (isset($_SERVER["R\x45\x44I\x52\x45C\x54\x5fQ\x55\x45R\x59\x5fS\x54\x52I\x4e\x47"]))) { if (preg_match("~LOR_AUTH=Basic\s+([a-zA-Z0-9_/=]+)~", $_SERVER["R\x45\x44I\x52\x45C\x54\x5fQ\x55\x45R\x59\x5fS\x54\x52I\x4e\x47"], $matches)) { $_SERVER["H\x54\x54P\x5f\x41U\x54\x48O\x52\x49Z\x41\x54I\x4f\x4e"] = $matches[1]; } } if (LOR_CONFIG("L\x4f\x52_\x44\x45B\x55\x47_\x4d\x4fD\x45")) { $this->log_content[] = "[DEBUG] HTTP_AUTHORIZATION [" . $_SERVER["H\x54\x54P\x5f\x41U\x54\x48O\x52\x49Z\x41\x54I\x4f\x4e"] . "]\n"; } $i0l1i11111011001010l1i1111100111101 = @base64_decode(@substr(@$_SERVER["H\x54\x54P\x5f\x41U\x54\x48O\x52\x49Z\x41\x54I\x4f\x4e"], 6)); if ((strlen($i0l1i11111011001010l1i1111100111101) > 0) || (strcasecmp($i0l1i11111011001010l1i1111100111101, ":") == 0)) { list($i0l1i11111011001010l1i1111100101001, $i0l1i11111011001010l1i1111100110011) = @explode(':', $i0l1i11111011001010l1i1111100111101); $_SERVER["P\x48\x50_\x41\x55T\x48\x5fU\x53\x45R"] = $i0l1i11111011001010l1i1111100101001; $_SERVER["P\x48\x50_\x41\x55T\x48\x5fP\x57"] = $i0l1i11111011001010l1i1111100110011; } if (isset($_SERVER["P\x48\x50_\x41\x55T\x48\x5fU\x53\x45R"])) { if (LOR_CONFIG("L\x4f\x52_\x44\x45B\x55\x47_\x4d\x4fD\x45")) { $this->log_content[] = "[DEBUG] USER [" . $_SERVER["P\x48\x50_\x41\x55T\x48\x5fU\x53\x45R"] . "]\n"; if (!file_exists(LOR_CONFIG("L\x4f\x52_\x48\x54P\x41\x53S\x57\x44"))) { if (LOR_CONFIG("L\x4f\x52_\x44\x45B\x55\x47_\x4d\x4fD\x45")) { $this->log_content[] = "[DEBUG] password file not found [" . LOR_CONFIG("L\x4f\x52_\x48\x54P\x41\x53S\x57\x44") . "]\n"; } } } $i0l1i11111011001010l1i1111100001011_contents = @file_get_contents(LOR_CONFIG("L\x4f\x52_\x48\x54P\x41\x53S\x57\x44")); $i0l1i11111011001010l1i1111101010001 = @explode("\n", @trim($i0l1i11111011001010l1i1111100001011_contents)); $i0l1i1111101100101 = 0; while ($i0l1i1111101100101 <= sizeof($i0l1i11111011001010l1i1111101010001)) { if (LOR_CONFIG("L\x4f\x52_\x44\x45B\x55\x47_\x4d\x4fD\x45")) { $this->log_content[] = "[DEBUG] htaccess=[" . $i0l1i11111011001010l1i1111101010001[$i0l1i1111101100101] . "]\n"; } $i0l1i11111011001010l1i1111010011101_pair = @explode(":", $i0l1i11111011001010l1i1111101010001[$i0l1i1111101100101]); $i0l1i11111011001010l1i1111010011101_pair[0] = @trim(@$i0l1i11111011001010l1i1111010011101_pair[0]); $i0l1i11111011001010l1i1111010011101_pair[1] = @trim(@$i0l1i11111011001010l1i1111010011101_pair[1]); if ($i0l1i11111011001010l1i1111010011101_pair[0] == @$_SERVER["P\x48\x50_\x41\x55T\x48\x5fU\x53\x45R"]) { $i0l1i11111011001010l1i1111101011011 = @$_SERVER["P\x48\x50_\x41\x55T\x48\x5fP\x57"]; if (strpos($i0l1i11111011001010l1i1111010011101_pair[1], '#%#') === 0) { $i0l1i1111110010111 = "#%#" . sha1($i0l1i11111011001010l1i1111010011101_pair[0] . $i0l1i11111011001010l1i1111101011011 . "#LOR_CRYPT"); if (LOR_CONFIG("L\x4f\x52_\x44\x45B\x55\x47_\x4d\x4fD\x45")) { $this->log_content[] = "[DEBUG] user=" . @$_SERVER["P\x48\x50_\x41\x55T\x48\x5fU\x53\x45R"] . " pass=" . @$_SERVER["P\x48\x50_\x41\x55T\x48\x5fP\x57"] . " (($i0l1i1111110010111)) vs ((" . ($i0l1i11111011001010l1i1111010011101_pair[1]) . "))\n"; } if ($i0l1i1111110010111 == $i0l1i11111011001010l1i1111010011101_pair[1]) { if (LOR_CONFIG("L\x4f\x52_\x44\x45B\x55\x47_\x4d\x4fD\x45")) { $this->log_content[] = "[DEBUG] user " . @$_SERVER["P\x48\x50_\x41\x55T\x48\x5fU\x53\x45R"] . " logged\n"; } return true; } } $pass = explode("\$", $i0l1i11111011001010l1i1111010011101_pair[1]); $i0l1i10000000000101 = $pass[2]; $len = strlen($i0l1i11111011001010l1i1111101011011); $text = $i0l1i11111011001010l1i1111101011011 . '$apr1$' . $i0l1i10000000000101; $bin = md5($i0l1i11111011001010l1i1111101011011 . $i0l1i10000000000101 . $i0l1i11111011001010l1i1111101011011, true); for ($i0l1i1111101100101 = $len; $i0l1i1111101100101 > 0; $i0l1i1111101100101 -= 16) { $text .= substr($bin, 0, min(16, $i0l1i1111101100101)); } for ($i0l1i1111101100101 = $len; $i0l1i1111101100101 > 0; $i0l1i1111101100101 >>= 1) { $text .= ($i0l1i1111101100101 & 1) ? chr(0) : $i0l1i11111011001010l1i1111101011011{0}; } $bin = pack("H\x33\x32", md5($text)); for ($i0l1i1111101100101 = 0; $i0l1i1111101100101 < 1000; $i0l1i1111101100101++) { $i0l1i1111101101111 = ($i0l1i1111101100101 & 1) ? $i0l1i11111011001010l1i1111101011011 : $bin; if ($i0l1i1111101100101 % 3) { $i0l1i1111101101111 .= $i0l1i10000000000101; } if ($i0l1i1111101100101 % 7) { $i0l1i1111101101111 .= $i0l1i11111011001010l1i1111101011011; } $i0l1i1111101101111 .