API tools faq
paste
Advertisement
Guest User

000Webhost source code leak

a guest
Jul 3rd, 2014
840
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PHP 6.33 KB | None | 0 0
raw download clone embed print report
  1. //Follow me on twitter to show your sexy support? <3. @RubyFroot
  2. <?php
  3. error_reporting(0);
  4.  
  5. $c_ip = $_SERVER['REMOTE_ADDR'];
  6. $lines = @file('/usr/lib/php/SpamIPs');
  7. if (in_array("$c_ip\n", $lines, true)){
  8.         print "<html><head><script type=\"text/javascript\"> window.location = \"http://www.main-hosting.com/resources/?ip=$c_ip\" </script></head></html>";
  9.         exit();
  10. }
  11.  
  12. if (file_exists("/usr/lib/php/HighLoad")) die("<h2>The server is too busy at the moment.</h2><p>Please reload this page few seconds later.</p>");
  13.  
  14. function mMM_integrity(){
  15.         return true;
  16. }
  17. function _good_agent($c_agent){
  18.         $c_agent = strtolower($c_agent);
  19.         if ( (ereg("googleb", $c_agent))||(ereg("mediapa", $c_agent))||(ereg("slurp", $c_agent))||(ereg("msnb", $c_agent))||(ereg("spider", $c_agent))||(ereg("bot", $c_agent)) )
  20.         return false;
  21.         else return true;
  22. }
  23.  
  24. $c_agent = $_SERVER['HTTP_USER_AGENT'];
  25. $c_domain = $_SERVER['SERVER_NAME'];
  26. $c_domain = str_replace("www.", "", $c_domain);
  27. $ckey = $_GET["ckey"];
  28. $free_domain = file_get_contents("/usr/lib/php/domain");
  29. $free_domain = str_replace("\n", "", $free_domain);
  30.  
  31. if ( (_good_agent($c_agent))&&(!empty($c_domain))&&(!empty($c_ip))&&($ckey!="abcd") ){
  32.  
  33. $c_path = $_SERVER["SCRIPT_FILENAME"];
  34. $c_uri = "http://$c_domain".$_SERVER["REQUEST_URI"];
  35. $c_uri = addslashes($c_uri);
  36. $c_date = time();
  37.  
  38.  
  39.  
  40. //wordpress redirects
  41. $ref = $_SERVER['HTTP_REFERER'];
  42.  
  43. if(ereg("wordpress.php",$ref)) {
  44.  setcookie("a000webhost_wp", "$c_domain", time() + 60 * 60 * 24 * 100, "/", $c_domain);
  45. }
  46.  
  47. if(ereg("wp-login.php",$_SERVER["REQUEST_URI"]) && !ereg("000webhost.com",$ref) && !ereg("wordpress.php",$_SERVER["REQUEST_URI"])) {
  48. $uri_enc = urlencode($c_uri);
  49.   if(isset($_COOKIE["a000webhost_wp"]) && ereg($c_domain,$_COOKIE["a000webhost_wp"])){
  50.         //print "uri: ". $c_uri;
  51.         //print ", cookie:". $_COOKIE["a000webhost_wp"];
  52.         //exit;
  53.   } else {
  54.      //header("Location: http://server26.000webhost.com/wordpress.php?URL=$uri_enc&ref=$ref");
  55.    }
  56. }
  57. /////////////////////
  58.  
  59.  
  60.  
  61. $c_host = "localhost";
  62. $c_username = "mainhost_root";
  63. $c_password = "eFg7Uk8oP34T";
  64. $c_database = "mainhost_data";
  65. @mysql_connect("$c_host","$c_username","$c_password");
  66. @mysql_select_db("$c_database");
  67. unset($c_host, $c_username, $c_password, $c_database);
  68.  
  69.         MYSQL_QUERY("UPDATE `visitors` SET visits=visits+1, burst=burst+1 WHERE `ip`='$c_ip'");
  70.         if (mysql_affected_rows()==0){
  71.                 $c_first_visit = 1;
  72.                 MYSQL_QUERY("INSERT INTO `visitors` (`ip` ,`visits` ,`burst` ,`date`) VALUES ('$c_ip', '1', '1', '$c_date')");
  73.  