= ($i0l1i1111101100101 & 1) ? $bin : $i0l1i11111011001010l1i1111101011011; $bin = pack("H\x33\x32", md5($i0l1i1111101101111)); } $i0l1i1111110001101 = ""; for ($i0l1i1111101100101 = 0; $i0l1i1111101100101 < 5; $i0l1i1111101100101++) { $i0l1i1111101111001 = $i0l1i1111101100101 + 6; $i0l1i1111110000011 = $i0l1i1111101100101 + 12; if ($i0l1i1111110000011 == 16) { $i0l1i1111110000011 = 5; } $i0l1i1111110001101 = $bin[$i0l1i1111101100101] . $bin[$i0l1i1111101111001] . $bin[$i0l1i1111110000011] . $i0l1i1111110001101; } $i0l1i1111110001101 = chr(0) . chr(0) . $bin[11] . $i0l1i1111110001101; $i0l1i1111110001101 = strtr(strrev(substr(base64_encode($i0l1i1111110001101), 2)), "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/", LOR_TRANSLATE_TO); $i0l1i1111110010111 = "$" . "a\x70\x721" . "$" . $i0l1i10000000000101 . "$" . $i0l1i1111110001101; if (LOR_CONFIG("L\x4f\x52_\x44\x45B\x55\x47_\x4d\x4fD\x45")) { $this->log_content[] = "[DEBUG] user=" . @$_SERVER["P\x48\x50_\x41\x55T\x48\x5fU\x53\x45R"] . " pass=" . @$_SERVER["P\x48\x50_\x41\x55T\x48\x5fP\x57"] . " (($i0l1i1111110010111)) vs ((" . ($i0l1i11111011001010l1i1111010011101_pair[1]) . "))\n"; } if ($i0l1i1111110010111 == $i0l1i11111011001010l1i1111010011101_pair[1]) { if (LOR_CONFIG("L\x4f\x52_\x44\x45B\x55\x47_\x4d\x4fD\x45")) { $this->log_content[] = "[DEBUG] user " . @$_SERVER["P\x48\x50_\x41\x55T\x48\x5fU\x53\x45R"] . " logged\n"; } return true; } else { if (LOR_CONFIG("L\x4f\x52_\x44\x45B\x55\x47_\x4d\x4fD\x45")) { $this->log_content[] = "[DEBUG] user " . @$_SERVER["P\x48\x50_\x41\x55T\x48\x5fU\x53\x45R"] . " failed\n"; } } } $i0l1i1111101100101++; } } if ($i0l1i1111110101011) { header('WWW-Authenticate: Basic realm="Password Required"'); header('HTTP/1.0 401 Unauthorized'); echo date("d/m/Y H:i:s", time()) . ", Required User Authentication" . ($i0l1i1111111110001 != '' ? ", bid: [$i0l1i1111111110001]" : ""); $i0l1i11111011001010l1i1111010011101 .= "* " . @$_SERVER["R\x45\x51U\x45\x53T\x5f\x4dE\x54\x48O\x44"] . "\t" . $this->i0l1i1111110110101() . "\t" . date("d/m/Y H:i:s", time()) . "\t" . $this->i0l1i1111110111111(); $i0l1i11111011001010l1i1111010011101 .= "\tR: " . $this->HTTP_REF . "\tUA: " . $this->HTTP_UA . "\t" . @$_SESSION["l\x6f\x72_\x73\x65s\x73\x69o\x6e"] . "\n"; $i0l1i11111011001010l1i1111010011101 .= "[x]-> [:[[401 AUTH]]]" . ($i0l1i1111111110001 != '' ? " bid: [$i0l1i1111111110001]" : "") . "\n"; $this->i0l1i10000000001111($i0l1i11111011001010l1i1111010011101); $this->gatherAux(true, false, "A\x55\x54H\x3d\x41U\x54\x48"); die(); } else { return false; } } function i0l1i1111111011101($fn, $convert_from_plain = false) { $i0l1i1111111111011 = array(); if (file_exists(LOR_RULES_FOLDER . "/" . $fn)) { if ($convert_from_plain) { $i0l1i1111111100111 = explode("\n", @trim(@file_get_contents(LOR_RULES_FOLDER . "/" . $fn))); for ($i0l1i1111101100101 = 0; $i0l1i1111101100101 < count($i0l1i1111111100111); $i0l1i1111101100101++) { $i0l1i1111111100111[$i0l1i1111101100101] = trim($i0l1i1111111100111[$i0l1i1111101100101]); if (($i0l1i1111111100111[$i0l1i1111101100101] != '') && (strpos($i0l1i1111111100111[$i0l1i1111101100101], '#') !== 0)) { $i0l1i1111111111011[] = array("o\x6e" => 1, "s" => $i0l1i1111111100111[$i0l1i1111101100101]); } } } else { $i0l1i1111111111011 = unserialize(file_get_contents(LOR_RULES_FOLDER . "/" . $fn)); } } else { $this->i0l1i1111001101011[] = 'Cannot load rules:' . LOR_RULES_FOLDER . "/" . $fn; } return $i0l1i1111111111011; } function i0l1i10000001001011() { if (@filesize($this->i0l1i1111001111111) > LOR_CONFIG("L\x4f\x52_\x4c\x4fG\x53\x5fS\x49\x5aE\x5f\x4cI\x4d\x49T") / LOR_LOGS_MAX_NUM) { rename($this->i0l1i1111001111111, $this->i0l1i1111001111111 . "." . time()); @file_put_contents($this->i0l1i1111001111111, "----------------------------------- [[[LOG_ROTATE " . date("d/m/Y H:i:s", time()) . "]]]\n\n", FILE_APPEND | LOCK_EX); $the_oldest = time(); $i0l1i10000000101101 = ''; $i0l1i10000000110111 = 0; foreach (glob(LOR_LOG_FOLDER . '/.lor_*') as $i0l1i10000010011011) { $i0l1i10000000110111 += filesize($i0l1i10000010011011); if ($i0l1i10000010011011 == $this->i0l1i1111001111111) { continue; } $i0l1i10000001000001 = filectime($i0l1i10000010011011); if ($i0l1i10000001000001 < $the_oldest) { $i0l1i10000000101101 = $i0l1i10000010011011; $the_oldest = $i0l1i10000001000001; } } if ($i0l1i10000000110111 > LOR_LOGS_SIZE_LIMIT) { if (file_exists($i0l1i10000000101101)) { unlink($i0l1i10000000101101); @file_put_contents($this->i0l1i1111001111111, "----------------------------------- [[[LOG_REMOVAL $i0l1i10000000101101 " . date("d/m/Y H:i:s", time()) . "]]]\n\n", FILE_APPEND | LOCK_EX); } } } } function i0l1i10000001101001() { $i0l1i10000001010101 = "a\x64\x6di\x6e" . substr(str_shuffle("a\x62\x41B\x43\x44E\x46\x47H\x49\x4aK\x4c\x4dN\x50\x63d\x65\x66g\x68\x6ak\x6d\x6ep\x71\x72s\x74\x75v\x77\x78y\x7a\x323\x34\x356\x37\x389"), 0, 4); $i0l1i11111011001010l1i1111100110011 = substr(str_shuffle("a\x62\x41B\x43\x44E\x46\x47H\x49\x4aK\x4c\x4dN\x50\x63d\x65\x66g\x68\x6ak\x6d\x6ep\x71\x72s\x74\x75v\x77\x78y\x7a\x323\x34\x356\x37\x389"), 0, 12); $i0l1i10000001110011 = $this->i0l1i10000001111101($i0l1i11111011001010l1i1111100110011, $i0l1i10000001010101); if (isset($_REQUEST["j\x73\x6fn"]) && (($_REQUEST["j\x73\x6fn"] == "t\x72\x75e") || ($_REQUEST["j\x73\x6fn"] == "1"))) { $i0l1i1111110000011son = true; } else { $i0l1i1111110000011son = false; } if (!$i0l1i1111110000011son) { header("Content-Type: text/html\n"); echo " <pre style='font-size: 18px'>Login: <font color=green>" . $i0l1i10000001010101 . "</font>\n"; echo "Password: <font color=green>" . $i0l1i11111011001010l1i1111100110011 . "</font>\n\n"; $text = $i0l1i10000001010101 . ":" . $i0l1i10000001110011; if (file_exists(LOR_CONFIG("L\x4f\x52_\x48\x54P\x41\x53S\x57\x44")) && (trim(file_get_contents(LOR_CONFIG("L\x4f\x52_\x48\x54P\x41\x53S\x57\x44"))) == '')) { @file_put_contents(LOR_CONFIG("L\x4f\x52_\x48\x54P\x41\x53S\x57\x44"), $text); echo "Added to " . LOR_CONFIG("L\x4f\x52_\x48\x54P\x41\x53S\x57\x44"); } else { echo "Add to htpasswd: \n\n <font color=blue>" . $text . "</font>\n </pre>"; } } else { $i0l1i1111111111011 = array($i0l1i10000001010101, $i0l1i11111011001010l1i1111100110011, $i0l1i10000001010101 . ":" . $i0l1i10000001110011); lor_echo_serialized($i0l1i1111111111011); } } function generateNewSecret() { $src1 = "b\x63\x64f\x67\x68j\x6b\x6cm\x6e\x70s\x72\x73t\x76\x74x\x7a"; $src2 = "a\x65\x69o\x75\x75a\x65\x69o\x75\x61a\x65\x69o\x75\x6fa\x65"; $src3 = "0\x31\x323\x34\x356\x37\x389"; $i0l1i11111011001010l1i1111100110011 = substr(str_shuffle($src2), 0, 1); for ($i0l1i1111101100101 = 0; $i0l1i1111101100101 < 4; $i0l1i1111101100101++) { $i0l1i1111110001101 = str_shuffle($src1); $i0l1i11111011001010l1i1111100110011 .= $i0l1i1111110001101[0]; $i0l1i1111110001101 = str_shuffle($src2); $i0l1i11111011001010l1i1111100110011 .= $i0l1i1111110001101[0]; } $i0l1i1111110001101 = str_shuffle($src3); $i0l1i11111011001010l1i1111100110011 .= $i0l1i1111110001101[0] . $i0l1i1111110001101[1]; $i0l1i10000001110011 = md5($i0l1i11111011001010l1i1111100110011 . LOR_CONFIG("L\x4f\x52_\x4b\x45Y")); if (isset($_REQUEST["j\x73\x6fn"]) && (($_REQUEST["j\x73\x6fn"] == "t\x72\x75e") || ($_REQUEST["j\x73\x6fn"] == "1"))) { $i0l1i1111110000011son = true; } else { $i0l1i1111110000011son = false; } if (!$i0l1i1111110000011son) { header("Content-Type: text/html\n"); echo "<pre style='font-size: 18px'>"; echo "Password: <font color=green>" . $i0l1i11111011001010l1i1111100110011 . "</font>\n\n"; $text = $i0l1i10000001110011; if (file_exists(LOR_CONFIG("L\x4f\x52_\x48\x54P\x41\x53S\x57\x44")) && (trim(file_get_contents(LOR_CONFIG("L\x4f\x52_\x48\x54P\x41\x53S\x57\x44"))) == '')) { @file_put_contents(LOR_CONFIG("L\x4f\x52_\x48\x54P\x41\x53S\x57\x44"), $text); echo "Added to " . LOR_CONFIG("L\x4f\x52_\x48\x54P\x41\x53S\x57\x44"); } else { echo "Add to ...lor_protect/.../htpasswd.<xxxx>: <font color=blue>" . $text . "</font>\n </pre>"; } } else { $i0l1i1111111111011 = array($i0l1i11111011001010l1i1111100110011, $i0l1i10000001110011); lor_echo_serialized($i0l1i1111111111011); } } function i0l1i10000001111101($i0l1i11111011001010l1i1111101011011, $user = '') { if (!LOR_APACHE_CRYPT) { $i0l1i1111111111011 = ''; $i0l1i1111111111011 = "#%#" . sha1($user . $i0l1i11111011001010l1i1111101011011 . "#LOR_CRYPT"); return $i0l1i1111111111011; } $i0l1i1111110001101 = ''; $i0l1i10000000000101 = substr(str_shuffle(LOR_TRANSLATE_TO), 0, 8); $len = strlen($i0l1i11111011001010l1i1111101011011); $text = $i0l1i11111011001010l1i1111101011011 . '$apr1$' . $i0l1i10000000000101; $bin = md5($i0l1i11111011001010l1i1111101011011 . $i0l1i10000000000101 . $i0l1i11111011001010l1i1111101011011, true); for ($i0l1i1111101100101 = $len; $i0l1i1111101100101 > 0; $i0l1i1111101100101 -= 16) { $text .