  74.                 MYSQL_QUERY("UPDATE `traffic` SET visits=visits+1 WHERE `domain`='$c_domain'");
  75.                 if (mysql_affected_rows()==0){
  76.                         $c_reviewed = 1;
  77.                         if (ereg($free_domain, $c_domain)){
  78.                                 $c_reviewed = 0;
  79.                                 setcookie("siteowner", "1", time()+3000000, "/", $free_domain);
  80.                         }
  81.                         MYSQL_QUERY("INSERT INTO `traffic` (`domain`, `visits`, `ads`, `suspended`, `code`, `reviewed`, `date`)
  82.                        VALUES ('$c_domain', '1', '1', '0', '0', '$c_reviewed', '$c_date')");
  83.                 }
  84.         }
  85.  
  86.         MYSQL_QUERY("INSERT INTO `phishing` (`domain` ,`uri` ,`title` ,`path` ,`suspended` ,`date` )
  87.        VALUES ('$c_domain', '$c_uri', NULL, '$c_path', '0', '0')");
  88.  
  89.         $ext = substr($c_path,strlen($c_path)-4,4);
  90.         $ext = strtolower($ext);
  91.         if (  (($ext==".exe") or ($ext==".txt") or ($ext==".src") or ($ext==".com")) and (!ereg("robots", $c_path))  ) { header("HTTP/1.0 404 Not Found"); exit(); }
  92.  
  93.         $c_result = MYSQL_QUERY("SELECT *from `traffic` WHERE `domain`='$c_domain'");
  94.         $c_row = mysql_fetch_array($c_result);
  95.  
  96.         if ($c_row[ads]=="1") {
  97.                 $c_ads = "yes";
  98.                 $c_uri = strtolower($c_uri);
  99.                 if ( (ereg("rss", $c_uri))||(ereg("feed", $c_uri))||(ereg("xml", $c_uri))||(ereg("js", $c_uri))||(ereg("xhtml", $c_uri)) )
  100.                 $c_ads = "no";
  101.         }
  102.         else $c_ads = "no";
  103.  
  104.         if (($c_row[suspended]=="1")&&($_COOKIE["siteowner"]!=1)) {
  105.                 header("Location: http://www.000webhost.com/admin-review");
  106.                 exit();
  107.         }
  108.  
  109.     //If traffic is larger than 500, redirect to limits page
  110.     if($c_row[visits] > 250) {
  111.                 header("Location: http://error404.000webhost.com/cpu-limit-reached.html");
  112.         exit();
  113.     }
  114.  
  115.     /*
  116.      * EDIT: Commented to disable web site reviews 2012-02-27
  117.      *
  118.         if ( (ereg($free_domain, $c_domain))&&($c_row[visits]>=4)&&($c_row[reviewed]=="0")&&($_COOKIE["siteowner"]!=1) ){
  119.                 header("Location: http://www.000webhost.com/admin-review");
  120.                 exit();
  121.         }
  122.      */
  123.  
  124.         if ($c_row[code]=="3"){
  125.                 print "<br><table border='1' cellpadding='2' bgcolor='#FFFFDF' bordercolor='#E8B900' align='center'><tr><td><font face='Arial' size='3' color='#FF0000'><b>This website *may be* insecure!! If you think it is illegal, please <a href='http://www.000webhost.com/report-abuse' target='_blank'>report abuse here</a>.</b></font></td></tr></table><br />";
  126.         }
  127.         elseif ($c_row[code]=="4"){
  128.                 print "<table border='1' cellpadding='2' bgcolor='#FFFFDF' bordercolor='#E8B900' align='center'><tr><td><font face='Arial' size='2' color='#000000'><b>This website was set to be removed for inactivity by <a href='http://www.000webhost.com/'>www.000webhost.com</a>. If you own this website, <a href='http://www.000webhost.com/protect-website'>click here</a> to protect it.</b></font></td></tr></table><br />";
  129.         }
  130.         elseif ($c_row[code]=="5"){
  131.                 print "<table border='1' cellpadding='2' bgcolor='#FFFFDF' bordercolor='#E8B900' align='center'><tr><td><font face='Arial' size='2' color='#000000'><b>This account reached disk quota limit (350MB). If you are owner of this website login to FTP of File Manager and delete big or unused files. <br> Free web hosting by <a href='http://www.000webhost.com/'>www.000webhost.com</a></b></font></td></tr></table><br />";
  132.         }
  133. @mysql_close();
  134. }
  135.  
  136. unset($c_ip,$c_agent,$c_path,$c_uri,$c_row,$free_domain,$c_result,$ckey,$c_date,$c_reviewed,$ext);
  137. error_reporting(E_ALL ^ E_NOTICE);
  138. ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!