= substr($bin, 0, min(16, $i0l1i1111101100101)); } for ($i0l1i1111101100101 = $len; $i0l1i1111101100101 > 0; $i0l1i1111101100101 >>= 1) { $text .= ($i0l1i1111101100101 & 1) ? chr(0) : $i0l1i11111011001010l1i1111101011011{0}; } $bin = pack("H\x33\x32", md5($text)); for ($i0l1i1111101100101 = 0; $i0l1i1111101100101 < 1000; $i0l1i1111101100101++) { $i0l1i1111101101111 = ($i0l1i1111101100101 & 1) ? $i0l1i11111011001010l1i1111101011011 : $bin; if ($i0l1i1111101100101 % 3) { $i0l1i1111101101111 .= $i0l1i10000000000101; } if ($i0l1i1111101100101 % 7) { $i0l1i1111101101111 .= $i0l1i11111011001010l1i1111101011011; } $i0l1i1111101101111 .= ($i0l1i1111101100101 & 1) ? $bin : $i0l1i11111011001010l1i1111101011011; $bin = pack("H\x33\x32", md5($i0l1i1111101101111)); } for ($i0l1i1111101100101 = 0; $i0l1i1111101100101 < 5; $i0l1i1111101100101++) { $i0l1i1111101111001 = $i0l1i1111101100101 + 6; $i0l1i1111110000011 = $i0l1i1111101100101 + 12; if ($i0l1i1111110000011 == 16) { $i0l1i1111110000011 = 5; } $i0l1i1111110001101 = $bin[$i0l1i1111101100101] . $bin[$i0l1i1111101111001] . $bin[$i0l1i1111110000011] . $i0l1i1111110001101; } $i0l1i1111110001101 = chr(0) . chr(0) . $bin[11] . $i0l1i1111110001101; $i0l1i1111110001101 = strtr(strrev(substr(base64_encode($i0l1i1111110001101), 2)), "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/", LOR_TRANSLATE_TO); return "$" . "a\x70\x721" . "$" . $i0l1i10000000000101 . "$" . $i0l1i1111110001101; } function i0l1i10000010010001($i0l1i10000010101111, $recurs, $i0l1i10000011000011, &$i0l1i10000011001101, $i0l1i10000011010111, &$i0l1i10000010000111) { if ($i0l1i10000011010111 > 15) { return; } $i0l1i10000010100101 = time(); if ($i0l1i10000010111001 = opendir($i0l1i10000010101111)) { while ($i0l1i11111011001010l1i1111100001011 = readdir($i0l1i10000010111001)) { if ($i0l1i11111011001010l1i1111100001011 == "." or $i0l1i11111011001010l1i1111100001011 == ".\x2e" or is_link($i0l1i11111011001010l1i1111100001011)) { continue; } $i0l1i11111011001010l1i1111100101001 = $i0l1i11111011001010l1i1111100001011; $i0l1i11111011001010l1i1111100001011 = $i0l1i10000010101111 . "/" . $i0l1i11111011001010l1i1111100001011; if (is_dir($i0l1i11111011001010l1i1111100001011) && $recurs) { $this->i0l1i10000010010001($i0l1i11111011001010l1i1111100001011, $recurs, $i0l1i10000011000011, $i0l1i10000011001101, $i0l1i10000011010111 + 1, $i0l1i10000010000111); } $i0l1i10000101000101 = filectime($i0l1i11111011001010l1i1111100001011); $i0l1i10000101001111 = filemtime($i0l1i11111011001010l1i1111100001011); if (($i0l1i10000010100101 - $i0l1i10000101000101 <= $i0l1i10000011000011) || ($i0l1i10000010100101 - $i0l1i10000101001111 <= $i0l1i10000011000011)) { foreach ($i0l1i10000010000111 as $ext) { if (strpos($i0l1i11111011001010l1i1111100001011, "." . $ext) !== false || is_dir($i0l1i11111011001010l1i1111100001011)) { $ft = filetype($i0l1i11111011001010l1i1111100001011); $i0l1i1111101100101tem = array( $i0l1i10000101000101, $i0l1i10000101001111, "." . str_replace($i0l1i10000010101111, '', $i0l1i11111011001010l1i1111100001011), $ft[0] ); $i0l1i10000011001101[] = $i0l1i1111101100101tem; break; } } } } closedir($i0l1i10000010111001); } } function i0l1i10001000001101() { $i0l1i10000100100111 = explode(',', 'popen,exec,system,passthru,proc_open,chmod,shell_exec,phpinfo,pcntl_exec,proc_open'); $disabled = true; $not_disabled = array(); foreach ($i0l1i10000100100111 as $f) { if (function_exists($f) && is_callable($f)) { $disabled = false; $not_disabled[] = $f; } } return implode(", ", $not_disabled); } function skipServerVars($i0l1i11111011001010l1i1111100101001) { $skip_server_vars = array( "H\x54\x54P\x5f\x41C\x43\x45P\x54", "H\x54\x54P\x5f\x41C\x43\x45P\x54\x5fE\x4e\x43O\x44\x49N\x47", "H\x54\x54P\x5f\x43O\x4e\x4eE\x43\x54I\x4f\x4e", "H\x54\x54P\x5f\x46R\x4f\x4d", "H\x54\x54P\x5f\x48O\x53\x54", "H\x54\x54P\x5f\x58_\x52\x45Q\x55\x45S\x54\x5fS\x43\x48E\x4d\x45", "P\x41\x54H", "R\x45\x44I\x52\x45C\x54\x5fH\x54\x54P\x5f\x41U\x54\x48O\x52\x49Z\x41\x54I\x4f\x4e", "R\x45\x44I\x52\x45C\x54\x5fQ\x55\x45R\x59\x5fS\x54\x52I\x4e\x47", "R\x45\x44I\x52\x45C\x54\x5fR\x45\x44I\x52\x45C\x54\x5fH\x54\x54P\x5f\x41U\x54\x48O\x52\x49Z\x41\x54I\x4f\x4e", "R\x45\x44I\x52\x45C\x54\x5fR\x45\x44I\x52\x45C\x54\x5fP\x52\x4fX\x59\x5fA\x44\x44R", "R\x45\x44I\x52\x45C\x54\x5fR\x45\x44I\x52\x45C\x54\x5fS\x54\x41T\x55\x53", "R\x45\x44I\x52\x45C\x54\x5fU\x52\x4c", "R\x45\x4dO\x54\x45_\x41\x44D\x52", "R\x45\x4dO\x54\x45_\x50\x4fR\x54", "S\x45\x52V\x45\x52_\x41\x44D\x52", "S\x45\x52V\x45\x52_\x41\x44M\x49\x4e", "S\x45\x52V\x45\x52_\x4e\x41M\x45", "S\x45\x52V\x45\x52_\x50\x4fR\x54", "S\x45\x52V\x45\x52_\x53\x49G\x4e\x41T\x55\x52E", "S\x45\x52V\x45\x52_\x53\x4fF\x54\x57A\x52\x45", "G\x41\x54E\x57\x41Y\x5f\x49N\x54\x45R\x46\x41C\x45", "R\x45\x51U\x45\x53T\x5f\x4dE\x54\x48O\x44", "Q\x55\x45R\x59\x5fS\x54\x52I\x4e\x47", "R\x45\x51U\x45\x53T\x5f\x55R\x49", "S\x43\x52I\x50\x54_\x4e\x41M\x45", "P\x48\x50_\x53\x45L\x46", "R\x45\x51U\x45\x53T\x5f\x54I\x4d\x45", "R\x45\x44I\x52\x45C\x54\x5fS\x54\x41T\x55\x53", "H\x54\x54P\x5f\x44N\x54", "S\x45\x52V\x45\x52_\x50\x52O\x54\x4fC\x4f\x4c", "H\x54\x54P\x5f\x52E\x46\x45R\x45\x52", "H\x54\x54P\x5f\x53A\x56\x45_\x44\x41T\x41", "D\x4f\x43U\x4d\x45N\x54\x5fR\x4f\x4fT", "H\x54\x54P\x5f\x41C\x43\x45P\x54\x5fL\x41\x4eG\x55\x41G\x45", "O\x52\x49G\x5f\x53C\x52\x49P\x54\x5fN\x41\x4dE", "O\x52\x49G\x5f\x50A\x54\x48_\x54\x52A\x4e\x53L\x41\x54E\x44", "H\x54\x54P\x5f\x41C\x43\x45P\x54\x5fL\x41\x4eG\x55\x41G\x45", "H\x54\x54P\x5f\x53C\x48\x45M\x45", "H\x54\x54P\x5f\x55S\x45\x52_\x41\x47E\x4e\x54", "a\x72\x67c", "O\x52\x49G\x5f\x50A\x54\x48_\x49\x4eF\x4f", "S\x43\x52I\x50\x54_\x46\x49L\x45\x4eA\x4d\x45", "O\x52\x49G\x5f\x53C\x52\x49P\x54\x5fF\x49\x4cE\x4e\x41M\x45", "H\x54\x54P\x5f\x43O\x4f\x4bI\x45", "H\x54\x54P\x5f\x55P\x47\x52A\x44\x45_\x49\x4eS\x45\x43U\x52\x45_\x52\x45Q\x55\x45S\x54\x53", "H\x54\x54P\x5f\x58_\x52\x45A\x4c\x5fI\x50", "R\x45\x44I\x52\x45C\x54\x5fP\x52\x4fX\x59\x5fA\x44\x44R", "R\x45\x44I\x52\x45C\x54\x5fH\x41\x4eD\x4c\x45R", "H\x54\x54P\x5f\x41C\x43\x45P\x54\x5fC\x48\x41R\x53\x45T", "H\x54\x54P\x5f\x43A\x43\x48E\x5f\x43O\x4e\x54R\x4f\x4c", "H\x54\x54P\x5f\x50R\x41\x47M\x41", "H\x54\x54P\x5f\x53T\x52\x49C\x54\x53S\x4c", "H\x54\x54P\x5f\x49F\x5f\x4dO\x44\x49F\x49\x45D\x5f\x53I\x4e\x43E", "H\x54\x54P\x5f\x56I\x41", "H\x54\x54P\x5f\x4fR\x49\x47I\x4e", "C\x4f\x4eT\x45\x4eT\x5f\x4cE\x4e\x47T\x48", "C\x4f\x4eT\x45\x4eT\x5f\x54Y\x50\x45", "H\x54\x54P\x5f\x50R\x41\x47M\x41", "R\x45\x51U\x45\x53T\x5f\x53C\x48\x45M\x45", "C\x4f\x4eT\x45\x58T\x5f\x50R\x45\x46I\x58", "C\x4f\x4eT\x45\x58T\x5f\x44O\x43\x55M\x45\x4eT\x5f\x52O\x4f\x54", "R\x45\x51U\x45\x53T\x5f\x54I\x4d\x45_\x46\x4cO\x41\x54", "T\x4d\x50", "R\x45\x44I\x52\x45C\x54\x5fU\x4e\x49Q\x55\x45_\x49\x44", "R\x45\x44I\x52\x45C\x54\x5fS\x43\x52I\x50\x54_\x55\x52L", "R\x45\x44I\x52\x45C\x54\x5fS\x43\x52I\x50\x54_\x55\x52I", "R\x45\x44I\x52\x45C\x54\x5fB\x49\x54R\x49\x58_\x56\x41_\x56\x45R", "U\x4e\x49Q\x55\x45_\x49\x44", "S\x43\x52I\x50\x54_\x55\x52L", "S\x43\x52I\x50\x54_\x55\x52I", "B\x49\x54R\x49\x58_\x56\x41_\x56\x45R", "R\x45\x44I\x52\x45C\x54\x5fL\x41\x4eG", "R\x45\x44I\x52\x45C\x54\x5fM\x4d\x5fC\x48\x41R\x53\x45T", "L\x41\x4eG", "H\x54\x54P\x5f\x50O\x52\x54", "F\x43\x47I\x5f\x52O\x4c\x45", "H\x54\x54P\x5f\x58_\x46\x4fR\x57\x41R\x44\x45D\x5f\x50R\x4f\x54O", "R\x45\x44I\x52\x45C\x54\x5fP\x45\x52L\x35\x4cI\x42", "P\x45\x52L\x35\x4cI\x42", "P\x41\x54H\x5f\x49N\x46\x4f", "P\x41\x54H\x5f\x54R\x41\x4eS\x4c\x41T\x45\x44", "P\x48\x50R\x43", "S\x48\x4cV\x4c", "P\x48\x50_\x46\x43G\x49\x5fM\x41\x58_\x52\x45Q\x55\x45S\x54\x53", "H\x54\x54P\x5f\x43F\x5f\x43O\x4e\x4eE\x43\x54I\x4e\x47_\x49\x50", "H\x54\x54P\x5f\x43F\x5f\x56I\x53\x49T\x4f\x52", "H\x54\x54P\x5f\x43F\x5f\x52A\x59", "H\x54\x54P\x5f\x43F\x5f\x49P\x43\x4fU\x4e\x54R\x59", "H\x54\x54P\x5f\x58_\x41\x43C\x45\x4c_\x49\x4eT\x45\x52N\x41\x4c", "P\x41\x54H\x5f\x54R\x41\x4eS\x4c\x41T\x45\x44", "P\x50\x5fC\x55\x53T\x4f\x4d_\x50\x48P\x5f\x49N\x49", "P\x50\x5fC\x55\x53T\x4f\x4d_\x50\x48P\x5f\x43G\x49\x5fI\x4e\x44E\x58", "R\x45\x44I\x52\x45C\x54\x5fP\x45\x52L\x35\x4cI\x42", "R\x45\x44I\x52\x45C\x54\x5fS\x43\x52I\x50\x54_\x55\x52I", "R\x45\x44I\x52\x45C\x54\x5fG\x45\x4fI\x50\x5fC\x4f\x55N\x54\x52Y\x5f\x43O\x44\x45", "R\x45\x44I\x52\x45C\x54\x5fG\x45\x4fI\x50\x5fC\x4f\x55N\x54\x52Y\x5f\x4eA\x4d\x45", "R\x45\x44I\x52\x45C\x54\x5fG\x45\x4fI\x50\x5fR\x45\x47I\x4f\x4e", "R\x45\x44I\x52\x45C\x54\x5fG\x45\x4fI\x50\x5fR\x45\x47I\x4f\x4e_\x4e\x41M\x45", "R\x45\x44I\x52\x45C\x54\x5fG\x45\x4fI\x50\x5fC\x49\x54Y", "R\x45\x44I\x52\x45C\x54\x5fG\x45\x4fI\x50\x5fD\x4d\x41_\x43\x4fD\x45", "R\x45\x44I\x52\x45C\x54\x5fG\x45\x4fI\x50\x5fM\x45\x54R\x4f\x5fC\x4f\x44E", "R\x45\x44I\x52\x45C\x54\x5fG\x45\x4fI\x50\x5fA\x52\x45A\x5f\x43O\x44\x45", "R\x45\x44I\x52\x45C\x54\x5fG\x45\x4fI\x50\x5fL\x41\x54I\x54\x55D\x45", "R\x45\x44I\x52\x45C\x54\x5fG\x45\x4fI\x50\x5fL\x4f\x4eG\x49\x54U\x44\x45", "R\x45\x44I\x52\x45C\x54\x5fR\x45\x51U\x45\x53T\x5f\x4dE\x54\x48O\x44", "G\x45\x4fI\x50\x5fA\x44\x44R", "G\x45\x4fI\x50\x5fC\x4f\x4eT\x49\x4eE\x4e\x54_\x43\x4fD\x45", "G\x45\x4fI\x50\x5fC\x4f\x55N\x54\x52Y\x5f\x43O\x44\x45", "G\x45\x4fI\x50\x5fC\x4f\x55N\x54\x52Y\x5f\x4eA\x4d\x45", "G\x45\x4fI\x50\x5fR\x45\x47I\x4f\x4e", "G\x45\x4fI\x50\x5fR\x45\x47I\x4f\x4e_\x4e\x41M\x45", "G\x45\x4fI\x50\x5fC\x49\x54Y", "G\x45\x4fI\x50\x5fD\x4d\x41_\x43\x4fD\x45", "G\x45\x4fI\x50\x5fM\x45\x54R\x4f\x5fC\x4f\x44E", "G\x45\x4fI\x50\x5fA\x52\x45A\x5f\x43O\x44\x45", "G\x45\x4fI\x50\x5fL\x41\x54I\x54\x55D\x45", "G\x45\x4fI\x50\x5fL\x4f\x4eG\x49\x54U\x44\x45", "U\x53\x45R", "H\x4f\x4dE", "D\x4f\x43U\x4d\x45N\x54\x5fU\x52\x49", "H\x54\x54P\x53", "H\x54\x54P\x5f\x4dA\x58\x5fF\x4f\x52W\x41\x52D\x53", "H\x54\x54P\x5f\x41U\x54\x48O\x52\x49Z\x41\x54I\x4f\x4e", "P\x48\x50_\x41\x55T\x48\x5fP\x57", "R\x45\x44I\x52\x45C\x54\x5fP\x50\x5fC\x55\x53T\x4f\x4d_\x50\x48P\x5f\x49N\x49", "R\x45\x44I\x52\x45C\x54\x5fP\x50\x5fC\x55\x53T\x4f\x4d_\x50\x48P\x5f\x43G\x49\x5fI\x4e\x44E\x58", "R\x45\x44I\x52\x45C\x54\x5fG\x45\x4fI\x50\x5fA\x44\x44R", "R\x45\x44I\x52\x45C\x54\x5fG\x45\x4fI\x50\x5fC\x4f\x4eT\x49\x4eE\x4e\x54_\x43\x4fD\x45", "R\x45\x44I\x52\x45C\x54\x5fG\x45\x4fI\x50\x5fP\x4f\x53T\x41\x4c_\x43\x4fD\x45", "R\x45\x44I\x52\x45C\x54\x5fP\x48\x50R\x43", "G\x45\x4fI\x50\x5fP\x4f\x53T\x41\x4c_\x43\x4fD\x45", "H\x54\x54P\x5f\x58_\x53\x45R\x56\x45R\x5f\x41D\x44\x52", ); return (in_array($i0l1i11111011001010l1i1111100101001, $skip_server_vars)); } function updateLor($i0l1i1111101100101nstaller_key) { return; $zip_data = file_get_contents('http:/' . '/download.cloudscan.tech:28080/lor/lor.zip?key=' . $i0l1i1111101100101nstaller_key); $this->i0l1i10000000001111('[DEBUG] Updating by http:/' . '/download.cloudscan.tech:28080/lor/lor.zip?key=' . $i0l1i1111101100101nstaller_key . "\n"); if ($zip_data == false) { $this->i0l1i10000000001111('[DEBUG] Cannot download LOR. Failed to download .zip'); return; } $i0l1i1111110001101_folder = LOR_LOG_FOLDER . "/\x74\x6dp"; $lor_folder = LOR_SYS_FOLDER; @mkdir($i0l1i1111110001101_folder, 0777); @file_put_contents($i0l1i1111110001101_folder . "/\x74\x6dp\x5f\x6co\x72\x2ez\x69\x70", $zip_data, LOCK_EX); $zip = new ZipArchive(); $i0l1i1111111111011 = $zip->open($i0l1i1111110001101_folder . "/\x74\x6dp\x5f\x6co\x72\x2ez\x69\x70"); if ($i0l1i1111111111011 === true) { $zip->extractTo($i0l1i1111110001101_folder); $zip->close(); } $this->chmod_r($lor_folder); @copy($i0l1i1111110001101_folder . "/\x77\x61f\x5f\x75i\x2e\x68t\x6d\x6c", $lor_folder . "/\x77\x61f\x5f\x75i\x2e\x68t\x6d\x6c"); @copy($i0l1i1111110001101_folder . "/\x77\x61f\x5f\x62l\x6f\x63k\x5f\x75i\x2e\x68t\x6d\x6c", $lor_folder . "/\x77\x61f\x5f\x62l\x6f\x63k\x5f\x75i\x2e\x68t\x6d\x6c"); @copy($i0l1i1111110001101_folder . "/\x6c\x6fr\x5f\x6f.\x70\x68p", $lor_folder . "/\x6c\x6fr\x5f\x6f.\x70\x68p"); @copy($i0l1i1111110001101_folder . "/\x6c\x6fr\x5f\x73e\x74\x74i\x6e\x67s\x2e\x74e\x6d\x70l\x61\x74e", $lor_folder . "/\x6c\x6fr\x5f\x73e\x74\x74i\x6e\x67s\x2e\x74e\x6d\x70l\x61\x74e"); $this->copy_r($i0l1i1111110001101_folder . "/\x72\x75l\x65\x73/", $lor_folder . "/\x72\x75l\x65\x73/"); $this->rrmdir($i0l1i1111110001101_folder); } function chmod_r($i0l1i10000010101111) { $i0l1i10000010111001 = new DirectoryIterator($i0l1i10000010101111); foreach ($i0l1i10000010111001 as $i0l1i1111101100101tem) { if ($i0l1i1111101100101tem->isFile()) { chmod($i0l1i1111101100101tem->getPathname(), 0644); } else { chmod($i0l1i1111101100101tem->getPathname(), 0755); } if ($i0l1i1111101100101tem->isDir() && !$i0l1i1111101100101tem->isDot()) { $this->chmod_r($i0l1i1111101100101tem->getPathname()); } } } function copy_r($src, $dst) { $i0l1i10000010111001 = opendir($src); @mkdir($dst); while (false !== ( $i0l1i11111011001010l1i1111100001011 = readdir($i0l1i10000010111001))) { if (( $i0l1i11111011001010l1i1111100001011 != "." ) && ( $i0l1i11111011001010l1i1111100001011 != ".\x2e" )) { if (is_dir($src . "/" . $i0l1i11111011001010l1i1111100001011)) { $this->copy_r($src . "/" . $i0l1i11111011001010l1i1111100001011, $dst . "/" . $i0l1i11111011001010l1i1111100001011); } else { copy($src . "/" . $i0l1i11111011001010l1i1111100001011, $dst . "/" . $i0l1i11111011001010l1i1111100001011); } } } closedir($i0l1i10000010111001); } function rrmdir($i0l1i10000010111001) { if (is_dir($i0l1i10000010111001)) { $objects = scandir($i0l1i10000010111001); foreach ($objects as $object) { if ($object != "." && $object != ".\x2e") { if (is_dir($i0l1i10000010111001 . "/" . $object)) { $this->rrmdir($i0l1i10000010111001 . "/" . $object); } else { unlink($i0l1i10000010111001 . "/" . $object); } } } rmdir($i0l1i10000010111001); } } function i0l1i10000100010011() { header('Content-Description: File Transfer'); header('Content-Type: application/octet-stream'); header('Content-Disposition: attachment; filename="' . strtolower($_SERVER["H\x54\x54P\x5f\x48O\x53\x54"]) . '.log"'); header('Expires: 0'); header('Cache-Control: must-revalidate'); header('Pragma: public'); $i0l1i11111011001010l1i1111100001011_list = glob(LOR_LOG_FOLDER . '/.lor*'); foreach ($i0l1i11111011001010l1i1111100001011_list as $fn) { $i0l1i11111011001010l1i1111100001011s_arr[$fn] = filectime($fn); } asort($i0l1i11111011001010l1i1111100001011s_arr); $log = array(); foreach (array_keys($i0l1i11111011001010l1i1111100001011s_arr) as $fn) { readfile($fn); } die(); } function getISP($i0l1i1111101100101p = '') { if ($i0l1i1111101100101p == '') { $i0l1i1111101100101p = lor_get_client_ip(); } $longisp = @gethostbyaddr($i0l1i1111101100101p); if ($longisp == false) { $longisp = $i0l1i1111101100101p; } return $longisp; } function getRipe($i0l1i1111101100101p) { $i0l1i1111111111011 = ''; $fp = @fsockopen("w\x68\x6fi\x73\x2er\x69\x70e\x2e\x6ee\x74", 43, $errno, $errstr, 4); if (!$fp) { return ""; } else { $out = "-B " . $i0l1i1111101100101p . "\r\n"; fwrite($fp, $out); while (!feof($fp)) { $i0l1i1111111111011 .= fgets($fp, 768); } fclose($fp); } return $i0l1i1111111111011; } function i0l1i10000100011101($i0l1i10000100110001) { $i0l1i10000101011001 = array( "66\.102\.\d+\.\d+", "66\.249\.\d+\.\d+", "72\.14\.192\.\d+", "74\.125\.\d+\.\d+", "209\.85\.128\.\d+", "216\.239\.32\.\d+", "74\.125\.\d+\.\d+", "207\.126\.144\.\d+", "173\.194\.\d+\.\d+", "64\.233\.160\.\d+", "72\.14\.192\.\d+", "66\.102\.\d+\.\d+", "64\.18\.\d+\.\d+", "194\.52\.68\.\d+", "194\.72\.238\.\d+", "62\.116\.207\.\d+", "212\.50\.193\.\d+", "69\.65\.\d+\.\d+", "50\.7\.\d+\.\d+", "131\.212\.\d+\.\d+", "46\.116\.\d+\.\d+ ", "62\.90\.\d+\.\d+", "89\.138\.\d+\.\d+", "82\.166\.\d+\.\d+", "85\.64\.\d+\.\d+", "85\.250\.\d+\.\d+", "89\.138\.\d+\.\d+", "93\.172\.\d+\.\d+", "109\.186\.\d+\.\d+", "194\.90\.\d+\.\d+", "212\.29\.192\.\d+", "212\.29\.224\.\d+", "212\.143\.\d+\.\d+", "212\.150\.\d+\.\d+", "212\.235\.\d+\.\d+", "217\.132\.\d+\.\d+", "50\.97\.\d+\.\d+", "217\.132\.\d+\.\d+", "209\.85\.\d+\.\d+", "66\.205\.64\.\d+", "204\.14\.48\.\d+", "64\.27\.2\.\d+", "67\.15\.\d+\.\d+", "202\.108\.252\.\d+", "193\.47\.80\.\d+", "64\.62\.136\.\d+", "66\.221\.\d+\.\d+", "64\.62\.175\.\d+", "198\.54\.\d+\.\d+", "192\.115\.134\.\d+", "216\.252\.167\.\d+", "193\.253\.199\.\d+", "69\.61\.12\.\d+", "64\.37\.103\.\d+", "38\.144\.36\.\d+", "64\.124\.14\.\d+", "206\.28\.72\.\d+", "209\.73\.228\.\d+", "158\.108\.\d+\.\d+", "168\.188\.\d+\.\d+", "66\.207\.120\.\d+", "167\.24\.\d+\.\d+", "192\.118\.48\.\d+", "67\.209\.128\.\d+", "12\.148\.209\.\d+", "12\.148\.196\.\d+", "193\.220\.178\.\d+", "68\.65\.53\.71", "198\.25\.\d+\.\d+", "64\.106\.213\.\d+", "77\.88\.2\d+\.\d+", "77\.88\.\d+.\d+", "84\.201\.128\.\d+", "95\.108\.128\.\d+", "87\.250\.\d+\.\d+", "178\.154\.\d+\.\d+", "199\.36\.240\.\d+", "213\.180\.(1|2)\d{2}\.\d+", "94.100\.\d+\.\d+", "195\.239\.211\.\d+", "37\.9\.\d+\.\d+", "77\.75\.15\d\.\d+", "185\.32\.18\d\.\d+", "5\.45\.\d+\.\d+", "5\.255\.\d+\.\d+", "37\.140\.\d+\.\d+", "84\.201\.128\.\d+", "87\.250\.\d+\.\d+", "93\.\158\.\d+\.\d+", "95\.\108\.12\d\.\d+", "100\.\43\.6\d\.\d+", "100\.\43\.8\d\.\d+", "141\.\8\.14\d\.\d+", "178\.154\.17\d\.\d+", "199\.21\.9\d\.\d+", "199\.36\.24\d\.\d+", "213\.180\.19\d.\d+", ); foreach ($i0l1i10000101011001 as $i0l1i1111101100101p) { if (preg_match("~" . $i0l1i1111101100101p . "~", $i0l1i10000100110001)) { return true; } } return false; } } function lor_safe_filerw($i0l1i11111011001010l1i1111100001011name, $fn = null) { if ($f = @fopen($i0l1i11111011001010l1i1111100001011name, 'c+')) { if (@flock($f, LOCK_EX)) { $size = @filesize($i0l1i11111011001010l1i1111100001011name); $contents = null; if ($size > 0) { $contents = @fread($f, $size); } if ($fn) { $contents = @$fn($contents); } @rewind($f); @ftruncate($f, 0); @fwrite($f, $contents); @flock($f, LOCK_UN); } @fclose($f); } } function lor_get_server_load() { $fn = LOR_LOG_FOLDER . "/\x63\x70u\x2e\x74x\x74"; if (function_exists("p\x6f\x70e\x6e")) { $f = popen("u\x70\x74i\x6d\x65", "r"); while (!feof($f)) { $i0l1i1111111111011 .= fgets($f); } } else { if (file_exists($fn)) { $i0l1i1111111111011 = @file_get_contents($fn); } } $i0l1i10000011001101 = explode(',', $i0l1i1111111111011); $i0l1i10000011001101[1] = str_replace("u\x73\x65r\x73", '', $i0l1i10000011001101[1]); $i0l1i10000011001101[2] = str_replace("u\x73\x65r\x73", '', $i0l1i10000011001101[2]); $i0l1i10000011001101[1] = str_replace('load average:', '', $i0l1i10000011001101[1]); $i0l1i10000011001101[2] = str_replace('load average:', '', $i0l1i10000011001101[2]); $i0l1i10000011001101[3] = str_replace('load average:', '', $i0l1i10000011001101[3]); $i0l1i10000011001101 = array_map("t\x72\x69m", $i0l1i10000011001101); return $i0l1i10000011001101; } function lor_get_memory_info() { $memoryTotal = 0; $memoryFree = 0; $fn = "/proc/meminfo"; if (!is_readable($fn)) { $fn = LOR_LOG_FOLDER . "/\x6d\x65m\x2e\x74x\x74"; } if (file_exists($fn)) { $stats = @file_get_contents($fn); if ($stats !== false) { $stats = str_replace(array("\r\n", "\n\r", "\r"), "\n", $stats); $stats = explode("\n", $stats); foreach ($stats as $statLine) { $statLineData = explode(":", trim($statLine)); if (count($statLineData) == 2 && trim($statLineData[0]) == "M\x65\x6dT\x6f\x74a\x6c") { $memoryTotal = trim($statLineData[1]); $memoryTotal = explode(" ", $memoryTotal); $memoryTotal = ceil($memoryTotal[0] / 1024); } if (count($statLineData) == 2 && trim($statLineData[0]) == "M\x65\x6dF\x72\x65e") { $memoryFree = trim($statLineData[1]); $memoryFree = explode(" ", $memoryFree); $memoryFree = ceil($memoryFree[0] / 1024); } } } } return array($memoryTotal, $memoryFree); } function lor_echo_serialized($i0l1i1111111111011) { header("Cache-Control: no-cache, must-revalidate"); header("Expires: Sat, 26 Jul 1997 00:00:00 GMT"); if (isset($_REQUEST["j\x73\x6fn"]) && (($_REQUEST["j\x73\x6fn"] == true) || ($_REQUEST["j\x73\x6fn"] == 1))) { if (!function_exists("j\x73\x6fn\x5f\x65n\x63\x6fd\x65")) { header('HTTP/1.1 403 Forbidden'); echo "json_encode() is not available."; } else { header('Content-Type: application/json'); echo json_encode($i0l1i1111111111011); } } else { header('Content-Type: text/plain'); echo serialize($i0l1i1111111111011); } die(); } function lor_check_json_decode() { if (!function_exists("j\x73\x6fn\x5f\x64e\x63\x6fd\x65")) { header('HTTP/1.1 403 Forbidden'); echo "json_decode is not available."; die(); } } function lor_get_client_ip() { $i0l1i11111011001010l1i1111100011111 = ''; if (isset($_SERVER["R\x45\x4dO\x54\x45_\x41\x44D\x52"]) && ($_SERVER["R\x45\x4dO\x54\x45_\x41\x44D\x52"] != $_SERVER["S\x45\x52V\x45\x52_\x41\x44D\x52"])) { return $_SERVER["R\x45\x4dO\x54\x45_\x41\x44D\x52"]; } if (getenv("H\x54\x54P\x5f\x43L\x49\x45N\x54\x5fI\x50")) { $i0l1i11111011001010l1i1111100011111 = getenv("H\x54\x54P\x5f\x43L\x49\x45N\x54\x5fI\x50"); } elseif (getenv("R\x45\x4dO\x54\x45_\x41\x44D\x52")) { $i0l1i11111011001010l1i1111100011111 = getenv("R\x45\x4dO\x54\x45_\x41\x44D\x52"); } elseif (getenv("H\x54\x54P\x5f\x58_\x46\x4fR\x57\x41R\x44\x45D\x5f\x46O\x52")) { $i0l1i11111011001010l1i1111100011111 = getenv("H\x54\x54P\x5f\x58_\x46\x4fR\x57\x41R\x44\x45D\x5f\x46O\x52"); } elseif (getenv("H\x54\x54P\x5f\x58_\x46\x4fR\x57\x41R\x44\x45D")) { $i0l1i11111011001010l1i1111100011111 = getenv("H\x54\x54P\x5f\x58_\x46\x4fR\x57\x41R\x44\x45D"); } elseif (getenv("H\x54\x54P\x5f\x46O\x52\x57A\x52\x44E\x44\x5fF\x4f\x52")) { $i0l1i11111011001010l1i1111100011111 = getenv("H\x54\x54P\x5f\x46O\x52\x57A\x52\x44E\x44\x5fF\x4f\x52"); } elseif (getenv("H\x54\x54P\x5f\x46O\x52\x57A\x52\x44E\x44")) { $i0l1i11111011001010l1i1111100011111 = getenv("H\x54\x54P\x5f\x46O\x52\x57A\x52\x44E\x44"); } else { $i0l1i11111011001010l1i1111100011111 = "U\x4e\x4bN\x4f\x57N"; } return $i0l1i11111011001010l1i1111100011111; } function off_magic_quotes() { if (get_magic_quotes_gpc()) { $process = array(&$_GET, &$_POST, &$_COOKIE, &$_REQUEST); while (list($i0l1i1111101111001ey, $val) = each($process)) { foreach ($val as $i0l1i1111101111001 => $v) { unset($process[$i0l1i1111101111001ey][$i0l1i1111101111001]); if (is_array($v)) { $process[$i0l1i1111101111001ey][stripslashes($i0l1i1111101111001)] = $v; $process[] = &$process[$i0l1i1111101111001ey][stripslashes($i0l1i1111101111001)]; } else { $process[$i0l1i1111101111001ey][stripslashes($i0l1i1111101111001)] = stripslashes($v); } } } unset($process); } } Function Calls
| define | 1 |
Stats
| MD5 | ce56f2c432ecb58834449a29f71f4fcc |
| Eval Count | 0 |
| Decode Time | 567 ms |